BankerFox.A and Win32/Nuquel.E virues?

View previous topic View next topic Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by Origin on Sat May 23, 2009 8:48 pm

Download it from here:

[You must be registered and logged in to see this link.]


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31463
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by tamrha999 on Sat May 23, 2009 9:58 pm

I cant figure out how to disable McAffe... its holding up the process

tamrha999
Novice
Novice

Posts Posts : 29
Joined Joined : 2009-05-23
OS OS : Windows XP
Points Points : 27551
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by Origin on Sat May 23, 2009 10:10 pm

You can check how to disable Mcafee here:

[You must be registered and logged in to see this link.]


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31463
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by andreeuhhxb0b0 on Sat May 23, 2009 11:37 pm

i have the same problem
here is my log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:17:44 PM, on 5/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGserv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\sysguard.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\bigfix.exe
C:\WINDOWS\system32\dllhost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

andreeuhhxb0b0
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-05-23
OS OS : XP
Points Points : 27542
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by andreeuhhxb0b0 on Sat May 23, 2009 11:37 pm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 94.232.248.66 browser-security.microsoft.com
O1 - Hosts: 94.232.248.66 antivirprotection.com
O1 - Hosts: 94.232.248.66 [You must be registered and logged in to see this link.]
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {2ff29606-7e60-4799-b13f-4d091722f3fb} - C:\WINDOWS\system32\zozuwowi.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: AntiSpyware Pro Site Blocker Button - {66B643BE-5E94-4569-B93E-CE2636848AC8} - C:\Program Files\AntiSpyware Pro\ASProSB.dll (file missing)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: BHO - {BBD4551D-9B24-42cb-9BCD-818CA2DA7B63} - C:\WINDOWS\system32\iehelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [fokagihehu] Rundll32.exe "C:\WINDOWS\system32\zapegaje.dll",s
O4 - HKLM\..\Run: [CPM5b86b67d] Rundll32.exe "c:\windows\system32\lipupara.dll",a
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [58b585e1] rundll32.exe "C:\WINDOWS\system32\segukuro.dll",b
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [GetModule32] C:\Program Files\GetModule\GetModule32.exe
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Owner.AnthonyB\Application Data\gadcom\gadcom.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKCU\..\Run: [GetModule33] C:\Program Files\GetModule\GetModule33.exe
O4 - HKCU\..\Run: [system tool] C:\WINDOWS\sysguard.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [fokagihehu] Rundll32.exe "C:\WINDOWS\system32\zapegaje.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [fokagihehu] Rundll32.exe "C:\WINDOWS\system32\zapegaje.dll",s (User 'NETWORK SERVICE')
O4 - S-1-5-18 Startup: .security (User 'SYSTEM')
O4 - .DEFAULT Startup: .security (User 'Default user')
O4 - Startup: .security
O4 - Global Startup: .security
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL c:\windows\system32\bopidake.dll C:\WINDOWS\system32\gozadese.dll c:\windows\system32\lipupara.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lipupara.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lipupara.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: LXCGCustomerConnect - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\LXCGserv.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 16664 bytes

andreeuhhxb0b0
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-05-23
OS OS : XP
Points Points : 27542
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by Origin on Sat May 23, 2009 11:44 pm

Hello andreeuhhxb0b0, please refrain from posting in other users thread and start your own here with a HijackThislog:

[You must be registered and logged in to see this link.]


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31463
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by tamrha999 on Sun May 24, 2009 1:22 pm

Andrea,
Please dont post your problem in my thread. You need to start your own thread. Read the Opening post in the form. Thanks.

tamrha999
Novice
Novice

Posts Posts : 29
Joined Joined : 2009-05-23
OS OS : Windows XP
Points Points : 27551
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by tamrha999 on Sun May 24, 2009 1:22 pm

ComboFix 09-05-23.04 - T 05/24/2009 9:11.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.387 [GMT -4:00]
Running from: c:\documents and settings\T\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\msimg32.dll
c:\windows\jestertb.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-24 to 2009-05-24 )))))))))))))))))))))))))))))))
.

2009-05-23 19:51 . 2009-05-23 19:51 -------- d--h--w c:\windows\PIF
2009-05-23 17:53 . 2009-05-23 17:53 -------- d-----w c:\documents and settings\T\Application Data\Malwarebytes
2009-05-23 17:53 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-23 17:53 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-23 17:53 . 2009-05-23 17:53 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-23 17:53 . 2009-05-23 17:53 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-23 14:03 . 2009-05-23 14:03 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-05-19 18:26 . 2009-05-19 18:27 -------- d-----w c:\documents and settings\T\Application Data\Thunderbird
2009-05-19 18:26 . 2009-05-19 19:20 -------- d-----w c:\documents and settings\T\Local Settings\Application Data\Thunderbird
2009-05-19 18:25 . 2009-05-19 19:25 -------- d-----w c:\program files\Mozilla Thunderbird
2009-04-28 12:49 . 2009-04-28 12:49 -------- d-----w c:\documents and settings\T\Local Settings\Application Data\Real
2009-04-28 12:49 . 2009-04-28 12:49 -------- d-----w c:\program files\Common Files\xing shared
2009-04-28 12:45 . 2009-04-28 12:45 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-24 12:37 . 2006-07-23 23:00 -------- d-----w c:\program files\SpeedFan
2009-05-24 04:44 . 2009-02-07 04:04 288 ----a-w c:\windows\system32\DVCStateBkp-{00000002-00000000-0000000A-00001102-00000002-100A1102}.dat
2009-05-24 04:44 . 2009-02-07 04:04 288 ----a-w c:\windows\system32\DVCState-{00000002-00000000-0000000A-00001102-00000002-100A1102}.dat
2009-05-23 20:49 . 2006-07-11 22:19 -------- d-----w c:\program files\Lx_cats
2009-05-23 19:32 . 2008-09-21 15:55 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-05-23 18:09 . 2007-06-13 14:13 -------- d-----w c:\documents and settings\T\Application Data\IMVU
2009-05-23 14:02 . 2006-07-11 20:51 -------- d-----w c:\program files\Common Files\Adobe
2009-05-23 12:02 . 2009-02-18 19:56 -------- d-----w c:\documents and settings\T\Application Data\skypePM
2009-05-22 22:02 . 2007-11-09 20:00 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-22 22:00 . 2007-11-03 18:54 -------- d-----w c:\program files\Norton Security Scan
2009-05-20 10:14 . 2007-03-19 20:17 -------- d-----w c:\documents and settings\T\Application Data\Skype
2009-04-28 12:48 . 2006-07-11 21:37 -------- d-----w c:\program files\Common Files\Real
2009-04-28 12:48 . 2003-08-13 01:17 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-28 12:48 . 2003-08-13 01:17 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-28 12:45 . 2007-03-10 00:47 -------- d-----w c:\program files\Google
2009-04-23 22:51 . 2008-05-24 01:14 -------- d-----w c:\documents and settings\T\Application Data\Eye-Fi
2009-04-22 23:16 . 2009-04-22 23:16 390664 ----a-w c:\documents and settings\T\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-04-22 01:01 . 2009-03-22 11:46 -------- d-----w c:\documents and settings\T\Application Data\MSN6
2009-04-21 02:37 . 2007-09-12 19:49 -------- d-----w c:\program files\McAfee
2009-04-20 00:57 . 2009-04-20 00:57 57344 ----a-w c:\documents and settings\T\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-66d8b82d-n\Decora-SSE.dll
2009-04-20 00:57 . 2009-04-20 00:57 24064 ----a-w c:\documents and settings\T\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-7cbbc2df-n\Decora-D3D.dll
2009-04-20 00:57 . 2009-04-20 00:57 315392 ----a-w c:\documents and settings\T\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5ea9b937-n\jogl.dll
2009-04-20 00:57 . 2009-04-20 00:57 20480 ----a-w c:\documents and settings\T\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5ea9b937-n\jogl_awt.dll
2009-04-20 00:57 . 2009-04-20 00:57 114688 ----a-w c:\documents and settings\T\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5ea9b937-n\jogl_cg.dll
2009-04-20 00:57 . 2009-04-20 00:57 20480 ----a-w c:\documents and settings\T\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-26d0f7d5-n\gluegen-rt.dll
2009-04-20 00:57 . 2009-04-20 00:57 499712 ----a-w c:\documents and settings\T\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-1358d05c-n\msvcp71.dll
2009-04-20 00:57 . 2009-04-20 00:57 499712 ----a-w c:\documents and settings\T\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-1358d05c-n\jmc.dll
2009-04-20 00:57 . 2009-04-20 00:57 348160 ----a-w c:\documents and settings\T\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-1358d05c-n\msvcr71.dll
2009-04-18 20:48 . 2009-04-18 12:35 -------- d-----w c:\documents and settings\Scott\Application Data\U3
2009-04-12 16:37 . 2009-04-12 16:37 -------- d-----w c:\documents and settings\T\Application Data\Reallusion
2009-04-12 02:58 . 2006-07-11 22:42 -------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-04-11 22:38 . 2009-04-11 22:38 57344 ----a-w c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-5a944574-n\Decora-SSE.dll
2009-04-11 22:38 . 2009-04-11 22:38 24064 ----a-w c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-35b80a6c-n\Decora-D3D.dll
2009-04-11 22:38 . 2009-04-11 22:38 20480 ----a-w c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5d20f17f-n\jogl_awt.dll
2009-04-11 22:38 . 2009-04-11 22:38 114688 ----a-w c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5d20f17f-n\jogl_cg.dll
2009-04-11 22:38 . 2009-04-11 22:38 315392 ----a-w c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5d20f17f-n\jogl.dll
2009-04-11 22:38 . 2009-04-11 22:38 20480 ----a-w c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-3cab25f5-n\gluegen-rt.dll
2009-04-11 22:38 . 2009-04-11 22:38 348160 ----a-w c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-307a7c56-n\msvcr71.dll
2009-04-11 22:38 . 2009-04-11 22:38 499712 ----a-w c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-307a7c56-n\msvcp71.dll
2009-04-11 22:38 . 2009-04-11 22:38 499712 ----a-w c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-307a7c56-n\jmc.dll
2009-04-11 22:36 . 2006-07-15 03:21 -------- d-----w c:\program files\Java
2009-04-11 22:26 . 2009-04-11 22:26 152576 ----a-w c:\documents and settings\Scott\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-08 22:26 . 2009-04-02 22:19 -------- d-----w c:\program files\alot
2009-04-05 02:26 . 2009-04-05 02:26 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-04 09:52 . 2007-01-13 19:18 -------- d-----w c:\program files\SecondLife
2009-04-02 22:19 . 2009-04-02 22:19 -------- d-----w c:\documents and settings\T\Application Data\alot
2009-03-26 21:59 . 2009-04-04 21:03 98304 ----a-w c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\rk7m9jlc.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
2009-03-26 21:59 . 2009-04-04 21:03 77824 ----a-w c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\rk7m9jlc.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
2009-03-26 02:11 . 2009-04-04 21:03 65536 ----a-w c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\rk7m9jlc.default\extensions\kodak-companion@mozilla.com\platform\WINNT_x86-msvc\components\mozFotofox.dll
2009-03-16 10:42 . 2009-03-16 10:42 75048 ----a-w c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.0.52\SetupAdmin.exe
2009-03-09 09:19 . 2009-01-22 00:17 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:44 . 2003-03-31 12:00 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-06 03:59 . 2009-03-16 10:48 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-06 03:59 . 2008-10-09 13:49 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-03 00:18 . 2006-06-23 15:33 826368 ----a-w c:\windows\system32\wininet.dll
2007-02-08 23:44 . 2007-02-08 23:44 1201644 -c--a-w c:\program files\wrar37b3.exe
2004-07-26 08:16 . 2006-07-11 22:43 598086 -c----w c:\program files\DVD Shrink 3.2.exe

tamrha999
Novice
Novice

Posts Posts : 29
Joined Joined : 2009-05-23
OS OS : Windows XP
Points Points : 27551
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by tamrha999 on Sun May 24, 2009 1:23 pm

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-11 4670968]
"NBJ"="c:\program files\Ahead\Nero BackItUp\nbj.exe" [2004-08-25 1871872]
"OM_Monitor"="c:\program files\Olympus\OLYMPUS Master\Monitor.exe" [2006-05-16 57344]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"Eye-Fi"="c:\program files\Eye-Fi\Eye-Fi Manager.exe" [2009-04-23 4167360]
"SmileboxTray"="c:\documents and settings\T\Application Data\Smilebox\SmileboxTray.exe" [2009-01-29 254600]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-02-11 801904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1368064]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 57344]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"HostManager"="c:\program files\Common Files\AOL\1152653800\ee\AOLSoftware.exe" [2008-06-24 41824]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"lxccmon.exe"="c:\program files\Lexmark 3300 Series\lxccmon.exe" [2005-02-21 192512]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-01-20 299008]
"SiteAdvisor"="c:\program files\SiteAdvisor\4608\SiteAdv.exe" [2006-07-31 35416]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-08-12 7630848]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-08-12 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 40960]
"PaperPort PTD"="c:\program files\Scansoft\PaperPort\pptd40nt.exe" [2002-08-12 45108]
"IndexSearch"="c:\program files\Scansoft\PaperPort\IndexSearch.exe" [2002-08-12 36864]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"readericon10"="c:\program files\Multimedia Card Reader\readericon10.exe" [2007-05-03 131072]
"eSnips"="c:\program files\eSnips\ClientGW.exe" [2007-12-10 872448]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-28 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-01-10 69632]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2003-08-28 24576]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-12 1519616]

c:\documents and settings\T\Start Menu\Programs\Startup\
AOL Desktop.lnk - c:\program files\Common Files\AOL\Launch\aollaunch.exe [2008-6-24 41824]
Expedia Fare Alert.lnk - c:\program files\Expedia\Expedia Fare Alert\ExpediaFareAlert.exe [2007-2-12 696320]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-2-12 110592]
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2007-10-6 118784]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-7-7 282624]
SmartUI.lnk - c:\program files\Scansoft\PaperPort\SmartUI\SmartUI.exe [2002-8-12 1568768]
SpeedFan.lnk - c:\program files\SpeedFan\speedfan.exe [2006-2-8 2510336]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\Yserver.exe"= c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1152653800\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\1152653800\\EE\\AOLDesktop.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Eye-Fi\\Eye-Fi Manager.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Reallusion\\CrazyTalk for Skype\\CT4Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

tamrha999
Novice
Novice

Posts Posts : 29
Joined Joined : 2009-05-23
OS OS : Windows XP
Points Points : 27551
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by tamrha999 on Sun May 24, 2009 1:23 pm

S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys --> c:\windows\system32\DRIVERS\ntcdrdrv.sys [?]
S2 gupdate1c9c7ff2879756a;Google Update Service (gupdate1c9c7ff2879756a);c:\program files\Google\Update\GoogleUpdate.exe [4/28/2009 8:44 AM 133104]
.
Contents of the 'Scheduled Tasks' folder

2009-05-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-05-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-21 15:03]

2009-05-24 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-28 12:44]

2009-03-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-11-21 17:32]

2009-02-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-11-21 17:32]

2009-05-22 c:\windows\Tasks\Norton Security Scan for T.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 23:04]

2009-05-24 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2007-11-03 14:53]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKLM-Run-NapsterShell - c:\program files\Napster\napster.exe
HKLM-Run-NoteBurner - c:\program files\NoteBurner\VTBurnerGUI.exe
HKLM-Run-RegistryMechanic - (no file)
HKLM-Run-ClientGW - (no file)
Notify-WgaLogon - (no file)
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultUrl = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
IE: Snip to my eSnips account - c:\program files\eSnips\res\SnipIt.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\T\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: aol.com\free
Trusted Zone: turbotax.com
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - [You must be registered and logged in to see this link.]
DPF: {46C66BBD-E667-4DAD-9683-58050E7C9FDC} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\rk7m9jlc.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\rk7m9jlc.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
FF - component: c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\rk7m9jlc.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
FF - component: c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\rk7m9jlc.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
FF - component: c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\rk7m9jlc.default\extensions\kodak-companion@mozilla.com\platform\WINNT_x86-msvc\components\mozFotofox.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\rk7m9jlc.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-05-24 09:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-05-24 9:16
ComboFix-quarantined-files.txt 2009-05-24 13:16

Pre-Run: 88,384,901,120 bytes free
Post-Run: 90,731,196,416 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

268 --- E O F --- 2009-05-14 11:07

tamrha999
Novice
Novice

Posts Posts : 29
Joined Joined : 2009-05-23
OS OS : Windows XP
Points Points : 27551
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by Origin on Sun May 24, 2009 4:36 pm

I see that you are running µTorrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If µTorrent is not removed, then I won't help you.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

  • µTorrent




Now open a new notepad file.
Input this into the notepad file:

File::
c:\program files\Lx_cats
c:\windows\system32\d3d9caps.dat
c:\program files\wrar37b3.exe


Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31463
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by tamrha999 on Sun May 24, 2009 5:03 pm

I dont even know what utorrent is nor do I use it. I don't know why its here on this computer. Give m,e a bit to take care of it.

tamrha999
Novice
Novice

Posts Posts : 29
Joined Joined : 2009-05-23
OS OS : Windows XP
Points Points : 27551
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by tamrha999 on Sun May 24, 2009 5:11 pm

Question... why am I not seeing Combo-fix on my desktop? I saved it there...
Im also not seeing it in my program files...

tamrha999
Novice
Novice

Posts Posts : 29
Joined Joined : 2009-05-23
OS OS : Windows XP
Points Points : 27551
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by Origin on Sun May 24, 2009 5:15 pm

That is strange, also ComboFix does not save in your program files, please download it again from here but this time you don't have to rename it just save it to your desktop:

[You must be registered and logged in to see this link.]


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31463
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by tamrha999 on Sun May 24, 2009 5:42 pm

Ok cap'n... here it is.

ComboFix 09-05-23.04 - T 05/24/2009 13:25.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.296 [GMT -4:00]
Running from: c:\documents and settings\T\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\T\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
c:\program files\Lx_cats
c:\program files\wrar37b3.exe
c:\windows\system32\d3d9caps.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\wrar37b3.exe
c:\windows\system32\d3d9caps.dat

.
((((((((((((((((((((((((( Files Created from 2009-04-24 to 2009-05-24 )))))))))))))))))))))))))))))))
.

2009-05-24 13:01 . 2009-05-24 13:16 -------- d-s---w C:\Combo-Fix
2009-05-23 19:51 . 2009-05-23 19:51 -------- d--h--w c:\windows\PIF
2009-05-23 17:53 . 2009-05-23 17:53 -------- d-----w c:\documents and settings\T\Application Data\Malwarebytes
2009-05-23 17:53 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-23 17:53 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-23 17:53 . 2009-05-23 17:53 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-23 17:53 . 2009-05-23 17:53 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-23 14:03 . 2009-05-23 14:03 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-05-19 18:26 . 2009-05-19 18:27 -------- d-----w c:\documents and settings\T\Application Data\Thunderbird
2009-05-19 18:26 . 2009-05-19 19:20 -------- d-----w c:\documents and settings\T\Local Settings\Application Data\Thunderbird
2009-05-19 18:25 . 2009-05-19 19:25 -------- d-----w c:\program files\Mozilla Thunderbird
2009-04-28 12:49 . 2009-04-28 12:49 -------- d-----w c:\documents and settings\T\Local Settings\Application Data\Real
2009-04-28 12:49 . 2009-04-28 12:49 -------- d-----w c:\program files\Common Files\xing shared
2009-04-28 12:45 . 2009-04-28 12:45 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-24 14:45 . 2006-07-11 22:19 -------- d-----w c:\program files\Lx_cats
2009-05-24 12:37 . 2006-07-23 23:00 -------- d-----w c:\program files\SpeedFan
2009-05-24 04:44 . 2009-02-07 04:04 288 ----a-w c:\windows\system32\DVCStateBkp-{00000002-00000000-0000000A-00001102-00000002-100A1102}.dat
2009-05-24 04:44 . 2009-02-07 04:04 288 ----a-w c:\windows\system32\DVCState-{00000002-00000000-0000000A-00001102-00000002-100A1102}.dat
2009-05-23 19:32 . 2008-09-21 15:55 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-05-23 18:09 . 2007-06-13 14:13 -------- d-----w c:\documents and settings\T\Application Data\IMVU
2009-05-23 14:02 . 2006-07-11 20:51 -------- d-----w c:\program files\Common Files\Adobe
2009-05-23 12:02 . 2009-02-18 19:56 -------- d-----w c:\documents and settings\T\Application Data\skypePM
2009-05-22 22:02 . 2007-11-09 20:00 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-22 22:00 . 2007-11-03 18:54 -------- d-----w c:\program files\Norton Security Scan
2009-05-20 10:14 . 2007-03-19 20:17 -------- d-----w c:\documents and settings\T\Application Data\Skype
2009-04-28 12:48 . 2006-07-11 21:37 -------- d-----w c:\program files\Common Files\Real
2009-04-28 12:48 . 2003-08-13 01:17 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-28 12:48 . 2003-08-13 01:17 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-28 12:45 . 2007-03-10 00:47 -------- d-----w c:\program files\Google
2009-04-23 22:51 . 2008-05-24 01:14 -------- d-----w c:\documents and settings\T\Application Data\Eye-Fi
2009-04-22 23:16 . 2009-04-22 23:16 390664 ----a-w c:\documents and settings\T\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-04-22 01:01 . 2009-03-22 11:46 -------- d-----w c:\documents and settings\T\Application Data\MSN6
2009-04-21 02:37 . 2007-09-12 19:49 -------- d-----w c:\program files\McAfee
2009-04-20 00:57 . 2009-04-20 00:57 57344 ----a-w c:\documents and settings\T\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-66d8b82d-n\Decora-SSE.dll
2009-04-20 00:57 . 2009-04-20 00:57 24064 ----a-w c:\documents and settings\T\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-7cbbc2df-n\Decora-D3D.dll
2009-04-20 00:57 . 2009-04-20 00:57 315392 ----a-w c:\documents and settings\T\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5ea9b937-n\jogl.dll
2009-04-20 00:57 . 2009-04-20 00:57 20480 ----a-w c:\documents and settings\T\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5ea9b937-n\jogl_awt.dll
2009-04-20 00:57 . 2009-04-20 00:57 114688 ----a-w c:\documents and settings\T\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5ea9b937-n\jogl_cg.dll
2009-04-20 00:57 . 2009-04-20 00:57 20480 ----a-w c:\documents and settings\T\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-26d0f7d5-n\gluegen-rt.dll
2009-04-20 00:57 . 2009-04-20 00:57 499712 ----a-w c:\documents and settings\T\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-1358d05c-n\msvcp71.dll
2009-04-20 00:57 . 2009-04-20 00:57 499712 ----a-w c:\documents and settings\T\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-1358d05c-n\jmc.dll
2009-04-20 00:57 . 2009-04-20 00:57 348160 ----a-w c:\documents and settings\T\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-1358d05c-n\msvcr71.dll
2009-04-18 20:48 . 2009-04-18 12:35 -------- d-----w c:\documents and settings\Scott\Application Data\U3
2009-04-12 16:37 . 2009-04-12 16:37 -------- d-----w c:\documents and settings\T\Application Data\Reallusion
2009-04-12 02:58 . 2006-07-11 22:42 -------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-04-11 22:38 . 2009-04-11 22:38 57344 ----a-w c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-5a944574-n\Decora-SSE.dll
2009-04-11 22:38 . 2009-04-11 22:38 24064 ----a-w c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-35b80a6c-n\Decora-D3D.dll
2009-04-11 22:38 . 2009-04-11 22:38 20480 ----a-w c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5d20f17f-n\jogl_awt.dll
2009-04-11 22:38 . 2009-04-11 22:38 114688 ----a-w c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5d20f17f-n\jogl_cg.dll
2009-04-11 22:38 . 2009-04-11 22:38 315392 ----a-w c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5d20f17f-n\jogl.dll
2009-04-11 22:38 . 2009-04-11 22:38 20480 ----a-w c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-3cab25f5-n\gluegen-rt.dll
2009-04-11 22:38 . 2009-04-11 22:38 348160 ----a-w c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-307a7c56-n\msvcr71.dll
2009-04-11 22:38 . 2009-04-11 22:38 499712 ----a-w c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-307a7c56-n\msvcp71.dll
2009-04-11 22:38 . 2009-04-11 22:38 499712 ----a-w c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-307a7c56-n\jmc.dll
2009-04-11 22:36 . 2006-07-15 03:21 -------- d-----w c:\program files\Java
2009-04-11 22:26 . 2009-04-11 22:26 152576 ----a-w c:\documents and settings\Scott\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-08 22:26 . 2009-04-02 22:19 -------- d-----w c:\program files\alot
2009-04-04 09:52 . 2007-01-13 19:18 -------- d-----w c:\program files\SecondLife
2009-04-02 22:19 . 2009-04-02 22:19 -------- d-----w c:\documents and settings\T\Application Data\alot
2009-03-26 21:59 . 2009-04-04 21:03 98304 ----a-w c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\rk7m9jlc.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
2009-03-26 21:59 . 2009-04-04 21:03 77824 ----a-w c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\rk7m9jlc.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
2009-03-26 02:11 . 2009-04-04 21:03 65536 ----a-w c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\rk7m9jlc.default\extensions\kodak-companion@mozilla.com\platform\WINNT_x86-msvc\components\mozFotofox.dll
2009-03-16 10:42 . 2009-03-16 10:42 75048 ----a-w c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.0.52\SetupAdmin.exe
2009-03-09 09:19 . 2009-01-22 00:17 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:44 . 2003-03-31 12:00 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-06 03:59 . 2009-03-16 10:48 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-06 03:59 . 2008-10-09 13:49 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-03 00:18 . 2006-06-23 15:33 826368 ----a-w c:\windows\system32\wininet.dll
2004-07-26 08:16 . 2006-07-11 22:43 598086 -c----w c:\program files\DVD Shrink 3.2.exe

tamrha999
Novice
Novice

Posts Posts : 29
Joined Joined : 2009-05-23
OS OS : Windows XP
Points Points : 27551
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by tamrha999 on Sun May 24, 2009 5:43 pm

(((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-07-11 18:44 . 2009-05-24 17:22 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-07-11 18:44 . 2009-05-24 11:54 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-07-11 18:44 . 2009-05-24 17:22 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-07-11 18:44 . 2009-05-24 11:54 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-07-11 18:44 . 2009-05-24 17:22 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-07-11 18:44 . 2009-05-24 11:54 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-11 4670968]
"NBJ"="c:\program files\Ahead\Nero BackItUp\nbj.exe" [2004-08-25 1871872]
"OM_Monitor"="c:\program files\Olympus\OLYMPUS Master\Monitor.exe" [2006-05-16 57344]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"Eye-Fi"="c:\program files\Eye-Fi\Eye-Fi Manager.exe" [2009-04-23 4167360]
"SmileboxTray"="c:\documents and settings\T\Application Data\Smilebox\SmileboxTray.exe" [2009-01-29 254600]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-02-11 801904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1368064]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 57344]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"HostManager"="c:\program files\Common Files\AOL\1152653800\ee\AOLSoftware.exe" [2008-06-24 41824]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"lxccmon.exe"="c:\program files\Lexmark 3300 Series\lxccmon.exe" [2005-02-21 192512]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-01-20 299008]
"SiteAdvisor"="c:\program files\SiteAdvisor\4608\SiteAdv.exe" [2006-07-31 35416]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-08-12 7630848]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-08-12 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 40960]
"PaperPort PTD"="c:\program files\Scansoft\PaperPort\pptd40nt.exe" [2002-08-12 45108]
"IndexSearch"="c:\program files\Scansoft\PaperPort\IndexSearch.exe" [2002-08-12 36864]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"readericon10"="c:\program files\Multimedia Card Reader\readericon10.exe" [2007-05-03 131072]
"eSnips"="c:\program files\eSnips\ClientGW.exe" [2007-12-10 872448]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-28 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-01-10 69632]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2003-08-28 24576]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-12 1519616]

c:\documents and settings\T\Start Menu\Programs\Startup\
AOL Desktop.lnk - c:\program files\Common Files\AOL\Launch\aollaunch.exe [2008-6-24 41824]
Expedia Fare Alert.lnk - c:\program files\Expedia\Expedia Fare Alert\ExpediaFareAlert.exe [2007-2-12 696320]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-2-12 110592]
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2007-10-6 118784]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-7-7 282624]
SmartUI.lnk - c:\program files\Scansoft\PaperPort\SmartUI\SmartUI.exe [2002-8-12 1568768]
SpeedFan.lnk - c:\program files\SpeedFan\speedfan.exe [2006-2-8 2510336]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

tamrha999
Novice
Novice

Posts Posts : 29
Joined Joined : 2009-05-23
OS OS : Windows XP
Points Points : 27551
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by tamrha999 on Sun May 24, 2009 5:43 pm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\Yserver.exe"= c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1152653800\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\1152653800\\EE\\AOLDesktop.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Eye-Fi\\Eye-Fi Manager.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Program Files\\Reallusion\\CrazyTalk for Skype\\CT4Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys --> c:\windows\system32\DRIVERS\ntcdrdrv.sys [?]
S2 gupdate1c9c7ff2879756a;Google Update Service (gupdate1c9c7ff2879756a);c:\program files\Google\Update\GoogleUpdate.exe [4/28/2009 8:44 AM 133104]
.
Contents of the 'Scheduled Tasks' folder

2009-05-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-05-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-21 15:03]

2009-05-24 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-28 12:44]

2009-03-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-11-21 17:32]

2009-02-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-11-21 17:32]

2009-05-22 c:\windows\Tasks\Norton Security Scan for T.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 23:04]

2009-05-24 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2007-11-03 14:53]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultUrl = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
IE: Snip to my eSnips account - c:\program files\eSnips\res\SnipIt.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\T\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: aol.com\free
Trusted Zone: turbotax.com
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - [You must be registered and logged in to see this link.]
DPF: {46C66BBD-E667-4DAD-9683-58050E7C9FDC} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\rk7m9jlc.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-05-24 13:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-05-24 13:32
ComboFix-quarantined-files.txt 2009-05-24 17:32
ComboFix2.txt 2009-05-24 13:16

Pre-Run: 90,752,790,528 bytes free
Post-Run: 90,726,207,488 bytes free

259 --- E O F --- 2009-05-14 11:07

tamrha999
Novice
Novice

Posts Posts : 29
Joined Joined : 2009-05-23
OS OS : Windows XP
Points Points : 27551
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by Origin on Sun May 24, 2009 6:00 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31463
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by tamrha999 on Sun May 24, 2009 7:57 pm

Ok...

System seems to be running great. Smile The Spyware stopped popping up constantly at the start of these repairs.
Thank you so much!I will definitely be donating to the site for all your great help!

tamrha999
Novice
Novice

Posts Posts : 29
Joined Joined : 2009-05-23
OS OS : Windows XP
Points Points : 27551
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by Origin on Sun May 24, 2009 8:59 pm

Glad we could help Wink



We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31463
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by tamrha999 on Sun May 24, 2009 10:05 pm

on the microsoft updates page, should I be updating to the service pac 3?

tamrha999
Novice
Novice

Posts Posts : 29
Joined Joined : 2009-05-23
OS OS : Windows XP
Points Points : 27551
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by Origin on Sun May 24, 2009 10:15 pm

By all means go for it, Service pack 3 has more safety features and installing it would be great Wink


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31463
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E virues?

Post by tamrha999 on Sun May 24, 2009 11:21 pm

Ok, did it.
Smile

tamrha999
Novice
Novice

Posts Posts : 29
Joined Joined : 2009-05-23
OS OS : Windows XP
Points Points : 27551
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum