Bankerfox.a on 2 user accounts, i can only get in as a guest.

View previous topic View next topic Go down

Bankerfox.a on 2 user accounts, i can only get in as a guest.

Post by tamara515 on Thu Feb 18, 2010 10:29 pm

I keep getting a whole lot of pop-ups saying that files are infected. I am not sure what to do, i have been reading about it. Please help me!! Thank you

tamara515
Beginner
Beginner

Status :
Online
Offline

Posts : 4
Joined : 2010-02-18
OS : Windows XP

View user profile

Back to top Go down

Re: Bankerfox.a on 2 user accounts, i can only get in as a guest.

Post by Dr Jay on Thu Feb 18, 2010 11:13 pm

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13713
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Bankerfox.a on 2 user accounts, i can only get in as a guest.

Post by tamara515 on Fri Feb 19, 2010 1:43 am

Thank you for the reply, I have followed your instructions. combofix's log can be found at C:/ComboFix.txt. I installed combofix on my desktop and followed the instructions. I still have not turned my anti-virus or anything back on, please let me know when i can do do. Thank you very much:) Thank You!

tamara515
Beginner
Beginner

Status :
Online
Offline

Posts : 4
Joined : 2010-02-18
OS : Windows XP

View user profile

Back to top Go down

Re: Bankerfox.a on 2 user accounts, i can only get in as a guest.

Post by Dr Jay on Fri Feb 19, 2010 4:44 pm

Did the log launch?

I just need the log contents posted here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13713
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Bankerfox.a on 2 user accounts, i can only get in as a guest.

Post by tamara515 on Fri Feb 19, 2010 6:57 pm

ComboFix 10-02-18.07 - Billy 02/18/2010 19:33:04.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.531 [GMT -6:00]
Running from: c:\documents and settings\Billy\desktop\commy.exe
Command switches used :: /stepdel
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Billy\Local Settings\Application Data\ioulwm
c:\documents and settings\Billy\Local Settings\Application Data\ioulwm\qafmsftav.exe
c:\windows\AegisP.inf
c:\documents and settings\Billy\Local Settings\Application Data\ioulwm\qafmsftav.exe
c:\windows\system32\drivers\1028_DELL_XPS_MM061 .MRK
c:\windows\system32\drivers\DELL_XPS_MM061 .MRK

.
((((((((((((((((((((((((( Files Created from 2010-01-19 to 2010-02-19 )))))))))))))))))))))))))))))))
.

2010-02-18 21:50 . 2010-02-18 21:50 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Threat Expert
2010-02-18 02:11 . 2010-02-18 02:11 -------- d-----w- c:\documents and settings\Billy\Local Settings\Application Data\Threat Expert
2010-02-18 00:41 . 2010-02-18 00:41 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\Threat Expert
2010-02-18 00:37 . 2010-01-21 23:21 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-02-18 00:37 . 2010-01-21 23:21 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-02-18 00:37 . 2010-01-21 23:21 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-02-18 00:37 . 2010-01-21 23:21 767952 ----a-w- c:\windows\BDTSupport.dll
2010-02-18 00:37 . 2009-10-28 07:36 1152444 ----a-w- c:\windows\UDB.zip
2010-02-18 00:37 . 2008-11-26 18:08 131 ----a-w- c:\windows\IDB.zip
2010-02-18 00:29 . 2010-02-05 15:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-02-18 00:29 . 2009-10-06 22:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-02-18 00:29 . 2009-09-23 22:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-02-18 00:28 . 2010-02-05 15:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-18 00:28 . 2010-02-18 13:43 -------- d-----w- c:\program files\Spyware Doctor
2010-02-18 00:28 . 2010-02-18 00:37 -------- d-----w- c:\program files\Common Files\PC Tools
2010-02-18 00:28 . 2010-02-18 00:28 -------- d-----w- c:\documents and settings\owner\Application Data\PC Tools
2010-02-18 00:28 . 2010-02-18 00:28 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-02-18 00:28 . 2010-02-19 01:33 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-17 23:56 . 2010-02-17 23:56 -------- d-----w- c:\program files\Windows Live Safety Center
2010-02-14 03:33 . 2010-02-14 03:33 127903 ----a-w- c:\documents and settings\Billy\Application Data\Move Networks\uninstall.exe
2010-02-14 03:33 . 2010-02-14 03:36 -------- d-----w- c:\documents and settings\Billy\Application Data\Move Networks
2010-02-13 16:01 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-02-13 16:01 . 2009-08-07 01:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-02-13 04:08 . 2010-02-13 04:08 -------- d-----w- c:\program files\QuickTime
2010-02-12 23:35 . 2010-02-12 23:35 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-07 04:05 . 2010-02-07 04:05 -------- d-----w- c:\documents and settings\Billy\Application Data\PokerCreations
2010-02-07 04:02 . 2010-02-16 04:54 -------- d-----w- c:\documents and settings\Billy\Application Data\UFC Poker
2010-02-07 04:02 . 2010-02-07 04:02 -------- d-----w- c:\program files\UFC Poker
2010-02-07 02:38 . 2010-02-07 02:38 -------- d-sh--w- c:\documents and settings\Guest\PrivacIE
2010-02-07 02:38 . 2010-02-18 21:50 -------- d-----w- c:\documents and settings\Guest\Application Data\StumbleUpon
2010-02-06 22:51 . 2010-02-19 00:49 -------- d-----w- c:\documents and settings\owner\Application Data\StumbleUpon
2010-02-04 23:58 . 2010-02-04 23:59 -------- d-----w- c:\documents and settings\Billy\Application Data\StumbleUpon
2010-02-04 23:58 . 2010-02-04 23:58 -------- d-----w- c:\program files\StumbleUpon
2010-02-01 01:30 . 2010-02-17 22:21 -------- dc----w- C:\$AVG8.VAULT$
2010-01-31 21:46 . 2010-01-31 21:46 -------- d-----w- c:\documents and settings\Billy\Local Settings\Application Data\Xenocode
2010-01-31 20:12 . 2010-01-31 20:12 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\WMTools Downloaded Files
2010-01-31 20:11 . 2010-01-31 20:11 12328 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-31 16:52 . 2010-02-17 22:19 -------- d-----w- c:\documents and settings\Billy\Local Settings\Application Data\xqrerl
2010-01-31 16:51 . 2010-01-31 16:51 -------- d-----w- c:\windows\Sun
2010-01-31 16:43 . 2010-01-31 16:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-01-31 16:38 . 2010-01-31 16:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-01-31 03:13 . 2010-02-19 00:50 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\AskToolbar
2010-01-31 02:21 . 2010-01-31 02:21 0 ----a-w- c:\documents and settings\Billy\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2010-01-31 02:06 . 2010-02-01 01:25 -------- d-----w- c:\documents and settings\Billy\Local Settings\Application Data\AskToolbar
2010-01-31 01:51 . 2010-01-31 04:07 -------- d-----w- c:\documents and settings\Billy\Application Data\FrostWire
2010-01-31 01:50 . 2010-01-31 01:50 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-31 01:50 . 2010-01-31 01:50 -------- d-----w- c:\program files\Java
2010-01-31 01:50 . 2010-01-31 01:50 152576 ----a-w- c:\documents and settings\Billy\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2010-01-31 01:48 . 2010-01-31 01:48 -------- d-----w- c:\program files\Ask.com
2010-01-30 16:50 . 2010-01-30 16:50 -------- d-----w- c:\documents and settings\Billy\Local Settings\Application Data\Identities
2010-01-30 16:39 . 2010-01-30 16:39 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\Google
2010-01-30 15:39 . 2010-01-30 15:38 2066200 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2010-01-30 15:39 . 2010-01-30 15:38 3530520 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2010-01-30 07:20 . 2010-01-30 07:20 -------- d-----w- c:\documents and settings\Billy\Application Data\vlc
2010-01-30 06:00 . 2010-01-30 06:00 -------- d-----w- c:\documents and settings\Billy\Local Settings\Application Data\Google
2010-01-30 06:00 . 2010-01-31 16:38 -------- d-----w- c:\program files\Google
2010-01-30 05:59 . 2010-01-30 05:59 1975408 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\GoogleToolbarInstaller_en32_signed.exe
2010-01-30 05:58 . 2010-01-30 15:34 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-01-30 05:15 . 2010-01-30 05:15 115512 ----a-w- c:\documents and settings\owner\Application Data\FCTB000060531\Toolbar\Uninst.exe
2010-01-30 01:11 . 2010-02-18 02:16 12328 ----a-w- c:\documents and settings\Billy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-30 01:08 . 2010-01-30 01:08 -------- d-sh--w- c:\documents and settings\Billy\IECompatCache
2010-01-30 01:07 . 2010-01-30 01:07 -------- d-sh--w- c:\documents and settings\Billy\PrivacIE
2010-01-30 01:06 . 2010-01-30 01:06 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-01-29 22:45 . 2010-01-29 22:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Qwest
2010-01-29 22:45 . 2010-01-29 22:45 -------- d-----w- c:\windows\XSxS
2010-01-29 22:45 . 2010-01-29 22:45 -------- d-----w- c:\program files\Xenocode
2010-01-29 22:45 . 2010-01-29 22:45 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\Xenocode
2010-01-26 19:02 . 2010-01-26 19:02 -------- d-----w- c:\documents and settings\owner\Application Data\vlc
2010-01-26 18:53 . 2010-01-26 18:53 -------- d-sh--w- c:\documents and settings\owner\IECompatCache
2010-01-26 00:59 . 2010-01-26 00:59 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\Identities
2010-01-25 20:20 . 2010-01-25 20:20 1478936 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2010-01-25 20:20 . 2010-01-25 20:20 1143064 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2010-01-25 20:20 . 2010-01-25 20:19 759064 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
2010-01-25 20:20 . 2010-01-25 20:19 587032 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgiproxy.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-18 01:58 . 2009-09-30 16:38 12328 -c--a-w- c:\documents and settings\owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-14 03:33 . 2009-05-27 23:29 4183416 ----a-w- c:\documents and settings\Billy\Application Data\Move Networks\plugins\npqmp071502000008.dll
2010-01-06 22:39 . 2010-01-30 05:20 1477 ----a-w- c:\documents and settings\Billy\Application Data\FCTB000060531\Toolbar\patch.bat
2010-01-06 22:39 . 2010-01-30 05:15 1477 ----a-w- c:\documents and settings\owner\Application Data\FCTB000060531\Toolbar\patch.bat
2010-01-06 19:47 . 2009-09-30 18:05 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-06 19:47 . 2009-09-30 18:05 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-06 19:47 . 2009-09-30 18:05 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-31 16:50 . 2008-04-14 06:45 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2008-04-14 11:42 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2009-09-28 22:00 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2008-04-14 11:41 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2008-04-14 06:54 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2008-04-14 00:01 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2008-04-14 06:47 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-03 07:11 . 2010-01-31 03:32 394240 ----a-w- c:\documents and settings\Guest\Application Data\FCTB000060531\Toolbar\emailchecker_plugin.dll
2009-12-03 07:11 . 2010-01-30 05:20 394240 ----a-w- c:\documents and settings\Billy\Application Data\FCTB000060531\Toolbar\emailchecker_plugin.dll
2009-12-03 07:11 . 2010-01-30 05:15 394240 ----a-w- c:\documents and settings\owner\Application Data\FCTB000060531\Toolbar\emailchecker_plugin.dll
2009-11-28 05:36 . 2010-01-31 03:32 371200 ----a-w- c:\documents and settings\Guest\Application Data\FCTB000060531\Toolbar\RSSReader_plugin.dll
2009-11-28 05:36 . 2010-01-30 05:20 371200 ----a-w- c:\documents and settings\Billy\Application Data\FCTB000060531\Toolbar\RSSReader_plugin.dll
2009-11-28 05:36 . 2010-01-30 05:15 371200 ----a-w- c:\documents and settings\owner\Application Data\FCTB000060531\Toolbar\RSSReader_plugin.dll
2009-11-27 17:11 . 2008-04-14 11:42 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2008-04-14 05:42 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2001-08-23 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2008-04-14 11:42 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2008-04-14 11:41 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2008-04-14 05:41 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-21 15:51 . 2008-04-14 11:41 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-11-19 00:40 1196936 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC78E410-0EFA-4BEC-B283-D1DB1922F420}]
2010-01-30 05:15 1445888 ----a-w- c:\program files\CoolChaser Layout Auto Insert\Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B0208007-27C1-4BCD-93EF-EFF5DB61FC22}"= "c:\program files\CoolChaser Layout Auto Insert\Toolbar.dll" [2010-01-30 1445888]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-11-19 1196936]

[HKEY_CLASSES_ROOT\clsid\{b0208007-27c1-4bcd-93ef-eff5db61fc22}]
[HKEY_CLASSES_ROOT\FCTB000060531.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{80E55E64-0B78-4AA3-B48A-6CBF0536832A}]
[HKEY_CLASSES_ROOT\FCTB000060531.IEToolbar]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B0208007-27C1-4BCD-93EF-EFF5DB61FC22}"= "c:\program files\CoolChaser Layout Auto Insert\Toolbar.dll" [2010-01-30 1445888]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-11-19 1196936]

[HKEY_CLASSES_ROOT\clsid\{b0208007-27c1-4bcd-93ef-eff5db61fc22}]
[HKEY_CLASSES_ROOT\FCTB000060531.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{80E55E64-0B78-4AA3-B48A-6CBF0536832A}]
[HKEY_CLASSES_ROOT\FCTB000060531.IEToolbar]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-02-13 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-01-06 19:47 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
2010-01-30 15:38 2043160 ----a-w- c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 11:42 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2007-10-08 19:13 1101824 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2007-10-08 19:18 995328 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-05-10 15:22 405504 ----a-w- c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-01-30 06:00 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-03-08 17:48 761947 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\CoolChaser Layout Auto Insert\\TroubleShooter.exe"=
"c:\\Program Files\\CoolChaser Layout Auto Insert\\ToolbarUpdate.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2/17/2010 6:29 PM 207280]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/30/2009 12:05 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/30/2009 12:05 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/30/2009 12:04 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/30/2009 12:04 PM 297752]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2/17/2010 6:37 PM 112592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2010 10:38 AM 135664]
S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\StumbleUpon\StumbleUponUpdateService.exe [12/8/2009 4:41 PM 120232]
.
Contents of the 'Scheduled Tasks' folder

2010-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 16:38]

2010-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 16:38]

2010-02-19 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-11-19 00:40]

2010-02-19 c:\windows\Tasks\User_Feed_Synchronization-{04D9CD86-57E2-4EB5-8DC0-E926614F6D87}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]

2010-02-19 c:\windows\Tasks\User_Feed_Synchronization-{50381236-D4BE-4455-8C52-E7B5BBE8B168}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKCU-Run-huutcopu - c:\documents and settings\Billy\Local Settings\Application Data\ioulwm\qafmsftav.exe
HKLM-Run-huutcopu - c:\documents and settings\Billy\Local Settings\Application Data\ioulwm\qafmsftav.exe
MSConfigStartUp-qvwcuhfj - c:\documents and settings\Billy\Local Settings\Application Data\xqrerl\mvrgsysguard.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-02-18 19:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(968)
c:\windows\System32\BCMLogon.dll
c:\windows\system32\netprovcredman.dll
c:\windows\system32\igfxdev.dll

- - - - - - - > 'winlogon.exe'(2736)
c:\windows\System32\BCMLogon.dll
c:\windows\system32\netprovcredman.dll

- - - - - - - > 'lsass.exe'(1024)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2010-02-18 19:38:54
ComboFix-quarantined-files.txt 2010-02-19 01:38

Pre-Run: 71,237,431,296 bytes free
Post-Run: 71,624,753,152 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 1883A763E83D53F28F01D0A96F6A70A9

tamara515
Beginner
Beginner

Status :
Online
Offline

Posts : 4
Joined : 2010-02-18
OS : Windows XP

View user profile

Back to top Go down

Re: Bankerfox.a on 2 user accounts, i can only get in as a guest.

Post by Dr Jay on Fri Feb 19, 2010 8:32 pm

Please download [You must be registered and logged in to see this link.], and save to your Desktop.
  • Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
  • Double-click on Cheetah-Anti-Rogue.cmd to start.
  • It will finish quickly and launch a log.
  • Post the contents of it in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13713
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Bankerfox.a on 2 user accounts, i can only get in as a guest.

Post by tamara515 on Fri Feb 19, 2010 9:52 pm

I am not sure what happened, but it is not longer doing this anymore.

tamara515
Beginner
Beginner

Status :
Online
Offline

Posts : 4
Joined : 2010-02-18
OS : Windows XP

View user profile

Back to top Go down

Re: Bankerfox.a on 2 user accounts, i can only get in as a guest.

Post by Dr Jay on Fri Feb 19, 2010 10:12 pm

Doing what?

If you post a log, I can check for sure. I would like to make sure your computer is clean, and your computer is very secure.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13713
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Bankerfox.a on 2 user accounts, i can only get in as a guest.

Post by Dr Jay on Wed Feb 24, 2010 6:16 pm

Still with us? If so, please do the following:

Please download DDS by sUBs from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.] and save it to your Desktop.

Note: Before scanning, make sure all other running programs are closed. There shouldn't be any scheduled antivirus scans running while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click Yes to the Optional_Scan
  • Please follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your Desktop.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13713
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum