Win32/Nuqel.E and BankerFox.A help!!!!

View previous topic View next topic Go down

Win32/Nuqel.E and BankerFox.A help!!!!

Post by mxbrian15 on 23rd April 2010, 7:49 pm

I came home today to find my computer freaking out on me. Every time I try to download a free antivirus removal tool it lets me download it, but when I try to open it and run the program, a box pops up saying that the program cannot run because it is infected. Any help would be greatly appreciated!

mxbrian15
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-04-23
OS OS : Vista
Points Points : 24293
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and BankerFox.A help!!!!

Post by mxbrian15 on 23rd April 2010, 9:56 pm

I have tried running Malwarebytes software and it finds a couple of viruses. I deleted them but the virus keeps popping up. Please help. Do I need to download OldTimer?

mxbrian15
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-04-23
OS OS : Vista
Points Points : 24293
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and BankerFox.A help!!!!

Post by Belahzur on 23rd April 2010, 10:25 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Nuqel.E and BankerFox.A help!!!!

Post by mxbrian15 on 23rd April 2010, 10:34 pm

When I double click OTL.exe it teases me and then a message saying "Application cannot be executed. The file otl.exe is infected. Do you want to activate your antivirus software now?"

mxbrian15
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-04-23
OS OS : Vista
Points Points : 24293
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and BankerFox.A help!!!!

Post by Belahzur on 23rd April 2010, 10:43 pm

Hello.

Please download exeHelper from one of the two links.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click on exeHelper.com or exeHelper.scr to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

We need to use the RKill Tool by Grinler

[You must be registered and logged in to see this link.]

  • Please Download Rkill.com. Save it to your Desktop.
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this [You must be registered and logged in to see this link.] if you are not sure how.

  • NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.

  • Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
  • Please be patient while the program looks for various malware programs and ends them.
  • When it has finished, the black window will automatically close and you can continue with the next step.
NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program, when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

If you continue having problems running rkill.com, you can download:
[You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]
which are renamed copies of rkill.com, and try them instead.

Try OTL.exe now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Nuqel.E and BankerFox.A help!!!!

Post by mxbrian15 on 23rd April 2010, 10:47 pm

sorry, I got it to work in safe mode. Here is the OTL.Txt

OTL logfile created on: 4/23/2010 6:42:39 PM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Users\Sarah\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 215.56 Gb Free Space | 76.06% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 9.37 Gb Free Space | 63.97% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SARAH-PC
Current User Name: Sarah
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/23 18:28:14 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Downloads\OTL.exe
PRC - [2009/03/19 11:42:02 | 000,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/04/23 18:28:14 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Downloads\OTL.exe
MOD - [2008/01/20 22:33:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (0225671243896361mcinstcleanup) McAfee Application Installer Cleanup (0225671243896361)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/12/15 10:29:21 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/04/01 14:21:30 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/03/25 17:25:20 | 000,797,864 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/03/25 11:05:48 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/03/24 00:03:18 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/03/19 11:42:02 | 000,884,360 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/01/09 11:31:16 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/01/09 09:22:10 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/01/09 08:06:52 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/01/06 17:32:20 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/10/04 15:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/09/30 12:03:14 | 000,820,464 | ---- | M] (Dell Inc.) [Auto | Stopped] -- c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)
SRV - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/07/04 19:17:48 | 000,164,600 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/03/25 11:06:30 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/03/25 11:06:28 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/03/25 11:06:28 | 000,079,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/03/25 11:06:28 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/03/25 11:05:54 | 000,034,216 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/02/03 15:04:42 | 000,003,768 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SndTVideo.sys -- (SndTVideo)
DRV - [2009/02/03 15:04:36 | 000,023,096 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SndTAudio.sys -- (SndTAudio)
DRV - [2008/10/23 13:08:54 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/06/17 14:01:06 | 000,022,016 | ---- | M] (SingleClick Systems) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\packet.sys -- (Packet)
DRV - [2008/04/22 02:17:28 | 002,016,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/01/20 22:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 22:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 22:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 22:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 22:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 22:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 22:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 22:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 22:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 22:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 22:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 22:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 22:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 22:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 22:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 22:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 22:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 22:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 22:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 22:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 22:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 22:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 22:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 22:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 22:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/05/11 09:26:46 | 001,773,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/04/29 04:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/04/26 06:41:38 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://campus.fsu.edu/webapps/login/bb_bb60/logincas.jsp?service=https%3A%2F%2Fcampus.fsu.edu%2Fwebapps%2Flogin%2F"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:7
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/01/18 23:28:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/06 21:58:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/06 21:58:41 | 000,000,000 | ---D | M]

[2009/10/31 17:16:45 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Mozilla\Extensions
[2010/04/15 10:26:49 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\yq6gs7nn.default\extensions
[2009/10/31 17:21:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\yq6gs7nn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/31 17:15:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [iefsopul] C:\Users\Sarah\AppData\Local\etdrnvaag\eoqchxvtssd.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -Mozilla\5.0_( File not found
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.74.166 68.87.68.166
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Sarah\Downloads\Kara Snow.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sarah\Downloads\Kara Snow.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{47fc70db-e1e5-11de-8cac-00219b1c9a7d}\Shell - "" = AutoRun
O33 - MountPoints2\{47fc70db-e1e5-11de-8cac-00219b1c9a7d}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/23 16:03:44 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/04/23 15:39:07 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Malwarebytes
[2010/04/23 15:38:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/23 15:38:49 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/23 15:38:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/23 15:38:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/04/23 15:23:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/04/23 15:08:04 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010/04/23 15:08:04 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010/04/23 15:07:56 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/04/23 15:07:56 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/04/23 15:07:47 | 000,063,360 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/04/23 15:07:35 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/04/23 15:07:35 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\PC Tools
[2010/04/23 15:07:35 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/04/23 15:07:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/04/23 14:36:33 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\etdrnvaag
[2010/04/15 03:05:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/04/14 03:45:19 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/04/14 03:45:18 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/04/14 03:45:15 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/04/14 03:45:12 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/03/31 13:42:58 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2010/03/31 09:45:46 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/03/31 09:45:46 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/03/31 09:45:46 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/03/31 09:45:46 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/03/31 09:45:45 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/03/31 09:45:45 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/03/31 09:45:45 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/03/31 09:45:45 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/03/31 09:45:45 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/03/31 09:45:45 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/03/31 09:45:45 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/03/31 09:45:45 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/03/31 09:45:45 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/03/31 09:45:45 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/03/31 09:45:44 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

========== Files - Modified Within 30 Days ==========

[2010/04/23 18:41:49 | 000,020,749 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/04/23 18:41:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/23 18:40:26 | 002,883,584 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat
[2010/04/23 18:40:26 | 000,524,288 | -HS- | M] () -- C:\Users\Sarah\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010/04/23 18:40:26 | 000,065,536 | -HS- | M] () -- C:\Users\Sarah\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010/04/23 18:37:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/23 18:37:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/23 18:37:09 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/23 18:37:06 | 000,008,212 | ---- | M] () -- C:\Windows\mfebcdata
[2010/04/23 17:09:33 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/23 17:09:33 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/23 17:09:33 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/23 16:03:44 | 217,774,617 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/04/23 15:38:55 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/23 15:07:51 | 000,001,761 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/04/23 14:38:44 | 000,061,184 | ---- | M] () -- C:\Users\Sarah\AppData\Local\syssvc.exe
[2010/04/23 14:27:18 | 000,000,558 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Sarah.job
[2010/04/22 22:17:34 | 000,981,034 | ---- | M] () -- C:\Users\Sarah\Documents\Crown_of_Thorns_Seastar2.pptx
[2010/04/15 01:00:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2010/04/08 14:29:32 | 000,063,360 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/04/01 14:44:08 | 000,012,526 | ---- | M] () -- C:\Users\Sarah\Documents\Ch. review answers.docx
[2010/04/01 00:59:59 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/03/25 08:26:15 | 000,025,045 | ---- | M] () -- C:\Users\Sarah\Desktop\My_Resume_with_lines2.pdf
[2010/03/25 08:26:06 | 000,032,768 | ---- | M] () -- C:\Users\Sarah\Desktop\My_Resume_with_lines2.xls
[2010/03/25 08:14:38 | 000,025,025 | ---- | M] () -- C:\Users\Sarah\Desktop\My_Resume_with_lines.pdf

========== Files Created - No Company Name ==========

[2010/04/23 18:37:06 | 000,008,212 | ---- | C] () -- C:\Windows\mfebcdata
[2010/04/23 16:03:15 | 217,774,617 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/04/23 15:38:55 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/23 15:08:05 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010/04/23 15:07:56 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010/04/23 15:07:56 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010/04/23 15:07:51 | 000,001,761 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/04/23 15:07:47 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010/04/23 14:38:43 | 000,061,184 | ---- | C] () -- C:\Users\Sarah\AppData\Local\syssvc.exe
[2010/04/16 11:26:36 | 000,981,034 | ---- | C] () -- C:\Users\Sarah\Documents\Crown_of_Thorns_Seastar2.pptx
[2010/04/01 09:50:32 | 000,012,526 | ---- | C] () -- C:\Users\Sarah\Documents\Ch. review answers.docx
[2010/03/25 08:18:08 | 000,025,045 | ---- | C] () -- C:\Users\Sarah\Desktop\My_Resume_with_lines2.pdf
[2010/03/25 08:17:54 | 000,032,768 | ---- | C] () -- C:\Users\Sarah\Desktop\My_Resume_with_lines2.xls
[2010/03/25 08:14:36 | 000,025,025 | ---- | C] () -- C:\Users\Sarah\Desktop\My_Resume_with_lines.pdf
[2009/01/06 19:05:56 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2009/01/06 19:05:56 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2009/01/06 19:05:56 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2009/01/06 19:05:56 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:FD7A985E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5D432CE3
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >

mxbrian15
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-04-23
OS OS : Vista
Points Points : 24293
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and BankerFox.A help!!!!

Post by mxbrian15 on 23rd April 2010, 10:48 pm

here is the Extas.Txt

OTL Extras logfile created on: 4/23/2010 6:42:39 PM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Users\Sarah\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 215.56 Gb Free Space | 76.06% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 9.37 Gb Free Space | 63.97% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SARAH-PC
Current User Name: Sarah
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B23ED2-30F5-49D5-85F1-53771E533AF7}" = protocol=6 | dir=in | app=c:\program files\ruckus player\ruckus.exe |
"{064153A1-A0BC-4840-8312-CE483D8598CD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0C22FAF4-B721-475E-A98C-642F0E9602F8}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{0C6679C6-21FD-4D4E-88D3-552527EEFBD7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{2BB34C70-C047-48A8-B19C-197C65C50D05}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{2DDDFCC3-D8D9-44F5-AEA9-46EB2D994815}" = protocol=17 | dir=in | app=c:\program files\ruckus player\ruckus.exe |
"{4BEDBC29-D5B9-46DE-88D7-27AD58DD862F}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{50E19696-174C-4143-8E6D-0C5F23C808A7}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe |
"{56F8A246-CAFE-48FE-A9BC-136FB7E7FA50}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{5781B015-6F0D-4300-ACD6-B4CAECCDA5A9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5C91DB04-FAA9-4DF5-9321-3AC2892E2153}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{66285389-0831-4201-9A8E-050B3966EFA8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{6C141A28-A65A-4AE7-966C-A4B234146662}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{6CF2B4D0-A9EC-48AF-ADB0-A7155F5B9146}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{7E2CBFF3-281E-4ACF-A332-00E5F5E01922}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{8305C48C-5793-410F-9FCC-CB36B97EE8E6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{92212DD3-736C-41DA-9841-8A9C3CE42816}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\vlc\vlc.exe |
"{9A29DCA4-A9F7-4E6C-9C87-6C5B32C19BB0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{A40B7877-A85A-4801-8099-9C01B0747928}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe |
"{AC2D4868-DB36-4622-B5B9-52DF1EA64D86}" = protocol=6 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
"{AF1EFAFF-6302-4C5F-8216-D5D8C4F353EA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{B544CBA2-C609-4860-B0CE-49243A7645C8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B59921A7-85C8-4BDA-93A6-B48B6EEDA339}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D5331143-3752-4B9F-9DB0-F6B6D98D85EC}" = protocol=17 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
"{DFE919F3-E83F-49D7-81B5-C47E9CDA70B2}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{E2F9269F-F7AE-4E6B-9AAF-7DCB7F535195}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F9155A01-C792-4C6A-95EE-0AA366421CDA}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\vlc\vlc.exe |
"TCP Query User{2DAD6617-B955-4D1C-90C6-3CD86181F3FE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{4449DF34-7629-4A45-B3F1-52907CD5253A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0915B10F-8597-4FE7-BC4D-EA3E2FDA646A}" = PS_AIO_03_C4400_Software_Min
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{276E3ECB-E9E9-494E-A3F9-173BAD7D9643}" = C4400
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3D8F9830-D6A3-413A-9A54-993827A73E47}" = DELL0604
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4CC59DA1-469B-49A5-9F6B-C4D26990294A}" = PS_AIO_03_C4400_ProductContext
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{56DF5C9E-6392-46D3-B366-297B14E1DAAF}" = Bonjour Core for Windows
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{5A3FEF2D-0E14-412E-869C-421AB373EE43}" = C4400_Help
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112369430}" = GameHouse Sudoku
"{86732AE7-CB91-4f15-B091-FBA3D3926CD6}" = HP Photosmart C4400 All-In-One Driver Software 11.0 Rel .3
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACECB7C-5EB2-42B3-A2E1-B91878B6C5D7}" = PS_AIO_03_C4400_Software
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}" = Dell Best of Web
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{E133E97F-5186-4503-BEC8-752EB9E8EBD7}" = Copy
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EBBE2FB2-FBED-44F6-B95F-230AB5A65B28}" = Goombah Partner COM Server
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"HPOCR" = OCR Software by I.R.I.S. 11.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"MSC" = McAfee SecurityCenter
"NSS" = Norton Security Scan
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"Shop for HP Supplies" = Shop for HP Supplies
"Spyware Doctor" = Spyware Doctor 7.0
"WildTangent dell Master Uninstall" = WildTangent Games

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/4/2010 2:16:04 AM | Computer Name = Sarah-PC | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.1.3685, time stamp 0x4b68deea,
faulting module xul.dll, version 1.9.1.3685, time stamp 0x4b68ddb4, exception code
0xc0000005, fault offset 0x00092eaa, process id 0x9f8, application start time 0x01cab7330b649a30.

Error - 3/4/2010 2:51:48 AM | Computer Name = Sarah-PC | Source = System Restore | ID = 8193
Description =

Error - 3/4/2010 2:51:48 AM | Computer Name = Sarah-PC | Source = System Restore | ID = 8210
Description =

Error - 3/4/2010 10:54:27 AM | Computer Name = Sarah-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/8/2010 6:21:10 PM | Computer Name = Sarah-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 3/8/2010 6:21:11 PM | Computer Name = Sarah-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 3/16/2010 11:00:52 PM | Computer Name = Sarah-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/31/2010 12:09:50 AM | Computer Name = Sarah-PC | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.1.3685, time stamp 0x4b68deea,
faulting module xul.dll, version 1.9.1.3685, time stamp 0x4b68ddb4, exception code
0xc0000005, fault offset 0x001cb0d7, process id 0x8a0, application start time 0x01cad047e29a7830.

Error - 4/1/2010 3:20:24 AM | Computer Name = Sarah-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/3/2010 9:33:31 AM | Computer Name = Sarah-PC | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.1.3685, time stamp 0x4b68deea,
faulting module xul.dll, version 1.9.1.3685, time stamp 0x4b68ddb4, exception code
0xc0000005, fault offset 0x00092eaa, process id 0x166c, application start time 0x01cad1b4ad128130.

[ System Events ]
Error - 4/23/2010 6:40:06 PM | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 4/23/2010 6:40:06 PM | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 4/23/2010 6:40:06 PM | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 4/23/2010 6:40:06 PM | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 4/23/2010 6:41:30 PM | Computer Name = Sarah-PC | Source = DCOM | ID = 10005
Description =

Error - 4/23/2010 6:41:39 PM | Computer Name = Sarah-PC | Source = DCOM | ID = 10005
Description =

Error - 4/23/2010 6:41:42 PM | Computer Name = Sarah-PC | Source = DCOM | ID = 10005
Description =

Error - 4/23/2010 6:41:48 PM | Computer Name = Sarah-PC | Source = DCOM | ID = 10005
Description =

Error - 4/23/2010 6:42:55 PM | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 4/23/2010 6:42:56 PM | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

mxbrian15
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-04-23
OS OS : Vista
Points Points : 24293
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and BankerFox.A help!!!!

Post by Belahzur on 23rd April 2010, 10:52 pm

Hello.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O4 - HKCU..\Run: [iefsopul] C:\Users\Sarah\AppData\Local\etdrnvaag\eoqchxvtssd.exe ()
    [2010/04/23 14:38:44 | 000,061,184 | ---- | M] () -- C:\Users\Sarah\AppData\Local\syssvc.exe
    [2010/04/23 18:37:06 | 000,008,212 | ---- | C] () -- C:\Windows\mfebcdata

    :files
    C:\Users\Sarah\AppData\Local\etdrnvaag


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Nuqel.E and BankerFox.A help!!!!

Post by mxbrian15 on 23rd April 2010, 11:02 pm

========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\iefsopul not found.
File C:\Users\Sarah\AppData\Local\etdrnvaag\eoqchxvtssd.exe not found.
File C:\Users\Sarah\AppData\Local\syssvc.exe not found.
File C:\Windows\mfebcdata not found.
========== FILES ==========
File\Folder C:\Users\Sarah\AppData\Local\etdrnvaag not found.

OTL by OldTimer - Version 3.2.2.0 log created on 04232010_190128

mxbrian15
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-04-23
OS OS : Vista
Points Points : 24293
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and BankerFox.A help!!!!

Post by Belahzur on 24th April 2010, 5:17 pm

Hello.

You are running two antivirus', I see from the uninstall list you have Norton installed, along with Mcafee. This is a bad idea as they can conflict and cause more problems. I would recommend that you remove Norton to avoid conflict and other future problems.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    Adobe Reader 9
    Java(TM) 6 Update 7
    Norton Security Scan

  • Click on the Uninstall/Change button at the top.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Nuqel.E and BankerFox.A help!!!!

Post by mxbrian15 on 24th April 2010, 11:56 pm

Malwarebytes' Anti-Malware 1.45
[You must be registered and logged in to see this link.]

Database version: 4033

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18904

4/24/2010 7:48:24 PM
mbam-log-2010-04-24 (19-48-24).txt

Scan type: Quick scan
Objects scanned: 109182
Time elapsed: 8 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Sarah\AppData\Local\Temp\spouqk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

mxbrian15
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-04-23
OS OS : Vista
Points Points : 24293
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and BankerFox.A help!!!!

Post by Belahzur on 25th April 2010, 8:41 pm

Hello.

Please download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u20-windows-i586.exe that you downloaded to install the newest version.

Then download and install [You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum