win32/nugel.e removal

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

Re: win32/nugel.e removal

Post by chuckmac on Wed Mar 10, 2010 1:27 pm

Did you overlook the fact that you had me uninstall ComboFix? I was going to reinstall it using the directions you originally gave me for the installation process but I thought I'd better ask first.

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25441
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by Belahzur on Wed Mar 10, 2010 10:06 pm

Sorry about that, yes, re-download Combofix to run my new script. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by chuckmac on Thu Mar 11, 2010 5:25 am

I hope I understood you right. I didn't understand the meaning of "Your new Script". I took that as that you wanted me to post a new set of log files. By the way when you said drag the CFScript.txt into the ComboFix.exe file, the file that came up on my desktop when I downloaded ComboFix (Combo-Fix) was identified only as Combo-Fix not ComboFix.exe. Anyway I drug the CFScript.txt file into the Combo-Fix file and the following log is what resulted. Sorry I'm not understanding any better than I am.

SecCenter::
{2C4D4BC6-0793-4956-A9F9-E252435469C0}

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25441
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by chuckmac on Thu Mar 11, 2010 5:28 am

That SECCenter shouldn't be there I forgot to highlight the log before I pasted it. Here it is

ComboFix 10-03-10.04 - Owner 03/10/2010 23:43:27.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1406.630 [GMT -5:00]
Running from: c:\documents and settings\Owner.ChucksMachine1\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Defender Pro Internet Security *On-access scanning enabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Defender Pro Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((( Files Created from 2010-02-11 to 2010-03-11 )))))))))))))))))))))))))))))))
.

2010-03-09 22:00 . 2010-03-09 22:01 -------- d-----w- C:\Combo-Fix
2010-03-09 21:43 . 2009-12-11 23:05 3613560 ----a-w- c:\documents and settings\Owner.ChucksMachine1\Application Data\Simply Super Software\Trojan Remover\qgp5.exe
2010-03-09 20:51 . 2010-03-09 20:51 -------- d-----w- c:\program files\Common Files\Java
2010-03-09 20:50 . 2010-03-09 20:50 -------- d-----w- c:\program files\Sun
2010-03-09 20:50 . 2010-03-09 20:50 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-08 18:33 . 2010-03-08 18:33 -------- d-----w- c:\program files\Trojan Remover
2010-03-08 18:33 . 2010-03-08 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-03-07 05:33 . 2010-03-07 05:33 -------- d-----w- c:\documents and settings\Owner.ChucksMachine1\Application Data\Malwarebytes
2010-03-07 05:33 . 2010-03-07 05:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-10 20:32 . 2008-05-30 12:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-03-09 21:47 . 2009-12-28 23:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-09 21:41 . 2007-06-07 13:24 -------- d-----w- c:\documents and settings\Owner.ChucksMachine1\Application Data\Skype
2010-03-09 20:50 . 2006-09-07 16:08 -------- d-----w- c:\program files\Java
2010-03-04 18:07 . 2008-05-22 12:29 -------- d-----w- c:\program files\Quicken
2010-03-04 04:52 . 2009-12-28 23:14 -------- d-----w- c:\documents and settings\Owner.ChucksMachine1\Application Data\Simply Super Software
2010-03-03 14:58 . 2009-02-10 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-02-11 18:12 . 2009-10-02 03:14 -------- d-----w- c:\documents and settings\Owner.ChucksMachine1\Application Data\Audacity
2010-02-08 14:44 . 2009-01-10 15:24 -------- d-----w- c:\program files\FinePixViewer
2010-02-08 13:51 . 2006-09-07 16:02 -------- d-----w- c:\program files\Google
2010-01-21 15:02 . 2010-01-21 15:02 50354 ----a-w- c:\documents and settings\Owner.ChucksMachine1\Application Data\Facebook\uninstall.exe
2010-01-21 15:02 . 2010-01-21 15:02 -------- d-----w- c:\documents and settings\Owner.ChucksMachine1\Application Data\Facebook
2010-01-14 22:42 . 2006-09-07 16:12 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-05 10:00 . 2006-06-17 09:23 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2006-06-17 09:23 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2006-06-17 09:23 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2006-06-17 09:23 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-17 06:50 . 2009-12-17 06:50 847040 ----a-w- c:\documents and settings\Owner.ChucksMachine1\Application Data\Facebook\axfbootloader.dll
2009-12-17 06:49 . 2009-12-17 06:49 5562368 ----a-w- c:\documents and settings\Owner.ChucksMachine1\Application Data\Facebook\npfbplugin_1_0_0.dll
2009-12-16 18:43 . 2006-06-17 09:35 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2006-06-17 09:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-11 23:05 . 2010-01-11 20:58 3613560 ----a-w- c:\documents and settings\Owner.ChucksMachine1\Application Data\Simply Super Software\Trojan Remover\rre6D0.exe
2009-04-30 14:00 . 2007-03-06 14:13 768 -c--a-w- c:\program files\MySetup.DK
2009-04-30 14:00 . 2007-03-06 14:10 56 -c--a-w- c:\program files\DEFAULT.BBC
2009-04-30 14:00 . 2007-03-06 14:10 43899 -c--a-w- c:\program files\intrface.bbw
2009-04-30 14:00 . 2007-03-06 14:10 3200 -c--a-w- c:\program files\DEFAULT.ALI
2009-04-30 14:00 . 2007-05-19 17:09 81845 -c-ha-w- c:\program files\bbw.GID
2009-02-10 21:05 . 2009-02-10 21:05 499 -c--a-w- c:\program files\ActivationFile.htm
2008-01-04 15:27 . 2008-01-04 15:26 11949 -c--a-w- c:\program files\01018651.cab
2007-10-29 14:40 . 2007-10-29 14:40 193 -c--a-w- c:\program files\labeler.dpf
2007-07-25 18:46 . 2007-07-25 18:46 301692 -c--a-w- c:\program files\labeler.chm
2007-05-21 12:38 . 2007-05-21 12:38 16663 -c--a-w- c:\program files\bumminez.sty
2007-05-19 19:51 . 2007-05-19 19:51 1571504 -c--a-w- c:\program files\BBW.LSW
2007-05-14 20:48 . 2007-05-14 20:42 188 -c--a-w- c:\program files\$MIDIMON.cfg
2007-03-06 14:08 . 2002-02-10 07:00 72748 ----a-w- c:\program files\unins000.exe
2007-02-12 15:33 . 2007-02-12 15:33 221184 -c--a-w- c:\program files\db1.mdb
2004-10-25 16:54 . 2004-10-25 16:54 456 -c--a-w- c:\program files\welcome.zdw
2004-10-25 16:54 . 2004-10-25 16:54 348896 -c--a-w- c:\program files\SPLASHHI.BMP
2004-10-25 16:54 . 2004-10-25 16:54 117356 -c--a-w- c:\program files\SPLASHLO.BMP
2003-03-13 20:58 . 2003-03-13 20:58 3354896 -c--a-w- c:\program files\BBW.EXE
2003-02-11 04:12 . 2003-02-11 04:12 729600 -c--a-w- c:\program files\g32.exe
2002-11-28 17:33 . 2002-11-28 18:33 78336 -c--a-w- c:\program files\BBW.TPB
2002-11-28 17:24 . 2002-11-28 18:24 58234 -c--a-w- c:\program files\BBW.TIP
2002-11-27 19:15 . 2002-11-27 19:15 717824 -c--a-w- c:\program files\f32.exe
2002-11-27 06:48 . 2002-11-27 07:48 414752 -c--a-w- c:\program files\BBW.LST
2002-11-26 08:07 . 2002-11-26 08:07 2901589 -c--a-w- c:\program files\bbw.hlp
2002-11-26 07:42 . 2002-11-26 07:42 21357 -c--a-w- c:\program files\bbw.cnt
2002-11-26 03:00 . 2002-11-26 04:00 63488 -c--a-w- c:\program files\DEFAULT.SOL
2002-11-26 00:31 . 2002-11-26 00:31 545280 -c--a-w- c:\program files\miniburn.exe
2002-11-25 14:35 . 2002-11-25 15:35 5234337 -c--a-w- c:\program files\BB12upgrade.pdf
2002-11-24 21:32 . 2002-11-24 21:32 25659 -c--a-w- c:\program files\CREEDNCE.STY
2002-11-24 21:21 . 2002-11-24 21:21 9609 -c--a-w- c:\program files\L~BOSA4U.STY
2002-11-24 18:15 . 2002-11-24 18:15 26299 -c--a-w- c:\program files\JAZFOURC.STY
2002-11-24 18:11 . 2002-11-24 18:11 24779 -c--a-w- c:\program files\JAZFOURB.STY
2002-11-24 18:07 . 2002-11-24 18:07 20446 -c--a-w- c:\program files\JAZFOURA.STY
2002-11-22 23:13 . 2002-11-22 23:13 12479 -c--a-w- c:\program files\UKE_FAST.STY
2002-11-22 22:25 . 2002-11-22 22:25 15500 -c--a-w- c:\program files\MANDOLIN.STY
2002-11-22 21:39 . 2002-11-22 21:39 17013 -c--a-w- c:\program files\12ST&BAN.STY
2002-11-22 20:34 . 2002-11-22 20:34 18761 -c--a-w- c:\program files\BANJ&MAN.STY
2002-11-22 20:19 . 2002-11-22 20:19 23992 -c--a-w- c:\program files\BLUGRAS5.STY
2002-11-22 19:43 . 2002-11-22 19:43 8084 -c--a-w- c:\program files\SOLO_UKE.STY
2002-11-22 19:39 . 2002-11-22 19:39 9556 -c--a-w- c:\program files\UKE&BASS.STY
2002-11-22 19:26 . 2002-11-22 20:26 5327 -c--a-w- c:\program files\v_test.MGU
2002-11-22 01:37 . 2002-11-22 01:37 10773 -c--a-w- c:\program files\LOTUS.STY
2002-11-21 23:16 . 2002-11-21 23:16 14112 -c--a-w- c:\program files\GOSSAMER.STY
2002-11-21 23:06 . 2002-11-21 23:06 22666 -c--a-w- c:\program files\JOHNBAL.STY
2002-11-21 16:23 . 2002-11-21 17:23 29791 -c--a-w- c:\program files\CHUKSHUF.STY
2002-11-21 16:21 . 2002-11-21 17:21 8672 -c--a-w- c:\program files\CHUKSHUF.MGU
2002-11-20 04:14 . 2002-11-20 05:14 21278 -c--a-w- c:\program files\viol_sav.sty
2002-11-20 03:56 . 2002-11-20 04:56 343434 -c--a-w- c:\program files\MiniBurnHelp.hlp
2002-11-15 21:51 . 2002-11-15 21:51 15401 -c--a-w- c:\program files\SWING~EZ.STY
2002-11-15 21:22 . 2002-11-15 21:22 19825 -c--a-w- c:\program files\J~BREEZY.STY
2002-11-15 20:41 . 2002-11-15 21:41 8124 -c--a-w- c:\program files\GARNER~.MGU
2002-11-15 20:07 . 2002-11-15 21:07 15410 -c--a-w- c:\program files\GARNER~.STY
2002-11-14 18:56 . 2002-11-14 18:56 15756 -c--a-w- c:\program files\MILITARY.STY
2002-11-14 18:51 . 2002-11-14 18:51 13753 -c--a-w- c:\program files\J~GITWLZ.STY
2002-11-14 18:48 . 2002-11-14 18:48 22621 -c--a-w- c:\program files\JOHNLEN.STY
2002-11-14 18:21 . 2002-11-14 19:21 5826 -c--a-w- c:\program files\JAZFOURS.MGU
2002-11-14 18:19 . 2002-11-14 18:19 17098 -c--a-w- c:\program files\HAWAISLO.STY
2002-11-14 17:51 . 2002-11-14 18:51 20075 -c--a-w- c:\program files\J~BAS&BR.MGU
2002-11-14 17:46 . 2002-11-14 18:46 19099 -c--a-w- c:\program files\JAZFOURS.STY
2002-11-14 17:42 . 2002-11-14 17:42 18521 -c--a-w- c:\program files\CAMPFIRE.STY
2002-11-14 17:39 . 2002-11-14 17:39 25110 -c--a-w- c:\program files\BO_D.STY
2002-11-14 16:37 . 2002-11-14 17:37 28849 -c--a-w- c:\program files\BEEBROK5.STY
2002-11-14 16:32 . 2002-11-14 17:32 29713 -c--a-w- c:\program files\BEEBROK4.STY
2002-11-13 22:55 . 2002-11-13 22:55 16189 -c--a-w- c:\program files\P_NEILD1.STY
2002-11-13 20:49 . 2002-11-13 20:49 20531 -c--a-w- c:\program files\COZY_SW.STY
2002-11-13 06:55 . 2002-11-13 06:55 9252 -c--a-w- c:\program files\DRUMSOLJ.STY
2002-11-13 05:03 . 2002-11-13 06:03 9490 -c--a-w- c:\program files\J~BAS&BR.STY
2002-11-12 06:44 . 2002-11-12 06:44 30093 -c--a-w- c:\program files\DREAM.STY
2002-11-12 06:02 . 2002-11-12 06:02 38902 -c--a-w- c:\program files\BIGBAND1.STY
2002-11-12 05:37 . 2002-11-12 05:37 19870 -c--a-w- c:\program files\JOHNNYH.STY
2002-11-08 01:17 . 2002-11-08 01:17 12877 -c--a-w- c:\program files\POP_SADE.STY
2002-11-08 01:01 . 2002-11-08 01:01 5572 -c--a-w- c:\program files\ROKTRIO1.STY
2002-11-06 23:37 . 2002-11-06 23:37 21449 -c--a-w- c:\program files\DIXIDUKE.STY
2002-11-06 03:50 . 2002-11-06 03:50 468992 -c--a-w- c:\program files\MIDIConv.exe
2002-10-27 02:52 . 2002-10-27 03:52 13556 -c--a-w- c:\program files\Night_t.MGU
2002-10-25 08:39 . 2002-10-25 09:39 516096 -c--a-w- c:\program files\CDWriterXP.ocx
2002-08-16 18:04 . 2002-08-16 19:04 15167 -c--a-w- c:\program files\J!~HOAGY.STY
2002-08-16 18:04 . 2002-08-16 19:04 12765 -c--a-w- c:\program files\J!~HOAGY.MGU
2010-02-26 11:43 . 2010-02-26 11:39 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-05-18 23423528]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-01-18 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-18 217088]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-18 458752]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"CHotkey"="zHotkey.exe" [2004-12-09 550912]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-26 536576]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-07-30 497000]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]
"DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-26 30192]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-10-18 1070984]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-22 12:52 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 3.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ExifLauncher2.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-29 03:37 413696 -c--a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-04-17 22:34 16143872 -c--a-w- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\StubInstaller.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Roxio\\Digital Home 10\\RoxioUpnpService10.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [3/3/2008 1:51 PM 39472]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/10/2009 5:53 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/10/2009 5:53 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/10/2009 5:53 PM 297752]
R2 MELCS;MailEnable List Connector;c:\program files\Mail Enable\Bin\MELSC.exe [11/24/2006 9:12 AM 155648]
R2 MEMTAS;MailEnable Mail Transfer Agent;c:\program files\Mail Enable\Bin\MEMTA.exe [11/24/2006 9:12 AM 163840]
R2 MEPOCS;MailEnable Postoffice Connector;c:\program files\Mail Enable\Bin\MEPOC.exe [11/24/2006 9:12 AM 434236]
R2 MEPOPS;MailEnable POP Service;c:\program files\Mail Enable\Bin\MEPOPS.exe [11/24/2006 9:12 AM 212992]
R2 MESMTPCS;MailEnable SMTP Connector;c:\program files\Mail Enable\Bin\MESMTPC.exe [11/24/2006 9:12 AM 458752]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [8/24/2007 2:53 PM 362992]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [8/24/2007 2:52 PM 166384]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [8/24/2007 2:52 PM 1083888]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/7/2010 8:43 AM 135664]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [8/24/2007 2:52 PM 309744]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/26/2010 6:39 AM 30192]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [8/24/2007 2:53 PM 72176]
.
Contents of the 'Scheduled Tasks' folder

2010-02-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]

2009-10-17 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.1.0.13\DriverRobot.exe [2009-10-17 02:35]

2010-03-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-01 22:25]

2010-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 13:43]

2010-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 13:43]

2006-11-23 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-06-17 00:12]

2006-11-23 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-06-17 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Owner.ChucksMachine1\Application Data\Mozilla\Firefox\Profiles\2jcs7d77.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Owner.ChucksMachine1\Application Data\Facebook\npfbplugin_1_0_0.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-03-10 23:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(552)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(644)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\progra~1\TROJAN~1\Trshlex.dll
c:\program files\Roxio\Virtual Drive 10\DC_ShellExt.dll
c:\program files\Common Files\Roxio Shared\10.0\DLLShared\CDRAL.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCP80.dll
c:\windows\system32\xpsp1res.dll
.
Completion time: 2010-03-10 23:52:52
ComboFix-quarantined-files.txt 2010-03-11 04:52
ComboFix2.txt 2010-03-08 23:01

Pre-Run: 94,194,929,664 bytes free
Post-Run: 94,147,162,112 bytes free

- - End Of File - - 7D9B44F98CBB29917AD5E6ED317FEA9E

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25441
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by chuckmac on Thu Mar 11, 2010 5:30 am

Anyway I believe we were addressing the Defender Pro Backup removal.

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25441
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by Belahzur on Thu Mar 11, 2010 9:06 pm

Hello.
Did you do that right? Combofix says it was run normally, not by CFScript.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by chuckmac on Thu Mar 11, 2010 11:53 pm

I went back and followed your directions carefully. The cat icon is on my desktop. That is where I drug/dragged the CFScript file that created the last log file post. I checked the Combo-fix file (the cat Icon) for size to be sure that it was the 3.7 mb that it was as it showed up in the download execute file. I thought it might have what I did last time embedded in it sense I had Dragged the CFScript into it already, the size was still 3.7mb. Anyway I copied and pasted the script in the notebox you created and saved it as CFScript.txt as you suggested, on my desktop, then dragged it into the cat Icon and the following log file is what it created.

ComboFix 10-03-11.02 - Owner 03/11/2010 18:24:56.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1406.600 [GMT -5:00]
Running from: c:\documents and settings\Owner.ChucksMachine1\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner.ChucksMachine1\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-02-11 to 2010-03-11 )))))))))))))))))))))))))))))))
.

2010-03-11 18:30 . 2010-03-11 18:30 503808 ----a-w- c:\documents and settings\Owner.ChucksMachine1\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-117d9d41-n\msvcp71.dll
2010-03-11 18:30 . 2010-03-11 18:30 499712 ----a-w- c:\documents and settings\Owner.ChucksMachine1\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-117d9d41-n\jmc.dll
2010-03-11 18:30 . 2010-03-11 18:30 348160 ----a-w- c:\documents and settings\Owner.ChucksMachine1\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-117d9d41-n\msvcr71.dll
2010-03-11 18:30 . 2010-03-11 18:30 61440 ----a-w- c:\documents and settings\Owner.ChucksMachine1\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3abbd92e-n\decora-sse.dll
2010-03-11 18:30 . 2010-03-11 18:30 12800 ----a-w- c:\documents and settings\Owner.ChucksMachine1\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3abbd92e-n\decora-d3d.dll
2010-03-11 05:08 . 2010-03-11 05:16 -------- d-----w- C:\Combo-Fix15381C
2010-03-11 04:41 . 2010-03-11 04:52 -------- d-----w- C:\Combo-Fix31896C
2010-03-09 22:00 . 2010-03-09 22:01 -------- d-----w- C:\Combo-Fix
2010-03-09 21:43 . 2009-12-11 23:05 3613560 ----a-w- c:\documents and settings\Owner.ChucksMachine1\Application Data\Simply Super Software\Trojan Remover\qgp5.exe
2010-03-09 20:51 . 2010-03-09 20:51 -------- d-----w- c:\program files\Common Files\Java
2010-03-09 20:50 . 2010-03-09 20:50 -------- d-----w- c:\program files\Sun
2010-03-09 20:50 . 2010-03-09 20:50 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-08 18:33 . 2010-03-08 18:33 -------- d-----w- c:\program files\Trojan Remover
2010-03-08 18:33 . 2010-03-08 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-03-07 05:33 . 2010-03-07 05:33 -------- d-----w- c:\documents and settings\Owner.ChucksMachine1\Application Data\Malwarebytes
2010-03-07 05:33 . 2010-03-07 05:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-11 23:02 . 2008-05-30 12:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-03-11 14:06 . 2007-06-07 13:24 -------- d-----w- c:\documents and settings\Owner.ChucksMachine1\Application Data\Skype
2010-03-09 21:47 . 2009-12-28 23:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-09 20:50 . 2006-09-07 16:08 -------- d-----w- c:\program files\Java
2010-03-04 18:07 . 2008-05-22 12:29 -------- d-----w- c:\program files\Quicken
2010-03-04 04:52 . 2009-12-28 23:14 -------- d-----w- c:\documents and settings\Owner.ChucksMachine1\Application Data\Simply Super Software
2010-03-03 14:58 . 2009-02-10 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-02-11 18:12 . 2009-10-02 03:14 -------- d-----w- c:\documents and settings\Owner.ChucksMachine1\Application Data\Audacity
2010-02-08 14:44 . 2009-01-10 15:24 -------- d-----w- c:\program files\FinePixViewer
2010-02-08 13:51 . 2006-09-07 16:02 -------- d-----w- c:\program files\Google
2010-01-21 15:02 . 2010-01-21 15:02 50354 ----a-w- c:\documents and settings\Owner.ChucksMachine1\Application Data\Facebook\uninstall.exe
2010-01-21 15:02 . 2010-01-21 15:02 -------- d-----w- c:\documents and settings\Owner.ChucksMachine1\Application Data\Facebook
2010-01-14 22:42 . 2006-09-07 16:12 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-05 10:00 . 2006-06-17 09:23 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2006-06-17 09:23 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2006-06-17 09:23 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2006-06-17 09:23 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-17 06:50 . 2009-12-17 06:50 847040 ----a-w- c:\documents and settings\Owner.ChucksMachine1\Application Data\Facebook\axfbootloader.dll
2009-12-17 06:49 . 2009-12-17 06:49 5562368 ----a-w- c:\documents and settings\Owner.ChucksMachine1\Application Data\Facebook\npfbplugin_1_0_0.dll
2009-12-16 18:43 . 2006-06-17 09:35 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2006-06-17 09:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-04-30 14:00 . 2007-03-06 14:13 768 -c--a-w- c:\program files\MySetup.DK
2009-04-30 14:00 . 2007-03-06 14:10 56 -c--a-w- c:\program files\DEFAULT.BBC
2009-04-30 14:00 . 2007-03-06 14:10 43899 -c--a-w- c:\program files\intrface.bbw
2009-04-30 14:00 . 2007-03-06 14:10 3200 -c--a-w- c:\program files\DEFAULT.ALI
2009-04-30 14:00 . 2007-05-19 17:09 81845 -c-ha-w- c:\program files\bbw.GID
2009-02-10 21:05 . 2009-02-10 21:05 499 -c--a-w- c:\program files\ActivationFile.htm
2008-01-04 15:27 . 2008-01-04 15:26 11949 -c--a-w- c:\program files\01018651.cab
2007-10-29 14:40 . 2007-10-29 14:40 193 -c--a-w- c:\program files\labeler.dpf
2007-07-25 18:46 . 2007-07-25 18:46 301692 -c--a-w- c:\program files\labeler.chm
2007-05-21 12:38 . 2007-05-21 12:38 16663 -c--a-w- c:\program files\bumminez.sty
2007-05-19 19:51 . 2007-05-19 19:51 1571504 -c--a-w- c:\program files\BBW.LSW
2007-05-14 20:48 . 2007-05-14 20:42 188 -c--a-w- c:\program files\$MIDIMON.cfg
2007-03-06 14:08 . 2002-02-10 07:00 72748 ----a-w- c:\program files\unins000.exe
2007-02-12 15:33 . 2007-02-12 15:33 221184 -c--a-w- c:\program files\db1.mdb
2004-10-25 16:54 . 2004-10-25 16:54 456 -c--a-w- c:\program files\welcome.zdw
2004-10-25 16:54 . 2004-10-25 16:54 348896 -c--a-w- c:\program files\SPLASHHI.BMP
2004-10-25 16:54 . 2004-10-25 16:54 117356 -c--a-w- c:\program files\SPLASHLO.BMP
2003-03-13 20:58 . 2003-03-13 20:58 3354896 -c--a-w- c:\program files\BBW.EXE
2003-02-11 04:12 . 2003-02-11 04:12 729600 -c--a-w- c:\program files\g32.exe
2002-11-28 17:33 . 2002-11-28 18:33 78336 -c--a-w- c:\program files\BBW.TPB
2002-11-28 17:24 . 2002-11-28 18:24 58234 -c--a-w- c:\program files\BBW.TIP
2002-11-27 19:15 . 2002-11-27 19:15 717824 -c--a-w- c:\program files\f32.exe
2002-11-27 06:48 . 2002-11-27 07:48 414752 -c--a-w- c:\program files\BBW.LST
2002-11-26 08:07 . 2002-11-26 08:07 2901589 -c--a-w- c:\program files\bbw.hlp
2002-11-26 07:42 . 2002-11-26 07:42 21357 -c--a-w- c:\program files\bbw.cnt
2002-11-26 03:00 . 2002-11-26 04:00 63488 -c--a-w- c:\program files\DEFAULT.SOL
2002-11-26 00:31 . 2002-11-26 00:31 545280 -c--a-w- c:\program files\miniburn.exe
2002-11-25 14:35 . 2002-11-25 15:35 5234337 -c--a-w- c:\program files\BB12upgrade.pdf
2002-11-24 21:32 . 2002-11-24 21:32 25659 -c--a-w- c:\program files\CREEDNCE.STY
2002-11-24 21:21 . 2002-11-24 21:21 9609 -c--a-w- c:\program files\L~BOSA4U.STY
2002-11-24 18:15 . 2002-11-24 18:15 26299 -c--a-w- c:\program files\JAZFOURC.STY
2002-11-24 18:11 . 2002-11-24 18:11 24779 -c--a-w- c:\program files\JAZFOURB.STY
2002-11-24 18:07 . 2002-11-24 18:07 20446 -c--a-w- c:\program files\JAZFOURA.STY
2002-11-22 23:13 . 2002-11-22 23:13 12479 -c--a-w- c:\program files\UKE_FAST.STY
2002-11-22 22:25 . 2002-11-22 22:25 15500 -c--a-w- c:\program files\MANDOLIN.STY
2002-11-22 21:39 . 2002-11-22 21:39 17013 -c--a-w- c:\program files\12ST&BAN.STY
2002-11-22 20:34 . 2002-11-22 20:34 18761 -c--a-w- c:\program files\BANJ&MAN.STY
2002-11-22 20:19 . 2002-11-22 20:19 23992 -c--a-w- c:\program files\BLUGRAS5.STY
2002-11-22 19:43 . 2002-11-22 19:43 8084 -c--a-w- c:\program files\SOLO_UKE.STY
2002-11-22 19:39 . 2002-11-22 19:39 9556 -c--a-w- c:\program files\UKE&BASS.STY
2002-11-22 19:26 . 2002-11-22 20:26 5327 -c--a-w- c:\program files\v_test.MGU
2002-11-22 01:37 . 2002-11-22 01:37 10773 -c--a-w- c:\program files\LOTUS.STY
2002-11-21 23:16 . 2002-11-21 23:16 14112 -c--a-w- c:\program files\GOSSAMER.STY
2002-11-21 23:06 . 2002-11-21 23:06 22666 -c--a-w- c:\program files\JOHNBAL.STY
2002-11-21 16:23 . 2002-11-21 17:23 29791 -c--a-w- c:\program files\CHUKSHUF.STY
2002-11-21 16:21 . 2002-11-21 17:21 8672 -c--a-w- c:\program files\CHUKSHUF.MGU
2002-11-20 04:14 . 2002-11-20 05:14 21278 -c--a-w- c:\program files\viol_sav.sty
2002-11-20 03:56 . 2002-11-20 04:56 343434 -c--a-w- c:\program files\MiniBurnHelp.hlp
2002-11-15 21:51 . 2002-11-15 21:51 15401 -c--a-w- c:\program files\SWING~EZ.STY
2002-11-15 21:22 . 2002-11-15 21:22 19825 -c--a-w- c:\program files\J~BREEZY.STY
2002-11-15 20:41 . 2002-11-15 21:41 8124 -c--a-w- c:\program files\GARNER~.MGU
2002-11-15 20:07 . 2002-11-15 21:07 15410 -c--a-w- c:\program files\GARNER~.STY
2002-11-14 18:56 . 2002-11-14 18:56 15756 -c--a-w- c:\program files\MILITARY.STY
2002-11-14 18:51 . 2002-11-14 18:51 13753 -c--a-w- c:\program files\J~GITWLZ.STY
2002-11-14 18:48 . 2002-11-14 18:48 22621 -c--a-w- c:\program files\JOHNLEN.STY
2002-11-14 18:21 . 2002-11-14 19:21 5826 -c--a-w- c:\program files\JAZFOURS.MGU
2002-11-14 18:19 . 2002-11-14 18:19 17098 -c--a-w- c:\program files\HAWAISLO.STY
2002-11-14 17:51 . 2002-11-14 18:51 20075 -c--a-w- c:\program files\J~BAS&BR.MGU
2002-11-14 17:46 . 2002-11-14 18:46 19099 -c--a-w- c:\program files\JAZFOURS.STY
2002-11-14 17:42 . 2002-11-14 17:42 18521 -c--a-w- c:\program files\CAMPFIRE.STY
2002-11-14 17:39 . 2002-11-14 17:39 25110 -c--a-w- c:\program files\BO_D.STY
2002-11-14 16:37 . 2002-11-14 17:37 28849 -c--a-w- c:\program files\BEEBROK5.STY
2002-11-14 16:32 . 2002-11-14 17:32 29713 -c--a-w- c:\program files\BEEBROK4.STY
2002-11-13 22:55 . 2002-11-13 22:55 16189 -c--a-w- c:\program files\P_NEILD1.STY
2002-11-13 20:49 . 2002-11-13 20:49 20531 -c--a-w- c:\program files\COZY_SW.STY
2002-11-13 06:55 . 2002-11-13 06:55 9252 -c--a-w- c:\program files\DRUMSOLJ.STY
2002-11-13 05:03 . 2002-11-13 06:03 9490 -c--a-w- c:\program files\J~BAS&BR.STY
2002-11-12 06:44 . 2002-11-12 06:44 30093 -c--a-w- c:\program files\DREAM.STY
2002-11-12 06:02 . 2002-11-12 06:02 38902 -c--a-w- c:\program files\BIGBAND1.STY
2002-11-12 05:37 . 2002-11-12 05:37 19870 -c--a-w- c:\program files\JOHNNYH.STY
2002-11-08 01:17 . 2002-11-08 01:17 12877 -c--a-w- c:\program files\POP_SADE.STY
2002-11-08 01:01 . 2002-11-08 01:01 5572 -c--a-w- c:\program files\ROKTRIO1.STY
2002-11-06 23:37 . 2002-11-06 23:37 21449 -c--a-w- c:\program files\DIXIDUKE.STY
2002-11-06 03:50 . 2002-11-06 03:50 468992 -c--a-w- c:\program files\MIDIConv.exe
2002-10-27 02:52 . 2002-10-27 03:52 13556 -c--a-w- c:\program files\Night_t.MGU
2002-10-25 08:39 . 2002-10-25 09:39 516096 -c--a-w- c:\program files\CDWriterXP.ocx
2002-08-16 18:04 . 2002-08-16 19:04 15167 -c--a-w- c:\program files\J!~HOAGY.STY
2002-08-16 18:04 . 2002-08-16 19:04 12765 -c--a-w- c:\program files\J!~HOAGY.MGU
2002-08-16 18:04 . 2002-08-16 19:04 7979 -c--a-w- c:\program files\J!~BENNY.MGU
2010-02-26 11:43 . 2010-02-26 11:39 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-11 13:15 . 2010-03-11 13:15 16384 c:\windows\temp\Perflib_Perfdata_880.dat
- 2007-12-19 15:08 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2007-12-19 15:08 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
+ 2006-06-17 09:38 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe
- 2006-06-17 09:38 . 2008-04-14 00:12 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2006-11-30 04:00 . 2010-03-02 05:30 31648712 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-05-18 23423528]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-01-18 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-18 217088]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-18 458752]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"CHotkey"="zHotkey.exe" [2004-12-09 550912]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-26 536576]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-07-30 497000]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]
"DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-26 30192]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-10-18 1070984]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-22 12:52 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 3.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ExifLauncher2.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-29 03:37 413696 -c--a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-04-17 22:34 16143872 -c--a-w- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\StubInstaller.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Roxio\\Digital Home 10\\RoxioUpnpService10.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [3/3/2008 1:51 PM 39472]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/10/2009 5:53 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/10/2009 5:53 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/10/2009 5:53 PM 297752]
R2 MELCS;MailEnable List Connector;c:\program files\Mail Enable\Bin\MELSC.exe [11/24/2006 9:12 AM 155648]
R2 MEMTAS;MailEnable Mail Transfer Agent;c:\program files\Mail Enable\Bin\MEMTA.exe [11/24/2006 9:12 AM 163840]
R2 MEPOCS;MailEnable Postoffice Connector;c:\program files\Mail Enable\Bin\MEPOC.exe [11/24/2006 9:12 AM 434236]
R2 MEPOPS;MailEnable POP Service;c:\program files\Mail Enable\Bin\MEPOPS.exe [11/24/2006 9:12 AM 212992]
R2 MESMTPCS;MailEnable SMTP Connector;c:\program files\Mail Enable\Bin\MESMTPC.exe [11/24/2006 9:12 AM 458752]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [8/24/2007 2:53 PM 362992]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [8/24/2007 2:52 PM 166384]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [8/24/2007 2:52 PM 1083888]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/7/2010 8:43 AM 135664]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [8/24/2007 2:52 PM 309744]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/26/2010 6:39 AM 30192]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [8/24/2007 2:53 PM 72176]
.
Contents of the 'Scheduled Tasks' folder

2010-02-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]

2009-10-17 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.1.0.13\DriverRobot.exe [2009-10-17 02:35]

2010-03-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-01 22:25]

2010-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 13:43]

2010-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 13:43]

2006-11-23 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-06-17 00:12]

2006-11-23 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-06-17 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Owner.ChucksMachine1\Application Data\Mozilla\Firefox\Profiles\2jcs7d77.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Owner.ChucksMachine1\Application Data\Facebook\npfbplugin_1_0_0.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-03-11 18:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(552)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(200)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\HKNTDLL.dll
.
Completion time: 2010-03-11 18:33:28
ComboFix-quarantined-files.txt 2010-03-11 23:33
ComboFix2.txt 2010-03-11 05:16
ComboFix3.txt 2010-03-11 04:52
ComboFix4.txt 2010-03-08 23:01

Pre-Run: 94,056,804,352 bytes free
Post-Run: 94,010,159,104 bytes free

- - End Of File - - 3E690426870201A91D6CCBE040BDC104

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25441
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by Belahzur on Fri Mar 12, 2010 12:24 am

Hello.
It worked that time, Defender Pro is gone from the security center. Still having problems with it?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by chuckmac on Fri Mar 12, 2010 12:57 am

Problems? I don't know of any. It's still on my computer but hopefully sense it's "gone from the security center" it won't interfere with any future virus removal attempts. I went into the ADD/Remove program and tried again to remove it but when I click remove it finishes up by saying that maintenance has been done on the Defender Pro Backup file. This is not a problem. I want to thank you for all your help and I will make another donation in a few days. I don't think the $20.00 was quite enough. To be honest your help was priceless.

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25441
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by Belahzur on Fri Mar 12, 2010 5:14 pm

Please uninstall Combofix again. Smile

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by chuckmac on Fri Mar 12, 2010 8:40 pm

I've been busy today and just got to my computer. I have to leave again but I will take care of the recommendations that you have for keeping my computer safe. It was quite an experience for me. Although I've been at this for about 15 years now, I'm certainly not a geek. I told you on the last post what this means/meant to me. I will make another donation as soon as I get this stuff finished. Thanks Again, If you don't mind...God Bless You

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25441
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by chuckmac on Sat Mar 13, 2010 3:10 pm

I made a donation and decided it was not enough so I'm making another.

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25441
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by Belahzur on Sat Mar 13, 2010 7:20 pm

Thank you! Cheers Mate


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by chuckmac on Wed Mar 17, 2010 12:35 am

8:32 P.M. Tuesday. I posted a problem with firefox not starting. I rebooted the computer and it started. Sorry to bother you. No need to reply. If it happens again I'll probably just lighten it up by cleaning up the addons.
Thanks...Chuck

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25441
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by Belahzur on Wed Mar 17, 2010 1:15 am

As you mentioned it could have been add-ons, try uninstalling Firefox, then re-install it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by chuckmac on Wed Mar 17, 2010 11:30 am

I keep getting messages on some sites to enable java script. This morning I get a message to download adobe flash player. I tried to download adobe flash player but for some reason I couldn't. I did some research and I see a lot of people who are having these problems. Some comments mentioned registry file access being responsible. I literally can't do much with the way this computer is running now.


Last edited by chuckmac on Wed Mar 17, 2010 6:00 pm; edited 2 times in total (Reason for editing : I mentioned I hadn't deleted and reinstalled Mozalla Firefox. I have done that now.)

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25441
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by chuckmac on Thu Mar 18, 2010 1:48 pm

Where are you? I can't get into my banking site and/or other sites. I tried to use the GeekPolice achrives to reset java in firefox. Tools/options/content/enable java. It doesn't work. I still can't use sites that require java script or my use is limited. I got a message that I needed to download flash player and couldn't do that either. I need to pay my bills and run my every day stuff. Putting it politely as I can, this is not good.

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25441
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by chuckmac on Thu Mar 18, 2010 4:43 pm

I can't download adobe flash player. The download does not happen.

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25441
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by Belahzur on Thu Mar 18, 2010 11:15 pm

Hello.
Sorry, missed your post.

Can you try a different browser for a second, like Google Chrome?
[You must be registered and logged in to see this link.]

Let me know if Chrome works fine.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by chuckmac on Fri Mar 19, 2010 4:01 am

I downloaded Google Chrome and it seems to be working fine on a couple of sites I tried. Those sites would not work for me using firefox because of the java problems. It's a little late now but in the morning I will try to pay some bills on my Banking Site. I could not do that this morning. Thanks Chuck

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25441
# Likes # Likes : 0

View user profile

Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum