BankerFox.A and Win32/Nuqel.E Help Please!

Hello,

My Dell Desktop has been infected with the BankerFox.A and Win32/Nuqel.E virus'. I have a feeling there's quite a bit more though. Here is the HiJackThisLog:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:17:35 PM, on 3/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svcnost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\winlognn.exe
C:\WINDOWS\svcho.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\a.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\winlognn.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\9.tmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Laurie\Desktop\HiJackThis.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\rph108vslu.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\vep3x33xtgbp.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\b8tayf1v.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\p7n4oh.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\dodwscusm.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\knvdfzbmiel.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\mtx8lscnhcug.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\wcdgz0nx20.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\ktrmk7.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\uyqvowasjvq.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\t3645b5.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\i4a7id18.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\oobcgak83xly.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\k0w189hmsco9.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\eoz2jo1x5.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\dpcyfh1nz.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\t7wxkifdpg.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\r278ag9czen22.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\rxvpuhx9.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\gg9kvbb4.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\rauej9.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\jeamrb.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\lzumzj6of1unl.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\mcn6nqkhgsect.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\evkmeypxi9yxx.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\dwee1whl4okg.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\z8i3cveztodm.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\j1hfpizk.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\l1714hwqp7g.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\kn6alwa.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\n2kx0tfzjj.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\y504by8kyqxqd.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\k5muhcfptg.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\yaj71fwyyqkk.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\elgojbd.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\kq7w7dtc6ftu.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\ili7xbn.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\ze9cqy.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\heoyiodtk0.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\ju8ktl69ygb.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\w9w3am.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\pr1rg7g34l0pr.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\yqhhxi.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\iozd0mg3z.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\kuo9txbw3hqrk.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\yug3ibdus42gd.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\mzxf0dd.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\njxgxaer8tcz.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\hzckdh2.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\xsilm2.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\yh6e34qtbbxdm.exe
C:\DOCUME~1\Laurie\LOCALS~1\Temp\ymphth5c3qva.exe

Part 2:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?.partner=sbc&.done=http%3a//sbc.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: (no name) - {166C15B6-5A6E-4F55-A740-0749E94BFB23} - C:\WINDOWS\system32\atmli.dll
O2 - BHO: C:\WINDOWS\system32\gsdrgfdrrgnd.dll - {D5BF4552-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\gsdrgfdrrgnd.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [j2291436] rundll32 C:\WINDOWS\system32\j2291436.dll sook
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\exhuhlfc.dll",realset
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [svchost.exe] C:\WINDOWS\system32\svcnost.exe
O4 - HKLM\..\Run: [lrijh8s73jhbfgfd] C:\DOCUME~1\Laurie\LOCALS~1\Temp\winlognn.exe
O4 - HKLM\..\Run: [20074746] rundll32.exe "C:\WINDOWS\system32\rikojine.dll",b
O4 - HKLM\..\Run: [masatonine] Rundll32.exe "C:\WINDOWS\system32\sulejere.dll",s
O4 - HKLM\..\Run: [CPM233474da] Rundll32.exe "c:\windows\system32\diguweha.dll",a
O4 - HKCU\..\Run: [Etao] "C:\DOCUME~1\Laurie\APPLIC~1\DOBE~1\wuauclt.exe" -vt yazb
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [A00F560A5D0.exe] C:\DOCUME~1\Laurie\LOCALS~1\Temp\_A00F560A5D0.exe
O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\Laurie\LOCALS~1\Temp\a.exe
O4 - HKCU\..\Run: [lrijh8s73jhbfgfd] C:\DOCUME~1\Laurie\LOCALS~1\Temp\winlognn.exe
O4 - HKCU\..\Run: [tezrtsjhfr84iusjfo84f] C:\DOCUME~1\Laurie\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [A00F5B4DA8.exe] C:\DOCUME~1\Laurie\LOCALS~1\Temp\_A00F5B4DA8.exe
O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\Laurie\LOCALS~1\Temp\9.tmp.exe
O4 - HKCU\..\Run: [yq5etfxpoafraq0oqfbsoz3ql84rn6dyd24] C:\DOCUME~1\Laurie\LOCALS~1\Temp\jujtln6.exe
O4 - HKCU\..\Run: [ap6s1nu7ntxnl] C:\DOCUME~1\Laurie\LOCALS~1\Temp\axygda.exe
O4 - HKCU\..\Run: [etwwlwwecw8y5q2qou1ot7gu2lmyzgxj92mgfgz65erj] C:\DOCUME~1\Laurie\LOCALS~1\Temp\fe6000ashsruo.exe
O4 - HKCU\..\Run: [aukbmbq8818lu9] C:\DOCUME~1\Laurie\LOCALS~1\Temp\vrtfs66t.exe
O4 - HKCU\..\Run: [ixvhocol44fejqozfr0e8l9u] C:\DOCUME~1\Laurie\LOCALS~1\Temp\tl3nqsdiq2rl.exe
O4 - HKCU\..\Run: [afo65pncteuzicsdmbgx05twsld] C:\DOCUME~1\Laurie\LOCALS~1\Temp\atelk6z1mq.exe
O4 - HKCU\..\Run: [vxgm1tbt4uoa4bypj1gcg1pc0nh] C:\DOCUME~1\Laurie\LOCALS~1\Temp\z9gjtbbfjs4e.exe
O4 - HKCU\..\Run: [rz95r2vfihg4gkcl1cwrf] C:\DOCUME~1\Laurie\LOCALS~1\Temp\l7d1lvjj.exe
O4 - HKCU\..\Run: [scn5fjflt8] C:\DOCUME~1\Laurie\LOCALS~1\Temp\lxet5rgdy.exe
O4 - HKCU\..\Run: [r2lujyi5ud3cx23kpv8fu] C:\DOCUME~1\Laurie\LOCALS~1\Temp\eu7pxkgi.exe
O4 - HKCU\..\Run: [yiuxt309uxqg1im2mm0z9e1q5] C:\DOCUME~1\Laurie\LOCALS~1\Temp\s7zzx59.exe
O4 - HKCU\..\Run: [ht4qj1ur61yf4gsq3rbnp0o63kbijp6tstmalt9unamlwc5] C:\DOCUME~1\Laurie\LOCALS~1\Temp\ucrollu44.exe
O4 - HKCU\..\Run: [d4mcbzlak9z58puqv74msd5rqjlc38i9dxcthzpncsauz] C:\DOCUME~1\Laurie\LOCALS~1\Temp\hjmwse.exe
O4 - HKCU\..\Run: [q0syg28190idbhg5t76wp3ja5deefbw2ra6htfp47] C:\DOCUME~1\Laurie\LOCALS~1\Temp\ucx5c2w3.exe
O4 - HKCU\..\Run: [mu300bl44lw3qrsl1jw] C:\DOCUME~1\Laurie\LOCALS~1\Temp\n4s7socj.exe
O4 - HKCU\..\Run: [rsvnmedjyeokjwgt7fw1yjk51nriv1vsw8qksbsemee9cn31] C:\DOCUME~1\Laurie\LOCALS~1\Temp\jpb9lpz584.exe
O4 - HKCU\..\Run: [eq3pl4qjyzu55qphywgz3ia5bxldltz] C:\DOCUME~1\Laurie\LOCALS~1\Temp\ymq0biri254.exe
O4 - HKCU\..\Run: [fh5y994jc9omexazsqfhbmn406gemojwlx9mjnfeu9o4of] C:\DOCUME~1\Laurie\LOCALS~1\Temp\n6m3ba2qf1e.exe
O4 - HKCU\..\Run: [jlqi5whc7twwdi3r1huj5rtfd68b1q90] C:\DOCUME~1\Laurie\LOCALS~1\Temp\nrjx3buqk8r46.exe
O4 - HKCU\..\Run: [wa57t6swkq0gja2pchxdzhc7bk87] C:\DOCUME~1\Laurie\LOCALS~1\Temp\pdtonrtnbmxgp.exe
O4 - HKCU\..\Run: [q9vp4ltonqrkaz5bmux4lpuyz5f6um9y22] C:\DOCUME~1\Laurie\LOCALS~1\Temp\a3kfecui.exe
O4 - HKCU\..\Run: [o1s8pk8nbu6hh9awmmw6wsbg84hpcwehxpva8ojoxmgox] C:\DOCUME~1\Laurie\LOCALS~1\Temp\c6qg318q.exe
O4 - HKCU\..\Run: [fh3e5upo7qx] C:\DOCUME~1\Laurie\LOCALS~1\Temp\jvsdge.exe
O4 - HKCU\..\Run: [bvtvu0118ojdwc0m7fdj5fm10v9mb10xm9] C:\DOCUME~1\Laurie\LOCALS~1\Temp\w2d5xplnopf4.exe
O4 - HKCU\..\Run: [v8dowardd9znq3cq6mmo51u9xt1fxphuljg4lvc4c] C:\DOCUME~1\Laurie\LOCALS~1\Temp\fob9babvaa.exe
O4 - HKCU\..\Run: [lflozxt5f9zfaasecytklltr7uzc7ed01xucj03o6] C:\DOCUME~1\Laurie\LOCALS~1\Temp\p78hpim5.exe
O4 - HKCU\..\Run: [oyrr8efur] C:\DOCUME~1\Laurie\LOCALS~1\Temp\bkt5r4z1szce.exe
O4 - HKCU\..\Run: [llo7wnybv3ftcqeetywm16n7v6l5m6tpip] C:\DOCUME~1\Laurie\LOCALS~1\Temp\n8ijtsveoi9k.exe
O4 - HKCU\..\Run: [niamkcsypf2n47az37b] C:\DOCUME~1\Laurie\LOCALS~1\Temp\evowzt5.exe
O4 - HKCU\..\Run: [b7ai6efzi15eo8akwq687d5wc6unnjc0jq8oyl6pldf] C:\DOCUME~1\Laurie\LOCALS~1\Temp\ibl1sns.exe
O4 - HKCU\..\Run: [im06qejx6sm9cxbf06vbha8nj2ph2juwko93m2] C:\DOCUME~1\Laurie\LOCALS~1\Temp\o568tzqztpi.exe
O4 - HKCU\..\Run: [t9a3cm0jwngfbc0mpqdcn] C:\DOCUME~1\Laurie\LOCALS~1\Temp\bdet474ry.exe
O4 - HKCU\..\Run: [blxmuhwnola8b29gfbjikna9w7ejyzf3r82] C:\DOCUME~1\Laurie\LOCALS~1\Temp\b54i37fm.exe
O4 - HKCU\..\Run: [o1f7bh05g1yxf] C:\DOCUME~1\Laurie\LOCALS~1\Temp\jkspv8br84q.exe
O4 - HKCU\..\Run: [d5k73b32dye4vmrkb3q3lkqsypbc] C:\DOCUME~1\Laurie\LOCALS~1\Temp\kljrgik.exe
O4 - HKCU\..\Run: [ptvs9pjvk] C:\DOCUME~1\Laurie\LOCALS~1\Temp\rjgn0h.exe
O4 - HKCU\..\Run: [pkeb1tjzk0p3xcf73b] C:\DOCUME~1\Laurie\LOCALS~1\Temp\u9ij370omt5u.exe
O4 - HKCU\..\Run: [unj0tcs2hbw7fii9x2uwrjka09uvst9tkvbgzgcg336smocbzu] C:\DOCUME~1\Laurie\LOCALS~1\Temp\r46jn8o.exe
O4 - HKCU\..\Run: [zznp0d4k7y38dp7ci2hsbnn] C:\DOCUME~1\Laurie\LOCALS~1\Temp\fnasoqu3.exe
O4 - HKCU\..\Run: [mvq8lt96bio] C:\DOCUME~1\Laurie\LOCALS~1\Temp\ql3pv6x2bcyj.exe
O4 - HKCU\..\Run: [lfsvqospk0hccqrvm1qdq38cpmy9wtxsl13mjq9xza] C:\DOCUME~1\Laurie\LOCALS~1\Temp\u9d04o43.exe
O4 - HKCU\..\Run: [c66xdwuww5cmkviki3cuo4bragvkohnk5uhz5xnm2] C:\DOCUME~1\Laurie\LOCALS~1\Temp\erkj13866j4.exe
O4 - HKCU\..\Run: [fboiszacskkcavxwtlvk] C:\DOCUME~1\Laurie\LOCALS~1\Temp\ibihl3ix4khns.exe
O4 - HKCU\..\Run: [vys0wu7fs0t6k] C:\DOCUME~1\Laurie\LOCALS~1\Temp\j6fsonits.exe
O4 - HKCU\..\Run: [yujk4y8jpk4ff6yrk0jflzc19bq] C:\DOCUME~1\Laurie\LOCALS~1\Temp\ka3wirdm1rxm0.exe
O4 - HKCU\..\Run: [s1y0tqsio5ygle0ts4biuyjw] C:\DOCUME~1\Laurie\LOCALS~1\Temp\xm0oy1bp.exe
O4 - HKCU\..\Run: [x3h67rf58itfsc9] C:\DOCUME~1\Laurie\LOCALS~1\Temp\u68xtv0b0h0.exe
O4 - HKCU\..\Run: [zi2hap6p2k0w92kx2a5nrkpdrl8m66y8] C:\DOCUME~1\Laurie\LOCALS~1\Temp\infjlke78bv9l.exe
O4 - HKCU\..\Run: [ktd1mui0gmqdk230et66aiiw8dcwf3nmmp2kuawzdtm] C:\DOCUME~1\Laurie\LOCALS~1\Temp\o8lulum.exe
O4 - HKCU\..\Run: [qbxlcc6sedoualsq8n76] C:\DOCUME~1\Laurie\LOCALS~1\Temp\zrbg13hizo.exe
O4 - HKCU\..\Run: [px0y6i5bdoy3wzy5wyl2t87gfsoug] C:\DOCUME~1\Laurie\LOCALS~1\Temp\xh3o1k.exe
O4 - HKCU\..\Run: [emd7b8281vqzpnt928r8dcjrq0c0lwk0tyeghhmp] C:\DOCUME~1\Laurie\LOCALS~1\Temp\ccyr1up8x6fk.exe
O4 - HKCU\..\Run: [uzr4zzea7uq6s9u86af] C:\DOCUME~1\Laurie\LOCALS~1\Temp\h6zna4wnud274.exe
O4 - HKCU\..\Run: [lneugo1a0xvzpruje] C:\DOCUME~1\Laurie\LOCALS~1\Temp\zcpb87x6w75.exe
O4 - HKCU\..\Run: [z09lkx4it7kgfmw3ac9hzco3n3r1ah11b0b] C:\DOCUME~1\Laurie\LOCALS~1\Temp\b30kmlnn7jtx.exe
O4 - HKCU\..\Run: [yna4z7v77ga81bx610du85wzybz9d3gm2r1] C:\DOCUME~1\Laurie\LOCALS~1\Temp\es9r7y9zcef.exe
O4 - HKCU\..\Run: [l88502ra4l1y2doarl4jtwe] C:\DOCUME~1\Laurie\LOCALS~1\Temp\azix2y.exe
O4 - HKCU\..\Run: [gzr4u3aoua33y686wbtlnjsxbpnvkz37u6v] C:\DOCUME~1\Laurie\LOCALS~1\Temp\gt7uhidx32r.exe
O4 - HKCU\..\Run: [ai7c3abslouzf5j5pnq2bsgok] C:\DOCUME~1\Laurie\LOCALS~1\Temp\z0fat59pbrs.exe
O4 - HKCU\..\Run: [mjdn805nzjstn3kac2mnpz1mohy9zyl1m] C:\DOCUME~1\Laurie\LOCALS~1\Temp\fvgoicywl.

Should I just upload the rest of the file to Mediafire? Its pretty big.

This will be easier: http://www.mediafire.com/?sharekey=5749dc32967feefb90a82c7bb0fad7ade04e75f6e8ebb871

Omg wow.
How have you let this happen? The log is so huge I can't tell what else is lurking, but I'd be willing to bet you have Virut (Virut is a file infector and CANNOT be fixed, formatting is the only way out of Virut)


Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

Actually, this doesn't suprise me at all...
I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!
This is somewhat suicidal in today's digital world.
That's why I want you to install one first!!

* Please install Avira Antivirus: http://www.free-av.com/
This is a free Antivirus.

Perform a full scan with Avira and let it delete everything it is finding.
Then reboot.
After reboot, open your Avira and select "reports".
There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply together with a new HijackThislog.
Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.

Actually I have Spybot and Adaware installed on the computer which is my friend's as I am doing her a very painful favor. Especially now that I have installed the Anti Virus software that you suggested and now I have millions of beeping windows popping up. Once I deal with this I will post the log. Thanks

After Rebooting, I can't open anything now.

As I've already told you, there is an incredible amount of damage done and I don't think we can fix this, I'm willing to bet Virut is present.

Your computer has multiple infections, including a backdoor. A backdoor gives intruders complete control of your computer, logs your keystrokes, steal personal information, etc.

You are strongly advised to do the following:

• Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  
• Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  
• Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  
• From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).
  

Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Due to its backdoor functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS).

To help you understand more, please take some time to read the following articles:

What are Remote Access Trojans and why are they dangerous
How do I respond to a possible identity theft and how do I prevent it
When should I do a reformat and reinstallation of my OS
Where to backup your files
How to backup your files in Windows XP
Restoring your backups

Oh I understand thanks. And the elitist attitude helps matters...Thanks anyway

This guy seems to be a real jerk... Elitist attitude... Hmph... I found nothing wrong with your reply or your attempt to help, and thought your honesty in being able to deal with the situation was exemplary...

mokshamike wrote:

This guy seems to be a real jerk... Elitist attitude... Hmph... I found nothing wrong with your reply or your attempt to help, and thought your honesty in being able to deal with the situation was exemplary...

Meh, I'm not offended that easily.

Anyhow, is there a reason for posting here mokshamike? Just wondering if you had malware issues or just sticking up for me.

Actually, our office girl is having issues with our computer, "Spyware Protect 2009" keeps opening windows. I'm trying to help her remotely. She ran virus scan and came up with win32/nuqel.e.... So I was just snooping around... Don't want to get my hands to dirty with the situation... Not my problem and don't want it to be... Just was looking for an easy fix. She is trying windows malicious software removal right now... Don't have access to any reports or anything. She's pretty computer illiterate, and I'm no pro.

Okay, I won't ask you to do anything.
Looking for an easy fix might not be as easy as you think, we ask that people do not run tools I have posted for other users. Special fixes are made for certain people only.

If she wants me to help, ask her to register here and we'll see what we can do.

i first got hit with the BankerFox.a yesterday, but it quickly "learned" apparently that i was after it. it then disabled my internet connection and began turning off my system (abruptly with a loud audible pop) going to a black screen, then a blue error screen. now, the machine can only be turned on in safe mode, and cannot connect to the internet. it also somehow disabled the CD driver as no CD is readable and i can't reinstall anything. i try to run a very clean system (XP with IE7 and paid McAfee antivirus and firewalled) so i'm not sure how this got through - and think it is a clone of BankerFox.A - or else why would it turn off the internet and then do further damage?

this week started bad, because Monday i was hit with the click-jack trojan Lando. after quickly assessing that, i downloaded Malwarebytes and took care of that one fairly easily. i cussed out McAfee for letting it through anyway... until last night's hit with this, i thought it was a fluke. this is more than a fluke. i think this was deliberate and it trashed my computer.

still, i have no way to download anything to fix it, i tried from this computer to download several fixes onto an external thumb drive and transport that to the infected computer. in safe mode, it will read and copy files externally, but it won't install or run them - unless i'm doing it wrong. is there a way to download a fix to a thumbdrive and then install from there? its the only way i have to clean it up, or otherwise it will become a doorstop. i run a business and a website on it, and it will take me weeks to recover that loss since i hadn't backed anything up this month. i know... bad practice. so, can it be fixed from the thumbdrive?

Hello reeko, welcome to GeekPolice.

Please post your problem in a new topic here:

http://www.geekpolice.net/post.forum?mode=newtopic&f=11

Thank you.