HOW TO REMOVE WIN32/NUQEL.EXE AND BANKERFOX.a VIRUS

View previous topic View next topic Go down

HOW TO REMOVE WIN32/NUQEL.EXE AND BANKERFOX.a VIRUS

Post by letmein123 on 26th July 2010, 1:47 pm

I saw the previous thread about this issue and I ran the OTL.exe but when it finished I didnt receive any fix options... Do I get the fix options once I paste the contents of the logs on this server? If so, does the log contain any personal information?

letmein123
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-07-25
OS OS : Windows Xp
Points Points : 23453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HOW TO REMOVE WIN32/NUQEL.EXE AND BANKERFOX.a VIRUS

Post by Belahzur on 26th July 2010, 8:48 pm

Hello.
Yes, OTL is a custom scriptable too, not an automatic fix. Please post both logs.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: HOW TO REMOVE WIN32/NUQEL.EXE AND BANKERFOX.a VIRUS

Post by letmein123 on 27th July 2010, 1:44 pm

Well, here's what I did, I noticed that the computer starts "freaking out" once the trojan "Application Data\depcgnlwy\hcekbbmtssd.exe" loads. So, I went to msconfig and disabled that service and restarted. Then, I was able to use my programs because the trojan wasnt blocking it anymore. So, then i ran a lot of antispyware software but the only one that was able to find it and remove it was Spyware Doctor. It found that service and deleted it, however I am not sure it found everything since all the removal instructions shows tons of stuff that you need to delete.

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

I replaced my name with MyName and my email with MyEmail Smile

letmein123
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-07-25
OS OS : Windows Xp
Points Points : 23453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HOW TO REMOVE WIN32/NUQEL.EXE AND BANKERFOX.a VIRUS

Post by Belahzur on 27th July 2010, 9:11 pm

Can you attach the logs please? filedropper isn't working for me.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: HOW TO REMOVE WIN32/NUQEL.EXE AND BANKERFOX.a VIRUS

Post by letmein123 on 27th July 2010, 11:49 pm

[You must be registered and logged in to see this link.] wrote:Can you attach the logs please? filedropper isn't working for me.

When I try to upload, it says uploaded file is not valid. Try the filedropper again, it works for me, i tried it from 2 diff computers...

Also, my firefox freezes everytime I start it now.. Sad tearing

This happens when I open my IE everytime, There's also another address similar that gets blocked 2... Sad tearing



Last edited by letmein123 on 28th July 2010, 6:26 pm; edited 1 time in total (Reason for editing : Added last line.)

letmein123
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-07-25
OS OS : Windows Xp
Points Points : 23453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HOW TO REMOVE WIN32/NUQEL.EXE AND BANKERFOX.a VIRUS

Post by letmein123 on 28th July 2010, 6:23 pm

OTL.txt -> In Word 2007

letmein123
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-07-25
OS OS : Windows Xp
Points Points : 23453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HOW TO REMOVE WIN32/NUQEL.EXE AND BANKERFOX.a VIRUS

Post by letmein123 on 28th July 2010, 6:25 pm

Extras. txt -> Word 2007

letmein123
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-07-25
OS OS : Windows Xp
Points Points : 23453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HOW TO REMOVE WIN32/NUQEL.EXE AND BANKERFOX.a VIRUS

Post by Belahzur on 30th July 2010, 12:14 am

Hello.
I don't have office 2007, I can't open docx, please make them .doc instead.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: HOW TO REMOVE WIN32/NUQEL.EXE AND BANKERFOX.a VIRUS

Post by letmein123 on 30th July 2010, 1:22 pm

Converted to 2003

letmein123
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-07-25
OS OS : Windows Xp
Points Points : 23453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HOW TO REMOVE WIN32/NUQEL.EXE AND BANKERFOX.a VIRUS

Post by letmein123 on 30th July 2010, 1:23 pm

[You must be registered and logged in to see this link.] wrote:Converted to 2003

they have a free 2007 viewer deal you can get from Microsoft for future reference Smile

letmein123
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-07-25
OS OS : Windows Xp
Points Points : 23453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HOW TO REMOVE WIN32/NUQEL.EXE AND BANKERFOX.a VIRUS

Post by letmein123 on 3rd August 2010, 3:35 pm

any progress?

letmein123
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-07-25
OS OS : Windows Xp
Points Points : 23453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HOW TO REMOVE WIN32/NUQEL.EXE AND BANKERFOX.a VIRUS

Post by Belahzur on 4th August 2010, 12:10 am

Hello.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O4 - HKLM..\Run: [vtqsvbqq] C:\Documents and Settings\MyName\Local Settings\Application Data\depcgnlwy\hcekbbmtssd.exe ()
    O4 - HKCU..\Run: [vtqsvbqq] C:\Documents and Settings\MyName\Local Settings\Application Data\depcgnlwy\hcekbbmtssd.exe ()
    [2010/07/24 10:41:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MyName\Local Settings\Application Data\depcgnlwy



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: HOW TO REMOVE WIN32/NUQEL.EXE AND BANKERFOX.a VIRUS

Post by letmein123 on 5th August 2010, 11:03 pm

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vtqsvbqq not found.
File C:\Documents and Settings\MyName\Local Settings\Application Data\depcgnlwy\hcekbbmtssd.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\vtqsvbqq not found.
File C:\Documents and Settings\MyName\Local Settings\Application Data\depcgnlwy\hcekbbmtssd.exe not found.
C:\Documents and Settings\MyName\Local Settings\Application Data\depcgnlwy folder moved successfully.

OTL by OldTimer - Version 3.2.9.1 log created on 08052010_180228

letmein123
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-07-25
OS OS : Windows Xp
Points Points : 23453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HOW TO REMOVE WIN32/NUQEL.EXE AND BANKERFOX.a VIRUS

Post by Belahzur on 5th August 2010, 11:12 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: HOW TO REMOVE WIN32/NUQEL.EXE AND BANKERFOX.a VIRUS

Post by letmein123 on 6th August 2010, 10:31 pm

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4396

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2010/08/05 08:38:43 PM
mbam-log-2010-08-05 (20-38-43).txt

Scan type: Full scan (C:\|D:\|E:\|G:\|)
Objects scanned: 450483
Time elapsed: 2 hour(s), 7 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Spywaredoctor cleaned most of it the first time then it was clean but later it found some again, so im not sure how that happened.

letmein123
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-07-25
OS OS : Windows Xp
Points Points : 23453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HOW TO REMOVE WIN32/NUQEL.EXE AND BANKERFOX.a VIRUS

Post by Belahzur on 7th August 2010, 12:21 am

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: HOW TO REMOVE WIN32/NUQEL.EXE AND BANKERFOX.a VIRUS

Post by letmein123 on 7th August 2010, 5:58 pm

ComboFix 10-08-06.03 - MyName 2010/08/07 12:45:21.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1109 [GMT -5:00]
Running from: c:\documents and settings\MyName\Desktop\Combo-Fix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((( Files Created from 2010-07-07 to 2010-08-07 )))))))))))))))))))))))))))))))
.

2010-08-05 23:11 . 2010-08-05 23:11 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-08-05 23:11 . 2010-08-05 23:11 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache
2010-08-05 23:02 . 2010-08-05 23:02 -------- d-----w- C:\_OTL
2010-08-04 05:06 . 2010-08-04 05:06 503808 ----a-w- c:\documents and settings\MyName\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-781363d4-n\msvcp71.dll
2010-08-04 05:06 . 2010-08-04 05:06 499712 ----a-w- c:\documents and settings\MyName\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-781363d4-n\jmc.dll
2010-08-04 05:06 . 2010-08-04 05:06 348160 ----a-w- c:\documents and settings\MyName\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-781363d4-n\msvcr71.dll
2010-08-04 05:06 . 2010-08-04 05:06 61440 ----a-w- c:\documents and settings\MyName\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6cafbd4c-n\decora-sse.dll
2010-08-04 05:06 . 2010-08-04 05:06 12800 ----a-w- c:\documents and settings\MyName\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6cafbd4c-n\decora-d3d.dll
2010-08-04 05:05 . 2010-07-17 10:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-04 02:58 . 2010-08-04 02:52 875296 ----a-w- c:\documents and settings\MyName\Application Data\Sun\Java\JRERunOnce.exe
2010-08-01 14:00 . 2010-08-01 14:00 -------- d-----w- c:\documents and settings\NetworkService\Application Data\MiniLyrics
2010-08-01 05:55 . 2009-12-22 01:20 112056 ----a-w- c:\windows\system32\acaptuser32.dll
2010-08-01 05:52 . 2010-08-01 06:03 -------- d-----w- C:\_AcroTemp
2010-07-30 01:45 . 2010-07-30 01:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-25 17:17 . 2010-07-25 17:17 -------- d-----w- c:\documents and settings\MyName\Local Settings\Application Data\Threat Expert
2010-07-25 16:14 . 2010-07-27 01:30 767928 ----a-w- c:\windows\BDTSupport.dll
2010-07-25 16:14 . 2010-01-22 13:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-07-25 16:14 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip
2010-07-25 16:13 . 2009-10-28 05:36 1152444 ----a-w- c:\windows\UDB.zip
2010-07-25 16:13 . 2010-01-22 13:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-07-25 16:13 . 2010-01-22 13:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-07-25 16:13 . 2010-02-05 14:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-07-25 16:13 . 2010-03-29 15:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-07-25 16:13 . 2009-11-23 18:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-07-25 16:12 . 2010-04-08 19:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-07-25 16:12 . 2010-08-07 17:38 -------- d-----w- c:\program files\Spyware Doctor
2010-07-25 16:12 . 2010-07-25 16:14 -------- d-----w- c:\program files\Common Files\PC Tools
2010-07-25 16:12 . 2010-07-25 16:12 -------- d-----w- c:\documents and settings\MyName\Application Data\PC Tools
2010-07-25 16:12 . 2010-07-25 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-07-13 23:15 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-07 17:39 . 2009-02-26 16:26 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-05 23:30 . 2010-02-05 04:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-05 11:58 . 2009-01-15 01:47 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-04 11:29 . 2009-10-10 00:22 -------- d-----w- c:\documents and settings\MyName\Application Data\Dropbox
2010-08-04 11:28 . 2008-04-16 20:14 123190 ----a-w- c:\windows\system32\nvModes.dat
2010-08-04 11:24 . 2010-08-04 11:24 0 ----a-w- c:\documents and settings\MyName\ntuser.tmp
2010-08-04 05:06 . 2008-04-16 20:29 -------- d-----w- c:\program files\Common Files\Java
2010-08-04 05:05 . 2008-04-16 20:29 -------- d-----w- c:\program files\Java
2010-08-04 00:34 . 2004-08-04 04:07 68224 ----a-w- c:\windows\system32\drivers\pci.sys
2010-08-03 23:53 . 2008-05-14 20:07 -------- d-----w- c:\documents and settings\MyName\Application Data\uTorrent
2010-08-01 14:00 . 2008-07-20 18:30 -------- d-----w- c:\program files\Minilyrics
2010-07-30 01:02 . 2010-06-01 23:13 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-07-29 23:27 . 2010-06-01 23:08 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-07-27 02:07 . 2009-07-07 17:32 262144 ----a-w- c:\windows\system32\default_user_class.dat
2010-07-26 23:41 . 2009-06-30 16:09 -------- d-----w- c:\program files\LogMeIn
2010-07-25 16:22 . 2009-06-28 17:31 -------- d-----w- c:\program files\Windows Sidebar
2010-07-25 13:25 . 2008-07-20 18:30 -------- d-----w- c:\documents and settings\MyName\Application Data\MiniLyrics
2010-07-24 15:51 . 2008-05-26 15:08 -------- d-----w- c:\documents and settings\MyName\Application Data\LimeWire
2010-07-24 14:52 . 2010-06-01 23:21 -------- d-----w- c:\documents and settings\MyName\Application Data\Skype
2010-07-24 13:09 . 2010-06-01 23:21 -------- d-----w- c:\documents and settings\MyName\Application Data\skypePM
2010-07-24 07:14 . 2010-05-23 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\MediaMall
2010-06-17 16:04 . 2010-06-17 16:04 -------- d-----w- c:\program files\Investintech.com Inc
2010-06-14 14:31 . 2004-08-10 18:02 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 23:26 . 2008-04-23 00:12 -------- d-----w- c:\program files\Steam
2010-06-11 23:11 . 2010-06-11 23:11 -------- d-----w- c:\program files\D-Link
2010-06-11 22:59 . 2010-06-01 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-06-11 22:20 . 2010-06-11 22:20 -------- d-----w- c:\documents and settings\MyName\Application Data\VirtualStore
2010-06-11 21:51 . 2010-06-11 21:51 3055600 ----a-w- c:\documents and settings\MyName\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-06-11 21:36 . 2010-06-11 21:36 275952 ----a-w- c:\documents and settings\MyName\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-06-11 02:44 . 2008-09-08 06:01 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-06-01 23:21 . 2010-06-01 23:21 56 ---ha-w- c:\windows\system32\ezsidmv.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\MyName\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\MyName\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\MyName\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\MyName\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-13 133104]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-07-04 398568]
"PlayOn"="c:\program files\MediaMall\PlayOn.exe" [2010-07-14 53248]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-04-30 5472016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-03 851968]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-29 8491008]
"nwiz"="nwiz.exe" [2008-01-29 1626112]
"NVHotkey"="nvHotkey.dll" [2008-01-29 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-29 81920]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-11 2183168]
"SigmatelSysTrayApp"="stsystra.exe" [2007-06-06 405504]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-06-20 38840]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-04-29 188728]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\MyName\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Dropbox.lnk - c:\documents and settings\MyName\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
Monitor-Laptop.lnk - c:\documents and settings\MyName\Application Data\Realtime Soft\UltraMon\3.0.10\Profiles\Monitor-Laptop.umprofile [2010-4-22 243]
SharePort Utility.lnk - c:\program files\D-Link\SharePort Utility\Connect.exe [2010-6-11 266240]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-4-16 50688]
UltraMon.lnk - c:\windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico [2010-3-27 29310]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 01:35 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^MyName^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
backup=c:\windows\pss\Stardock ObjectDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-06-19 17:36 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2010-06-20 00:04 38840 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2007-05-14 19:23 1191936 ----a-w- c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2008-08-14 05:04 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-02-14 00:21 16384 -c--a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2008-01-18 01:41 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-08-24 13:00 33648 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 21:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 21:50 81920 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2008-07-24 23:46 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-12-21 15:58 184320 ------w- c:\program files\Dell\MediaDirect\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 14:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-02-22 09:25 144784 ----a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-16 20:37 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-07-27 17:01 185896 -c--a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViSplore]
2009-02-04 22:52 389120 ----a-w- c:\program files\ViSplore\ViSplore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
2007-11-26 19:47 1206600 ----a-w- c:\program files\Webroot\Washer\wwDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SQLWriter"=2 (0x2)
"SQLBrowser"=2 (0x2)
"ACDaemon"=2 (0x2)
"rpcapd"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"MediaMall Server"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"LogMeIn"=2 (0x2)
"LMIMaint"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"Browser Defender Update Service"=2 (0x2)
"Bonjour Service"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"Google Update"="c:\documents and settings\MyName\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\steamapps\\MyEmail\\team fortress classic\\hl.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\POWERPNT.EXE"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\D-Link\\SharePort Utility\\Connect.exe"=
"c:\\Program Files\\Steam\\steamapps\\MyEmail\\counter-strike\\hl.exe"=
"c:\\Documents and Settings\\MyName\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\MediaMall\\MediaMallServer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"54323:TCP"= 54323:TCP:uTorrent
"19540:UDP"= 19540:UDP:SXUPTP

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010/07/25 11:13 AM 218592]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009/02/06 02:23 PM 106208]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009/02/06 02:23 PM 727720]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008/07/24 06:46 PM 12856]
R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [2010/06/11 06:11 PM 263944]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2008/11/14 02:11 AM 17184]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008/11/10 12:06 PM 24652]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2008/05/26 09:44 AM 598856]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2004/08/10 12:51 PM 3584]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008/11/22 07:21 AM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008/11/22 07:21 AM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2008/11/22 07:21 AM 23680]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007/11/06 03:22 PM 34064]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010/07/25 11:12 AM 366840]
S4 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010/07/25 11:14 AM 112592]
S4 MediaMall Server;MediaMall Server;c:\program files\MediaMall\MediaMallServer.exe [2010/05/19 01:55 AM 3836784]

--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32
*Deregistered* - uphcleanhlp
.
Contents of the 'Scheduled Tasks' folder

2010-08-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3646338568-327410055-37099029-1006Core.job
- c:\documents and settings\MyName\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-13 14:54]

2010-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3646338568-327410055-37099029-1006UA.job
- c:\documents and settings\MyName\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-13 14:54]

2010-08-06 c:\windows\Tasks\User_Feed_Synchronization-{B53380F5-7AAD-441A-A312-EC7E8F30651F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: realpage.com
DPF: {4AEF8AEE-3DE8-4B69-8B6E-6353B6C59B50} - [You must be registered and logged in to see this link.]
DPF: {F7D4CE49-BD68-4F5E-AA25-08169F38769E} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\MyName\Application Data\Mozilla\Firefox\Profiles\barodw5l.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\MyName\Application Data\Mozilla\Firefox\Profiles\barodw5l.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\MyName\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\MyName\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\MyName\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\MyName\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-08-07 12:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3646338568-327410055-37099029-1006\Software\SecuROM\License information*]
"datasecu"=hex:fe,33,7e,0f,a9,50,8b,9d,a2,09,f4,4c,9b,4f,7a,e6,26,0e,6a,70,ba,
24,df,b2,b4,9a,2d,0d,7a,8b,72,32,ce,af,c9,20,a9,98,9a,8e,84,7f,48,cd,d5,3e,\
"rkeysecu"=hex:f3,e1,f7,43,27,d0,c9,31,72,ed,b1,f9,da,bd,73,62

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Application Data\\ESET\\ESET Smart Security\"
"DataDir"="ESET\\ESET Smart Security\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\"
"LanguageId"=dword:00000409
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000001
"ProductCode"="{F3E2505F-AA57-476B-9F67-F8C5E3938080}"
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="4.0.314.0"
"UniqueId"="011FBE4A49D9921D"
"ScannerBuild"=dword:0000133e
"ScannerVersionId"=dword:00000ff5
"ScannerVersion"="Open window for status."
"FixId"=dword:00000007
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1392)
c:\windows\system32\LMIinit.dll
c:\windows\System32\BCMLogon.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'lsass.exe'(1448)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(3160)
c:\windows\system32\WININET.dll
c:\documents and settings\MyName\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2010-08-07 12:54:38
ComboFix-quarantined-files.txt 2010-08-07 17:54

Pre-Run: 54,055,215,104 bytes free
Post-Run: 54,048,051,200 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="XXCLONE: (Cloned Volume) [d:0,p:1] \WINDOWS" /FASTDETECT /NOEXECUTE=OPTIN

- - End Of File - - C976D7AFF9197B8C1D3653ED1659DE9E

letmein123
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-07-25
OS OS : Windows Xp
Points Points : 23453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HOW TO REMOVE WIN32/NUQEL.EXE AND BANKERFOX.a VIRUS

Post by Belahzur on 7th August 2010, 6:10 pm

Hello.

I see that you are running Limewire and µTorrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    µTorrent
    J2SE Runtime Environment 5.0 Update 6
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) 6 Update 19
    LimeWire PRO 5.3.6

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: HOW TO REMOVE WIN32/NUQEL.EXE AND BANKERFOX.a VIRUS

Post by letmein123 on 7th August 2010, 6:22 pm

I ran spyware doctor scan and it keeps finding other spyware related items. Here's the log:

I'll run eset online scan but i doubt that's going to help since I have ESET Smart Security 4 and that basically did nothing while the malware was running.

letmein123
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-07-25
OS OS : Windows Xp
Points Points : 23453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HOW TO REMOVE WIN32/NUQEL.EXE AND BANKERFOX.a VIRUS

Post by Belahzur on 7th August 2010, 6:50 pm

Standing by for ESET log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: HOW TO REMOVE WIN32/NUQEL.EXE AND BANKERFOX.a VIRUS

Post by letmein123 on 7th August 2010, 8:55 pm

No Threats Found

letmein123
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-07-25
OS OS : Windows Xp
Points Points : 23453
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum