win32/nuqel.e and bankerfox.a virus

View previous topic View next topic Go down

win32/nuqel.e and bankerfox.a virus

Post by woof132 on 1st January 2010, 9:14 am

i have recently acquired the win32/nuqel.e and bankerfox.a viruses on my laptop running windows vista. i constantly receive alert messages stating that my computer has been infected with spyware/malware and internet explorer randomly opens to bogus websites. i have found two threads on this forum describing the same virus. i have attempted the following:

HijackThis - successful download, but unable to run the program. when attempting to run it, i receive a message stating that it is infected
malwarebytes' anti-malware - successful download. unable to run the program.
Housecall - successful download, but unable to run the program.
kapersky online scanner 7 - successfully initiated, however, failed to complete with the following message:

Update has failed The program could not be started. Please close the window of Kaspersky Online Scanner 7.0 and start the program again from the web site of Kaspersky Lab. Successful updating of Kaspersky Online Scanner 7.0 and scanning of your computer requires uninterrupted Internet connection. Please make sure that the Internet connection is established. [ERROR: Scanning could not be started. [0x80004005]]

I have attempted running everything as an administrator with no success.

what other steps can i take to remedy this? thanks

woof132
Novice
Novice

Posts Posts : 29
Joined Joined : 2010-01-01
OS OS : windows vista
Points Points : 25759
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nuqel.e and bankerfox.a virus

Post by Belahzur on 1st January 2010, 3:11 pm

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/nuqel.e and bankerfox.a virus

Post by woof132 on 1st January 2010, 8:24 pm

i successfully downloaded the installer, however, I am unable to run the installer. As soon as I open it, it closes automatically.

woof132
Novice
Novice

Posts Posts : 29
Joined Joined : 2010-01-01
OS OS : windows vista
Points Points : 25759
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nuqel.e and bankerfox.a virus

Post by Belahzur on 1st January 2010, 8:26 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/nuqel.e and bankerfox.a virus

Post by woof132 on 1st January 2010, 8:33 pm

same thing. i successfully downloaded OTL to my desktop, however the program automatically closes as soon as i open it, and an alert message appears stating that the file consent.exe is infected


Last edited by woof132 on 1st January 2010, 8:35 pm; edited 1 time in total

woof132
Novice
Novice

Posts Posts : 29
Joined Joined : 2010-01-01
OS OS : windows vista
Points Points : 25759
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nuqel.e and bankerfox.a virus

Post by Belahzur on 1st January 2010, 8:35 pm

Try this instead.

Please download Ice Sword from [You must be registered and logged in to see this link.]

  1. Download the zip to your desktop and extract it.
  2. Open the Ice Sword folder and then launch IceSword.exe.
  3. Will IceSword open?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/nuqel.e and bankerfox.a virus

Post by woof132 on 1st January 2010, 8:49 pm

nope. as soon as i opened icesword.exe i received a blue screen and the computer shut down. however, upon rebooting, i was able to get OTL to open, and it is currently running its scan. I will post the results as soon as it is complete

woof132
Novice
Novice

Posts Posts : 29
Joined Joined : 2010-01-01
OS OS : windows vista
Points Points : 25759
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nuqel.e and bankerfox.a virus

Post by woof132 on 1st January 2010, 8:56 pm

And the results from the OTL Scan:

Here is OTL.txt:

OTL logfile created on: 1/1/2010 3:42:30 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\u\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16757)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 357.00 Mb Available Physical Memory | 35.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105.18 Gb Total Space | 50.21 Gb Free Space | 47.74% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 627.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LH-WC6BP8FI4TVD
Current User Name: u
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/01 15:29:06 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\u\Desktop\OTL.exe
PRC - [2010/01/01 01:23:28 | 00,450,816 | ---- | M] () -- C:\Users\u\AppData\Local\atyaft\lsvgsysguard.exe
PRC - [2009/09/21 23:47:23 | 00,520,024 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/09/21 23:47:22 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/04/01 01:32:04 | 00,066,872 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
PRC - [2008/11/16 19:46:57 | 00,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe
PRC - [2008/04/14 16:01:27 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2007/09/12 17:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/02/13 18:19:48 | 00,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007/02/13 18:19:48 | 00,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2007/02/09 13:54:42 | 00,923,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2007/02/05 14:22:08 | 00,546,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
PRC - [2007/01/31 09:08:29 | 28,933,976 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2007/01/23 08:13:12 | 00,196,608 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2007/01/23 08:12:50 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2007/01/23 08:12:50 | 00,081,920 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2007/01/23 08:12:27 | 00,106,496 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2007/01/22 23:39:32 | 00,321,656 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2007/01/11 20:36:34 | 00,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
PRC - [2007/01/09 23:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/01/05 02:19:28 | 00,047,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
PRC - [2006/11/28 22:27:46 | 00,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2006/11/28 22:09:58 | 00,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2006/11/28 22:09:46 | 00,172,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2006/11/28 17:28:12 | 00,020,480 | ---- | M] ( ) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2006/11/13 22:07:45 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2006/11/13 08:32:52 | 00,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2006/11/13 08:32:52 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2006/11/13 08:32:49 | 00,042,544 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2006/11/02 07:36:04 | 00,201,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2006/11/02 07:34:48 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2006/11/02 07:34:32 | 01,004,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/02 04:46:02 | 00,143,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2006/11/02 04:45:50 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2006/11/02 04:45:07 | 02,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006/10/23 03:40:14 | 00,046,200 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
PRC - [2006/10/23 01:24:02 | 00,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2004/12/14 06:44:06 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe


========== Modules (SafeList) ==========

MOD - [2010/01/01 15:29:06 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\u\Desktop\OTL.exe
MOD - [2006/11/02 04:38:57 | 01,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/09/21 23:47:22 | 01,028,432 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/04/01 01:32:04 | 00,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2008/04/14 16:19:06 | 01,174,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/04/14 16:01:27 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/29 19:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/09/12 17:27:24 | 02,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 17:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/02/13 18:19:48 | 00,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/01/31 09:08:29 | 28,933,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$VAIO_VEDB) SQL Server (VAIO_VEDB)
SRV - [2007/01/31 09:05:59 | 00,240,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2007/01/31 09:05:59 | 00,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2007/01/24 18:56:24 | 00,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/01/24 18:56:20 | 00,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2007/01/16 16:05:00 | 02,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007/01/16 16:05:00 | 01,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP)
SRV - [2007/01/16 16:05:00 | 01,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2007/01/14 01:11:06 | 00,080,504 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2007/01/12 21:40:58 | 00,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/01/10 18:51:06 | 00,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2007/01/10 13:43:24 | 00,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2007/01/09 23:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2007/01/09 23:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007/01/09 23:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/01/09 23:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/01/08 19:06:40 | 00,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP)
SRV - [2007/01/08 19:06:40 | 00,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2007/01/08 19:01:34 | 00,491,520 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2007/01/05 02:19:28 | 00,047,712 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2006/12/14 05:21:20 | 00,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 05:02:08 | 00,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 04:46:16 | 00,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/11/28 22:27:46 | 00,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2006/11/28 22:09:58 | 00,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2006/11/28 22:09:46 | 00,172,032 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2006/11/28 17:28:12 | 00,020,480 | ---- | M] ( ) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2006/11/13 22:07:45 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2006/11/09 17:30:14 | 00,065,536 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/11/02 07:34:32 | 00,263,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/10/26 21:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 16:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/04/14 13:04:54 | 00,087,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005/11/14 04:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/06/22 23:46:52 | 00,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/06/14 03:00:00 | 00,856,336 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20080619.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2008/06/14 03:00:00 | 00,089,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20080619.003\NAVENG.SYS -- (NAVENG)
DRV - [2008/04/17 10:54:54 | 00,385,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/04/17 10:54:54 | 00,109,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2008/04/14 16:21:53 | 00,115,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/04/04 16:47:34 | 00,261,680 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20080617.001\IDSvix86.sys -- (IDSvix86)
DRV - [2007/02/08 19:03:16 | 00,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/02/08 19:03:16 | 00,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/02/08 08:27:24 | 00,807,424 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007/02/05 08:22:40 | 01,668,456 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/02/01 01:37:18 | 00,027,520 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyNC.sys -- (SNC)
DRV - [2007/01/29 08:03:49 | 00,195,072 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/01/23 09:00:16 | 00,509,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/01/23 08:12:41 | 01,478,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/01/23 08:12:41 | 01,478,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2007/01/11 20:22:20 | 00,276,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/01/11 20:22:18 | 00,025,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/01/11 20:22:14 | 00,247,608 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/01/09 16:32:14 | 00,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/01/09 16:32:14 | 00,145,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2007/01/09 16:32:14 | 00,040,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2007/01/09 16:32:14 | 00,038,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2007/01/09 16:32:14 | 00,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/01/09 16:32:14 | 00,012,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2007/01/09 06:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/01/03 09:05:02 | 00,417,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/11/13 22:07:45 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/13 22:07:43 | 00,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2006/11/13 22:07:41 | 00,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/13 22:07:38 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/13 22:07:38 | 00,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/11/13 08:32:52 | 00,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/11/02 04:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 00,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 00,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 00,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 00,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 00,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 04:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 04:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 03:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:41:49 | 00,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 02:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:54 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/02 01:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/10/18 14:56:30 | 00,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2006/10/18 13:43:18 | 00,124,256 | R--- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.8.8

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/01 03:15:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/29 17:22:25 | 00,000,000 | ---D | M]

[2009/08/06 03:47:21 | 00,000,000 | ---D | M] -- C:\Users\u\AppData\Roaming\mozilla\Extensions
[2010/01/01 03:11:06 | 00,000,000 | ---D | M] -- C:\Users\u\AppData\Roaming\mozilla\Firefox\Profiles\8mmbyxhp.default\extensions
[2010/01/01 03:11:02 | 00,000,000 | ---D | M] (No name found) -- C:\Users\u\AppData\Roaming\mozilla\Firefox\Profiles\8mmbyxhp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2008/05/10 01:00:19 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/08/06 03:47:15 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2008/04/16 18:09:28 | 00,249,856 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npff_gdm.dll

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.5\masqform.exe (PureEdge™ Solutions Inc.)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [nyiyuvpn] C:\Users\u\AppData\Local\atyaft\lsvgsysguard.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\u\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/03/23 14:55:35 | 00,929,851 | R--- | M] () - F:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2002/07/21 14:12:28 | 00,000,105 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{7ed5ea93-0a62-11dd-9273-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7ed5ea93-0a62-11dd-9273-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2004/03/23 14:55:35 | 00,929,851 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/01 15:36:16 | 00,000,000 | ---D | C] -- C:\Users\u\Desktop\IceSword122en
[2010/01/01 15:28:25 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\u\Desktop\OTL.exe
[2010/01/01 03:22:02 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2010/01/01 03:11:08 | 00,000,000 | ---D | C] -- C:\Users\u\AppData\Roaming\QuickScan
[2010/01/01 03:06:52 | 00,000,000 | ---D | C] -- C:\Users\u\AppData\Roaming\Malwarebytes
[2010/01/01 03:06:46 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/01 03:06:44 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/01/01 03:06:43 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/01 03:06:43 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/01 01:24:28 | 00,000,000 | ---D | C] -- C:\Users\u\AppData\Local\atyaft
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/01 15:51:44 | 02,359,296 | -HS- | M] () -- C:\Users\u\NTUSER.DAT
[2010/01/01 15:38:25 | 16,924,0873 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/01/01 15:37:56 | 00,003,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/01 15:37:55 | 00,003,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/01 15:37:52 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/01 15:37:44 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/01 15:36:43 | 00,211,893 | ---- | M] () -- C:\Windows\System32\drivers\IsDrv122.sys
[2010/01/01 15:35:46 | 02,205,157 | ---- | M] () -- C:\Users\u\Desktop\IceSword122en.zip
[2010/01/01 15:29:06 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\u\Desktop\OTL.exe
[2010/01/01 15:17:56 | 01,401,344 | ---- | M] () -- C:\Users\u\Desktop\HijackThis.msi
[2010/01/01 04:45:52 | 03,216,674 | -H-- | M] () -- C:\Users\u\AppData\Local\IconCache.db
[2009/12/31 01:17:08 | 00,054,682 | ---- | M] () -- C:\Users\u\Desktop\JBGhf9jtv4sp6.jpeg
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/30 03:18:46 | 00,131,072 | ---- | M] () -- C:\Users\u\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/29 16:29:48 | 00,673,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/29 16:29:48 | 00,125,296 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/29 16:29:47 | 00,795,182 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/08 00:47:37 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/12/07 20:33:10 | 00,000,538 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - u.job
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/01 15:37:44 | 16,924,0873 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/01/01 15:36:43 | 00,211,893 | ---- | C] () -- C:\Windows\System32\drivers\IsDrv122.sys
[2010/01/01 15:35:32 | 02,205,157 | ---- | C] () -- C:\Users\u\Desktop\IceSword122en.zip
[2010/01/01 15:15:20 | 01,401,344 | ---- | C] () -- C:\Users\u\Desktop\HijackThis.msi
[2009/12/31 01:17:01 | 00,054,682 | ---- | C] () -- C:\Users\u\Desktop\JBGhf9jtv4sp6.jpeg
[2009/10/13 14:52:06 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/04/02 00:45:29 | 00,139,152 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/02/18 09:34:30 | 00,003,102 | ---- | C] () -- C:\Windows\Gs.ini
[2009/02/10 19:39:12 | 00,000,480 | ---- | C] () -- C:\Windows\wininit.ini
[2008/07/30 19:42:29 | 00,006,881 | ---- | C] () -- C:\Program Files\install.log
[2008/07/24 18:45:21 | 00,000,303 | ---- | C] () -- C:\Windows\MIREPAIR.INI
[2008/07/24 18:45:21 | 00,000,058 | ---- | C] () -- C:\Windows\MITCHELL.INI
[2008/07/24 18:45:08 | 00,001,980 | ---- | C] () -- C:\Windows\ODWIN.INI
[2008/07/24 18:45:08 | 00,000,754 | ---- | C] () -- C:\Windows\BTI.INI
[2008/05/09 12:51:14 | 00,131,072 | ---- | C] () -- C:\Users\u\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/14 16:52:26 | 00,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2008/04/14 16:47:52 | 00,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll
[2008/04/14 16:37:48 | 01,132,112 | ---- | C] () -- C:\ProgramData\pswi_preloaded.exe
[2008/02/24 11:56:18 | 00,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2008/02/24 11:56:18 | 00,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/02/24 11:56:18 | 00,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2008/02/24 11:56:17 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1151.dll
[2007/02/24 13:59:14 | 00,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2007/02/08 19:02:54 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2007/02/08 19:02:52 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2007/02/08 19:00:44 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1999/01/22 13:46:56 | 00,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
< End of report >

woof132
Novice
Novice

Posts Posts : 29
Joined Joined : 2010-01-01
OS OS : windows vista
Points Points : 25759
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nuqel.e and bankerfox.a virus

Post by woof132 on 1st January 2010, 8:56 pm

And here is Extras.txt:

OTL Extras logfile created on: 1/1/2010 3:42:30 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\u\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16757)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 357.00 Mb Available Physical Memory | 35.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105.18 Gb Total Space | 50.21 Gb Free Space | 47.74% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 627.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LH-WC6BP8FI4TVD
Current User Name: u
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4005D42A-6A3B-46E0-8E86-AA4EE34FDD0C}" = protocol=17 | dir=in | app=c:\program files\sierra entertainment\world in conflict - demo\wic.exe |
"{4BF906B5-CAC5-4616-8F9D-661336B813AD}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{617CB31A-F062-477D-B744-DB12484D78FD}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{6F2229EA-F2B7-42AC-BD60-85DBFB3F82EF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B8B157CD-EB74-4127-8407-460D1BC75DF1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F416F0D9-01CF-4783-9670-6CDC107F3CD6}" = protocol=6 | dir=in | app=c:\program files\sierra entertainment\world in conflict - demo\wic.exe |
"TCP Query User{5118CCBE-697E-4310-AA7F-5BBD39A2A105}C:\westwood\ra2\gamemd.exe" = protocol=6 | dir=in | app=c:\westwood\ra2\gamemd.exe |
"TCP Query User{6174A52A-4810-4E01-BC7C-F585167D42A3}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"TCP Query User{B2478F65-D31A-4621-A0DA-102E029DEA5D}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{D5E718B0-3EBC-4007-AB2E-9679F68B2C2B}C:\program files\ea games\battlefield vietnam\bfvietnam.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield vietnam\bfvietnam.exe |
"UDP Query User{092591DE-64C9-4C85-84F3-E90EFF80D938}C:\program files\ea games\battlefield vietnam\bfvietnam.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield vietnam\bfvietnam.exe |
"UDP Query User{4000437B-7DC6-4D94-B878-6765FA198088}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"UDP Query User{CBA938A5-EDC7-4BDA-898D-A3DE0BCEEDD7}C:\westwood\ra2\gamemd.exe" = protocol=17 | dir=in | app=c:\westwood\ra2\gamemd.exe |
"UDP Query User{E0B13162-EEAB-4B67-B8B3-2BF89733E89C}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{0312BD0D-A1FE-4E1A-9208-D436F566D867}" = VAIO Azure Float Wallpaper
"{0EE4030A-8FD4-4798-A21D-17E525B1F7CF}" = Corel Snapfire
"{127B684B-A002-44C8-99A7-6CF8F1E26873}" = PunkBuster for Battlefield 1942
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE
"{1FCC8C70-66B9-420D-942C-2C2A8441C744}" = Imperial Glory
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{235915A8-1C0D-4920-95EA-FE8B773E5F57}" = VAIO Teal Whisper Wallpaper
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (VAIO_VEDB)
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{337CBC16-F6F3-411A-9A3F-DB21C57BFDFD}" = Simple Start Entice
"{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{478D1ABC-A334-497E-904A-DDA98F087699}" = VAIO Video & Photo Utilities
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3
"{4E993095-28F2-4060-9101-99C1FD1195C0}" = VAIO Central
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{500C3FDC-5E5F-485F-BDF5-2C445839CBE0}" =
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{5E343EF6-D27C-4CFC-9FAE-9AAFB541BCEE}" = VAIO Photo 2007
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63249189-7DFB-442A-8238-0D4772CB7852}" = Zen Image Resizer
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = VAIO Video & Photo Utilities
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6EA45FAC-6F5F-43EE-87D7-4688AF9E2F07}" = Company of Heroes Single Player Demo
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D716354-2C08-48DC-9AC5-957348048817}" = VAIO Help And Support
"{7E545666-F419-45FD-B3DF-C0B99A1A579F}" = QuickBooks Simple Start Free Starter Edition
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91208A47-5D08-4C79-986F-1931940F51BB}" = QuickBooks Product Listing Service
"{93A1B09E-BAFA-4628-A5B6-921CB026955A}" = Corel Paint Shop Pro Photo XI
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.05 Menu Data
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B59B3DA8-06F8-4B4C-AE94-5180753EF108}" = VAIO Floral Dusk Wallpaper
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CFED0AE3-6D93-4745-B8A0-F3410B493CC4}" = VAIO Security Center
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{D07643A3-CE41-4286-8C78-EB9C83E76DDB}" = PunkBuster for Battlefield Vietnam
"{D24CD157-E4C4-4184-9465-B5C025E736AD}" = World in Conflict - DEMO
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D36E4755-83B9-4B10-BE51-0AC5B9F43C1F}" = VAIO Media
"{D6651810-8439-4F25-BACC-5FB66D4B1A63}" = VAIO Media Registration Tool
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0000650-0650-0650-0650-000000000650}" = PureEdge Viewer 6.5
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam(TM)
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.6.00
"{EBB11C78-68A6-42D7-84FC-517F9DBF9D55}" = GameShadow
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F989306B-9287-444F-AE73-E30C7E4AF0F5}" = Battlefield Vietnam: WW2 Mod
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Axis and Allies" = Axis and Allies
"BFPirates_Final" = BFPirates_Final
"Close Combat The Longest Day5.50" = Close Combat The Longest Day
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"GOM Player" = GOM Player
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"LimeWire" = LimeWire 4.16.7
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.0.16)" = Mozilla Firefox (3.0.16)
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-13-24-01
"Red Alert 2" = Command & Conquer Red Alert 2
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Starcraft" = Starcraft
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"VAIO Service Utility" = VAIO Service Utility
"Warcraft III" = Warcraft III
"WinRAR archiver" = WinRAR archiver
"WOLAPI" = Westwood Shared Internet Components
"Yuri's Revenge" = Command && Conquer Red Alert 2 - Yuri's Revenge

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Battlefield Pirates Final Anniversary Mappack" = Battlefield Pirates Final Anniversary Mappack
"Warcraft III Demo" = Warcraft III Demo

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/23/2009 12:57:31 AM | Computer Name = LH-WC6BP8FI4TVD | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x8007041D

Error - 6/24/2009 3:11:16 AM | Computer Name = LH-WC6BP8FI4TVD | Source = Application Error | ID = 1000
Description = Faulting application CCE.exe, version 2009.4.24.0, time stamp 0x49f206bc,
faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception
code 0xc0000005, fault offset 0x00061884, process id 0x970, application start time
0x01c9f4854333bc8b.

Error - 7/5/2009 10:28:42 AM | Computer Name = LH-WC6BP8FI4TVD | Source = Application Hang | ID = 1002
Description = The program setup1.exe version 1.0.0.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 1aa4 Start Time: 01c9fd7cc03cec80 Termination Time: 19

Error - 7/8/2009 4:00:12 PM | Computer Name = LH-WC6BP8FI4TVD | Source = Application Error | ID = 1000
Description = Faulting application BF1942.exe, version 0.0.0.0, time stamp 0x417564c4,
faulting module BF1942.exe, version 0.0.0.0, time stamp 0x417564c4, exception code
0xc0000005, fault offset 0x002016fb, process id 0x21e8, application start time 0x01ca000679f58610.

Error - 7/26/2009 1:48:35 AM | Computer Name = LH-WC6BP8FI4TVD | Source = Application Error | ID = 1000
Description = Faulting application BF1942.exe, version 0.0.0.0, time stamp 0x417564c4,
faulting module BF1942.exe, version 0.0.0.0, time stamp 0x417564c4, exception code
0xc0000005, fault offset 0x0022d676, process id 0x24b0, application start time 0x01ca0db315c1b5a0.

Error - 7/26/2009 1:55:27 AM | Computer Name = LH-WC6BP8FI4TVD | Source = Application Error | ID = 1000
Description = Faulting application BF1942.exe, version 0.0.0.0, time stamp 0x417564c4,
faulting module BF1942.exe, version 0.0.0.0, time stamp 0x417564c4, exception code
0xc0000005, fault offset 0x002016fb, process id 0xf30, application start time 0x01ca0db564621680.

Error - 8/18/2009 2:49:09 PM | Computer Name = LH-WC6BP8FI4TVD | Source = VSS | ID = 8194
Description =

Error - 8/18/2009 2:56:13 PM | Computer Name = LH-WC6BP8FI4TVD | Source = VSS | ID = 8194
Description =

Error - 8/18/2009 2:57:12 PM | Computer Name = LH-WC6BP8FI4TVD | Source = System Restore | ID = 8193
Description =

Error - 8/21/2009 4:16:48 PM | Computer Name = LH-WC6BP8FI4TVD | Source = Application Error | ID = 1000
Description = Faulting application BF1942.exe, version 0.0.0.0, time stamp 0x417564c4,
faulting module BF1942.exe, version 0.0.0.0, time stamp 0x417564c4, exception code
0xc0000005, fault offset 0x002016fb, process id 0x1d8c, application start time 0x01ca229c04da5af0.

[ System Events ]
Error - 3/28/2009 4:51:16 AM | Computer Name = LH-WC6BP8FI4TVD | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.5 for the Network Card with network
address 00197E6BFE70 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 3/28/2009 11:53:21 AM | Computer Name = LH-WC6BP8FI4TVD | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 00197E6BFE70 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 3/28/2009 11:53:27 PM | Computer Name = LH-WC6BP8FI4TVD | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 00197E6BFE70 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 3/28/2009 11:53:40 PM | Computer Name = LH-WC6BP8FI4TVD | Source = netbt | ID = 4307
Description = Initialization failed because the transport refused to open initial
addresses.

Error - 3/31/2009 11:32:17 PM | Computer Name = LH-WC6BP8FI4TVD | Source = Service Control Manager | ID = 7000
Description =

Error - 3/31/2009 11:33:41 PM | Computer Name = LH-WC6BP8FI4TVD | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 00197E6BFE70 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 4/4/2009 3:14:30 PM | Computer Name = LH-WC6BP8FI4TVD | Source = Service Control Manager | ID = 7000
Description =

Error - 4/4/2009 3:16:15 PM | Computer Name = LH-WC6BP8FI4TVD | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address 00197E6BFE70 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 4/7/2009 10:37:17 PM | Computer Name = LH-WC6BP8FI4TVD | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 4/8/2009 7:27:17 PM | Computer Name = LH-WC6BP8FI4TVD | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.


< End of report >

woof132
Novice
Novice

Posts Posts : 29
Joined Joined : 2010-01-01
OS OS : windows vista
Points Points : 25759
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nuqel.e and bankerfox.a virus

Post by Belahzur on 1st January 2010, 8:58 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    PRC - [2010/01/01 01:23:28 | 00,450,816 | ---- | M] () -- C:\Users\u\AppData\Local\atyaft\lsvgsysguard.exe
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
    O4 - HKLM..\Run: [] File not found
    O4 - HKCU..\Run: [nyiyuvpn] C:\Users\u\AppData\Local\atyaft\lsvgsysguard.exe ()

    :files
    C:\Users\u\AppData\Local\atyaft


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/nuqel.e and bankerfox.a virus

Post by woof132 on 1st January 2010, 9:24 pm

every time i try to run the fixes, OTL stops responding, and no result is achieved. the following is what I have been pasting into the custom scans/fixes text box:

:OTL
PRC - [2010/01/01 01:23:28 | 00,450,816 | ---- | M] () -- C:\Users\u\AppData\Local\atyaft\lsvgsysguard.exe
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [nyiyuvpn] C:\Users\u\AppData\Local\atyaft\lsvgsysguard.exe ()

:files
C:\Users\u\AppData\Local\atyaft

woof132
Novice
Novice

Posts Posts : 29
Joined Joined : 2010-01-01
OS OS : windows vista
Points Points : 25759
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nuqel.e and bankerfox.a virus

Post by Belahzur on 1st January 2010, 9:25 pm

Okay, try manually deleting this folder in bold:

C:\Users\u\AppData\Local\atyaft

Let me know if it will delete.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/nuqel.e and bankerfox.a virus

Post by woof132 on 1st January 2010, 9:29 pm

i dont see the folder atyaft in C:\Users\u\AppData\Local

woof132
Novice
Novice

Posts Posts : 29
Joined Joined : 2010-01-01
OS OS : windows vista
Points Points : 25759
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nuqel.e and bankerfox.a virus

Post by woof132 on 1st January 2010, 9:35 pm

woops. i just found it through search. yes it deleted

woof132
Novice
Novice

Posts Posts : 29
Joined Joined : 2010-01-01
OS OS : windows vista
Points Points : 25759
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nuqel.e and bankerfox.a virus

Post by woof132 on 1st January 2010, 9:57 pm

all appears to be well. thanks much

woof132
Novice
Novice

Posts Posts : 29
Joined Joined : 2010-01-01
OS OS : windows vista
Points Points : 25759
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nuqel.e and bankerfox.a virus

Post by Belahzur on 1st January 2010, 10:48 pm

Try running my OTL script again.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum