Nuqel.E bankerfox has disabled internet access and my anti spyware cant update

Hi,
Ran Mbam, it came up with 11 infections, clicked on quarantine and the program hung, left it for around 40 mins, nothing. also cant get on internet again, it hangs while trying to get to home page.
Sorry its not great news.

Am running again to hopefully complete.

Last edited by vince on 27th April 2009, 10:52 pm; edited 1 time in total (Reason for editing : to save posting an extra)

Ran again, hit remove and it say's quarantining, but again seems to have locked up , how long should I wait.

Okay, lets do another scan using this.

• Download combofix from here
  Link 1
  Link 2
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV. (AVG8 and Ad-watch)
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

Combofix want to go on internet to download the windows recovery console. but I cant get on. again



Managed to get on am following instructions !!!

Last edited by vince on 27th April 2009, 11:45 pm; edited 1 time in total (Reason for editing : situation changed)

post1 , txt split to fit on message board

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.502.213 [GMT 1:00]
Running from: c:\documents and settings\Vince Sharpe\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\VINCES~1\LOCALS~1\Temp\~WS2.tmp
c:\docume~1\VINCES~1\LOCALS~1\Temp\~WS3.tmp
c:\docume~1\VINCES~1\LOCALS~1\Temp\~WS4.tmp
c:\documents and settings\Vince Sharpe\Local Settings\Temp\~WS2.tmp
c:\documents and settings\Vince Sharpe\Local Settings\Temp\~WS3.tmp
c:\documents and settings\Vince Sharpe\Local Settings\Temp\~WS4.tmp
c:\windows\rs.txt
c:\windows\system32\UACasoyltodgictjmq.dll
c:\windows\system32\UACcftpuyxiusjwkrm.dll
c:\windows\system32\UACdolxmkmlonmtnsb.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACmeadxcnhrvrxehc.dll
c:\windows\system32\UACnfdqlaheyeorbql.log
c:\windows\system32\UACpjddcfrqhkxnmrs.dat
c:\windows\system32\UACyifvgdbhfnetpyk.dll

Infected copy of c:\windows\system32\sfcfiles.dll was found and disinfected
Restored copy from - c:\windows\$NtServicePackUninstall$\sfcfiles.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SFC
-------\Service_sfc


((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-4-27 )))))))))))))))))))))))))))))))
.

2009-04-27 20:59 . 2009-04-27 20:59 -------- d-----w c:\documents and settings\Vince Sharpe\Application Data\Malwarebytes
2009-04-27 20:37 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-27 20:37 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-27 20:12 . 2009-04-27 20:12 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-27 14:07 . 2009-04-27 17:39 -------- d-----w c:\program files\Enigma Software Group
2009-04-26 22:08 . 2009-03-09 19:06 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-26 21:45 . 2009-03-09 19:06 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-26 21:44 . 2009-04-26 21:44 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-26 21:43 . 2009-04-26 21:43 -------- d-----w c:\program files\Lavasoft
2009-04-26 21:43 . 2009-04-26 21:43 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-26 17:36 . 2009-04-27 22:37 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-26 14:29 . 2009-04-27 20:57 -------- d--h--w C:\$AVG8.VAULT$
2009-04-26 14:13 . 2009-04-26 14:13 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-26 14:13 . 2009-04-26 14:13 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-26 14:13 . 2009-04-26 14:13 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-26 14:13 . 2009-04-26 14:13 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-26 14:13 . 2009-04-26 14:13 -------- d-----w c:\documents and settings\Administrator\Application Data\AVGTOOLBAR
2009-04-26 14:13 . 2009-04-26 14:13 -------- d-----w c:\program files\AVG
2009-04-26 14:00 . 2009-04-26 17:20 -------- d-----w c:\documents and settings\Vince Sharpe\Application Data\AVGTOOLBAR
2009-04-26 13:59 . 2009-04-26 21:04 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-19 14:54 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-19 14:54 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-19 14:53 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-19 14:53 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-19 14:53 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-19 14:53 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-19 14:53 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-19 14:53 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-19 14:53 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-19 14:53 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-19 14:53 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-10 23:04 . 2006-08-29 14:56 32377 ----a-w c:\windows\system32\drivers\prodigy.sys
2009-04-10 23:03 . 2009-04-10 23:04 -------- d-----w c:\program files\NSS
2009-04-10 09:55 . 2008-04-13 18:45 26112 -c--a-w c:\windows\system32\dllcache\usbser.sys
2009-04-10 09:55 . 2008-04-13 18:45 26112 ----a-w c:\windows\system32\drivers\usbser.sys
2009-04-10 09:01 . 2009-04-10 09:54 -------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-04-10 09:00 . 2008-08-26 08:26 18816 ----a-w c:\windows\system32\drivers\pccsmcfd.sys
2009-04-10 09:00 . 2009-04-10 09:00 -------- d-----w c:\program files\PC Connectivity Solution
2009-04-10 08:41 . 2009-04-10 08:41 -------- d-----w c:\documents and settings\All Users\Application Data\Nokia
2009-04-10 08:22 . 2008-02-01 14:17 8320 ----a-w c:\windows\system32\drivers\nmwcdnsuc.sys
2009-04-10 08:22 . 2008-02-01 14:17 138112 ----a-w c:\windows\system32\drivers\nmwcdnsu.sys
2009-04-10 08:19 . 2009-04-10 23:17 -------- d-----w c:\documents and settings\All Users\Application Data\Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-26 05:57 . 2004-08-12 12:24 -------- d-----w c:\program files\Google
2009-04-25 17:12 . 2009-03-04 23:07 -------- d-----w c:\program files\SopCast
2009-04-10 09:53 . 2009-04-10 09:53 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-04-10 09:53 . 2009-04-10 09:53 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-04-10 09:02 . 2005-08-28 18:42 -------- d-----w c:\program files\Nokia
2009-04-10 09:00 . 2009-02-13 14:44 -------- d-----w c:\program files\DIFX
2009-04-10 08:59 . 2004-08-12 10:22 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-27 18:11 . 2004-08-12 11:28 42224 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-27 17:52 . 2009-03-27 17:52 -------- d-----w c:\program files\3Com
2009-03-26 12:36 . 2009-03-26 12:36 -------- d-----w c:\program files\MSBuild
2009-03-22 11:10 . 2009-03-22 11:09 -------- d-----w c:\program files\iTunes
2009-03-22 11:09 . 2009-03-22 11:09 -------- d-----w c:\program files\iPod
2009-03-22 11:09 . 2008-11-28 17:47 -------- d-----w c:\program files\Common Files\Apple
2009-03-22 11:06 . 2009-03-22 11:06 -------- d-----w c:\program files\Bonjour
2009-03-22 11:06 . 2008-11-28 17:49 -------- d-----w c:\program files\QuickTime
2009-03-14 20:47 . 2009-03-14 20:47 -------- d-----w c:\program files\Uniblue
2009-03-14 20:37 . 2009-03-14 20:37 -------- d-----w c:\program files\Reference Assemblies
2009-03-06 14:22 . 2004-08-11 18:09 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-20 08:10 . 2004-08-11 18:09 666112 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:10 . 2004-08-12 11:17 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2004-08-11 18:09 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-11 18:09 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2004-08-11 18:09 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-11 18:08 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2004-08-11 18:09 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 18:02 . 2002-08-29 01:04 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 11:11 . 2004-08-11 18:09 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2004-08-11 18:09 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-11 18:09 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:59 . 2004-08-11 18:09 56832 ----a-w c:\windows\system32\secur32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-11-17 53341]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-26 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-09 136600]
"SonyPowerCfg"="c:\program files\sony\vaio power management\SPMgr.exe" [2004-06-29 180224]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 176128]
"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2006-04-04 147456]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2003-08-18 1048576]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2005-12-07 09:33 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-07-01 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-07-01 118784]
"HKSERV.EXE"="c:\program files\Sony\HotKey Utility\HKserv.exe" [2004-07-09 122880]
"DataLayer"="c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-06-07 819712]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-07 114688]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-26 1932568]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"VAIO Update 2"="c:\program files\sony\vaio update 2\VAIOUpdt.exe" [2004-06-29 147456]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2002-03-14 45056]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-7-30 217195]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-4-6 113664]
Audio Filter.lnk - c:\program files\sony\sonicstage mastering studio\audio filter\SSMSFilter.exe [2005-4-6 2707456]
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2008-9-24 110647]
web'n'walk Manager.lnk - c:\program files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe [2007-11-7 794624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-26 14:13 10520 ----a-w c:\windows\system32\avgrsstx.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= SSMSFltr.dll
"mixer1"= SSMSFltr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
backup=c:\windows\pss\AOL 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Broadband Check-Up.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL Broadband Check-Up.lnk
backup=c:\windows\pss\AOL Broadband Check-Up.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\sony\\sonicstage\\Omgjbox.exe"=
"c:\\Program Files\\Adobe\\Acrobat 6.0\\Acrobat Elements\\Acrobat Elements.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\sony\\vaio media 3.1\\Vc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AOL 9.0a\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1161085292\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1161085292\\ee\\aim6.exe"=
"c:\\Program Files\\Cyberlink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\Cyberlink\\PowerCinema\\PCMService.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

Post 2 rest of txt.

R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2007-07-09 95744]
R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2007-06-26 51968]
R3 GTPTSER;GT PT SER;c:\windows\system32\DRIVERS\gtptser.sys [2007-03-30 8064]
R3 hcw66xxx;WinTV HVR-900H;c:\windows\system32\Drivers\hcw66xxx.sys [2008-02-27 418304]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-04-06 38496]
R3 memcard;PCMCIA Memory Card Driver;c:\windows\system32\DRIVERS\memcard.sys [2001-08-17 8320]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
R3 pelmouse;Mouse Suite Driver;c:\windows\system32\DRIVERS\pelmouse.sys [2002-06-28 17251]
R3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\DRIVERS\pelusblf.sys [2001-07-24 7520]
R3 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe [2004-07-08 118877]
R3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe [2004-07-08 278528]
R3 ZD1211U(3COM Corporation);3COM OfficeConnect Wireless 11g Compact USB Adapter(3COM Corporation);c:\windows\system32\DRIVERS\zd1211u.sys [2005-03-28 274432]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-03-09 64160]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-26 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-26 108552]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-26 298264]
S2 EPGService;EPGService;c:\progra~1\WinTV\EPG Services\System\EPGService.exe [2006-07-19 435200]
S2 GtDetectSc;GtDetectSc;c:\program files\T-Mobile\web'n'walk Manager\GtDetectSc.exe [2007-11-05 204915]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
S3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\DRIVERS\SonyPI.sys [2002-08-20 71961]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31f4d1b4-c231-11d9-8305-000e3589c2ae}]
\Shell\AutoRun\command - G:\
\Shell\open\Command - rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{338af8c2-eb13-11dd-863f-00038a000015}]
\Shell\AutoRun\command - G:\
\Shell\open\Command - rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a28d093-ab60-11d9-82bc-00038a000015}]
\Shell\AutoRun\command - G:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de1f4ba0-25b4-11de-8684-00038a000015}]
\Shell\AutoRun\command - G:\
\Shell\open\Command - rundll32.exe .\desktop.dll,InstallM
.
Contents of the 'Scheduled Tasks' folder

2009-04-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]

2009-04-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{C5968DB3-3160-4DA8-AF6D-019FE3ED863E} - c:\program files\IEToolbar\Cashback Guardian\CashbackGuardian.dll
HKCU-Run-NBJ - d:\programs-vince\Ahead\Nero BackItUp\NBJ.exe
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-Aim6 - (no file)
HKLM-Run-PDService.exe - c:\program files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
SSODL-UpdateCheck-{9B3074A1-D449-4209-8103-D14D03B90280} - c:\windows\system32\mstmdm.dll


.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://club.vaio.sony.co.uk/clubvaio/gb/en/home
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.club-vaio.sony-europe.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-28 00:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\windows\system32\SSMSFltr.dll

- - - - - - - > 'lsass.exe'(720)
c:\windows\system32\SSMSFltr.dll

- - - - - - - > 'explorer.exe'(1380)
c:\windows\system32\SSMSFltr.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\progra~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\windows\system32\igfxext.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\sony\HotKey Utility\HKWnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\wanmpsvc.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Cyberlink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\program files\Cyberlink\PowerCinema\Kernel\TV\CLSched.exe
.
**************************************************************************
.
Completion time: 2009-04-27 1:08 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-28 00:08

Pre-Run: 6,653,755,392 bytes free
Post-Run: 7,850,221,568 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

321 --- E O F --- 2009-04-25 00:18

Hello.

• Now open a new notepad file.
  
• Input this into the notepad file:
  

  
  Windows Registry Editor Version 5.00
  
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31f4d1b4-c231-11d9-8305-000e3589c2ae}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{338af8c2-eb13-11dd-863f-00038a000015}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de1f4ba0-25b4-11de-8684-00038a000015}]
  
  

  
  
• Save this as fix.reg, save it to your desktop.
  
• Double click fix.reg to run it.
  
• Select yes to the registry merge prompt.
  

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

Please update AVG now and let me know how the machine is running.

Hi, Have updated avg8.5 and reactivated.
I am posing this using the previous bad machine, so yes it looks good and fixed.
It's a little slow to load up, I suppose thats due to all the rubbish thats been pulled , squashed and dumped on it over the last few days.
There are no restore points in system restore, not sure whether they were supposed to come back or not. i did regularly create them but they are not there any more.
Machine is working though so I'm one happy guy.
Many many thanks Belahzur,
I will sing your praises to everyone I know.
Its quite odd that you have helpedme so much yet I have no idea who you are. I suppose thats the anonymous world of the net.
Good luck in whatever your doing.
Many many thanks again.
( if your happy with the outcome that is )

Hello.
The slowness could be due to number of stuff running at startup, because they run as a process too.
If you want, we can stop some of the un-needed junk from running.

Sadly, I will never show myself, or my real name. This is a public forum, we are fighting against the bad guys. I've seen the dark side of the internet, I know what they are capable of, it's very easy to track someone using the internet nowadays.

Many thanks again,
Have done some unticking in msconfig to improve things a little.
Great work thanks

Is there another alternative to msconfig, I seem to have a lot of process' running but not much inthe toolbar. ?

In Hijack This, toolbar section is O3.
Usually there isn't a lot of toolbars if you don't install toolbars.

Is it possible that the problems I had could have affected my mail server settings from outlook and my nokia e71 mobile phone, which i was picking emails up on while laptop was out of order. as the phone has ground to halt .
Thanks
Vince

Hello.
Did you have your phone plugged in via a USB while you were infected?

I don't think this rootkit can jump via USB infections, it wasn't the right type of variant, but let me know anyway.

Hi Guys,
Problems have crept back at me, I cannot get to load windows fully, i get the blue screen of death, have posted a new topic in system problems , but had no reply yet, so dont know whether you'll see this or not, or can you check my other post. the details are all there. Look forward to hearing from you again.
Many thanks
Vince