virus removal for win32/Nuquel.E and bankerfox.A

I need urgent help on virus removal for win32/Nuquel.E and bankerfox.A

DDS (Ver_09-02-01.01) - NTFSx86
Run by Default at 22:36:31.06 on Sat 03/07/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.364 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\PROGRA~1\RETROS~1\RETROS~1.1\RetroExpress.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\svcho.exe
C:\Program Files\Ares\Ares.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\sysguard.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\RETROS~1\RETROS~1.1\retrorun.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Default\Local Settings\Temporary Internet Files\Content.IE5\G9U5OH06\dds[1].scr

============== Pseudo HJT Report ===============

uLocal Page = \blank.htm
uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uWindow Title = Windows Internet Explorer provided by Comcast
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: BHO: {c9c42510-9b21-41c1-9dcd-8382a2d07c61} - c:\windows\system32\iehelper.dll
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
TB: {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No File
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Facegame] "c:\documents and settings\default\application data\facegame\Facegame.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
uRun: [system tool] c:\windows\sysguard.exe
mRun: [CTSVolFE.exe] "c:\program files\creative\mixer\CTSVolFE.exe" /r
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ShStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey
mRun: [Network Associates Error Reporting Service] "c:\program files\common files\network associates\talkback\TBMon.exe"
mRun: [Dell AIO Printer A920] "c:\program files\dell aio printer a920\dlbkbmgr.exe"
mRun: [RoxioEngineUtility] "c:\program files\common files\roxio shared\system\EngUtil.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\easy cd creator 6\dragtodisc\DrgToDsc.exe"
mRun: [RoxioAudioCentral] "c:\program files\roxio\easy cd creator 6\audiocentral\RxMon.exe"
mRun: [MaxtorOneTouch] c:\program files\maxtor\onetouch\utils\Onetouch.exe
mRun: [RetroExpress] c:\progra~1\retros~1\retros~1.1\RetroExpress.exe /h
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_03\bin\jusched.exe
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: []
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uExplorerRun: [svcho] c:\windows\svcho.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversFWBInitialSetup1.0.0.15-3.cab
DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} - hxxp://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
Notify: ssqRlklM - ssqRlklM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - No File
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\default\applic~1\mozilla\firefox\profiles\et1udlmd.default\
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPOJI610.dll

============= SERVICES / DRIVERS ===============

R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2006-8-17 58048]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2006-8-17 102463]
R2 McShield;Network Associates McShield;c:\program files\network associates\virusscan\Mcshield.exe [2004-9-22 221191]
R2 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\VsTskMgr.exe [2004-9-22 28672]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-13 24652]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2006-8-17 108256]
S1 hpypjpjn;hpypjpjn;\??\c:\windows\system32\drivers\hpypjpjn.sys --> c:\windows\system32\drivers\hpypjpjn.sys [?]
S3 NaiAvFilter101;NAI Anti Virus;\Device\NaiAvFilter101.sys --> \Device\NaiAvFilter101.sys [?]

=============== Created Last 30 ================

2009-03-07 17:19 16,896 a------- c:\windows\svcho.exe
2009-03-07 17:19 16,896 a------- c:\windows\syssvc.exe
2009-03-07 17:11 --d----- c:\program files\NoAdware
2009-03-07 16:59 9,728 a------- c:\windows\system32\iehelper.dll
2009-03-07 16:49 308,752 a------- c:\windows\sysguard.exe

==================== Find3M ====================

2009-02-03 08:07 30,955 a--sh--- c:\windows\system32\jSrAdcfe.ini2
2008-12-20 18:15 826,368 a------- c:\windows\system32\wininet.dll
2008-10-24 00:38 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102420081025\index.dat
2008-10-31 09:28 16,384 a--sh--- c:\windows\temp\cookies\index.dat
2008-10-31 09:28 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2008-10-31 09:28 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 22:38:27.40 ===============

Hello.

I see you have Viewpoint Manager, this is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". Read this article: http://www.clickz.com/news/article.php/3561546

Additional info: http://vil.nai.com/vil/content/v_137262.htm

I suggest you remove the program now.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

• NoAdware
  
• Viewpoint
  
• Viewpoint Manager
  
• Viewpoint Media Player
  
• Viewpoint Toolbar
  

Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
  
• Please double-click OTMoveIt3.exe to run it.
  
• Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :services
  hpypjpjn
  
  :files
  c:\windows\system32\iehelper.dll
  c:\windows\system32\jSrAdcfe.ini2
  c:\windows\svcho.exe
  c:\windows\syssvc.exe
  c:\program files\NoAdware
  c:\windows\system32\iehelper.dll
  c:\windows\sysguard.exe
  c:\documents and settings\default\application data\facegame
  c:\windows\system32\drivers\hpypjpjn.sys
  
  :reg
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
  "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c9c42510-9b21-41c1-9dcd-8382a2d07c61}]
  [HKEY_CURRENT_VERSION\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "system tool"=-
  [HKEY_CURRENT_VERSION\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "ares"=-
  [HKEY_CURRENT_VERSION\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Facegame"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
  "svcho"=-
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqRlklM]
  
  
  
• Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt3
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.