Nuqel.E bankerfox has disabled internet access and my anti spyware cant update

Hi can someone point me in the right direction,
I have a nuqel.E and it wont allow me to get on internet to download latest virus updates. malware wants to go on, avg is not up to date. other anti spyare programs hang on install from usb stick
running xp.

Trying to post dds text, but keep getting told post is too big ??

Split it up into more than one post.

DDS (Ver_09-03-16.01) - NTFSx86
Run by Vince Sharpe at 19:10:41.32 on 27/04/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.502.57 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG8\aAvgApi.exe
C:\Program Files\sony\vaio update 2\VAIOUpdt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\sony\vaio power management\SPMgr.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\AOL\1161085292\ee\AOLSoftware.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\System32\igfxext.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\sony\sonicstage mastering studio\audio filter\SSMSFilter.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Documents and Settings\Vince Sharpe\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://club.vaio.sony.co.uk/clubvaio/gb/en/home
mDefault_Page_URL = hxxp://www.club-vaio.sony-europe.com/
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.club-vaio.sony-europe.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: BHO: {abd45510-9b22-41cd-9acd-8182a2da7c63} - c:\windows\system32\iehelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: TBSB05527 Class: {c5968db3-3160-4da8-af6d-019fe3ed863e} - c:\program files\ietoolbar\cashback guardian\CashbackGuardian.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Yahoo! Pager] c:\progra~1\yahoo!\messen~1\ypager.exe -quiet
uRun: [Sonic RecordNow!] c:\progra~1\yahoo!\messen~1\ypager.exe -quiet
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [NBJ] "d:\programs-vince\ahead\nero backitup\NBJ.exe"
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
uRun: [CreativeTaskScheduler] "c:\program files\creative\shared files\CTSched.exe" /logon
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [Aim6]
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PDService.exe] c:\program files\utimaco\safeguard privatedisk\pdservice.exe
mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -onlytray
mRun: [PCMService] "c:\program files\cyberlink\powercinema\PCMService.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [MPFExe] c:\progra~1\mcafee.com\person~1\MpfTray.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideo[inspector]] c:\program files\logitech\video\InstallHelper.exe /inspect
mRun: [LogitechCameraService(E)] c:\windows\system32\ElkCtrl.exe /automation
mRun: [LogitechCameraAssistant] c:\program files\logitech\video\CameraAssistant.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [HostManager] c:\program files\common files\aol\1161085292\ee\AOLSoftware.exe
mRun: [HKSERV.EXE] c:\program files\sony\hotkey utility\HKserv.exe
mRun: [DataLayer] c:\program files\common files\pcsuite\datalayer\DataLayer.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [AOL Spyware Protection] c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aol90t~1.lnk - c:\program files\aol 9.0a\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aolbro~1.lnk - c:\program files\aol\broadband checkup\bin\matcli.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\audiof~1.lnk - c:\program files\sony\sonicstage mastering studio\audio filter\SSMSFilter.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autost~1.lnk - c:\program files\wintv\Ir.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - d:\programs-vince\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\web'n'~1.lnk - c:\program files\t-mobile\web'n'walk manager\web'n'walk Manager.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: UpdateCheck - {9B3074A1-D449-4209-8103-D14D03B90280} - c:\windows\system32\mstmdm.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-26 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-26 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-26 27656]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2002-10-30 71961]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-26 108552]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2007-7-9 95744]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2007-6-26 51968]
S3 GTPTSER;GT PT SER;c:\windows\system32\drivers\gtptser.sys [2007-3-30 8064]
S3 hcw66xxx;WinTV HVR-900H;c:\windows\system32\drivers\hcw66xxx.sys [2008-9-24 418304]
S3 memcard;PCMCIA Memory Card Driver;c:\windows\system32\drivers\memcard.sys [2007-5-29 8320]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-4-10 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-4-10 8320]
S3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [2004-8-12 17251]
S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\PELUSBlf.SYS [2004-8-12 7520]

=============== Created Last 30 ================

2009-04-27 15:08 296 a------- C:\spyhunter.fix
2009-04-27 15:07 --d----- c:\program files\Enigma Software Group
2009-04-26 23:08 15,688 a------- c:\windows\system32\lsdelete.exe
2009-04-26 22:45 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-04-26 22:44 -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-26 22:43 --d----- c:\program files\Lavasoft
2009-04-26 22:31 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-26 22:31 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-26 18:36 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-26 18:36 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-26 18:34 10,752 a------- c:\windows\system32\iehelper.dll
2009-04-26 15:29 --d-h--- C:\$AVG8.VAULT$
2009-04-26 15:13 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-04-26 15:13 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-26 15:13 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-04-26 15:13 --d----- c:\windows\system32\drivers\Avg
2009-04-26 15:13 --d----- c:\program files\AVG
2009-04-26 15:00 --d----- c:\docume~1\vinces~1\applic~1\AVGTOOLBAR
2009-04-26 14:59 --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-04-26 03:54 294,416 a------- c:\windows\sysguard.exe
2009-04-19 15:54 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-19 15:54 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-19 15:54 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-11 00:04 32,377 a------- c:\windows\system32\drivers\prodigy.sys
2009-04-11 00:03 --d----- c:\program files\NSS
2009-04-10 10:55 26,112 ac------ c:\windows\system32\dllcache\usbser.sys
2009-04-10 10:55 26,112 a------- c:\windows\system32\drivers\usbser.sys
2009-04-10 10:53 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-04-10 10:53 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-04-10 10:00 18,816 a------- c:\windows\system32\drivers\pccsmcfd.sys
2009-04-10 10:00 --d----- c:\program files\PC Connectivity Solution
2009-04-10 09:41 --d----- c:\docume~1\alluse~1\applic~1\Nokia
2009-04-10 09:22 8,320 a------- c:\windows\system32\drivers\nmwcdnsuc.sys
2009-04-10 09:22 138,112 a------- c:\windows\system32\drivers\nmwcdnsu.sys

==================== Find3M ====================

2009-03-06 15:22 284,160 a------- c:\windows\system32\pdh.dll
2009-02-20 09:10 666,112 a------- c:\windows\system32\wininet.dll
2009-02-20 09:10 81,920 a------- c:\windows\system32\ieencode.dll
2009-02-09 13:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 13:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 13:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 13:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 12:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-07 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 12:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 12:08 2,189,056 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 11:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-03 20:59 56,832 a------- c:\windows\system32\secur32.dll

============= FINISH: 19:19:53.86 ===============

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Sorry, have loaded software to desktop but double click just makes computer hang for ages nohing happens, it won't install
Any ideas thanks ?

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE or HERE.

• Click on Avenger.zip to open the file
  
• Extract avenger.exe to your desktop
  

Note: This tool was posted specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Now, start The Avenger program by clicking on its icon on your desktop.

• Leave the script box empty.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

3. Please copy/paste the content of c:\avenger.txt into your reply.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "UACd.sys" found!
ImagePath: \systemroot\system32\drivers\UAClhdvpjyylkjbaor.sys
Driver disabled successfully.

Rootkit scan completed.


Completed script processing.

*******************

Finished! Terminate.

Have just re launched the malwarebytes and it is running at last, very slowly but I'm further down the line than I have been in the last week.
Thanks

Don't use MBAM yet, we aren't done with the avenger.

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Drivers to delete:
UACd.sys

Files to delete:
C:\WINDOWS\system32\drivers\UAClhdvpjyylkjbaor.sys
c:\windows\system32\iehelper.dll
c:\windows\sysguard.exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

• Under "Input script here:", paste in the script from the quote box above.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

4. Please copy/paste the content of c:\avenger.txt into your reply.

Will follow last post in a moment, have just managed t get bad machine on line so dealing direct now instead of via usb stick

The infection (the rootkit) is what was blocking internet access, so now it's disable, the net works.
We have to put a stop it to 100% before it can do anything else.

Forgot to tick disable rootkits found, but this is the text file.
Should I run again, I'll happily wait for your reply on this one , you are amazing !!

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "UACd.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\UAClhdvpjyylkjbaor.sys" deleted successfully.

Error: file "c:\windows\system32\iehelper.dll" not found!
Deletion of file "c:\windows\system32\iehelper.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "c:\windows\sysguard.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Update and run MBAM now, lets that run and post the log when done.

Hi,
Ran Mbam, it came up with 11 infections, clicked on quarantine and the program hung, left it for around 40 mins, nothing. also cant get on internet again, it hangs while trying to get to home page.
Sorry its not great news.

Am running again to hopefully complete.

Last edited by vince on 27th April 2009, 10:52 pm; edited 1 time in total (Reason for editing : to save posting an extra)

Ran again, hit remove and it say's quarantining, but again seems to have locked up , how long should I wait.

Okay, lets do another scan using this.

• Download combofix from here
  Link 1
  Link 2
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV. (AVG8 and Ad-watch)
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

Combofix want to go on internet to download the windows recovery console. but I cant get on. again



Managed to get on am following instructions !!!

Last edited by vince on 27th April 2009, 11:45 pm; edited 1 time in total (Reason for editing : situation changed)

post1 , txt split to fit on message board

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.502.213 [GMT 1:00]
Running from: c:\documents and settings\Vince Sharpe\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\VINCES~1\LOCALS~1\Temp\~WS2.tmp
c:\docume~1\VINCES~1\LOCALS~1\Temp\~WS3.tmp
c:\docume~1\VINCES~1\LOCALS~1\Temp\~WS4.tmp
c:\documents and settings\Vince Sharpe\Local Settings\Temp\~WS2.tmp
c:\documents and settings\Vince Sharpe\Local Settings\Temp\~WS3.tmp
c:\documents and settings\Vince Sharpe\Local Settings\Temp\~WS4.tmp
c:\windows\rs.txt
c:\windows\system32\UACasoyltodgictjmq.dll
c:\windows\system32\UACcftpuyxiusjwkrm.dll
c:\windows\system32\UACdolxmkmlonmtnsb.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACmeadxcnhrvrxehc.dll
c:\windows\system32\UACnfdqlaheyeorbql.log
c:\windows\system32\UACpjddcfrqhkxnmrs.dat
c:\windows\system32\UACyifvgdbhfnetpyk.dll

Infected copy of c:\windows\system32\sfcfiles.dll was found and disinfected
Restored copy from - c:\windows\$NtServicePackUninstall$\sfcfiles.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SFC
-------\Service_sfc


((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-4-27 )))))))))))))))))))))))))))))))
.

2009-04-27 20:59 . 2009-04-27 20:59 -------- d-----w c:\documents and settings\Vince Sharpe\Application Data\Malwarebytes
2009-04-27 20:37 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-27 20:37 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-27 20:12 . 2009-04-27 20:12 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-27 14:07 . 2009-04-27 17:39 -------- d-----w c:\program files\Enigma Software Group
2009-04-26 22:08 . 2009-03-09 19:06 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-26 21:45 . 2009-03-09 19:06 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-26 21:44 . 2009-04-26 21:44 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-26 21:43 . 2009-04-26 21:43 -------- d-----w c:\program files\Lavasoft
2009-04-26 21:43 . 2009-04-26 21:43 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-26 17:36 . 2009-04-27 22:37 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-26 14:29 . 2009-04-27 20:57 -------- d--h--w C:\$AVG8.VAULT$
2009-04-26 14:13 . 2009-04-26 14:13 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-26 14:13 . 2009-04-26 14:13 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-26 14:13 . 2009-04-26 14:13 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-26 14:13 . 2009-04-26 14:13 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-26 14:13 . 2009-04-26 14:13 -------- d-----w c:\documents and settings\Administrator\Application Data\AVGTOOLBAR
2009-04-26 14:13 . 2009-04-26 14:13 -------- d-----w c:\program files\AVG
2009-04-26 14:00 . 2009-04-26 17:20 -------- d-----w c:\documents and settings\Vince Sharpe\Application Data\AVGTOOLBAR
2009-04-26 13:59 . 2009-04-26 21:04 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-19 14:54 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-19 14:54 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-19 14:53 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-19 14:53 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-19 14:53 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-19 14:53 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-19 14:53 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-19 14:53 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-19 14:53 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-19 14:53 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-19 14:53 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-10 23:04 . 2006-08-29 14:56 32377 ----a-w c:\windows\system32\drivers\prodigy.sys
2009-04-10 23:03 . 2009-04-10 23:04 -------- d-----w c:\program files\NSS
2009-04-10 09:55 . 2008-04-13 18:45 26112 -c--a-w c:\windows\system32\dllcache\usbser.sys
2009-04-10 09:55 . 2008-04-13 18:45 26112 ----a-w c:\windows\system32\drivers\usbser.sys
2009-04-10 09:01 . 2009-04-10 09:54 -------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-04-10 09:00 . 2008-08-26 08:26 18816 ----a-w c:\windows\system32\drivers\pccsmcfd.sys
2009-04-10 09:00 . 2009-04-10 09:00 -------- d-----w c:\program files\PC Connectivity Solution
2009-04-10 08:41 . 2009-04-10 08:41 -------- d-----w c:\documents and settings\All Users\Application Data\Nokia
2009-04-10 08:22 . 2008-02-01 14:17 8320 ----a-w c:\windows\system32\drivers\nmwcdnsuc.sys
2009-04-10 08:22 . 2008-02-01 14:17 138112 ----a-w c:\windows\system32\drivers\nmwcdnsu.sys
2009-04-10 08:19 . 2009-04-10 23:17 -------- d-----w c:\documents and settings\All Users\Application Data\Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-26 05:57 . 2004-08-12 12:24 -------- d-----w c:\program files\Google
2009-04-25 17:12 . 2009-03-04 23:07 -------- d-----w c:\program files\SopCast
2009-04-10 09:53 . 2009-04-10 09:53 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-04-10 09:53 . 2009-04-10 09:53 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-04-10 09:02 . 2005-08-28 18:42 -------- d-----w c:\program files\Nokia
2009-04-10 09:00 . 2009-02-13 14:44 -------- d-----w c:\program files\DIFX
2009-04-10 08:59 . 2004-08-12 10:22 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-27 18:11 . 2004-08-12 11:28 42224 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-27 17:52 . 2009-03-27 17:52 -------- d-----w c:\program files\3Com
2009-03-26 12:36 . 2009-03-26 12:36 -------- d-----w c:\program files\MSBuild
2009-03-22 11:10 . 2009-03-22 11:09 -------- d-----w c:\program files\iTunes
2009-03-22 11:09 . 2009-03-22 11:09 -------- d-----w c:\program files\iPod
2009-03-22 11:09 . 2008-11-28 17:47 -------- d-----w c:\program files\Common Files\Apple
2009-03-22 11:06 . 2009-03-22 11:06 -------- d-----w c:\program files\Bonjour
2009-03-22 11:06 . 2008-11-28 17:49 -------- d-----w c:\program files\QuickTime
2009-03-14 20:47 . 2009-03-14 20:47 -------- d-----w c:\program files\Uniblue
2009-03-14 20:37 . 2009-03-14 20:37 -------- d-----w c:\program files\Reference Assemblies
2009-03-06 14:22 . 2004-08-11 18:09 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-20 08:10 . 2004-08-11 18:09 666112 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:10 . 2004-08-12 11:17 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2004-08-11 18:09 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-11 18:09 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2004-08-11 18:09 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-11 18:08 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2004-08-11 18:09 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 18:02 . 2002-08-29 01:04 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 11:11 . 2004-08-11 18:09 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2004-08-11 18:09 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-11 18:09 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:59 . 2004-08-11 18:09 56832 ----a-w c:\windows\system32\secur32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-11-17 53341]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-26 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-09 136600]
"SonyPowerCfg"="c:\program files\sony\vaio power management\SPMgr.exe" [2004-06-29 180224]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 176128]
"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2006-04-04 147456]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2003-08-18 1048576]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2005-12-07 09:33 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-07-01 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-07-01 118784]
"HKSERV.EXE"="c:\program files\Sony\HotKey Utility\HKserv.exe" [2004-07-09 122880]
"DataLayer"="c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-06-07 819712]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-07 114688]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-26 1932568]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"VAIO Update 2"="c:\program files\sony\vaio update 2\VAIOUpdt.exe" [2004-06-29 147456]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2002-03-14 45056]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-7-30 217195]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-4-6 113664]
Audio Filter.lnk - c:\program files\sony\sonicstage mastering studio\audio filter\SSMSFilter.exe [2005-4-6 2707456]
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2008-9-24 110647]
web'n'walk Manager.lnk - c:\program files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe [2007-11-7 794624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-26 14:13 10520 ----a-w c:\windows\system32\avgrsstx.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= SSMSFltr.dll
"mixer1"= SSMSFltr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
backup=c:\windows\pss\AOL 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Broadband Check-Up.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL Broadband Check-Up.lnk
backup=c:\windows\pss\AOL Broadband Check-Up.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\sony\\sonicstage\\Omgjbox.exe"=
"c:\\Program Files\\Adobe\\Acrobat 6.0\\Acrobat Elements\\Acrobat Elements.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\sony\\vaio media 3.1\\Vc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AOL 9.0a\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1161085292\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1161085292\\ee\\aim6.exe"=
"c:\\Program Files\\Cyberlink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\Cyberlink\\PowerCinema\\PCMService.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

Post 2 rest of txt.

R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2007-07-09 95744]
R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2007-06-26 51968]
R3 GTPTSER;GT PT SER;c:\windows\system32\DRIVERS\gtptser.sys [2007-03-30 8064]
R3 hcw66xxx;WinTV HVR-900H;c:\windows\system32\Drivers\hcw66xxx.sys [2008-02-27 418304]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-04-06 38496]
R3 memcard;PCMCIA Memory Card Driver;c:\windows\system32\DRIVERS\memcard.sys [2001-08-17 8320]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
R3 pelmouse;Mouse Suite Driver;c:\windows\system32\DRIVERS\pelmouse.sys [2002-06-28 17251]
R3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\DRIVERS\pelusblf.sys [2001-07-24 7520]
R3 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe [2004-07-08 118877]
R3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe [2004-07-08 278528]
R3 ZD1211U(3COM Corporation);3COM OfficeConnect Wireless 11g Compact USB Adapter(3COM Corporation);c:\windows\system32\DRIVERS\zd1211u.sys [2005-03-28 274432]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-03-09 64160]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-26 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-26 108552]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-26 298264]
S2 EPGService;EPGService;c:\progra~1\WinTV\EPG Services\System\EPGService.exe [2006-07-19 435200]
S2 GtDetectSc;GtDetectSc;c:\program files\T-Mobile\web'n'walk Manager\GtDetectSc.exe [2007-11-05 204915]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
S3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\DRIVERS\SonyPI.sys [2002-08-20 71961]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31f4d1b4-c231-11d9-8305-000e3589c2ae}]
\Shell\AutoRun\command - G:\
\Shell\open\Command - rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{338af8c2-eb13-11dd-863f-00038a000015}]
\Shell\AutoRun\command - G:\
\Shell\open\Command - rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a28d093-ab60-11d9-82bc-00038a000015}]
\Shell\AutoRun\command - G:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de1f4ba0-25b4-11de-8684-00038a000015}]
\Shell\AutoRun\command - G:\
\Shell\open\Command - rundll32.exe .\desktop.dll,InstallM
.
Contents of the 'Scheduled Tasks' folder

2009-04-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]

2009-04-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{C5968DB3-3160-4DA8-AF6D-019FE3ED863E} - c:\program files\IEToolbar\Cashback Guardian\CashbackGuardian.dll
HKCU-Run-NBJ - d:\programs-vince\Ahead\Nero BackItUp\NBJ.exe
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-Aim6 - (no file)
HKLM-Run-PDService.exe - c:\program files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
SSODL-UpdateCheck-{9B3074A1-D449-4209-8103-D14D03B90280} - c:\windows\system32\mstmdm.dll


.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://club.vaio.sony.co.uk/clubvaio/gb/en/home
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.club-vaio.sony-europe.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-28 00:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\windows\system32\SSMSFltr.dll

- - - - - - - > 'lsass.exe'(720)
c:\windows\system32\SSMSFltr.dll

- - - - - - - > 'explorer.exe'(1380)
c:\windows\system32\SSMSFltr.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\progra~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\windows\system32\igfxext.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\sony\HotKey Utility\HKWnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\wanmpsvc.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Cyberlink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\program files\Cyberlink\PowerCinema\Kernel\TV\CLSched.exe
.
**************************************************************************
.
Completion time: 2009-04-27 1:08 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-28 00:08

Pre-Run: 6,653,755,392 bytes free
Post-Run: 7,850,221,568 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

321 --- E O F --- 2009-04-25 00:18

Hello.

• Now open a new notepad file.
  
• Input this into the notepad file:
  

  
  Windows Registry Editor Version 5.00
  
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31f4d1b4-c231-11d9-8305-000e3589c2ae}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{338af8c2-eb13-11dd-863f-00038a000015}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de1f4ba0-25b4-11de-8684-00038a000015}]
  
  

  
  
• Save this as fix.reg, save it to your desktop.
  
• Double click fix.reg to run it.
  
• Select yes to the registry merge prompt.
  

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

Please update AVG now and let me know how the machine is running.

Hi, Have updated avg8.5 and reactivated.
I am posing this using the previous bad machine, so yes it looks good and fixed.
It's a little slow to load up, I suppose thats due to all the rubbish thats been pulled , squashed and dumped on it over the last few days.
There are no restore points in system restore, not sure whether they were supposed to come back or not. i did regularly create them but they are not there any more.
Machine is working though so I'm one happy guy.
Many many thanks Belahzur,
I will sing your praises to everyone I know.
Its quite odd that you have helpedme so much yet I have no idea who you are. I suppose thats the anonymous world of the net.
Good luck in whatever your doing.
Many many thanks again.
( if your happy with the outcome that is )

Hello.
The slowness could be due to number of stuff running at startup, because they run as a process too.
If you want, we can stop some of the un-needed junk from running.

Sadly, I will never show myself, or my real name. This is a public forum, we are fighting against the bad guys. I've seen the dark side of the internet, I know what they are capable of, it's very easy to track someone using the internet nowadays.

Many thanks again,
Have done some unticking in msconfig to improve things a little.
Great work thanks

Is there another alternative to msconfig, I seem to have a lot of process' running but not much inthe toolbar. ?

In Hijack This, toolbar section is O3.
Usually there isn't a lot of toolbars if you don't install toolbars.

Is it possible that the problems I had could have affected my mail server settings from outlook and my nokia e71 mobile phone, which i was picking emails up on while laptop was out of order. as the phone has ground to halt .
Thanks
Vince

Hello.
Did you have your phone plugged in via a USB while you were infected?

I don't think this rootkit can jump via USB infections, it wasn't the right type of variant, but let me know anyway.

Hi Guys,
Problems have crept back at me, I cannot get to load windows fully, i get the blue screen of death, have posted a new topic in system problems , but had no reply yet, so dont know whether you'll see this or not, or can you check my other post. the details are all there. Look forward to hearing from you again.
Many thanks
Vince