win32/nuqel.e and bankerfox.a

View previous topic View next topic Go down

win32/nuqel.e and bankerfox.a

Post by welbornbm on 18th May 2009, 11:06 pm

I've been having these pop ups and can't remove them, even my anti-virus programs aren't doing anything to this particular trogan. Please help! Here is my dds log:

DDS (Ver_09-05-14.01) - NTFSx86
Run by new user at 18:47:15.31 on Mon 05/18/2009
Internet Explorer: 7.0.5730.11

============== Pseudo HJT Report ===============

uSearch Bar = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mSearch Bar =
mSearchAssistant = [You must be registered and logged in to see this link.]
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - No File
BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: solads browser enhancer: {390be613-6e9c-ecb4-a5f2-3f312dce2f25} - c:\windows\system32\fwbdinthnuzmrzvlp.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: {7E031D41-229C-3410-72DA-ED451C01BA91} - No File
BHO: solads: {83da7bce-0077-75c9-fda0-134badf836f2} - c:\windows\system32\nsp16.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: solads search enhancer: {9097761f-512f-4321-92e0-bc29da40c413} - c:\windows\system32\epzcqjiiayku.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {b56a7d7d-6927-48c8-a975-17df180c71ac} - PCTools Browser Monitor
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Microsoft Online Helper!: {f8248ade-79ce-4624-a72a-7218fa872044} - %SystemRoot%\system32\msonlinebb.dll
TB: {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: Search panel: {68eb09a9-72df-04ae-f3ab-1400b38b7502} - c:\windows\system32\epzcqjiiayku.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [system tool] c:\windows\sysguard.exe
mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [EssSpkPhone] essspk.exe -c
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [lxdkmon.exe] "c:\program files\lexmark 5300 series\lxdkmon.exe"
mRun: [lxdkamon] "c:\program files\lexmark 5300 series\lxdkamon.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [qcncpevlehhy] c:\windows\system32\regsvr32.exe /s "c:\windows\system32\fwbdinthnuzmrzvlp.dll"
mRun: [SpywareCease.exe] c:\program files\spyware cease\SpywareCease.exe
dRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - {A1EDC4A1-940F-48E0-8DFD-E38F1D501021}
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: pogo.com
Trusted Zone: yahoo.com\www
DPF: CabBuilder - [You must be registered and logged in to see this link.]
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [You must be registered and logged in to see this link.]
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - [You must be registered and logged in to see this link.]
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - [You must be registered and logged in to see this link.]
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxsrvc.dll
Notify: ljJddedB - ljJddedB.dll
AppInit_DLLs: olzwgj.dll bxugcv.dll fsoxhg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\ddcbcARI
LSA: Notification Packages = scecli syxd32.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-05-18 17:53 37,376 a------- c:\windows\system32\sys.dat
2009-05-17 19:25 --d----- c:\program files\Microsoft Common
2009-05-17 07:47 1,409 a------- c:\windows\QTFont.for
2009-05-17 07:47 54,156 a---h--- c:\windows\QTFont.qfn
2009-05-16 15:35 116 a------- c:\windows\system32\SpywareCease.lie
2009-05-16 15:14 34,096 a------- c:\windows\system32\drivers\RKHit.sys
2009-05-16 15:14 --d----- c:\program files\Spyware Cease
2009-05-16 07:46 2,560 a------- c:\windows\syssvc.exe
2009-05-15 20:36 6,144 a------- c:\windows\system32\iehelper.dll
2009-05-15 20:26 377,872 a------- c:\windows\sysguard.exe
2009-05-06 07:02 562,688 a------- c:\windows\system32\epzcqjiiayku.dll
2009-05-03 18:45 --d----- c:\program files\Citrix
2009-05-01 22:05 --d----- c:\docume~1\newuse~1\applic~1\Pogo Games
2009-04-22 19:25 935,802 a------- c:\windows\system32\rn.tmp
2009-04-22 16:06 85,651 a------- c:\windows\system32\c3469b5c-79a5-8437-891b-78504560be9b.exe
2009-04-22 16:06 62,076 a------- c:\windows\system32\epzcqjiiayku.dll-uninst.exe
2009-04-22 16:05 48,272 a------- c:\windows\system32\buxfolzjwz.exe
2009-04-22 15:38 --d----- c:\program files\AskBarDis
2009-04-22 03:27 480,256 a------- c:\windows\system32\fwbdinthnuzmrzvlp.dll

==================== Find3M ====================

2009-04-13 15:08 710,656 a------- c:\windows\system32\nsp16.dll
2009-04-12 19:06 35,976 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-04-12 16:48 58,728 a------- c:\windows\fonts\scriptina.zip
2009-04-12 16:47 35,570 a------- c:\windows\fonts\degrassi.zip
2009-03-25 11:06 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 11:06 214,024 a------- c:\windows\system32\drivers\mfehidk.sys
2009-03-25 11:06 79,880 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 11:06 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-03-25 11:05 34,216 a------- c:\windows\system32\drivers\mferkdk.sys
2009-03-21 10:06 363,936 a------- c:\windows\system32\msonlinebb.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 14:09 78,336 a------- c:\windows\system32\ieencode.dll
2009-01-25 20:39 0 a------- c:\docume~1\newuse~1\applic~1\wklnhst.dat
2005-09-18 18:11 0 a--sh--- c:\windows\sminst\HPCD.sys
2009-01-03 09:01 1,612 a--sh--- c:\windows\system32\IRAcbcdd.ini2
2008-12-26 18:01 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008122620081227\index.dat
2008-12-27 19:01 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008122720081228\index.dat
2009-01-03 21:22 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009010320090104\index.dat

============= FINISH: 18:54:31.65 ===============

welbornbm
Beginner
Beginner

Posts Posts : 1
Joined Joined : 2009-05-18
OS OS : xp
Points Points : 27603
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nuqel.e and bankerfox.a

Post by Belahzur on 18th May 2009, 11:08 pm

You aren't running Anti Virus Software

This is somewhat suicidal in today's digital world.
That's why I want you to install one first!!

* Please install Avira Antivirus: [You must be registered and logged in to see this link.]
This is a free Antivirus.

Perform a full scan with Avira and let it delete everything it is finding.
Then reboot.
After reboot, open your Avira and select "reports".
There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply.
Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum