bankerfox.a++++++++++

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 13:27 on 08/09/2009 by Summer Spencer (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
C:\i386\scecli.dll --a--- 180224 bytes [17:37 15/11/2005] [11:00 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\$NtServicePackUninstall$\scecli.dll -----c 180224 bytes [20:53 03/02/2009] [11:00 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\ServicePackFiles\i386\scecli.dll ------ 181248 bytes [18:29 03/09/2008] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
C:\WINDOWS\system32\scecli.dll --a--- 181248 bytes [18:51 10/08/2004] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084

Searching for "netlogon.dll"
C:\i386\netlogon.dll --a--- 407040 bytes [17:35 15/11/2005] [11:00 04/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll -----c 407040 bytes [20:53 03/02/2009] [11:00 04/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\ServicePackFiles\i386\netlogon.dll ------ 407040 bytes [18:29 03/09/2008] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550
C:\WINDOWS\system32\netlogon.dll --a--- 407040 bytes [18:51 10/08/2004] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550

Searching for "eventlog.dll"
C:\i386\eventlog.dll --a--- 55808 bytes [17:34 15/11/2005] [11:00 04/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll -----c 55808 bytes [20:54 03/02/2009] [11:00 04/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\WINDOWS\ServicePackFiles\i386\eventlog.dll ------ 56320 bytes [18:28 03/09/2008] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
C:\WINDOWS\system32\eventlog.dll --a--- 56320 bytes [18:51 10/08/2004] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656

Searching for "cngaudit.dll"
No files found.

-=End Of File=-

can not do much- pop ups bankerfox.a - win32...
can not download hijack
pop ups driving me crazy- 10 min for these few lines

Hi

Please download ComboFix from Here or Here

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective
  programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Do not mouse-click Combofix's window while it is running. That may cause it to stall.

can not get it to open, downloaded fine then the following - aopplication cannot be executed. The file combofix is infected.

Please do a scan with Kaspersky Online Scanner

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition files.
  
• After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  
• This will start the program and scan your system.
  
• The scan will take a while, so be patient and let it run.
  
• Once the scan is complete, click on View scan report
  
• Now, click on the Save Report as button.
  
• Save the file to your desktop.
  
• Copy and paste that information in your next post.
  

ERROR Scanning could not be started [0x80004005]

Retried 4 more times

Just tried again- now Java appears to be infected

PackageManager.loadConfig: Update configuration saved.
MainApplet.loadNativeInterface: Load library
MainApplet.loadNativeInterface: Initialize library
=> MainApplet.kosUpdate <=
!!!!! formatDateTime=hh.mm.yyyy HH:MM:SS
Update.run: Prepare update
PackageConfig.loadUpdateConfig: packages/kos-extras.jar,./,0,0
PackageConfig.loadUpdateConfig: packages/kos-bin-winnt.jar,binaries,308627,1221471011000
PackageConfig.loadUpdateConfig: packages/kos-bin-winnt-redist.jar,binaries,591080,1221471011000
PackageConfig.loadUpdateConfig: packages/kos-bin-winnt-engine.jar,binaries,2110095,1221471011000
=> ReportApplet.stop <=
=> ReportApplet.destroy <=
=> MainApplet.stop <=
=> MainApplet.destroy <=
cb_error: 268 19
java.lang.RuntimeException: Update failed!
at com.kaspersky.kosp.update.Update.runner(Update.java:96)
at com.kaspersky.kosp.common.PrivilegedThread$1.run(PrivilegedThread.java:27)
at com.kaspersky.kosp.common.PrivilegedThread$1.run(PrivilegedThread.java:26)
at java.security.AccessController.doPrivileged(Native Method)
at com.kaspersky.kosp.common.PrivilegedThread.run(PrivilegedThread.java:26)

Hi

Please download DrWeb-CureIt and save it to your Desktop. Do NOT perform a scan yet

• Double-click on drweb-cureit.exe to start the program.
  An Express Scan of your PC notice will appear.
  
• Under Start the Express Scan Now, Click OK to start the scan.
  This is a short scan that will scan the files currently running in memory.
  If something is found, click the Yes button when it asks you if you want to cure it.
  
• Once the short scan has finished, Click Options > Change settings
  
• Choose the Scan tab and UNcheck Heuristic analysis
  
• Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).
  
• Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.
  
• When finished, a message will be displayed at the bottom advising if any viruses were found.
  
• Click Yes to all if it asks if you want to cure/move the file.
  
• When the scan has finished, look if you can see the icon next to the files found.
  If so, click it, then click the next icon right below and select Move incurable.
  (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  
• Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  
• Save the DrWeb.csv report to your Desktop.
  
• Exit Dr.Web Cureit when you have finished.
  
• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  
• After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
  

same. infected

Hi

I have some bad news. It appears a file infector called Virut has compromised your machine.

Please read this article by me. If you decide to do as instructed, please reply back and tell me. If you would like to clean the computer instead, I can try really hard, but I will promise you it may not be clean even after I try.

Thank you.

which is better for me? Recommendations?

I guess really only a few pics involved- Little of anything else thats not replaceable.
\

How do I go about- errrr killing it and then restart it again?

As it says in the article, reformat and reinstall. I cannot stress this enough.

If you need help on getting the resources, please let me know.

When you have decided, please let me know that, as well.

yes I need help on getting the resources.

sooner is better for me.

Please answer the following questions:

What type of computer do you have? (Manufacturer, Model, date purchased)

Do you currently have a Windows XP install disk, or full version?

====

Please do the following, if possible:

Find any document on your system that is important. (Like a Microsoft Word document).

• Please go to Jotti's malware scan
  
  
• Browse for the file of choice (a document), and enter it in to the field.
  
  
• Click on the submit button
  
  
• Please post the url of the results in your next reply.

Dell DIM 3000 11/05

no xp disk do have dell drivers and and utility cd

I'm ready to loose all data on that computer.

there is a microsoft windows system restore, but have no owner's manual icon nor could I find it with a search.

Do you have the Dell Operating System disc?

If you do not, try to borrow an XP disc from a friend.

checking on xp.

Ok Got xp. what next?

Right here is an excellent tutorial on reformatting and reinstalling your operating system: http://forums.whatthetech.com/How_Reformat_Reinstall_your_Operating_System_t91962.html

Do you have any more questions? If not, this topic will still remain open, just in case.