BankerFox.A and Win32/Nuquel.E virues?

View previous topic View next topic Go down

BankerFox.A and Win32/Nuquel.E virues?

Post by tamrha999 on Sat May 23, 2009 2:24 pm

Suddenbly a program I've not seen before - Spyware Protect 2009 - is alerting me that these two viruses are trying to attack my system. It wants me to purchase the full version to remove them but Im wondering idf , with help, I can do it myself somehow?

The Hijackthis info is below..
Thanks
Tamrha

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:11 AM, on 5/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal



R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: BHO - {BAD4551D-9B24-42cb-9BCD-818CA2DA7B63} - C:\WINDOWS\system32\iehelper.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1152653800\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\4.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [readericon10] C:\Program Files\Multimedia Card Reader\readericon10.exe
O4 - HKLM\..\Run: [eSnips] "C:\Program Files\eSnips\ClientGW.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\Olympus\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]
O4 - HKCU\..\Run: [Eye-Fi] "C:\Program Files\Eye-Fi\Eye-Fi Manager.exe"
O4 - HKCU\..\Run: [SmileboxTray] "C:\Documents and Settings\T\Application Data\Smilebox\SmileboxTray.exe"
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [system tool] C:\WINDOWS\sysguard.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1103472 -"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10" -"http://www.noggin.com/games/doodlepad/?&fromHomepage=1"
O4 - HKUS\S-1-5-21-1004336348-1078145449-682003330-1007\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet (User 'Ciaran')
O4 - HKUS\S-1-5-21-1004336348-1078145449-682003330-1007\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe (User 'Ciaran')
O4 - HKUS\S-1-5-21-1004336348-1078145449-682003330-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Ciaran')
O4 - HKUS\S-1-5-21-1004336348-1078145449-682003330-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Ciaran')
O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O4 - Startup: Expedia Fare Alert.lnk = C:\Program Files\Expedia\Expedia Fare Alert\ExpediaFareAlert.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: SmartUI.lnk = ?
O4 - Global Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\T\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - [You must be registered and logged in to see this link.]
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [You must be registered and logged in to see this link.]
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {46C66BBD-E667-4DAD-9683-58050E7C9FDC} (CDPass Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - [You must be registered and logged in to see this link.]
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - [You must be registered and logged in to see this link.]
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - [You must be registered and logged in to see this link.]
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - [You must be registered and logged in to see this link.]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Update Service (gupdate1c9c7ff2879756a) (gupdate1c9c7ff2879756a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxcccoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 19041 bytes

tamrha999
Novice
Novice

Status :
Online
Offline

Posts : 29
Joined : 2009-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by Origin on Sat May 23, 2009 5:14 pm

I see you have Viewpoint software installed.

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". Read this article: [You must be registered and logged in to see this link.] and [You must be registered and logged in to see this link.]

I suggest you remove the program now.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

  • Viewpoint Manager (remove only)
  • Viewpoint Media Player
  • Viewpoint Toolbar
Next, please download ViewpointKiller by Prm753 from [You must be registered and logged in to see this link.].
Save it to a permanent folder (such as C:\ViewpointKiller) and unzip it there.
Open ViewpointKiller, and press the Start button.
A log will be produced in the same folder where you unzipped it to. Please post the contents of that log in your reply.




  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\sdra64.exe,
    O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
    O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\4.bin\m3SrchMn.exe" /m=2 /w
    O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1103472 -"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10" -"http://www.noggin.com/games/doodlepad/?&fromHomepage=1"
    O4 - HKUS\S-1-5-21-1004336348-1078145449-682003330-1007\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet (User 'Ciaran')
    O4 - HKUS\S-1-5-21-1004336348-1078145449-682003330-1007\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe (User 'Ciaran')
    O4 - HKUS\S-1-5-21-1004336348-1078145449-682003330-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Ciaran')
    O4 - HKUS\S-1-5-21-1004336348-1078145449-682003330-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Ciaran')
    O8 - Extra context menu item: &Search - [You must be registered and logged in to see this link.]
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe



  • Press "Fix Checked"
  • Close Hijack This.




Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by tamrha999 on Sat May 23, 2009 5:29 pm

Viewpoint is not showing up in the list of programs for me to delete!

tamrha999
Novice
Novice

Status :
Online
Offline

Posts : 29
Joined : 2009-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by Origin on Sat May 23, 2009 5:30 pm

Then skip that step and go on with the others Wink


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by tamrha999 on Sat May 23, 2009 5:36 pm

ok....
here's the first part of the hijack this list...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:38:45 PM, on 5/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\System32\lxcccoms.exe
C:\Program Files\Multimedia Card Reader\readericon10.exe
C:\Program Files\eSnips\ClientGW.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Eye-Fi\Eye-Fi Manager.exe
C:\Documents and Settings\T\Application Data\Smilebox\SmileboxTray.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Expedia\Expedia Fare Alert\ExpediaFareAlert.exe
C:\Program Files\IMVU\IMVUClient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1152653800\EE\AOLDesktop.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\IMVU\IMVUQualityAgent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\AOL\1152653800\EE\ComputerCheckup.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\AOL\1152653800\ee\AOLSoftware.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Multimedia Card Reader\readericon10.exe
C:\Program Files\eSnips\ClientGW.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Common Files\AOL\1152653800\EE\aolsoftware.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\sysguard.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\DOCUME~1\T\LOCALS~1\Temp\Rar$EX00.328\ViewpointKiller.exe
C:\Program Files\Common Files\AOL\1152653800\EE\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\T\Desktop\hijackgpthis.exe

tamrha999
Novice
Novice

Status :
Online
Offline

Posts : 29
Joined : 2009-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by tamrha999 on Sat May 23, 2009 5:37 pm

2nd part Smile
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: BHO - {BAD4551D-9B24-42cb-9BCD-818CA2DA7B63} - C:\WINDOWS\system32\iehelper.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1152653800\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\4.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [readericon10] C:\Program Files\Multimedia Card Reader\readericon10.exe
O4 - HKLM\..\Run: [eSnips] "C:\Program Files\eSnips\ClientGW.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\Olympus\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]
O4 - HKCU\..\Run: [Eye-Fi] "C:\Program Files\Eye-Fi\Eye-Fi Manager.exe"
O4 - HKCU\..\Run: [SmileboxTray] "C:\Documents and Settings\T\Application Data\Smilebox\SmileboxTray.exe"
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [system tool] C:\WINDOWS\sysguard.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1103472 -"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10" -"http://www.noggin.com/games/doodlepad/?&fromHomepage=1"
O4 - HKUS\S-1-5-21-1004336348-1078145449-682003330-1007\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet (User 'Ciaran')
O4 - HKUS\S-1-5-21-1004336348-1078145449-682003330-1007\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe (User 'Ciaran')
O4 - HKUS\S-1-5-21-1004336348-1078145449-682003330-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Ciaran')
O4 - HKUS\S-1-5-21-1004336348-1078145449-682003330-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Ciaran')
O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O4 - Startup: Expedia Fare Alert.lnk = C:\Program Files\Expedia\Expedia Fare Alert\ExpediaFareAlert.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: SmartUI.lnk = ?
O4 - Global Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\T\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - [You must be registered and logged in to see this link.]
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [You must be registered and logged in to see this link.]
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {46C66BBD-E667-4DAD-9683-58050E7C9FDC} (CDPass Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - [You must be registered and logged in to see this link.]
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - [You must be registered and logged in to see this link.]
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - [You must be registered and logged in to see this link.]
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - [You must be registered and logged in to see this link.]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Update Service (gupdate1c9c7ff2879756a) (gupdate1c9c7ff2879756a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxcccoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 18826 bytes

tamrha999
Novice
Novice

Status :
Online
Offline

Posts : 29
Joined : 2009-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by Origin on Sat May 23, 2009 5:41 pm

Hello did you do the above instructions having to do with fixing the HijackThis lines? I am asking because they are still showing in HijackThis.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by tamrha999 on Sat May 23, 2009 5:46 pm

I just deleted the files listed

In the list of files to delete, the only one I couldnt find was the last one... 023

tamrha999
Novice
Novice

Status :
Online
Offline

Posts : 29
Joined : 2009-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by tamrha999 on Sat May 23, 2009 6:13 pm

Restarting computer now...
Some things were put to a folder to delete upon reboot... ?

Malwarebytes' Anti-Malware 1.36
Database version: 2171
Windows 5.1.2600 Service Pack 2

5/23/2009 2:12:57 PM
mbam-log-2009-05-23 (14-12-57).txt

Scan type: Quick Scan
Objects scanned: 130593
Time elapsed: 15 minute(s), 53 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 22
Registry Values Infected: 5
Registry Data Items Infected: 2
Folders Infected: 9
Files Infected: 23

Memory Processes Infected:
C:\WINDOWS\sysguard.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\iehelper.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bad4551d-9b24-42cb-9bcd-818ca2da7b63} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bad4551d-9b24-42cb-9bcd-818ca2da7b63} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bad4551d-9b24-42cb-9bcd-818ca2da7b63} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system tool (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\T\Application Data\FunWebProducts (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\T\Application Data\FunWebProducts\Data (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\T\Application Data\FunWebProducts\Data\T (Adware.MyWay) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec (Stolen.Data) -> Delete on reboot.

Files Infected:
C:\WINDOWS\system32\iehelper.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\02EDD527.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\04DD6886.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn-new.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MySignatureInsertBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MySignaturePreviewBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn-new.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\T\Application Data\FunWebProducts\Data\T\avatar.dat (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\T\Application Data\FunWebProducts\Data\T\register.dat (Adware.MyWay) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.Data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.Data) -> Delete on reboot.
C:\WINDOWS\sysguard.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sdra64.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\RECYCLER\ADAPT_Installer.exe (Heuristics.Malware) -> Quarantined and deleted successfully.

tamrha999
Novice
Novice

Status :
Online
Offline

Posts : 29
Joined : 2009-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by Origin on Sat May 23, 2009 6:34 pm


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by tamrha999 on Sat May 23, 2009 6:43 pm

what does this do? It says its a screen saver .. ?

tamrha999
Novice
Novice

Status :
Online
Offline

Posts : 29
Joined : 2009-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by Origin on Sat May 23, 2009 6:56 pm

Its not a screen saver, just do as the above instructions say and post the log Wink


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by tamrha999 on Sat May 23, 2009 7:53 pm

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 7/11/2006 2:44:18 PM
System Uptime: 5/23/2009 2:19:24 PM (1 hours ago)

Motherboard: ASUSTeK Computer Inc. | | P5P800
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | Socket 775 | 3207/200mhz
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | Socket 775 | 3207/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 186 GiB total, 82.614 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP429: 2/22/2009 10:44:54 PM - System Checkpoint
RP430: 2/23/2009 12:20:09 PM - Software Distribution Service 3.0
RP431: 2/24/2009 2:43:46 PM - System Checkpoint
RP432: 2/25/2009 3:03:47 PM - System Checkpoint
RP433: 2/26/2009 2:00:23 AM - Software Distribution Service 3.0
RP434: 2/26/2009 8:19:10 AM - Shockwave Player
RP435: 2/26/2009 6:55:02 PM - Software Distribution Service 3.0
RP436: 2/27/2009 8:08:49 PM - System Checkpoint
RP437: 2/28/2009 9:57:52 PM - System Checkpoint
RP438: 3/1/2009 10:31:31 PM - System Checkpoint
RP439: 3/2/2009 11:07:22 PM - System Checkpoint
RP440: 3/4/2009 8:04:54 AM - System Checkpoint
RP441: 3/5/2009 8:57:11 AM - System Checkpoint
RP442: 3/6/2009 9:48:59 AM - System Checkpoint
RP443: 3/7/2009 10:05:51 AM - System Checkpoint
RP444: 3/8/2009 10:14:42 AM - System Checkpoint
RP445: 3/9/2009 7:19:51 PM - System Checkpoint
RP446: 3/10/2009 7:37:08 PM - System Checkpoint
RP447: 3/11/2009 9:17:47 PM - System Checkpoint
RP448: 3/12/2009 1:00:22 AM - Software Distribution Service 3.0
RP449: 3/11/2009 2:31:00 AM - System Checkpoint
RP450: 3/12/2009 3:36:07 AM - System Checkpoint
RP451: 3/13/2009 3:49:21 AM - System Checkpoint
RP452: 3/14/2009 5:13:32 AM - System Checkpoint
RP453: 3/15/2009 7:42:27 AM - Software Distribution Service 3.0
RP454: 3/16/2009 9:53:49 AM - System Checkpoint
RP455: 3/17/2009 10:13:40 AM - System Checkpoint
RP456: 3/18/2009 11:01:36 AM - System Checkpoint
RP457: 3/18/2009 8:53:53 AM - System Checkpoint
RP458: 3/19/2009 12:02:00 PM - System Checkpoint
RP459: 3/20/2009 12:31:31 PM - System Checkpoint
RP460: 3/21/2009 1:05:42 PM - System Checkpoint
RP461: 3/22/2009 3:19:28 PM - System Checkpoint
RP462: 3/23/2009 5:38:16 PM - System Checkpoint
RP463: 3/24/2009 6:39:59 PM - System Checkpoint
RP464: 3/25/2009 6:56:17 PM - System Checkpoint
RP465: 3/26/2009 9:46:23 PM - System Checkpoint
RP466: 3/27/2009 10:53:11 PM - System Checkpoint
RP467: 3/29/2009 10:04:51 AM - System Checkpoint
RP468: 3/30/2009 11:03:11 AM - System Checkpoint
RP469: 3/31/2009 12:40:47 PM - System Checkpoint
RP470: 4/1/2009 1:02:21 PM - System Checkpoint
RP471: 4/2/2009 1:27:35 PM - System Checkpoint
RP472: 4/3/2009 1:37:54 PM - System Checkpoint
RP473: 4/4/2009 1:57:10 PM - System Checkpoint
RP474: 4/5/2009 3:31:00 PM - System Checkpoint
RP475: 4/6/2009 4:11:49 PM - System Checkpoint
RP476: 4/7/2009 5:11:35 PM - System Checkpoint
RP477: 4/8/2009 6:19:20 PM - System Checkpoint
RP478: 4/9/2009 6:39:38 PM - System Checkpoint
RP479: 4/10/2009 6:46:04 PM - System Checkpoint
RP480: 4/11/2009 6:33:08 PM - Installed Java(TM) 6 Update 13
RP481: 4/11/2009 6:38:09 PM - Installed Java Runtime Environment
RP482: 4/12/2009 7:56:13 PM - System Checkpoint
RP483: 4/13/2009 9:24:49 PM - System Checkpoint
RP484: 4/14/2009 9:38:44 PM - System Checkpoint
RP485: 4/15/2009 10:27:07 PM - System Checkpoint
RP486: 4/16/2009 11:06:23 PM - System Checkpoint
RP487: 4/17/2009 2:00:17 AM - Software Distribution Service 3.0
RP488: 4/18/2009 2:58:53 AM - System Checkpoint
RP489: 4/19/2009 3:30:46 AM - System Checkpoint
RP490: 4/20/2009 3:54:45 AM - System Checkpoint
RP491: 4/21/2009 9:27:33 AM - System Checkpoint
RP492: 4/22/2009 9:39:16 AM - System Checkpoint
RP493: 4/23/2009 5:31:29 PM - System Checkpoint
RP494: 4/24/2009 5:47:20 PM - System Checkpoint
RP495: 4/25/2009 6:16:31 PM - System Checkpoint
RP496: 4/26/2009 6:47:18 PM - System Checkpoint
RP497: 4/27/2009 7:11:28 PM - System Checkpoint
RP498: 4/28/2009 8:25:13 PM - System Checkpoint
RP499: 4/29/2009 9:21:08 PM - System Checkpoint
RP500: 5/1/2009 10:15:22 AM - System Checkpoint
RP501: 5/2/2009 10:50:54 AM - System Checkpoint
RP502: 5/3/2009 1:55:09 PM - System Checkpoint
RP503: 5/4/2009 6:28:59 PM - System Checkpoint
RP504: 5/5/2009 7:01:07 PM - System Checkpoint
RP505: 5/6/2009 7:56:28 PM - System Checkpoint
RP506: 5/7/2009 8:43:03 PM - System Checkpoint
RP507: 5/8/2009 9:17:44 PM - System Checkpoint
RP508: 5/9/2009 10:17:30 PM - System Checkpoint
RP509: 5/10/2009 11:08:15 PM - System Checkpoint
RP510: 5/12/2009 9:12:30 AM - System Checkpoint
RP511: 5/13/2009 9:17:26 AM - System Checkpoint
RP512: 5/14/2009 6:58:58 AM - Software Distribution Service 3.0
RP513: 5/15/2009 9:39:12 AM - System Checkpoint
RP514: 5/16/2009 9:59:21 AM - System Checkpoint
RP515: 5/17/2009 11:17:54 AM - System Checkpoint
RP516: 5/18/2009 3:43:08 PM - System Checkpoint
RP517: 5/19/2009 5:01:35 PM - System Checkpoint
RP518: 5/20/2009 5:17:22 PM - System Checkpoint
RP519: 5/21/2009 7:39:28 PM - System Checkpoint
RP520: 5/22/2009 8:29:30 PM - System Checkpoint
RP521: 5/23/2009 10:00:56 AM - Removed Adobe Reader 7.0.9
RP522: 5/23/2009 10:01:29 AM - Installed Adobe Reader 9.1.

==== Installed Programs ======================

µTorrent
3DVIA Player 4.1
Acrobat.com
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Illustrator 9.0.1
Adobe Photoshop 7.0
Adobe Reader 9.1
Adobe Shockwave Player 11
Age of Empires III
AIM 6
AIMTunes
ALOT Toolbar
AnswerWorks 4.0 Runtime - English
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Deskbar
AOL Pictures Tools (version 10.6.0.6)
AOL Registration
AOL Toolbar 5.0
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Mobile Device Support
Apple Software Update
AudibleManager
Bonjour
CCScore
CrazyTalk for Skype
Creative MediaSource 5
Creative MuVo V100
Creative Software AutoUpdate
Creative System Information
Creative WebCam Center
Creative WebCam Instant Driver (1.01.02.0729)
Creative WebCam Instant User's Guide (English)
Critical Update for Windows Media Player 11 (KB959772)
DVD Decrypter (Remove Only)
DVD Flick
Dynex 5-in-1 card reader
eSnips
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Expedia Fare Alert
Express Burn
Eye-Fi Manager 1.0
Get Yahoo! Messenger
Google Chrome
Google Earth
Google Update Helper
Google Updater
Hallmark Smilebox
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hoyle Casino '98
ImageMixer VCD/DVD2 for OLYMPUS
IMVU Avatar Chat Software
iTunes
J2SE Runtime Environment 5.0 Update 11
Java(TM) 6 Update 13
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
kgcbase
Kodak EasyShare software
Laugh, Smile & Learn™
Lexmark 3300 Series
Lexmark Fax Solutions
Malwarebytes' Anti-Malware
Marvell Miniport Driver
McAfee SecurityCenter
McAfee SiteAdvisor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Easy Assist
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Professional
Microsoft Silverlight

tamrha999
Novice
Novice

Status :
Online
Offline

Posts : 29
Joined : 2009-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by tamrha999 on Sat May 23, 2009 7:53 pm

Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Mozilla Firefox (3.0.10)
Mozilla Thunderbird (2.0.0.21)
MSN Toolbar
Nero Suite
netbrdg
Norton PC Checkup
Norton Security Scan
Norton Security Scan (Symantec Corporation)
NVIDIA Drivers
OfotoXMI
Olympus Digital Wave Player
OLYMPUS Master
PaperPort 8.0 SE
Player Recovery Drivers
Protected Music Converter 1.0.0.9
QuickTime
RealPlayer
Registry Mechanic 5.2
RTC Client API v1.2
Safari
SecondLife (remove only)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
SFR
SHASTA
Sierra Utilities
SimCity 3000
skin0001
SKINXSDK
Skype™ 4.0
SmartDraw 2007
Sound Blaster Live!
SoundMAX
SpeedFan (remove only)
staticcr
Texas Hold 'Em
The Weather Channel Desktop 6
tooltips
TurboTax Deluxe 2007
TurboTax ItsDeductible 2006
Tweak UI
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Verizon Yahoo! Applications
VPRINTOL
Web CEO 6.5
WebFldrs XP
WexTech AnswerWorks
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Movie Maker 2.0
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
WIRELESS
Yahoo! Browser Services
Yahoo! Photos Easy Upload Tool
Yahoo! Photos Print-at-Home Tool
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

5/23/2009 6:14:14 AM, error: DCOM [10001] - Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} as /. The error: "%233" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding
5/23/2009 1:21:42 PM, error: TermService [1036] - Terminal Server session creation failed. The relevant status code was 0xC0000037.
5/23/2009 1:18:42 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
5/22/2009 6:02:13 PM, error: Service Control Manager [7000] - The Symantec Eraser Control driver service failed to start due to the following error: The system cannot find message text for message number 0x%1 in the message file for %2.
5/18/2009 11:15:56 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

==== End Of File ===========================

tamrha999
Novice
Novice

Status :
Online
Offline

Posts : 29
Joined : 2009-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by Origin on Sat May 23, 2009 8:02 pm

Hello I need to see the DDS.txt log, if you did not save it to your desktop please run another scan and post back the results from that log Wink


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by tamrha999 on Sat May 23, 2009 8:03 pm

I posted the wrong one... hold on...

tamrha999
Novice
Novice

Status :
Online
Offline

Posts : 29
Joined : 2009-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by tamrha999 on Sat May 23, 2009 8:04 pm

DDS (Ver_09-05-14.01) - NTFSx86
Run by T at 15:51:37.70 on Sat 05/23/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.190 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1152653800\ee\AOLSoftware.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\WINDOWS\System32\lxcccoms.exe
C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Multimedia Card Reader\readericon10.exe
C:\Program Files\eSnips\ClientGW.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Eye-Fi\Eye-Fi Manager.exe
C:\Documents and Settings\T\Application Data\Smilebox\SmileboxTray.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Common Files\AOL\1152653800\EE\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Expedia\Expedia Fare Alert\ExpediaFareAlert.exe
C:\Program Files\Common Files\AOL\1152653800\EE\AOLDesktop.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Documents and Settings\T\Desktop\dds.pif

tamrha999
Novice
Novice

Status :
Online
Offline

Posts : 29
Joined : 2009-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by tamrha999 on Sat May 23, 2009 8:05 pm

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultUrl = [You must be registered and logged in to see this link.]
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\4979\SiteAdv.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0311.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\4979\SiteAdv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0311.0\msneshellx.dll
TB: eSnips: {ed1184da-e57e-4480-99d0-a16809037f54} - c:\program files\esnips\SnipBar.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [NBJ] "c:\program files\ahead\nero backitup\nbj.exe"
uRun: [OM_Monitor] c:\program files\olympus\olympus master\Monitor.exe -NoStart
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]
uRun: [Eye-Fi] "c:\program files\eye-fi\Eye-Fi Manager.exe"
uRun: [SmileboxTray] "c:\documents and settings\t\application data\smilebox\SmileboxTray.exe"
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\smax4.exe" /tray
mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [Jet Detection] "c:\program files\creative\sblive\program\ADGJDet.exe"
mRun: [HostManager] c:\program files\common files\aol\1152653800\ee\AOLSoftware.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [lxccmon.exe] "c:\program files\lexmark 3300 series\lxccmon.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [RegistryMechanic]
mRun: [SiteAdvisor] c:\program files\siteadvisor\4608\SiteAdv.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [NapsterShell] c:\program files\napster\napster.exe /systray
mRun: [OM_Monitor] c:\program files\olympus\olympus master\FirstStart.exe
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [NoteBurner] c:\program files\noteburner\VTBurnerGUI.exe /silence
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: []
mRun: [readericon10] c:\program files\multimedia card reader\readericon10.exe
mRun: [ClientGW]
mRun: [eSnips] "c:\program files\esnips\ClientGW.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\t\startm~1\programs\startup\aoldes~1.lnk - c:\program files\common files\aol\launch\aollaunch.exe
StartupFolder: c:\docume~1\t\startm~1\programs\startup\expedi~1.lnk - c:\program files\expedia\expedia fare alert\ExpediaFareAlert.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\smartui.lnk - c:\program files\scansoft\paperport\smartui\SmartUI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\speedfan.lnk - c:\program files\speedfan\speedfan.exe
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: Snip to my eSnips account - c:\program files\esnips\res\SnipIt.htm
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\t\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
Trusted Zone: aol.com\free
Trusted Zone: turbotax.com

tamrha999
Novice
Novice

Status :
Online
Offline

Posts : 29
Joined : 2009-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by tamrha999 on Sat May 23, 2009 8:05 pm

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - [You must be registered and logged in to see this link.]
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - [You must be registered and logged in to see this link.]
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - [You must be registered and logged in to see this link.]
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - [You must be registered and logged in to see this link.]
DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} - [You must be registered and logged in to see this link.]
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - [You must be registered and logged in to see this link.]
DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} - [You must be registered and logged in to see this link.]
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - [You must be registered and logged in to see this link.]
DPF: {46C66BBD-E667-4DAD-9683-58050E7C9FDC} - [You must be registered and logged in to see this link.]
DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} - [You must be registered and logged in to see this link.]
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - [You must be registered and logged in to see this link.]
DPF: {E7D2588A-7FB5-47DC-8830-832605661009} - [You must be registered and logged in to see this link.]
DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - [You must be registered and logged in to see this link.]
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - [You must be registered and logged in to see this link.]
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\4979\SiteAdv.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\t\applic~1\mozilla\firefox\profiles\rk7m9jlc.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\t\application data\mozilla\firefox\profiles\rk7m9jlc.default\extensions\{62760fd6-b943-48c9-ab09-f99c6fe96088}\platform\winnt\components\EbayAccessService.dll
FF - component: c:\documents and settings\t\application data\mozilla\firefox\profiles\rk7m9jlc.default\extensions\{62760fd6-b943-48c9-ab09-f99c6fe96088}\platform\winnt\components\EbayFormSubmitObserver.dll
FF - component: c:\documents and settings\t\application data\mozilla\firefox\profiles\rk7m9jlc.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
FF - component: c:\documents and settings\t\application data\mozilla\firefox\profiles\rk7m9jlc.default\extensions\kodak-companion@mozilla.com\platform\winnt_x86-msvc\components\mozFotofox.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\t\application data\mozilla\firefox\profiles\rk7m9jlc.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-05-23 15:51 --d-h--- c:\windows\PIF
2009-05-23 13:53 --d----- c:\docume~1\t\applic~1\Malwarebytes
2009-05-23 13:53 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-23 13:53 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-23 13:53 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-23 13:53 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-28 08:49 --d----- c:\program files\common files\xing shared

==================== Find3M ====================

2009-04-28 08:48 499,712 a------- c:\windows\system32\msvcp71.dll
2009-04-28 08:48 348,160 a------- c:\windows\system32\msvcr71.dll
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 10:44 283,648 a------- c:\windows\system32\pdh.dll
2009-03-05 23:59 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2007-02-08 19:44 1,201,644 ac------ c:\program files\wrar37b3.exe
2004-07-26 04:16 598,086 -c------ c:\program files\DVD Shrink 3.2.exe

============= FINISH: 15:54:09.75 ===============

tamrha999
Novice
Novice

Status :
Online
Offline

Posts : 29
Joined : 2009-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by Origin on Sat May 23, 2009 8:06 pm

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by tamrha999 on Sat May 23, 2009 8:12 pm

ok, I think i screwed this up...

can't open these pages. I thought that I was supposed to open the links and THEN do the tools, 'always ask part'...
why wont the links open now?

tamrha999
Novice
Novice

Status :
Online
Offline

Posts : 29
Joined : 2009-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by Origin on Sat May 23, 2009 8:14 pm

Try to see if you can download ComboFix again, if not I will supply you with a different link.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by tamrha999 on Sat May 23, 2009 8:16 pm

i think i need a different link...

tamrha999
Novice
Novice

Status :
Online
Offline

Posts : 29
Joined : 2009-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by Origin on Sat May 23, 2009 8:29 pm

try this one:

[You must be registered and logged in to see this link.]


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by tamrha999 on Sat May 23, 2009 8:41 pm

This is what Im getting...

File Not Found
Firefox can't find the file at [You must be registered and logged in to see this link.]

* Could the item have been renamed, removed, or relocated?
* Is there a spelling, capitalization, or other typographical error in the address?
* Do you have sufficient access permissions to the requested item?

tamrha999
Novice
Novice

Status :
Online
Offline

Posts : 29
Joined : 2009-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by Origin on Sat May 23, 2009 8:48 pm

Download it from here:

[You must be registered and logged in to see this link.]


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by tamrha999 on Sat May 23, 2009 9:58 pm

I cant figure out how to disable McAffe... its holding up the process

tamrha999
Novice
Novice

Status :
Online
Offline

Posts : 29
Joined : 2009-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by Origin on Sat May 23, 2009 10:10 pm

You can check how to disable Mcafee here:

[You must be registered and logged in to see this link.]


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by andreeuhhxb0b0 on Sat May 23, 2009 11:37 pm

i have the same problem
here is my log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:17:44 PM, on 5/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGserv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\sysguard.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\bigfix.exe
C:\WINDOWS\system32\dllhost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

andreeuhhxb0b0
Novice
Novice

Status :
Online
Offline

Posts : 18
Joined : 2009-05-23
OS : XP

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by andreeuhhxb0b0 on Sat May 23, 2009 11:37 pm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 94.232.248.66 browser-security.microsoft.com
O1 - Hosts: 94.232.248.66 antivirprotection.com
O1 - Hosts: 94.232.248.66 [You must be registered and logged in to see this link.]
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {2ff29606-7e60-4799-b13f-4d091722f3fb} - C:\WINDOWS\system32\zozuwowi.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: AntiSpyware Pro Site Blocker Button - {66B643BE-5E94-4569-B93E-CE2636848AC8} - C:\Program Files\AntiSpyware Pro\ASProSB.dll (file missing)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: BHO - {BBD4551D-9B24-42cb-9BCD-818CA2DA7B63} - C:\WINDOWS\system32\iehelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [fokagihehu] Rundll32.exe "C:\WINDOWS\system32\zapegaje.dll",s
O4 - HKLM\..\Run: [CPM5b86b67d] Rundll32.exe "c:\windows\system32\lipupara.dll",a
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [58b585e1] rundll32.exe "C:\WINDOWS\system32\segukuro.dll",b
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [GetModule32] C:\Program Files\GetModule\GetModule32.exe
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Owner.AnthonyB\Application Data\gadcom\gadcom.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKCU\..\Run: [GetModule33] C:\Program Files\GetModule\GetModule33.exe
O4 - HKCU\..\Run: [system tool] C:\WINDOWS\sysguard.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [fokagihehu] Rundll32.exe "C:\WINDOWS\system32\zapegaje.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [fokagihehu] Rundll32.exe "C:\WINDOWS\system32\zapegaje.dll",s (User 'NETWORK SERVICE')
O4 - S-1-5-18 Startup: .security (User 'SYSTEM')
O4 - .DEFAULT Startup: .security (User 'Default user')
O4 - Startup: .security
O4 - Global Startup: .security
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL c:\windows\system32\bopidake.dll C:\WINDOWS\system32\gozadese.dll c:\windows\system32\lipupara.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lipupara.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lipupara.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: LXCGCustomerConnect - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\LXCGserv.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 16664 bytes

andreeuhhxb0b0
Novice
Novice

Status :
Online
Offline

Posts : 18
Joined : 2009-05-23
OS : XP

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by Origin on Sat May 23, 2009 11:44 pm

Hello andreeuhhxb0b0, please refrain from posting in other users thread and start your own here with a HijackThislog:

[You must be registered and logged in to see this link.]


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by tamrha999 on Sun May 24, 2009 1:22 pm

Andrea,
Please dont post your problem in my thread. You need to start your own thread. Read the Opening post in the form. Thanks.

tamrha999
Novice
Novice

Status :
Online
Offline

Posts : 29
Joined : 2009-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by tamrha999 on Sun May 24, 2009 1:22 pm

ComboFix 09-05-23.04 - T 05/24/2009 9:11.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.387 [GMT -4:00]
Running from: c:\documents and settings\T\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\msimg32.dll
c:\windows\jestertb.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-24 to 2009-05-24 )))))))))))))))))))))))))))))))
.

2009-05-23 19:51 . 2009-05-23 19:51 -------- d--h--w c:\windows\PIF
2009-05-23 17:53 . 2009-05-23 17:53 -------- d-----w c:\documents and settings\T\Application Data\Malwarebytes
2009-05-23 17:53 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-23 17:53 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-23 17:53 . 2009-05-23 17:53 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-23 17:53 . 2009-05-23 17:53 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-23 14:03 . 2009-05-23 14:03 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-05-19 18:26 . 2009-05-19 18:27 -------- d-----w c:\documents and settings\T\Application Data\Thunderbird
2009-05-19 18:26 . 2009-05-19 19:20 -------- d-----w c:\documents and settings\T\Local Settings\Application Data\Thunderbird
2009-05-19 18:25 . 2009-05-19 19:25 -------- d-----w c:\program files\Mozilla Thunderbird
2009-04-28 12:49 . 2009-04-28 12:49 -------- d-----w c:\documents and settings\T\Local Settings\Application Data\Real
2009-04-28 12:49 . 2009-04-28 12:49 -------- d-----w c:\program files\Common Files\xing shared
2009-04-28 12:45 . 2009-04-28 12:45 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-24 12:37 . 2006-07-23 23:00 -------- d-----w c:\program files\SpeedFan
2009-05-24 04:44 . 2009-02-07 04:04 288 ----a-w c:\windows\system32\DVCStateBkp-{00000002-00000000-0000000A-00001102-00000002-100A1102}.dat
2009-05-24 04:44 . 2009-02-07 04:04 288 ----a-w c:\windows\system32\DVCState-{00000002-00000000-0000000A-00001102-00000002-100A1102}.dat
2009-05-23 20:49 . 2006-07-11 22:19 -------- d-----w c:\program files\Lx_cats
2009-05-23 19:32 . 2008-09-21 15:55 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-05-23 18:09 . 2007-06-13 14:13 -------- d-----w c:\documents and settings\T\Application Data\IMVU
2009-05-23 14:02 . 2006-07-11 20:51 -------- d-----w c:\program files\Common Files\Adobe
2009-05-23 12:02 . 2009-02-18 19:56 -------- d-----w c:\documents and settings\T\Application Data\skypePM
2009-05-22 22:02 . 2007-11-09 20:00 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-22 22:00 . 2007-11-03 18:54 -------- d-----w c:\program files\Norton Security Scan
2009-05-20 10:14 . 2007-03-19 20:17 -------- d-----w c:\documents and settings\T\Application Data\Skype
2009-04-28 12:48 . 2006-07-11 21:37 -------- d-----w c:\program files\Common Files\Real
2009-04-28 12:48 . 2003-08-13 01:17 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-28 12:48 . 2003-08-13 01:17 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-28 12:45 . 2007-03-10 00:47 -------- d-----w c:\program files\Google
2009-04-23 22:51 . 2008-05-24 01:14 -------- d-----w c:\documents and settings\T\Application Data\Eye-Fi
2009-04-22 23:16 . 2009-04-22 23:16 390664 ----a-w c:\documents and settings\T\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-04-22 01:01 . 2009-03-22 11:46 -------- d-----w c:\documents and settings\T\Application Data\MSN6
2009-04-21 02:37 . 2007-09-12 19:49 -------- d-----w c:\program files\McAfee
2009-04-20 00:57 . 2009-04-20 00:57 57344 ----a-w c:\documents and settings\T\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-66d8b82d-n\Decora-SSE.dll
2009-04-20 00:57 . 2009-04-20 00:57 24064 ----a-w c:\documents and settings\T\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-7cbbc2df-n\Decora-D3D.dll
2009-04-20 00:57 . 2009-04-20 00:57 315392 ----a-w c:\documents and settings\T\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5ea9b937-n\jogl.dll
2009-04-20 00:57 . 2009-04-20 00:57 20480 ----a-w c:\documents and settings\T\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5ea9b937-n\jogl_awt.dll
2009-04-20 00:57 . 2009-04-20 00:57 114688 ----a-w c:\documents and settings\T\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5ea9b937-n\jogl_cg.dll
2009-04-20 00:57 . 2009-04-20 00:57 20480 ----a-w c:\documents and settings\T\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-26d0f7d5-n\gluegen-rt.dll
2009-04-20 00:57 . 2009-04-20 00:57 499712 ----a-w c:\documents and settings\T\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-1358d05c-n\msvcp71.dll
2009-04-20 00:57 . 2009-04-20 00:57 499712 ----a-w c:\documents and settings\T\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-1358d05c-n\jmc.dll
2009-04-20 00:57 . 2009-04-20 00:57 348160 ----a-w c:\documents and settings\T\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-1358d05c-n\msvcr71.dll
2009-04-18 20:48 . 2009-04-18 12:35 -------- d-----w c:\documents and settings\Scott\Application Data\U3
2009-04-12 16:37 . 2009-04-12 16:37 -------- d-----w c:\documents and settings\T\Application Data\Reallusion
2009-04-12 02:58 . 2006-07-11 22:42 -------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-04-11 22:38 . 2009-04-11 22:38 57344 ----a-w c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-5a944574-n\Decora-SSE.dll
2009-04-11 22:38 . 2009-04-11 22:38 24064 ----a-w c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-35b80a6c-n\Decora-D3D.dll
2009-04-11 22:38 . 2009-04-11 22:38 20480 ----a-w c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5d20f17f-n\jogl_awt.dll
2009-04-11 22:38 . 2009-04-11 22:38 114688 ----a-w c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5d20f17f-n\jogl_cg.dll
2009-04-11 22:38 . 2009-04-11 22:38 315392 ----a-w c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5d20f17f-n\jogl.dll
2009-04-11 22:38 . 2009-04-11 22:38 20480 ----a-w c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-3cab25f5-n\gluegen-rt.dll
2009-04-11 22:38 . 2009-04-11 22:38 348160 ----a-w c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-307a7c56-n\msvcr71.dll
2009-04-11 22:38 . 2009-04-11 22:38 499712 ----a-w c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-307a7c56-n\msvcp71.dll
2009-04-11 22:38 . 2009-04-11 22:38 499712 ----a-w c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-307a7c56-n\jmc.dll
2009-04-11 22:36 . 2006-07-15 03:21 -------- d-----w c:\program files\Java
2009-04-11 22:26 . 2009-04-11 22:26 152576 ----a-w c:\documents and settings\Scott\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-08 22:26 . 2009-04-02 22:19 -------- d-----w c:\program files\alot
2009-04-05 02:26 . 2009-04-05 02:26 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-04 09:52 . 2007-01-13 19:18 -------- d-----w c:\program files\SecondLife
2009-04-02 22:19 . 2009-04-02 22:19 -------- d-----w c:\documents and settings\T\Application Data\alot
2009-03-26 21:59 . 2009-04-04 21:03 98304 ----a-w c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\rk7m9jlc.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
2009-03-26 21:59 . 2009-04-04 21:03 77824 ----a-w c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\rk7m9jlc.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
2009-03-26 02:11 . 2009-04-04 21:03 65536 ----a-w c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\rk7m9jlc.default\extensions\kodak-companion@mozilla.com\platform\WINNT_x86-msvc\components\mozFotofox.dll
2009-03-16 10:42 . 2009-03-16 10:42 75048 ----a-w c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.0.52\SetupAdmin.exe
2009-03-09 09:19 . 2009-01-22 00:17 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:44 . 2003-03-31 12:00 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-06 03:59 . 2009-03-16 10:48 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-06 03:59 . 2008-10-09 13:49 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-03 00:18 . 2006-06-23 15:33 826368 ----a-w c:\windows\system32\wininet.dll
2007-02-08 23:44 . 2007-02-08 23:44 1201644 -c--a-w c:\program files\wrar37b3.exe
2004-07-26 08:16 . 2006-07-11 22:43 598086 -c----w c:\program files\DVD Shrink 3.2.exe

tamrha999
Novice
Novice

Status :
Online
Offline

Posts : 29
Joined : 2009-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by tamrha999 on Sun May 24, 2009 1:23 pm

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-11 4670968]
"NBJ"="c:\program files\Ahead\Nero BackItUp\nbj.exe" [2004-08-25 1871872]
"OM_Monitor"="c:\program files\Olympus\OLYMPUS Master\Monitor.exe" [2006-05-16 57344]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"Eye-Fi"="c:\program files\Eye-Fi\Eye-Fi Manager.exe" [2009-04-23 4167360]
"SmileboxTray"="c:\documents and settings\T\Application Data\Smilebox\SmileboxTray.exe" [2009-01-29 254600]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-02-11 801904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1368064]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 57344]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"HostManager"="c:\program files\Common Files\AOL\1152653800\ee\AOLSoftware.exe" [2008-06-24 41824]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"lxccmon.exe"="c:\program files\Lexmark 3300 Series\lxccmon.exe" [2005-02-21 192512]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-01-20 299008]
"SiteAdvisor"="c:\program files\SiteAdvisor\4608\SiteAdv.exe" [2006-07-31 35416]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-08-12 7630848]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-08-12 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 40960]
"PaperPort PTD"="c:\program files\Scansoft\PaperPort\pptd40nt.exe" [2002-08-12 45108]
"IndexSearch"="c:\program files\Scansoft\PaperPort\IndexSearch.exe" [2002-08-12 36864]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"readericon10"="c:\program files\Multimedia Card Reader\readericon10.exe" [2007-05-03 131072]
"eSnips"="c:\program files\eSnips\ClientGW.exe" [2007-12-10 872448]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-28 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-01-10 69632]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2003-08-28 24576]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-12 1519616]

c:\documents and settings\T\Start Menu\Programs\Startup\
AOL Desktop.lnk - c:\program files\Common Files\AOL\Launch\aollaunch.exe [2008-6-24 41824]
Expedia Fare Alert.lnk - c:\program files\Expedia\Expedia Fare Alert\ExpediaFareAlert.exe [2007-2-12 696320]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-2-12 110592]
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2007-10-6 118784]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-7-7 282624]
SmartUI.lnk - c:\program files\Scansoft\PaperPort\SmartUI\SmartUI.exe [2002-8-12 1568768]
SpeedFan.lnk - c:\program files\SpeedFan\speedfan.exe [2006-2-8 2510336]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\Yserver.exe"= c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1152653800\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\1152653800\\EE\\AOLDesktop.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Eye-Fi\\Eye-Fi Manager.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Reallusion\\CrazyTalk for Skype\\CT4Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

tamrha999
Novice
Novice

Status :
Online
Offline

Posts : 29
Joined : 2009-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by tamrha999 on Sun May 24, 2009 1:23 pm

S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys --> c:\windows\system32\DRIVERS\ntcdrdrv.sys [?]
S2 gupdate1c9c7ff2879756a;Google Update Service (gupdate1c9c7ff2879756a);c:\program files\Google\Update\GoogleUpdate.exe [4/28/2009 8:44 AM 133104]
.
Contents of the 'Scheduled Tasks' folder

2009-05-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-05-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-21 15:03]

2009-05-24 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-28 12:44]

2009-03-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-11-21 17:32]

2009-02-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-11-21 17:32]

2009-05-22 c:\windows\Tasks\Norton Security Scan for T.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 23:04]

2009-05-24 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2007-11-03 14:53]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKLM-Run-NapsterShell - c:\program files\Napster\napster.exe
HKLM-Run-NoteBurner - c:\program files\NoteBurner\VTBurnerGUI.exe
HKLM-Run-RegistryMechanic - (no file)
HKLM-Run-ClientGW - (no file)
Notify-WgaLogon - (no file)
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultUrl = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
IE: Snip to my eSnips account - c:\program files\eSnips\res\SnipIt.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\T\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: aol.com\free
Trusted Zone: turbotax.com
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - [You must be registered and logged in to see this link.]
DPF: {46C66BBD-E667-4DAD-9683-58050E7C9FDC} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\rk7m9jlc.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\rk7m9jlc.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
FF - component: c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\rk7m9jlc.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
FF - component: c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\rk7m9jlc.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
FF - component: c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\rk7m9jlc.default\extensions\kodak-companion@mozilla.com\platform\WINNT_x86-msvc\components\mozFotofox.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\rk7m9jlc.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-05-24 09:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-05-24 9:16
ComboFix-quarantined-files.txt 2009-05-24 13:16

Pre-Run: 88,384,901,120 bytes free
Post-Run: 90,731,196,416 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

268 --- E O F --- 2009-05-14 11:07

tamrha999
Novice
Novice

Status :
Online
Offline

Posts : 29
Joined : 2009-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by Origin on Sun May 24, 2009 4:36 pm

I see that you are running µTorrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If µTorrent is not removed, then I won't help you.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

  • µTorrent




Now open a new notepad file.
Input this into the notepad file:

File::
c:\program files\Lx_cats
c:\windows\system32\d3d9caps.dat
c:\program files\wrar37b3.exe


Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by tamrha999 on Sun May 24, 2009 5:03 pm

I dont even know what utorrent is nor do I use it. I don't know why its here on this computer. Give m,e a bit to take care of it.

tamrha999
Novice
Novice

Status :
Online
Offline

Posts : 29
Joined : 2009-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by tamrha999 on Sun May 24, 2009 5:11 pm

Question... why am I not seeing Combo-fix on my desktop? I saved it there...
Im also not seeing it in my program files...

tamrha999
Novice
Novice

Status :
Online
Offline

Posts : 29
Joined : 2009-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by Origin on Sun May 24, 2009 5:15 pm

That is strange, also ComboFix does not save in your program files, please download it again from here but this time you don't have to rename it just save it to your desktop:

[You must be registered and logged in to see this link.]


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by tamrha999 on Sun May 24, 2009 5:42 pm

Ok cap'n... here it is.

ComboFix 09-05-23.04 - T 05/24/2009 13:25.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.296 [GMT -4:00]
Running from: c:\documents and settings\T\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\T\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
c:\program files\Lx_cats
c:\program files\wrar37b3.exe
c:\windows\system32\d3d9caps.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\wrar37b3.exe
c:\windows\system32\d3d9caps.dat

.
((((((((((((((((((((((((( Files Created from 2009-04-24 to 2009-05-24 )))))))))))))))))))))))))))))))
.

2009-05-24 13:01 . 2009-05-24 13:16 -------- d-s---w C:\Combo-Fix
2009-05-23 19:51 . 2009-05-23 19:51 -------- d--h--w c:\windows\PIF
2009-05-23 17:53 . 2009-05-23 17:53 -------- d-----w c:\documents and settings\T\Application Data\Malwarebytes
2009-05-23 17:53 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-23 17:53 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-23 17:53 . 2009-05-23 17:53 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-23 17:53 . 2009-05-23 17:53 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-23 14:03 . 2009-05-23 14:03 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-05-19 18:26 . 2009-05-19 18:27 -------- d-----w c:\documents and settings\T\Application Data\Thunderbird
2009-05-19 18:26 . 2009-05-19 19:20 -------- d-----w c:\documents and settings\T\Local Settings\Application Data\Thunderbird
2009-05-19 18:25 . 2009-05-19 19:25 -------- d-----w c:\program files\Mozilla Thunderbird
2009-04-28 12:49 . 2009-04-28 12:49 -------- d-----w c:\documents and settings\T\Local Settings\Application Data\Real
2009-04-28 12:49 . 2009-04-28 12:49 -------- d-----w c:\program files\Common Files\xing shared
2009-04-28 12:45 . 2009-04-28 12:45 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-24 14:45 . 2006-07-11 22:19 -------- d-----w c:\program files\Lx_cats
2009-05-24 12:37 . 2006-07-23 23:00 -------- d-----w c:\program files\SpeedFan
2009-05-24 04:44 . 2009-02-07 04:04 288 ----a-w c:\windows\system32\DVCStateBkp-{00000002-00000000-0000000A-00001102-00000002-100A1102}.dat
2009-05-24 04:44 . 2009-02-07 04:04 288 ----a-w c:\windows\system32\DVCState-{00000002-00000000-0000000A-00001102-00000002-100A1102}.dat
2009-05-23 19:32 . 2008-09-21 15:55 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-05-23 18:09 . 2007-06-13 14:13 -------- d-----w c:\documents and settings\T\Application Data\IMVU
2009-05-23 14:02 . 2006-07-11 20:51 -------- d-----w c:\program files\Common Files\Adobe
2009-05-23 12:02 . 2009-02-18 19:56 -------- d-----w c:\documents and settings\T\Application Data\skypePM
2009-05-22 22:02 . 2007-11-09 20:00 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-22 22:00 . 2007-11-03 18:54 -------- d-----w c:\program files\Norton Security Scan
2009-05-20 10:14 . 2007-03-19 20:17 -------- d-----w c:\documents and settings\T\Application Data\Skype
2009-04-28 12:48 . 2006-07-11 21:37 -------- d-----w c:\program files\Common Files\Real
2009-04-28 12:48 . 2003-08-13 01:17 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-28 12:48 . 2003-08-13 01:17 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-28 12:45 . 2007-03-10 00:47 -------- d-----w c:\program files\Google
2009-04-23 22:51 . 2008-05-24 01:14 -------- d-----w c:\documents and settings\T\Application Data\Eye-Fi
2009-04-22 23:16 . 2009-04-22 23:16 390664 ----a-w c:\documents and settings\T\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-04-22 01:01 . 2009-03-22 11:46 -------- d-----w c:\documents and settings\T\Application Data\MSN6
2009-04-21 02:37 . 2007-09-12 19:49 -------- d-----w c:\program files\McAfee
2009-04-20 00:57 . 2009-04-20 00:57 57344 ----a-w c:\documents and settings\T\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-66d8b82d-n\Decora-SSE.dll
2009-04-20 00:57 . 2009-04-20 00:57 24064 ----a-w c:\documents and settings\T\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-7cbbc2df-n\Decora-D3D.dll
2009-04-20 00:57 . 2009-04-20 00:57 315392 ----a-w c:\documents and settings\T\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5ea9b937-n\jogl.dll
2009-04-20 00:57 . 2009-04-20 00:57 20480 ----a-w c:\documents and settings\T\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5ea9b937-n\jogl_awt.dll
2009-04-20 00:57 . 2009-04-20 00:57 114688 ----a-w c:\documents and settings\T\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5ea9b937-n\jogl_cg.dll
2009-04-20 00:57 . 2009-04-20 00:57 20480 ----a-w c:\documents and settings\T\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-26d0f7d5-n\gluegen-rt.dll
2009-04-20 00:57 . 2009-04-20 00:57 499712 ----a-w c:\documents and settings\T\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-1358d05c-n\msvcp71.dll
2009-04-20 00:57 . 2009-04-20 00:57 499712 ----a-w c:\documents and settings\T\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-1358d05c-n\jmc.dll
2009-04-20 00:57 . 2009-04-20 00:57 348160 ----a-w c:\documents and settings\T\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-1358d05c-n\msvcr71.dll
2009-04-18 20:48 . 2009-04-18 12:35 -------- d-----w c:\documents and settings\Scott\Application Data\U3
2009-04-12 16:37 . 2009-04-12 16:37 -------- d-----w c:\documents and settings\T\Application Data\Reallusion
2009-04-12 02:58 . 2006-07-11 22:42 -------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-04-11 22:38 . 2009-04-11 22:38 57344 ----a-w c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-5a944574-n\Decora-SSE.dll
2009-04-11 22:38 . 2009-04-11 22:38 24064 ----a-w c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-35b80a6c-n\Decora-D3D.dll
2009-04-11 22:38 . 2009-04-11 22:38 20480 ----a-w c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5d20f17f-n\jogl_awt.dll
2009-04-11 22:38 . 2009-04-11 22:38 114688 ----a-w c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5d20f17f-n\jogl_cg.dll
2009-04-11 22:38 . 2009-04-11 22:38 315392 ----a-w c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5d20f17f-n\jogl.dll
2009-04-11 22:38 . 2009-04-11 22:38 20480 ----a-w c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-3cab25f5-n\gluegen-rt.dll
2009-04-11 22:38 . 2009-04-11 22:38 348160 ----a-w c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-307a7c56-n\msvcr71.dll
2009-04-11 22:38 . 2009-04-11 22:38 499712 ----a-w c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-307a7c56-n\msvcp71.dll
2009-04-11 22:38 . 2009-04-11 22:38 499712 ----a-w c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-307a7c56-n\jmc.dll
2009-04-11 22:36 . 2006-07-15 03:21 -------- d-----w c:\program files\Java
2009-04-11 22:26 . 2009-04-11 22:26 152576 ----a-w c:\documents and settings\Scott\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-08 22:26 . 2009-04-02 22:19 -------- d-----w c:\program files\alot
2009-04-04 09:52 . 2007-01-13 19:18 -------- d-----w c:\program files\SecondLife
2009-04-02 22:19 . 2009-04-02 22:19 -------- d-----w c:\documents and settings\T\Application Data\alot
2009-03-26 21:59 . 2009-04-04 21:03 98304 ----a-w c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\rk7m9jlc.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
2009-03-26 21:59 . 2009-04-04 21:03 77824 ----a-w c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\rk7m9jlc.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
2009-03-26 02:11 . 2009-04-04 21:03 65536 ----a-w c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\rk7m9jlc.default\extensions\kodak-companion@mozilla.com\platform\WINNT_x86-msvc\components\mozFotofox.dll
2009-03-16 10:42 . 2009-03-16 10:42 75048 ----a-w c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.0.52\SetupAdmin.exe
2009-03-09 09:19 . 2009-01-22 00:17 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:44 . 2003-03-31 12:00 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-06 03:59 . 2009-03-16 10:48 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-06 03:59 . 2008-10-09 13:49 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-03 00:18 . 2006-06-23 15:33 826368 ----a-w c:\windows\system32\wininet.dll
2004-07-26 08:16 . 2006-07-11 22:43 598086 -c----w c:\program files\DVD Shrink 3.2.exe

tamrha999
Novice
Novice

Status :
Online
Offline

Posts : 29
Joined : 2009-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by tamrha999 on Sun May 24, 2009 5:43 pm

(((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-07-11 18:44 . 2009-05-24 17:22 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-07-11 18:44 . 2009-05-24 11:54 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-07-11 18:44 . 2009-05-24 17:22 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-07-11 18:44 . 2009-05-24 11:54 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-07-11 18:44 . 2009-05-24 17:22 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-07-11 18:44 . 2009-05-24 11:54 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-11 4670968]
"NBJ"="c:\program files\Ahead\Nero BackItUp\nbj.exe" [2004-08-25 1871872]
"OM_Monitor"="c:\program files\Olympus\OLYMPUS Master\Monitor.exe" [2006-05-16 57344]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"Eye-Fi"="c:\program files\Eye-Fi\Eye-Fi Manager.exe" [2009-04-23 4167360]
"SmileboxTray"="c:\documents and settings\T\Application Data\Smilebox\SmileboxTray.exe" [2009-01-29 254600]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-02-11 801904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1368064]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 57344]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"HostManager"="c:\program files\Common Files\AOL\1152653800\ee\AOLSoftware.exe" [2008-06-24 41824]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"lxccmon.exe"="c:\program files\Lexmark 3300 Series\lxccmon.exe" [2005-02-21 192512]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-01-20 299008]
"SiteAdvisor"="c:\program files\SiteAdvisor\4608\SiteAdv.exe" [2006-07-31 35416]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-08-12 7630848]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-08-12 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 40960]
"PaperPort PTD"="c:\program files\Scansoft\PaperPort\pptd40nt.exe" [2002-08-12 45108]
"IndexSearch"="c:\program files\Scansoft\PaperPort\IndexSearch.exe" [2002-08-12 36864]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"readericon10"="c:\program files\Multimedia Card Reader\readericon10.exe" [2007-05-03 131072]
"eSnips"="c:\program files\eSnips\ClientGW.exe" [2007-12-10 872448]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-28 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-01-10 69632]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2003-08-28 24576]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-12 1519616]

c:\documents and settings\T\Start Menu\Programs\Startup\
AOL Desktop.lnk - c:\program files\Common Files\AOL\Launch\aollaunch.exe [2008-6-24 41824]
Expedia Fare Alert.lnk - c:\program files\Expedia\Expedia Fare Alert\ExpediaFareAlert.exe [2007-2-12 696320]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-2-12 110592]
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2007-10-6 118784]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-7-7 282624]
SmartUI.lnk - c:\program files\Scansoft\PaperPort\SmartUI\SmartUI.exe [2002-8-12 1568768]
SpeedFan.lnk - c:\program files\SpeedFan\speedfan.exe [2006-2-8 2510336]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

tamrha999
Novice
Novice

Status :
Online
Offline

Posts : 29
Joined : 2009-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by tamrha999 on Sun May 24, 2009 5:43 pm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\Yserver.exe"= c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1152653800\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\1152653800\\EE\\AOLDesktop.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Eye-Fi\\Eye-Fi Manager.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Program Files\\Reallusion\\CrazyTalk for Skype\\CT4Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys --> c:\windows\system32\DRIVERS\ntcdrdrv.sys [?]
S2 gupdate1c9c7ff2879756a;Google Update Service (gupdate1c9c7ff2879756a);c:\program files\Google\Update\GoogleUpdate.exe [4/28/2009 8:44 AM 133104]
.
Contents of the 'Scheduled Tasks' folder

2009-05-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-05-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-21 15:03]

2009-05-24 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-28 12:44]

2009-03-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-11-21 17:32]

2009-02-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-11-21 17:32]

2009-05-22 c:\windows\Tasks\Norton Security Scan for T.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 23:04]

2009-05-24 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2007-11-03 14:53]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultUrl = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
IE: Snip to my eSnips account - c:\program files\eSnips\res\SnipIt.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\T\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: aol.com\free
Trusted Zone: turbotax.com
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - [You must be registered and logged in to see this link.]
DPF: {46C66BBD-E667-4DAD-9683-58050E7C9FDC} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\rk7m9jlc.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-05-24 13:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-05-24 13:32
ComboFix-quarantined-files.txt 2009-05-24 17:32
ComboFix2.txt 2009-05-24 13:16

Pre-Run: 90,752,790,528 bytes free
Post-Run: 90,726,207,488 bytes free

259 --- E O F --- 2009-05-14 11:07

tamrha999
Novice
Novice

Status :
Online
Offline

Posts : 29
Joined : 2009-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by Origin on Sun May 24, 2009 6:00 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by tamrha999 on Sun May 24, 2009 7:57 pm

Ok...

System seems to be running great. Smile The Spyware stopped popping up constantly at the start of these repairs.
Thank you so much!I will definitely be donating to the site for all your great help!

tamrha999
Novice
Novice

Status :
Online
Offline

Posts : 29
Joined : 2009-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by Origin on Sun May 24, 2009 8:59 pm

Glad we could help Wink



We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by tamrha999 on Sun May 24, 2009 10:05 pm

on the microsoft updates page, should I be updating to the service pac 3?

tamrha999
Novice
Novice

Status :
Online
Offline

Posts : 29
Joined : 2009-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by Origin on Sun May 24, 2009 10:15 pm

By all means go for it, Service pack 3 has more safety features and installing it would be great Wink


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by tamrha999 on Sun May 24, 2009 11:21 pm

Ok, did it.
Smile

tamrha999
Novice
Novice

Status :
Online
Offline

Posts : 29
Joined : 2009-05-23
OS : Windows XP

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum