BankerFox.A Spyware Protect 2009 removal

View previous topic View next topic Go down

BankerFox.A Spyware Protect 2009 removal

Post by swallace99 on 29th January 2010, 12:41 am

Hi, just joined. I have a laptop running windows XP that just got this BankerFox.A issue last night. Similar issues with other posts I have researched here. I cannot access the internet with that laptop, and I saved a mbam-setup file from one of the other posts on this issue. I was able to transfer it to the infected laptop, but get a Win32 error when I try to run setup.exe. Are there any other options to address this considering no internet access and inability to run a save file? thanks in advance for any help.

swallace99
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-01-28
OS OS : Windows XP
Points Points : 25238
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A Spyware Protect 2009 removal

Post by Belahzur on 29th January 2010, 12:51 am

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: BankerFox.A Spyware Protect 2009 removal

Post by swallace99 on 29th January 2010, 1:00 am

Recived OTL.exe is not a valid Win32 application.

swallace99
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-01-28
OS OS : Windows XP
Points Points : 25238
# Likes # Likes : 0

View user profile

Back to top Go down

BankerFox

Post by swallace99 on 3rd February 2010, 6:03 pm

I didn't here anything back on this. Says 'solved' now but I am still at the point I last posted. Is there anything esle I can try?

swallace99
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-01-28
OS OS : Windows XP
Points Points : 25238
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A Spyware Protect 2009 removal

Post by Belahzur on 3rd February 2010, 6:26 pm

Please download exeHelper from one of the two links.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click on exeHelper.com or exeHelper.scr to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: BankerFox.A Spyware Protect 2009 removal

Post by swallace99 on 3rd February 2010, 6:30 pm

should I boot the machine in safe mode or does it not matter?

swallace99
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-01-28
OS OS : Windows XP
Points Points : 25238
# Likes # Likes : 0

View user profile

Back to top Go down

bankerfox

Post by swallace99 on 3rd February 2010, 6:53 pm

Somehow this machine is accessing the net agian. I am working from it now. Ran exehelper and got this:
exeHelper by Raktor
Build 20091220
Run at 13:51:02 on 02/03/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

swallace99
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-01-28
OS OS : Windows XP
Points Points : 25238
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A Spyware Protect 2009 removal

Post by Belahzur on 3rd February 2010, 8:05 pm

Can you run OTL now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: BankerFox.A Spyware Protect 2009 removal

Post by swallace99 on 3rd February 2010, 8:21 pm

No - same error from before when trying to run OTL.

swallace99
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-01-28
OS OS : Windows XP
Points Points : 25238
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A Spyware Protect 2009 removal

Post by Belahzur on 3rd February 2010, 9:24 pm

Hello.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: BankerFox.A Spyware Protect 2009 removal

Post by swallace99 on 3rd February 2010, 9:40 pm

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/7/2009 2:54:38 PM
System Uptime: 2/3/2010 1:43:14 PM (3 hours ago)

Motherboard: Gateway | |
Processor: Intel(R) Celeron(R) M processor 1.50GHz | Socket 478 | 1496/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 37 GiB total, 23.487 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_0216107B&REV_80\3&61AAA01&1&8E
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_0216107B&REV_80\3&61AAA01&1&8E
Service:

==== System Restore Points ===================

RP1: 12/7/2009 2:54:41 PM - System Checkpoint
RP2: 12/7/2009 3:21:40 PM - Software Distribution Service 3.0
RP3: 12/7/2009 3:44:57 PM - Software Distribution Service 3.0
RP4: 12/7/2009 3:58:38 PM - Software Distribution Service 3.0
RP5: 12/7/2009 4:27:36 PM - Software Distribution Service 3.0
RP6: 12/7/2009 4:38:32 PM - Software Distribution Service 3.0
RP7: 12/7/2009 4:57:57 PM - Installed AVG 9.0
RP8: 12/7/2009 6:50:32 PM - Software Distribution Service 3.0
RP9: 12/7/2009 7:41:02 PM - Installed Realtek AC'97 Audio
RP10: 12/7/2009 8:07:14 PM - Software Distribution Service 3.0
RP11: 12/7/2009 8:27:50 PM - Software Distribution Service 3.0
RP12: 12/7/2009 8:31:47 PM - Removed Adobe Reader 6.0
RP13: 12/7/2009 8:39:46 PM - Installed Adobe Reader 9.2.
RP14: 12/8/2009 1:48:40 PM - Avg8 Update
RP15: 12/8/2009 1:48:59 PM - Avg8 Update
RP16: 12/9/2009 5:04:14 PM - System Checkpoint
RP17: 12/10/2009 9:20:58 AM - Avg8 Update
RP18: 12/10/2009 9:21:42 AM - Avg8 Update
RP19: 12/11/2009 10:02:45 AM - System Checkpoint
RP20: 12/12/2009 10:23:06 AM - System Checkpoint
RP21: 12/13/2009 10:27:48 AM - System Checkpoint
RP22: 12/14/2009 11:11:56 AM - System Checkpoint
RP23: 12/15/2009 12:21:10 PM - System Checkpoint
RP24: 12/15/2009 3:49:08 PM - Installed Java(TM) 6 Update 16
RP25: 12/15/2009 3:50:25 PM - Installed OpenOffice.org 3.1
RP26: 12/16/2009 4:26:34 PM - System Checkpoint
RP27: 12/17/2009 1:51:45 PM - Installed Microsoft Office XP Media Content
RP28: 12/17/2009 1:58:51 PM - Installed Microsoft Office XP Professional
RP29: 12/18/2009 2:46:11 PM - System Checkpoint
RP30: 12/19/2009 3:05:39 PM - System Checkpoint
RP31: 12/20/2009 3:47:59 PM - System Checkpoint
RP32: 12/21/2009 4:50:25 PM - System Checkpoint
RP33: 12/22/2009 8:31:43 AM - Avg8 Update
RP34: 12/23/2009 1:09:28 PM - Avg8 Update
RP35: 12/24/2009 1:19:18 PM - System Checkpoint
RP36: 12/25/2009 7:57:19 PM - System Checkpoint
RP37: 12/27/2009 1:46:04 PM - System Checkpoint
RP38: 12/28/2009 9:44:45 PM - System Checkpoint
RP39: 12/30/2009 8:02:09 AM - System Checkpoint
RP40: 12/31/2009 8:35:55 AM - Avg8 Update
RP41: 1/1/2010 1:17:16 PM - System Checkpoint
RP42: 1/2/2010 5:37:37 PM - System Checkpoint
RP43: 1/4/2010 1:46:55 PM - System Checkpoint
RP44: 1/5/2010 5:40:44 PM - System Checkpoint
RP45: 1/7/2010 7:23:08 AM - System Checkpoint
RP46: 1/8/2010 8:26:04 AM - System Checkpoint
RP47: 1/9/2010 8:59:24 AM - System Checkpoint
RP48: 1/10/2010 10:24:30 AM - System Checkpoint
RP49: 1/11/2010 10:42:01 AM - Software Distribution Service 3.0
RP50: 1/12/2010 12:19:05 PM - System Checkpoint
RP51: 1/13/2010 12:33:33 PM - System Checkpoint
RP52: 1/14/2010 4:04:27 PM - System Checkpoint
RP53: 1/15/2010 5:10:43 PM - System Checkpoint
RP54: 1/17/2010 10:05:03 AM - System Checkpoint
RP55: 1/18/2010 9:55:16 AM - Avg8 Update
RP56: 1/19/2010 10:48:55 AM - System Checkpoint
RP57: 1/20/2010 10:55:27 AM - System Checkpoint
RP58: 1/21/2010 11:16:04 AM - System Checkpoint
RP59: 1/22/2010 12:43:28 PM - System Checkpoint
RP60: 1/23/2010 3:24:25 PM - System Checkpoint
RP61: 1/25/2010 11:42:19 AM - System Checkpoint
RP62: 1/26/2010 12:55:44 PM - System Checkpoint
RP63: 1/27/2010 8:59:33 AM - Avg8 Update
RP64: 1/27/2010 4:25:33 PM - Software Distribution Service 3.0
RP65: 2/3/2010 2:32:25 PM - System Checkpoint

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.2
AVG 9.0
BufferChm
Canon Camera Access Library
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Cole2k Media - Codec Pack (Standard) 6.0.8
CreativeProjects
CreativeProjectsTemplates
CueTour
Destinations
Director
Google Toolbar for Internet Explorer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
HP Diagnostic Assistant
HP Image Zone 4.0
HP Software Update
HPSystemDiagnostics
InstantShare
Java(TM) 6 Update 16
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenOffice.org 3.1
Overland
PhotoGallery
Photosmart 320,370,7400,8100,8400 Series
PrintScreen
PS8100
PSPrinters06
QFolder
QuickProjects
Realtek AC'97 Audio
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SkinsHP1
Synaptics Pointing Device Driver
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VIA Rhine-Family Fast-Ethernet Adapter
VIA/S3G Display Driver
WebFldrs XP
WebReg
Windows Backup Utility
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

1/28/2010 7:21:01 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm
1/27/2010 7:14:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
1/27/2010 7:10:09 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/27/2010 7:09:20 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
1/27/2010 7:09:20 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
1/27/2010 7:09:20 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/27/2010 7:09:20 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/27/2010 7:09:20 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
1/27/2010 7:08:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

==== End Of File ===========================

swallace99
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-01-28
OS OS : Windows XP
Points Points : 25238
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A Spyware Protect 2009 removal

Post by swallace99 on 3rd February 2010, 9:42 pm

DDS log:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Scott at 16:37:21.75 on Wed 02/03/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.115 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Scott\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = [You must be registered and logged in to see this link.]
uWindows: load= printman.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [mterkpoe] c:\documents and settings\scott\local settings\application data\dgoybo\lpinsysguard.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [VTTimer] VTTimer.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe
mRun: [mterkpoe] c:\documents and settings\scott\local settings\application data\dgoybo\lpinsysguard.exe
StartupFolder: c:\docume~1\scott\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-12-7 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-7 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-12-7 28424]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-7 360584]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-12-7 906520]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-12-7 285392]

=============== Created Last 30 ================


==================== Find3M ====================

swallace99
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-01-28
OS OS : Windows XP
Points Points : 25238
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A Spyware Protect 2009 removal

Post by Belahzur on 4th February 2010, 12:31 am

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    c:\documents and settings\scott\local settings\application data\dgoybo

    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "mterkpoe"=-
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "mterkpoe"=-
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "load"=-


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: BankerFox.A Spyware Protect 2009 removal

Post by swallace99 on 4th February 2010, 12:54 am

========== FILES ==========
c:\documents and settings\scott\local settings\application data\dgoybo folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\mterkpoe deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\mterkpoe deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load deleted successfully.

OTM by OldTimer - Version 3.1.7.1 log created on 02032010_195057

From the notepad:
========== FILES ==========
c:\documents and settings\scott\local settings\application data\dgoybo folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\mterkpoe deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\mterkpoe deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load deleted successfully.

OTM by OldTimer - Version 3.1.7.1 log created on 02032010_195057

I did NOT hit 'Cleanup' if I was spposed to. Pls let me know.

swallace99
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-01-28
OS OS : Windows XP
Points Points : 25238
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A Spyware Protect 2009 removal

Post by Belahzur on 4th February 2010, 11:46 pm

We can remove OTMoveIt now.

  • Please double-click OTM.exe to run it again.
  • Press the green CleanUp! button.
  • Press Yes cleanup process prompt, do the same for the reboot prompt.
How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: BankerFox.A Spyware Protect 2009 removal

Post by swallace99 on 4th February 2010, 11:51 pm

I got that same otl.exe not a valid win32 application error I got a while back..

swallace99
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-01-28
OS OS : Windows XP
Points Points : 25238
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A Spyware Protect 2009 removal

Post by swallace99 on 4th February 2010, 11:53 pm

I got that same OTL.exe is not a valid WIN32 application I received a while back

swallace99
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-01-28
OS OS : Windows XP
Points Points : 25238
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A Spyware Protect 2009 removal

Post by Belahzur on 5th February 2010, 1:34 am

Delete it and re-download it, can you run it now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: BankerFox.A Spyware Protect 2009 removal

Post by swallace99 on 5th February 2010, 1:57 am

It ran, I did the clean up and rebotoed. Machine is running great! Thanks! Is there anything else I should do to protect from this happening again? I am running AVG and that is it.

swallace99
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-01-28
OS OS : Windows XP
Points Points : 25238
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A Spyware Protect 2009 removal

Post by Belahzur on 5th February 2010, 2:15 am

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum