Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

View previous topic View next topic Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by jeda_zelda on 2nd March 2010, 5:50 pm

Extras.txt


OTL Extras logfile created on: 3/2/2010 12:28:35 PM - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Documents and Settings\user\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 59.70 Gb Free Space | 53.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARTONE
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"54925:UDP" = 54925:UDP:*:Enabled:BrotherNetwork Scanner

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe" = C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- ()
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- File not found
"C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Brother\Brmfl08d\FAXRX.exe" = C:\Program Files\Brother\Brmfl08d\FAXRX.exe:*:Enabled:FAXRX.EXE -- ()
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36C97B5B-5593-45B8-B50E-DAD87036BD9D}" = Microsoft LifeCam
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{46B63F23-2B4A-4525-A827-688026BE5E40}" = Symantec AntiVirus
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7148F0A8-6813-11D6-A77B-00B0D0142140}" = Java 2 Runtime Environment, SE v1.4.2_14
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{882C685B-3735-452E-9B77-D562A6A6AFE3}" = inSSIDer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{90A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B502B428-3386-40A9-98DB-079AAB72E64F}" = mEoU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1121C1F-1962-4A23-B2C2-B9515C837179}" = OverDrive Media Console
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F5294001-AACD-4DD4-B228-CE44AD4C0F87}" = Brother MFL-Pro Suite MFC-5490CN
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F996DEB7-4AD7-4F15-84AA-114B8BE45911}" = Polar UpLink Tool
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FCC9C6EF-9B5F-4F64-8358-489250C9159C}" = RangeMax(tm) NEXT Wireless Notebook Adapter WN511B
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_7" = AIM 7
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"EPSON Printer and Utilities" = EPSON Printer Software
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HPExtendedCapabilities" = HP Extended Capabilities 5.0
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InterActual Player" = InterActual Player
"JRE 1.3.1_02" = Java 2 Runtime Environment Standard Edition v1.3.1_02
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PrintKey2000" = PrintKey2000
"ProInst" = Intel(R) PROSet/Wireless Software
"SkillSoft Course Manager" = Video Professor Course Manager
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"TPP200" = USB Storage Adapter V2 (TPP)
"TurboTax 2008" = TurboTax 2008
"TurboTax Premier 2007" = TurboTax Premier 2007
"UnityWebPlayer" = Unity Web Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/26/2010 3:13:20 AM | Computer Name = MARTONE | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Threat: Trojan.FakeAV in File: C:\Documents and
Settings\user\Local Settings\Temp\pttomp.dll by: Scheduled scan. Action: Quarantine
succeeded. Action Description: The file was quarantined successfully.

Error - 1/26/2010 3:41:03 AM | Computer Name = MARTONE | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan.FakeAV in File: c:\documents and settings\user\local
settings\Temp\pttomp.dll by: Scheduled scan. Action: Quarantine succeeded. Action
Description: The file was quarantined successfully.

Error - 1/30/2010 9:51:23 PM | Computer Name = MARTONE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module mshtml.dll, version 6.0.2900.5921, fault address 0x00094f36.

Error - 2/3/2010 12:02:05 PM | Computer Name = MARTONE | Source = MsiInstaller | ID = 1013
Description = Product: Microsoft .NET Framework 2.0 -- Setup cannot continue because
this version of the .NET Framework is incompatible with a previously installed
one. For more information, see [You must be registered and logged in to see this link.]

Error - 2/3/2010 12:13:23 PM | Computer Name = MARTONE | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Word.

Error - 2/12/2010 6:56:12 AM | Computer Name = MARTONE | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 2/12/2010 8:11:25 AM | Computer Name = MARTONE | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 2/15/2010 7:14:31 PM | Computer Name = MARTONE | Source = MsiInstaller | ID = 11905
Description = Product: ESSgui -- Error 1905.Module C:\Program Files\Kodak\Kodak
EasyShare software\bin\ESCom.dll failed to unregister. HRESULT -2147220472. Contact
your support personnel.

Error - 2/22/2010 2:34:36 PM | Computer Name = MARTONE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module mshtml.dll, version 6.0.2900.5921, fault address 0x00072357.

Error - 2/22/2010 2:37:41 PM | Computer Name = MARTONE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module mshtml.dll, version 6.0.2900.5921, fault address 0x00072357.

[ System Events ]
Error - 2/15/2010 7:09:15 AM | Computer Name = MARTONE | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00130287DE50. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 2/19/2010 9:38:51 AM | Computer Name = MARTONE | Source = Print | ID = 6161
Description = The document u5l4s1_exercise.pdf owned by user failed to print on
printer Brother MFC-5490CN Printer. Data type: NT EMF 1.008. Size of the spool file
in bytes: 131072. Number of bytes printed: 0. Total number of pages in the document:
1. Number of pages printed: 0. Client machine: \\MARTONE. Win32 error code returned
by the print processor: 2250 (0x8ca).

Error - 2/19/2010 8:41:26 PM | Computer Name = MARTONE | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00130287DE50. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 2/20/2010 5:35:46 PM | Computer Name = MARTONE | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.244
on the Network Card with network address 00130287DE50.

Error - 2/21/2010 8:21:35 PM | Computer Name = MARTONE | Source = Service Control Manager | ID = 7022
Description = The MSCamSvc service hung on starting.

Error - 2/27/2010 7:23:02 AM | Computer Name = MARTONE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800f020b: Microsoft - Other hardware - HID Non-User Input Data Filter
(KB 911895).

Error - 3/2/2010 10:19:05 AM | Computer Name = MARTONE | Source = DCOM | ID = 10010
Description = The server {1434DD3D-0AF6-41E0-BB71-8C86010D9AF5} did not register
with DCOM within the required timeout.

Error - 3/2/2010 11:46:02 AM | Computer Name = MARTONE | Source = DCOM | ID = 10010
Description = The server {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C} did not register
with DCOM within the required timeout.

Error - 3/2/2010 11:46:32 AM | Computer Name = MARTONE | Source = DCOM | ID = 10010
Description = The server {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C} did not register
with DCOM within the required timeout.

Error - 3/2/2010 12:29:56 PM | Computer Name = MARTONE | Source = DCOM | ID = 10010
Description = The server {0006F020-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.


< End of report >

jeda_zelda
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-02
Gender Gender : Male
OS OS : Windows XP
Points Points : 25048
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by Belahzur on 2nd March 2010, 5:55 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Java 2 Runtime Environment Standard Edition v1.3.1_02
    Java 2 Runtime Environment, SE v1.4.2_14

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by jeda_zelda on 2nd March 2010, 6:18 pm

ESET Online Scanner is running in Internet Explorer as requested...

My Symantec just picked up this....

Scan type: Auto-Protect Scan
Event: Security Risk Found!
Threat: Trojan.FakeAV
File: C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP1197\A0075734.exe
Location: Unknown Storage
Computer: MARTONE
User: MARTONE\SYSTEM
Action taken: Clean failed : Quarantine failed : Access denied
Date found: Tuesday, March 02, 2010 13:15:49

jeda_zelda
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-02
Gender Gender : Male
OS OS : Windows XP
Points Points : 25048
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by Belahzur on 2nd March 2010, 6:21 pm

Don't worry about that, it's just an infected system restore point, we'll reset that later.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by jeda_zelda on 2nd March 2010, 6:25 pm

The timer on the ESET Online Scanner is still running, however it has been at 28% for some time now.

jeda_zelda
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-02
Gender Gender : Male
OS OS : Windows XP
Points Points : 25048
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by Belahzur on 2nd March 2010, 6:35 pm

Okay, leave it for now and let it go, it might be scanning a big file.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by jeda_zelda on 2nd March 2010, 6:36 pm

Can anything else be done in the mean time?

jeda_zelda
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-02
Gender Gender : Male
OS OS : Windows XP
Points Points : 25048
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by Belahzur on 2nd March 2010, 6:44 pm

Not really, the scan goes faster when it uses as many resources as possible, and that's usually when the PC is idle and your not taking up resources neither.

My suggestion - stop the scan and run a quick MBAM scan, then restart the scan before you go to bed and let the scan run overnight.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by jeda_zelda on 2nd March 2010, 6:59 pm

ok, here's the MBAM log

Malwarebytes' Anti-Malware 1.44
Database version: 3815
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

3/2/2010 1:59:26 PM
mbam-log-2010-03-02 (13-59-26).txt

Scan type: Quick Scan
Objects scanned: 141272
Time elapsed: 7 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

jeda_zelda
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-02
Gender Gender : Male
OS OS : Windows XP
Points Points : 25048
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by jeda_zelda on 2nd March 2010, 7:03 pm

BTW...anyway we can reset that infected system restore point that Symantec picked up?

jeda_zelda
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-02
Gender Gender : Male
OS OS : Windows XP
Points Points : 25048
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Soft / BankerFox.a/Win32/Nuqel.E virus - Can't download/run OLT

Post by Belahzur on 2nd March 2010, 7:05 pm

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

That will have sorted any infected system restore points now. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum