BankerFox.A problem

View previous topic View next topic Go down

Solved BankerFox.A problem

Post by scott1966 on Mon Feb 23, 2009 1:33 am

Could you please help me - got the BankerA.Fox and Win32/Nuqel.E - here is the log after running my Spyware Doctor program. - Scott




date/time : 2009-02-21, 20:05:46, 625ms
computer name : D2Y60F21
user name : Scott Smyth
operating system : Windows XP Service Pack 2 build 2600
system language : English
system up time : 2 hours 22 minutes
program up time : 12 minutes 11 seconds
processor : Intel(R) Pentium(R) 4 CPU 2.40GHz
physical memory : 83/511 MB (free/total)
free disk space : (C 42.48 GB
display mode : 1024x768, 32 bit
process id : $808
allocated memory : 161.77 MB
executable : swdoctor.exe
exec. date/time : 2006-12-11 15:35
version : 4.0.0.2621
madExcept version : 2.7g
exception class : Exception
exception message : Error load log from "C:\Documents and Settings\Scott Smyth\Local Settings\Tempfirstlog.xml".

main thread ($1094):
0055ea05 +0a9 swdoctor.exe uXMLLog 555 +6 TXMLLog.LoadFromFile
0052bd7a +02a swdoctor.exe uGetSupport 323 +3 TfrmGetSupport.hlViewFirstLogClick
0042c28a +04e swdoctor.exe HotLabel 104 +3 THotLabel.Click
0042c165 +021 swdoctor.exe HotLabel 74 +3 THotLabel.WMLButtonDown
01bd1340 +188 vcl70.bpl Controls TControl.WndProc
01bd445d +089 vcl70.bpl Controls TWinControl.WndProc
01bd1340 +188 vcl70.bpl Controls TControl.WndProc
01bd1110 +024 vcl70.bpl Controls TControl.Perform
01bd43c2 +082 vcl70.bpl Controls TWinControl.IsControlMouseMsg
01bd44ae +0da vcl70.bpl Controls TWinControl.WndProc
01bd41a8 +02c vcl70.bpl Controls TWinControl.MainWndProc
0052ae87 +027 swdoctor.exe uGetSupport 77 +2 ShowGetSupportDialog
0055be3f +007 swdoctor.exe uGuiController 24 +1 TGUIController.ShowSupport
06e3a0c6 +076 maldetective.dll RunTool
005698f2 +026 swdoctor.exe Database 685 +2 TLibrary.Simple_RunTool
005303c3 +0bf swdoctor.exe Unit_tools 149 +13 TFormTools.ButtonRunToolClick
01bd14d8 +064 vcl70.bpl Controls TControl.Click
01bc16d0 +01c vcl70.bpl Stdctrls TButton.Click
01bc17c4 +00c vcl70.bpl Stdctrls TButton.CNCommand
01bd1340 +188 vcl70.bpl Controls TControl.WndProc
01bd452b +157 vcl70.bpl Controls TWinControl.WndProc
01bc1594 +06c vcl70.bpl Stdctrls TButtonControl.WndProc
01bd1110 +024 vcl70.bpl Controls TControl.Perform
01bd4d1b +00b vcl70.bpl Controls TWinControl.WMCommand
01bd1340 +188 vcl70.bpl Controls TControl.WndProc
01bd452b +157 vcl70.bpl Controls TWinControl.WndProc
01bd41a8 +02c vcl70.bpl Controls TWinControl.MainWndProc
7e41b8fe +044 USER32.dll SendMessageW
01bd1340 +188 vcl70.bpl Controls TControl.WndProc
7e41f658 +016 USER32.dll CallWindowProcA
01bd460f +0d7 vcl70.bpl Controls TWinControl.DefaultHandler
01bd18e0 +010 vcl70.bpl Controls TControl.WMLButtonUp
01bd1340 +188 vcl70.bpl Controls TControl.WndProc
01bd452b +157 vcl70.bpl Controls TWinControl.WndProc
01bc1594 +06c vcl70.bpl Stdctrls TButtonControl.WndProc
01bd41a8 +02c vcl70.bpl Controls TWinControl.MainWndProc
01b6e9bb +00f vcl70.bpl Extctrls TTimer.Timer
01b6e89f +02b vcl70.bpl Extctrls TTimer.WndProc
06952921 +01d iesdpb.dll DllRegisterServer
069975c6 +042 iesdpb.dll PUB_Start
0703c6eb +033 popupblocker.dll StartOnGuard
00569a05 +025 swdoctor.exe Database 720 +2 TLibrary.OnGuard_Start
00531333 +027 swdoctor.exe uOnGuard 325 +3 TfrmOnGuard.ActivateDLL
005311ab +0bf swdoctor.exe uOnGuard 285 +9 TfrmOnGuard.ActivateOnGuard
00531375 +02d swdoctor.exe uOnGuard 331 +1 TfrmOnGuard.WMOnGuard
01bd1340 +188 vcl70.bpl Controls TControl.WndProc
01bd452b +157 vcl70.bpl Controls TWinControl.WndProc
01bee005 +421 vcl70.bpl Forms TCustomForm.WndProc
01bd41a8 +02c vcl70.bpl Controls TWinControl.MainWndProc
01bf4de2 +00a vcl70.bpl Forms TApplication.HandleMessage
01bf5002 +096 vcl70.bpl Forms TApplication.Run
00582882 +2ee swdoctor.exe swdoctor 148 +63 initialization
7c91312f +069 ntdll.dll RtlUnicodeStringToAnsiString
7c812b94 +0b6 kernel32.dll GetVersionExA

thread $1294:
7c90eb94 +00 ntdll.dll KiFastSystemCallRet
7e42e03d +3b USER32.dll GetMessageA
77c3a3ad +a6 msvcrt.dll _endthreadex
00425b83 +27 swdoctor.exe madExcept ThreadExceptFrame
>> created by main thread ($1094) at:
6b989a08 +00 msscript.ocx

thread $10d0 (TSubscriptionThread):
7c90eb94 +00 ntdll.dll KiFastSystemCallRet
7c90e9be +0a ntdll.dll NtWaitForSingleObject
7c8025c5 +85 kernel32.dll WaitForSingleObjectEx
7c80252d +0d kernel32.dll WaitForSingleObject
4003d801 +09 rtl70.bpl Syncobjs TEvent.WaitFor
005672b7 +1b swdoctor.exe uSubscription 445 +2 TSubscriptionThread.Execute
00425bee +16 swdoctor.exe madExcept HookedTThreadExecute
00425b83 +27 swdoctor.exe madExcept ThreadExceptFrame
>> created by main thread ($1094) at:
0056720f +1f swdoctor.exe uSubscription 430 +1 TSubscriptionThread.Create

thread $1180:
7c90eb94 +00 ntdll.dll KiFastSystemCallRet
7c90d85a +0a ntdll.dll NtDelayExecution
7c8023e7 +4b kernel32.dll SleepEx
7c80244c +0a kernel32.dll Sleep

thread $1280:
7c90eb94 +00 ntdll.dll KiFastSystemCallRet
7c90e397 +0a ntdll.dll NtReplyWaitReceivePortEx
00425b83 +27 swdoctor.exe madExcept ThreadExceptFrame
>> created by thread $1250 at:
77e875c7 +00 RPCRT4.dll

thread $1548 (TRegistryHook):
7c90eb94 +00 ntdll.dll KiFastSystemCallRet
7c90e9a9 +0a ntdll.dll NtWaitForMultipleObjects
7c8094dc +00 kernel32.dll WaitForMultipleObjectsEx
7c80a070 +13 kernel32.dll WaitForMultipleObjects
00425bee +16 swdoctor.exe madExcept HookedTThreadExecute
00425b83 +27 swdoctor.exe madExcept ThreadExceptFrame
>> created by main thread ($1094) at:
02db3bb0 +00 actstartup.dll

thread $154c (TRegistryHook):
7c90eb94 +00 ntdll.dll KiFastSystemCallRet
7c90e9a9 +0a ntdll.dll NtWaitForMultipleObjects
7c8094dc +00 kernel32.dll WaitForMultipleObjectsEx
7c80a070 +13 kernel32.dll WaitForMultipleObjects
00425bee +16 swdoctor.exe madExcept HookedTThreadExecute
00425b83 +27 swdoctor.exe madExcept ThreadExceptFrame
>> created by main thread ($1094) at:
02db3bb0 +00 actstartup.dll

thread $10ec (TRegistryHook):
7c90eb94 +00 ntdll.dll KiFastSystemCallRet
7c90e9a9 +0a ntdll.dll NtWaitForMultipleObjects
7c8094dc +00 kernel32.dll WaitForMultipleObjectsEx
7c80a070 +13 kernel32.dll WaitForMultipleObjects
00425bee +16 swdoctor.exe madExcept HookedTThreadExecute
00425b83 +27 swdoctor.exe madExcept ThreadExceptFrame
>> created by main thread ($1094) at:
02db3bb0 +00 actstartup.dll

thread $1558 (TRegistryHook):
7c90eb94 +00 ntdll.dll KiFastSystemCallRet
7c90e9a9 +0a ntdll.dll NtWaitForMultipleObjects
7c8094dc +00 kernel32.dll WaitForMultipleObjectsEx
7c80a070 +13 kernel32.dll WaitForMultipleObjects
00425bee +16 swdoctor.exe madExcept HookedTThreadExecute
00425b83 +27 swdoctor.exe madExcept ThreadExceptFrame
>> created by main thread ($1094) at:
02db3bb0 +00 actstartup.dll

thread $1568 (TRegistryHook):
7c90eb94 +00 ntdll.dll KiFastSystemCallRet
7c90e9a9 +0a ntdll.dll NtWaitForMultipleObjects
7c8094dc +00 kernel32.dll WaitForMultipleObjectsEx
7c80a070 +13 kernel32.dll WaitForMultipleObjects
00425bee +16 swdoctor.exe madExcept HookedTThreadExecute
00425b83 +27 swdoctor.exe madExcept ThreadExceptFrame
>> created by main thread ($1094) at:
02db3bb0 +00 actstartup.dll

thread $1390 (TRegistryHook):
7c90eb94 +00 ntdll.dll KiFastSystemCallRet
7c90e9a9 +0a ntdll.dll NtWaitForMultipleObjects
7c8094dc +00 kernel32.dll WaitForMultipleObjectsEx
7c80a070 +13 kernel32.dll WaitForMultipleObjects
00425bee +16 swdoctor.exe madExcept HookedTThreadExecute
00425b83 +27 swdoctor.exe madExcept ThreadExceptFrame
>> created by main thread ($1094) at:
02db3bb0 +00 actstartup.dll

thread $14c0 (TRegistryHook):
7c90eb94 +00 ntdll.dll KiFastSystemCallRet
7c90e9a9 +0a ntdll.dll NtWaitForMultipleObjects
7c8094dc +00 kernel32.dll WaitForMultipleObjectsEx
7c80a070 +13 kernel32.dll WaitForMultipleObjects
00425bee +16 swdoctor.exe madExcept HookedTThreadExecute
00425b83 +27 swdoctor.exe madExcept ThreadExceptFrame
>> created by main thread ($1094) at:
02db3bb0 +00 actstartup.dll

thread $145c (TRegistryHook):
7c90eb94 +00 ntdll.dll KiFastSystemCallRet
7c90e9a9 +0a ntdll.dll NtWaitForMultipleObjects
7c8094dc +00 kernel32.dll WaitForMultipleObjectsEx
7c80a070 +13 kernel32.dll WaitForMultipleObjects
00425bee +16 swdoctor.exe madExcept HookedTThreadExecute
00425b83 +27 swdoctor.exe madExcept ThreadExceptFrame
>> created by main thread ($1094) at:
02db3bb0 +00 actstartup.dll

thread $13f8 (TRegistryHook):
7c90eb94 +00 ntdll.dll KiFastSystemCallRet
7c90e9a9 +0a ntdll.dll NtWaitForMultipleObjects
7c8094dc +00 kernel32.dll WaitForMultipleObjectsEx
7c80a070 +13 kernel32.dll WaitForMultipleObjects
00425bee +16 swdoctor.exe madExcept HookedTThreadExecute
00425b83 +27 swdoctor.exe madExcept ThreadExceptFrame
>> created by main thread ($1094) at:
02db3bb0 +00 actstartup.dll

thread $1414 (TRegistryHook):
7c90eb94 +00 ntdll.dll KiFastSystemCallRet
7c90e9a9 +0a ntdll.dll NtWaitForMultipleObjects
7c8094dc +00 kernel32.dll WaitForMultipleObjectsEx
7c80a070 +13 kernel32.dll WaitForMultipleObjects
00425bee +16 swdoctor.exe madExcept HookedTThreadExecute
00425b83 +27 swdoctor.exe madExcept ThreadExceptFrame
>> created by main thread ($1094) at:
02db3bb0 +00 actstartup.dll

thread $137c (TRegistryHook):
7c90eb94 +00 ntdll.dll KiFastSystemCallRet
7c90e9a9 +0a ntdll.dll NtWaitForMultipleObjects
7c8094dc +00 kernel32.dll WaitForMultipleObjectsEx
7c80a070 +13 kernel32.dll WaitForMultipleObjects
00425bee +16 swdoctor.exe madExcept HookedTThreadExecute
00425b83 +27 swdoctor.exe madExcept ThreadExceptFrame
>> created by main thread ($1094) at:
02db3bb0 +00 actstartup.dll

thread $13a8 (TRegistryHook):
7c90eb94 +00 ntdll.dll KiFastSystemCallRet
7c90e9a9 +0a ntdll.dll NtWaitForMultipleObjects
7c8094dc +00 kernel32.dll WaitForMultipleObjectsEx
7c80a070 +13 kernel32.dll WaitForMultipleObjects
00425bee +16 swdoctor.exe madExcept HookedTThreadExecute
00425b83 +27 swdoctor.exe madExcept ThreadExceptFrame
>> created by main thread ($1094) at:
02db3bb0 +00 actstartup.dll

thread $1018 (TRegistryHook):
7c90eb94 +00 ntdll.dll KiFastSystemCallRet
7c90e9a9 +0a ntdll.dll NtWaitForMultipleObjects
7c8094dc +00 kernel32.dll WaitForMultipleObjectsEx
7c80a070 +13 kernel32.dll WaitForMultipleObjects
00425bee +16 swdoctor.exe madExcept HookedTThreadExecute
00425b83 +27 swdoctor.exe madExcept ThreadExceptFrame
>> created by main thread ($1094) at:
02db3bb0 +00 actstartup.dll

thread $147c (TRegistryHook):
7c90eb94 +00 ntdll.dll KiFastSystemCallRet
7c90e9a9 +0a ntdll.dll NtWaitForMultipleObjects
7c8094dc +00 kernel32.dll WaitForMultipleObjectsEx
7c80a070 +13 kernel32.dll WaitForMultipleObjects
00425bee +16 swdoctor.exe madExcept HookedTThreadExecute
00425b83 +27 swdoctor.exe madExcept ThreadExceptFrame
>> created by main thread ($1094) at:
02db3bb0 +00 actstartup.dll

thread $15a8:
7c90eb94 +00 ntdll.dll KiFastSystemCallRet
7c90e286 +0a ntdll.dll NtReadFile
7c80186f +61 kernel32.dll ReadFile

thread $15b0 (TRegMonitorThread):
7c90eb94 +00 ntdll.dll KiFastSystemCallRet
7c90e9a9 +0a ntdll.dll NtWaitForMultipleObjects
7c8094dc +00 kernel32.dll WaitForMultipleObjectsEx
7c80a070 +13 kernel32.dll WaitForMultipleObjects
00425bee +16 swdoctor.exe madExcept HookedTThreadExecute
00425b83 +27 swdoctor.exe madExcept ThreadExceptFrame
>> created by main thread ($1094) at:
06d31a11 +00 Immunizer.dll

thread $1554:
7c90eb94 +00 ntdll.dll KiFastSystemCallRet
7c90e286 +0a ntdll.dll NtReadFile
7c80186f +61 kernel32.dll ReadFile

thread $1274:
7c90eb94 +00 ntdll.dll KiFastSystemCallRet
7c90e286 +0a ntdll.dll NtReadFile
7c80186f +61 kernel32.dll ReadFile

thread $166c (TNotiThread):
7c90eb94 +00 ntdll.dll KiFastSystemCallRet
7c90d85a +0a ntdll.dll NtDelayExecution
7c8023e7 +4b kernel32.dll SleepEx
7c80244c +0a kernel32.dll Sleep
00425bee +16 swdoctor.exe madExcept HookedTThreadExecute
00425b83 +27 swdoctor.exe madExcept ThreadExceptFrame
>> created by main thread ($1094) at:
071ef4b2 +96 sdn.dll InitTool

thread $1580:
7c90eb94 +00 ntdll.dll KiFastSystemCallRet
7c90e286 +0a ntdll.dll NtReadFile
7c80186f +61 kernel32.dll ReadFile

thread $15dc (TWorkerThread):
7c90eb94 +00 ntdll.dll KiFastSystemCallRet
7c90e9be +0a ntdll.dll NtWaitForSingleObject
7c8025c5 +85 kernel32.dll WaitForSingleObjectEx
7c80252d +0d kernel32.dll WaitForSingleObject
004d2496 +16 swdoctor.exe VirtualTrees 5064 +3 TWorkerThread.Execute
00425bee +16 swdoctor.exe madExcept HookedTThreadExecute
00425b83 +27 swdoctor.exe madExcept ThreadExceptFrame
>> created by main thread ($1094) at:
004d239f +23 swdoctor.exe VirtualTrees 5027 +1 TWorkerThread.Create

thread $af0 (TRegMonitorThread):
7c90eb94 +00 ntdll.dll KiFastSystemCallRet
7c90e9a9 +0a ntdll.dll NtWaitForMultipleObjects
7c8094dc +00 kernel32.dll WaitForMultipleObjectsEx
7c80a070 +13 kernel32.dll WaitForMultipleObjects
00425bee +16 swdoctor.exe madExcept HookedTThreadExecute
00425b83 +27 swdoctor.exe madExcept ThreadExceptFrame
>> created by main thread ($1094) at:
068ca6b0 +00 iemonitor.dll

thread $15e0 (TRegMonitorThread):
7c90eb94 +00 ntdll.dll KiFastSystemCallRet
7c90e9a9 +0a ntdll.dll NtWaitForMultipleObjects
7c8094dc +00 kernel32.dll WaitForMultipleObjectsEx
7c80a070 +13 kernel32.dll WaitForMultipleObjects
00425bee +16 swdoctor.exe madExcept HookedTThreadExecute
00425b83 +27 swdoctor.exe madExcept ThreadExceptFrame
>> created by main thread ($1094) at:
068ca6b0 +00 iemonitor.dll

thread $1204 (TRegMonitorThread):
7c90eb94 +00 ntdll.dll KiFastSystemCallRet
7c90e9a9 +0a ntdll.dll NtWaitForMultipleObjects
7c8094dc +00 kernel32.dll WaitForMultipleObjectsEx
7c80a070 +13 kernel32.dll WaitForMultipleObjects
00425bee +16 swdoctor.exe madExcept HookedTThreadExecute
00425b83 +27 swdoctor.exe madExcept ThreadExceptFrame
>> created by main thread ($1094) at:
068ca6b0 +00 iemonitor.dll

thread $1678 (TRegMonitorThread):
7c90eb94 +00 ntdll.dll KiFastSystemCallRet
7c90e9a9 +0a ntdll.dll NtWaitForMultipleObjects
7c8094dc +00 kernel32.dll WaitForMultipleObjectsEx
7c80a070 +13 kernel32.dll WaitForMultipleObjects
00425bee +16 swdoctor.exe madExcept HookedTThreadExecute
00425b83 +27 swdoctor.exe madExcept ThreadExceptFrame
>> created by main thread ($1094) at:
06fdba7d +00 networkguard.dll

thread $167c (TRegMonitorThread):
7c90eb94 +00 ntdll.dll KiFastSystemCallRet
7c90e9a9 +0a ntdll.dll NtWaitForMultipleObjects
7c8094dc +00 kernel32.dll WaitForMultipleObjectsEx
7c80a070 +13 kernel32.dll WaitForMultipleObjects
00425bee +16 swdoctor.exe madExcept HookedTThreadExecute
00425b83 +27 swdoctor.exe madExcept ThreadExceptFrame
>> created by main thread ($1094) at:
06fdba7d +00 networkguard.dll

thread $1598 (TRegMonitorThread):
7c90eb94 +00 ntdll.dll KiFastSystemCallRet
7c90e9a9 +0a ntdll.dll NtWaitForMultipleObjects
7c8094dc +00 kernel32.dll WaitForMultipleObjectsEx
7c80a070 +13 kernel32.dll WaitForMultipleObjects
00425bee +16 swdoctor.exe madExcept HookedTThreadExecute
00425b83 +27 swdoctor.exe madExcept ThreadExceptFrame
>> created by main thread ($1094) at:
06fdba7d +00 networkguard.dll

thread $15c0 (TRegMonitorThread):
7c90eb94 +00 ntdll.dll KiFastSystemCallRet
7c90e9a9 +0a ntdll.dll NtWaitForMultipleObjects
7c8094dc +00 kernel32.dll WaitForMultipleObjectsEx
7c80a070 +13 kernel32.dll WaitForMultipleObjects
00425bee +16 swdoctor.exe madExcept HookedTThreadExecute
00425b83 +27 swdoctor.exe madExcept ThreadExceptFrame
>> created by main thread ($1094) at:
06fdba7d +00 networkguard.dll

scott1966
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-02-22
OS OS : Windows XP
Points Points : 28430
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: BankerFox.A problem

Post by Belahzur on Mon Feb 23, 2009 1:34 am

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: BankerFox.A problem

Post by scott1966 on Mon Feb 23, 2009 1:47 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:46:48 PM, on 2/22/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\AOL\1115394321\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\svcho.exe
C:\WINDOWS\sysguard.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = [You must be registered and logged in to see this link.]
F1 - win.ini: run=fntldr.exe C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\info32.exe
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: BHO - {C9C42510-9B21-41c1-9DCD-8382A2D07C61} - C:\WINDOWS\system32\iehelper.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1115394321\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [system tool] C:\WINDOWS\sysguard.exe
O4 - HKCU\..\Policies\Explorer\Run: [svcho] C:\WINDOWS\svcho.exe
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - [You must be registered and logged in to see this link.] Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - [You must be registered and logged in to see this link.] files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - [You must be registered and logged in to see this link.] files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - [You must be registered and logged in to see this link.] files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - [You must be registered and logged in to see this link.] files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - [You must be registered and logged in to see this link.] files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - [You must be registered and logged in to see this link.] files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - [You must be registered and logged in to see this link.]
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - [You must be registered and logged in to see this link.]
O21 - SSODL: systemp - {DFC257E0-2E67-4CC8-8A5D-441078695803} - systemp.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

--
End of file - 8468 bytes

scott1966
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-02-22
OS OS : Windows XP
Points Points : 28430
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: BankerFox.A problem

Post by Belahzur on Mon Feb 23, 2009 1:51 am

Hello.
I'm going to bed now, but I'll leave some instructions here to save us time.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    F1 - win.ini: run=fntldr.exe C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\info32.exe
    O2 - BHO: BHO - {C9C42510-9B21-41c1-9DCD-8382A2D07C61} - C:\WINDOWS\system32\iehelper.dll
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [system tool] C:\WINDOWS\sysguard.exe
    O4 - HKCU\..\Policies\Explorer\Run: [svcho] C:\WINDOWS\svcho.exe
    O21 - SSODL: systemp - {DFC257E0-2E67-4CC8-8A5D-441078695803} - systemp.dll (file missing)


  • Press "Fix Checked"
  • Close Hijack This.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.

Then once you've run MBAM, run this next tool so I can see if any malware remains.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: BankerFox.A problem

Post by Doctor Inferno on Mon Jul 06, 2009 3:44 am

Since this issue has been addressed, a "solved" tag will be added and this topic will be closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a [You must be registered and logged in to see this link.] for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 12017
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104594
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum