bearfox and nuqel :/

View previous topic View next topic Go down

bearfox and nuqel :/

Post by sotaprops on 10th March 2010, 8:00 pm

first off sorry i could not run hijack this.
im sure i got the latest java
but i have uninstalled p2p
but here is my problem(s) i'm getting security alerts about bearfox and nuqel
i've looked through these threads for people having similar problems
which is not being able to run .exe's
little update icons for windows will show up one after another and
disappear once my mouse goes over them.
seems to go along with wuauclt.exe?s and msfffeeeed.exe?s and other random ones not being able to execute.
i tried running safe mode and doing system restore
but my laptops screen is broken and i have it connected to a computer monitor
and safe mode won't let me use screen options.
so i cant open up otl
i tried icesword and it hasn't worked yet.
i have time for someone to get back at me on what i should do.
i dont think its going to get any worse than not being able to open task manager
i just really want to listen to music
greatlly appreciate any help that would alow me to do this

sotaprops
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-03-10
OS OS : windows vista
Points Points : 24754
# Likes # Likes : 0

View user profile

Back to top Go down

Re: bearfox and nuqel :/

Post by Dr Jay on 10th March 2010, 9:41 pm

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: bearfox and nuqel :/

Post by sotaprops on 10th March 2010, 11:29 pm

im having trouble running it.
it keeps saying that its infected
i'll keep trying though

sotaprops
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-03-10
OS OS : windows vista
Points Points : 24754
# Likes # Likes : 0

View user profile

Back to top Go down

Re: bearfox and nuqel :/

Post by Dr Jay on 11th March 2010, 2:45 am

Delete your copy of ComboFix; grab a fresh copy, except before you download it, rename it to blackpudding.bat


Navigate to Start --> Run, and enter the following command exactly as shown:

"%userprofile%\desktop\blackpudding.bat" /killall

See if ComboFix will run now.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: bearfox and nuqel :/

Post by sotaprops on 11th March 2010, 3:18 am

it is still giving me the same problem

sotaprops
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-03-10
OS OS : windows vista
Points Points : 24754
# Likes # Likes : 0

View user profile

Back to top Go down

Re: bearfox and nuqel :/

Post by Dr Jay on 11th March 2010, 4:27 am

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Then, try again please.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: bearfox and nuqel :/

Post by sotaprops on 13th March 2010, 7:58 pm

ComboFix 10-03-10.03 - Marky D 03/13/2010 13:33:33.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1053 [GMT -6:00]
Running from: c:\users\Marky D\Documents\blackpudding.bat.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2130792183-3600511550-2563881694-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-501028441-2231057457-671282763-500
c:\windows\system32\SIntf16.dll

.
((((((((((((((((((((((((( Files Created from 2010-02-13 to 2010-03-13 )))))))))))))))))))))))))))))))
.

2010-03-13 19:39 . 2010-03-13 19:40 -------- d-----w- c:\users\Marky D\AppData\Local\temp
2010-03-13 19:39 . 2010-03-13 19:39 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2010-03-13 19:39 . 2010-03-13 19:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-13 19:32 . 2010-03-13 19:32 -------- d-----w- C:\32788R22FWJFW
2010-03-13 19:27 . 2010-03-13 19:32 -------- d-----w- C:\blackpudding.bat7686b
2010-03-13 19:23 . 2010-03-13 19:27 -------- d-----w- C:\blackpudding.bat
2010-03-11 09:00 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-11 09:00 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-11 09:00 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-10 17:12 . 2010-03-10 17:12 -------- d-----w- c:\users\Marky D\AppData\Roaming\Malwarebytes
2010-03-10 17:12 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-10 17:12 . 2010-03-10 17:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-10 17:12 . 2010-03-10 17:12 -------- d-----w- c:\programdata\Malwarebytes
2010-03-10 17:12 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-10 00:39 . 2010-03-13 03:41 -------- d-----w- c:\users\Marky D\AppData\Local\hauyvu
2010-03-02 08:12 . 2010-03-02 08:12 -------- d-----w- c:\users\Marky D\AppData\Roaming\Publish Providers
2010-03-02 08:12 . 2010-03-02 08:12 -------- d-----w- c:\users\Marky D\AppData\Roaming\NetMedia Providers
2010-03-02 08:12 . 2010-03-02 08:12 -------- d-----w- c:\users\Marky D\AppData\Roaming\Sonic Foundry
2010-03-02 08:03 . 2010-03-02 08:03 -------- d-----w- c:\program files\Sonic Foundry
2010-03-02 08:02 . 2010-03-02 08:02 -------- d-----w- c:\program files\Sonic Foundry Setup
2010-02-27 00:24 . 2010-02-27 00:24 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-02-23 20:32 . 2010-02-23 20:32 -------- d-----w- c:\programdata\Adobe Systems
2010-02-23 20:20 . 2010-02-23 20:20 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2010-02-22 22:10 . 2010-02-22 22:10 -------- d-----w- c:\windows\Sun
2010-02-21 00:09 . 2010-02-21 00:21 -------- d-----w- c:\users\Marky D\AppData\Local\AIM
2010-02-21 00:09 . 2010-02-21 00:09 -------- d-----w- c:\users\Marky D\AppData\Roaming\acccore
2010-02-21 00:09 . 2010-02-21 00:09 -------- d-----w- c:\programdata\AIM
2010-02-21 00:09 . 2010-02-21 00:09 -------- d-----w- c:\program files\AIM
2010-02-21 00:09 . 2010-02-21 00:09 -------- d-----w- c:\program files\Common Files\Software Update Utility

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-11 09:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-10 02:36 . 2008-05-19 21:14 -------- d-----w- c:\users\Marky D\AppData\Roaming\uTorrent
2010-03-09 08:27 . 2009-01-08 17:51 -------- d-----w- c:\program files\Warcraft III
2010-02-25 17:13 . 2008-03-24 17:54 81288 ----a-w- c:\users\Marky D\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 15:16 . 2009-10-17 23:59 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 20:21 . 2007-10-31 18:18 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-21 00:09 . 2008-03-24 20:23 -------- d-----w- c:\programdata\AOL
2010-02-19 22:24 . 2010-02-10 20:53 -------- d-----w- c:\program files\Diablo II
2010-02-10 21:07 . 2010-02-10 20:59 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-02-10 21:07 . 2010-02-10 20:59 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-02-10 21:07 . 2010-02-10 20:57 34885 ----a-w- c:\windows\DIIUnin.dat
2010-02-10 20:57 . 2010-02-10 20:57 94208 ----a-w- c:\windows\DIIUnin.exe
2010-02-10 20:57 . 2010-02-10 20:57 2829 ----a-w- c:\windows\DIIUnin.pif
2010-01-30 21:32 . 2010-01-30 21:31 -------- d-----w- c:\program files\QuickTime
2010-01-30 21:31 . 2010-01-30 21:31 -------- d-----w- c:\programdata\Apple Computer
2010-01-30 21:30 . 2010-01-30 21:30 -------- d-----w- c:\program files\Common Files\Apple
2010-01-30 21:29 . 2010-01-30 21:29 -------- d-----w- c:\programdata\Apple
2010-01-30 21:29 . 2010-01-30 21:29 -------- d-----w- c:\program files\Apple Software Update
2010-01-25 12:00 . 2010-02-24 12:35 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 12:35 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 12:35 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 12:35 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 12:35 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 12:35 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 12:35 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 12:35 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-24 12:35 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-24 12:35 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-08 06:51 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-01-06 15:39 . 2010-02-24 12:35 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-01-06 15:38 . 2010-02-24 12:35 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-06 15:38 . 2010-02-24 12:35 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 12:35 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 12:35 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 12:35 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 13:30 . 2010-02-24 12:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-12-18 13:01 . 2010-01-22 01:50 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-16 11:44 . 2010-01-22 01:50 834048 ----a-w- c:\windows\system32\wininet.dll
2008-12-03 22:01 . 2008-03-27 22:33 88 --sh--r- c:\windows\System32\512EF7939F.sys
2008-12-04 00:10 . 2008-03-27 22:33 5328 --sha-w- c:\windows\System32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon]
@="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}"
[HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]
2007-10-05 17:54 303104 ------w- c:\ddi\OverIcon.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2007-09-20 253952]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"Aim"="c:\program files\AIM\aim.exe" [2009-12-01 3951976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-01 4669440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-19 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-19 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-19 137752]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-08 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296]
"VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" [2007-09-06 53248]
"VAIO Help and Support Demo"="c:\program files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe" [2007-08-28 290816]
"VWLASU"="c:\program files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" [2007-10-12 45056]
"VAIORegistration"="c:\program files\Sony\First Experience\WelcomeLauncher.exe" [2007-10-17 20480]
"Skytel"="Skytel.exe" [2007-09-01 1826816]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]

c:\users\Marky D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 03:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):78,a8,01,f3,2f,90,ca,01

R2 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe [x]
R3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [x]
S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2007-09-20 204800]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-03-13 c:\windows\Tasks\User_Feed_Synchronization-{E21DFEAC-75A0-475C-B67A-A64DD5833917}.job
- c:\windows\system32\msfeedssync.exe [2008-08-27 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {B5137B2B-946F-4AF2-8207-2187F2F1E708} = 65.24.7.10,65.24.7.11
FF - ProfilePath - c:\users\Marky D\AppData\Roaming\Mozilla\Firefox\Profiles\c4gub6vj.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Turbine Download Manager Tray Icon - c:\program files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe
AddRemove-62289540-dc30-11dc-95ff-0800200c9a66_is1 - c:\program files\Turbine\Turbine Download Manager\UninstallTDM.exe
AddRemove-PocketRAR - c:\program files\PocketRAR\uninstall.exe
AddRemove-{A63E7492-A0BC-4BB9-89A7-352965222380} - c:\program files\InstallShield Installation Information\{A63E7492-A0BC-4BB9-89A7-352965222380}\setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-03-13 13:40
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2579146381-434953330-2297627402-1000\Software\SecuROM\License information*]
"datasecu"=hex:a1,c7,ca,85,35,ad,fd,8b,9f,16,8b,7d,41,cf,29,c5,9a,0d,2d,d6,53,
48,03,10,a9,87,ab,d9,72,89,0e,67,10,76,7f,e1,89,79,cf,e2,cd,bb,50,d1,88,72,\
"rkeysecu"=hex:76,18,61,ed,44,ba,91,53,6a,80,dd,da,dc,5b,ff,9b

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-03-13 13:42:57
ComboFix-quarantined-files.txt 2010-03-13 19:42

Pre-Run: 34,521,317,376 bytes free
Post-Run: 36,002,832,384 bytes free

- - End Of File - - A7F527B7ECFD513E52E06A02A04F96F6

sotaprops
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-03-10
OS OS : windows vista
Points Points : 24754
# Likes # Likes : 0

View user profile

Back to top Go down

Re: bearfox and nuqel :/

Post by Dr Jay on 14th March 2010, 2:40 am

Do you know anything about Turbine Download Manager?

We need to do some diagnostics.

1. Please download [You must be registered and logged in to see this link.] by noahdfear.
  • Save it to your desktop.
  • Double-click profiles.exe and post its log when you reply


2. Download [You must be registered and logged in to see this link.] by ad13 and save it to your Desktop.
  • Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
  • When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
  • Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.


3. In your next reply, please post the following logs for my review:
  • Profiles log (1)
  • Win32kDiag log (2)


Thanks! Smile


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: bearfox and nuqel :/

Post by sotaprops on 14th March 2010, 6:24 pm

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\LocalService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\NetworkService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2579146381-434953330-2297627402-1000
ProfileImagePath REG_EXPAND_SZ C:\Users\Marky D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2579146381-434953330-2297627402-1001
ProfileImagePath REG_EXPAND_SZ C:\Users\Mcx1

ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\LocalService
ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\NetworkService
SystemRoot REG_SZ C:\Windows


(win32)
Running from: C:\Users\Marky D\Desktop\Win32kDiag.exe

Log file at : C:\Users\Marky D\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2010-03-12 22:38:25 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

[1] 2010-03-12 22:37:50 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

[1] 2010-03-12 22:38:23 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

[1] 2010-03-12 22:38:23 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl

[1] 2010-03-12 22:39:39 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTNT Kernel Logger.etl

[1] 2008-11-26 23:51:49 5646728 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTNT Kernel Logger.etl ()





Finished!

sotaprops
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-03-10
OS OS : windows vista
Points Points : 24754
# Likes # Likes : 0

View user profile

Back to top Go down

Re: bearfox and nuqel :/

Post by Dr Jay on 15th March 2010, 1:57 am

Please download [You must be registered and logged in to see this link.] and Save it to your desktop

  1. Double click it to start the tool.
  2. Click Scan.
  3. Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.


===
Also let me know if you are aware of Turbine Download Manager.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: bearfox and nuqel :/

Post by sotaprops on 15th March 2010, 3:32 am

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows Vista Home Edition (6.0.6002) Service Pack 2
[32_bits] - x86 Family 6 Model 15 Stepping 13, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Enabled
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 7.0.6002.18005
Mozilla Firefox 3.5.8 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:178 Go - Free:33 Go )
D:\ [Removable]
E:\ [Removable]
F:\ [CD_Rom]
.
Scan : 22:30.35
Path : C:\Users\Marky D\Desktop\Rooter.exe
User : Marky D ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ \SystemRoot\System32\smss.exe (440)
______ C:\Windows\system32\csrss.exe (508)
______ C:\Windows\system32\wininit.exe (552)
______ C:\Windows\system32\csrss.exe (564)
______ C:\Windows\system32\services.exe (596)
______ C:\Windows\system32\lsass.exe (608)
______ C:\Windows\system32\lsm.exe (616)
______ C:\Windows\system32\winlogon.exe (696)
______ C:\Windows\system32\svchost.exe (804)
______ C:\Windows\system32\svchost.exe (864)
______ C:\Windows\System32\svchost.exe (912)
______ C:\Windows\System32\svchost.exe (1048)
______ C:\Windows\System32\svchost.exe (1084)
______ C:\Windows\system32\svchost.exe (1104)
Locked audiodg.exe (1180)
______ C:\Windows\system32\SLsvc.exe (1212)
______ C:\Windows\system32\svchost.exe (1268)
______ C:\Windows\system32\svchost.exe (1372)
______ C:\Windows\System32\spoolsv.exe (1580)
______ C:\Windows\system32\svchost.exe (1604)
______ C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (1808)
______ C:\Windows\System32\svchost.exe (1868)
______ C:\Program Files\Sony\Network Utility\NSUService.exe (1948)
______ C:\Windows\System32\svchost.exe (1988)
______ C:\Windows\system32\svchost.exe (2004)
______ C:\Windows\system32\PSIService.exe (2028)
______ C:\Windows\system32\svchost.exe (316)
______ C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (516)
______ C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (812)
______ C:\Program Files\Viewpoint\Common\ViewpointService.exe (1168)
______ C:\Windows\System32\svchost.exe (1368)
______ C:\Windows\system32\SearchIndexer.exe (1692)
______ C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (2104)
______ C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (2248)
______ C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (2512)
______ C:\Windows\system32\WUDFHost.exe (2548)
______ C:\Windows\system32\igfxext.exe (2692)
______ C:\Windows\system32\igfxsrvc.exe (2720)
______ C:\Windows\system32\taskeng.exe (2920)
______ C:\Windows\system32\taskeng.exe (3208)
______ C:\Windows\system32\taskeng.exe (3400)
______ C:\Program Files\Windows Defender\MSASCui.exe (3560)
______ C:\Windows\System32\hkcmd.exe (3584)
______ C:\Windows\System32\igfxpers.exe (3592)
______ C:\Program Files\Apoint\Apoint.exe (3604)
______ C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe (3656)
______ C:\Program Files\Windows Sidebar\sidebar.exe (3772)
______ C:\Program Files\Sony\Network Utility\LANUtil.exe (3780)
______ C:\Windows\ehome\ehtray.exe (3792)
______ C:\Program Files\AIM\aim.exe (3844)
______ C:\Windows\system32\igfxsrvc.exe (3856)
______ C:\Windows\ehome\ehmsas.exe (4092)
______ C:\Program Files\Apoint\ApMsgFwd.exe (284)
______ C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe (2584)
______ C:\Program Files\Apoint\Apntex.exe (3836)
______ C:\Windows\system32\vssvc.exe (3724)
______ C:\Windows\System32\svchost.exe (2260)
______ C:\Windows\system32\Dwm.exe (156)
______ C:\Windows\explorer.exe (172)
______ C:\Program Files\uTorrent\uTorrent.exe (5684)
______ C:\Program Files\Windows Media Player\wmplayer.exe (5924)
Locked mfpmp.exe (3648)
______ C:\Program Files\Mozilla Firefox\firefox.exe (4956)
______ C:\Windows\system32\SearchProtocolHost.exe (3052)
______ C:\Windows\system32\SearchFilterHost.exe (4556)
______ C:\Users\Marky D\Desktop\Rooter.exe (3640)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:1048576 | Length:8494514176)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:8495562752 | Length:191553036288)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
C:\Windows\Tasks\User_Feed_Synchronization-{E21DFEAC-75A0-475C-B67A-A64DD5833917}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
C:\Users\MARKYD~1\Documents\Downloads\Sonic Foundry Acis pro 4.0 (keygen) + Sound Forge 7.0 keygen) + Manuals\ACID Pro 4.0\Acid keygen.exe
C:\Users\MARKYD~1\Documents\Downloads\Squaresoft PSX RPG DVD2 the rest\clone cd 4.4.3.1.0 and serial + keygen.rar
==> Cracks & Keygens <==
.
----------------------\\ Scan completed at 22:30.56
.
C:\Rooter$\Rooter_1.txt - (14/03/2010 | 22:30.56).c

===

No, I'm not aware of Turbine DL manager

sotaprops
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-03-10
OS OS : windows vista
Points Points : 24754
# Likes # Likes : 0

View user profile

Back to top Go down

Re: bearfox and nuqel :/

Post by Dr Jay on 15th March 2010, 7:30 pm

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].
Alternate link: [You must be registered and logged in to see this link.].
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: bearfox and nuqel :/

Post by sotaprops on 16th March 2010, 4:10 pm

Malwarebytes' Anti-Malware 1.44
Database version: 3872
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

3/16/2010 3:32:16 AM
mbam-log-2010-03-16 (03-32-16).txt

Scan type: Full Scan (C:\|)
Objects scanned: 271228
Time elapsed: 1 hour(s), 2 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

sotaprops
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-03-10
OS OS : windows vista
Points Points : 24754
# Likes # Likes : 0

View user profile

Back to top Go down

Re: bearfox and nuqel :/

Post by Dr Jay on 16th March 2010, 5:08 pm

Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum