Nuqel.E bankerfox has disabled internet access and my anti spyware cant update

View previous topic View next topic Go down

Nuqel.E bankerfox has disabled internet access and my anti spyware cant update

Post by vince on Mon Apr 27, 2009 5:51 pm

Hi can someone point me in the right direction,
I have a nuqel.E and it wont allow me to get on internet to download latest virus updates. malware wants to go on, avg is not up to date. other anti spyare programs hang on install from usb stick
running xp.

vince
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2009-04-27
Gender : Male
OS : XP

View user profile

Back to top Go down

Re: Nuqel.E bankerfox has disabled internet access and my anti spyware cant update

Post by Belahzur on Mon Apr 27, 2009 6:02 pm


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Nuqel.E bankerfox has disabled internet access and my anti spyware cant update

Post by vince on Mon Apr 27, 2009 6:28 pm

Trying to post dds text, but keep getting told post is too big ??

vince
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2009-04-27
Gender : Male
OS : XP

View user profile

Back to top Go down

Re: Nuqel.E bankerfox has disabled internet access and my anti spyware cant update

Post by Belahzur on Mon Apr 27, 2009 6:42 pm

Split it up into more than one post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Nuqel.E bankerfox has disabled internet access and my anti spyware cant update

Post by vince on Mon Apr 27, 2009 6:49 pm

DDS (Ver_09-03-16.01) - NTFSx86
Run by Vince Sharpe at 19:10:41.32 on 27/04/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.502.57 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG8\aAvgApi.exe
C:\Program Files\sony\vaio update 2\VAIOUpdt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\sony\vaio power management\SPMgr.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\AOL\1161085292\ee\AOLSoftware.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\System32\igfxext.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\sony\sonicstage mastering studio\audio filter\SSMSFilter.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Documents and Settings\Vince Sharpe\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
mDefault_Page_URL = [You must be registered and logged in to see this link.]
mDefault_Search_URL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: BHO: {abd45510-9b22-41cd-9acd-8182a2da7c63} - c:\windows\system32\iehelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: TBSB05527 Class: {c5968db3-3160-4da8-af6d-019fe3ed863e} - c:\program files\ietoolbar\cashback guardian\CashbackGuardian.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Yahoo! Pager] c:\progra~1\yahoo!\messen~1\ypager.exe -quiet
uRun: [Sonic RecordNow!] c:\progra~1\yahoo!\messen~1\ypager.exe -quiet
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [NBJ] "d:\programs-vince\ahead\nero backitup\NBJ.exe"
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
uRun: [CreativeTaskScheduler] "c:\program files\creative\shared files\CTSched.exe" /logon
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [Aim6]
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PDService.exe] c:\program files\utimaco\safeguard privatedisk\pdservice.exe
mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -onlytray
mRun: [PCMService] "c:\program files\cyberlink\powercinema\PCMService.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [MPFExe] c:\progra~1\mcafee.com\person~1\MpfTray.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideo[inspector]] c:\program files\logitech\video\InstallHelper.exe /inspect
mRun: [LogitechCameraService(E)] c:\windows\system32\ElkCtrl.exe /automation
mRun: [LogitechCameraAssistant] c:\program files\logitech\video\CameraAssistant.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [HostManager] c:\program files\common files\aol\1161085292\ee\AOLSoftware.exe
mRun: [HKSERV.EXE] c:\program files\sony\hotkey utility\HKserv.exe
mRun: [DataLayer] c:\program files\common files\pcsuite\datalayer\DataLayer.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [AOL Spyware Protection] c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aol90t~1.lnk - c:\program files\aol 9.0a\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aolbro~1.lnk - c:\program files\aol\broadband checkup\bin\matcli.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\audiof~1.lnk - c:\program files\sony\sonicstage mastering studio\audio filter\SSMSFilter.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autost~1.lnk - c:\program files\wintv\Ir.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - d:\programs-vince\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\web'n'~1.lnk - c:\program files\t-mobile\web'n'walk manager\web'n'walk Manager.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: UpdateCheck - {9B3074A1-D449-4209-8103-D14D03B90280} - c:\windows\system32\mstmdm.dll

vince
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2009-04-27
Gender : Male
OS : XP

View user profile

Back to top Go down

Re: Nuqel.E bankerfox has disabled internet access and my anti spyware cant update

Post by vince on Mon Apr 27, 2009 6:50 pm

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-26 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-26 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-26 27656]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2002-10-30 71961]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-26 108552]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2007-7-9 95744]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2007-6-26 51968]
S3 GTPTSER;GT PT SER;c:\windows\system32\drivers\gtptser.sys [2007-3-30 8064]
S3 hcw66xxx;WinTV HVR-900H;c:\windows\system32\drivers\hcw66xxx.sys [2008-9-24 418304]
S3 memcard;PCMCIA Memory Card Driver;c:\windows\system32\drivers\memcard.sys [2007-5-29 8320]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-4-10 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-4-10 8320]
S3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [2004-8-12 17251]
S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\PELUSBlf.SYS [2004-8-12 7520]

=============== Created Last 30 ================

2009-04-27 15:08 296 a------- C:\spyhunter.fix
2009-04-27 15:07 --d----- c:\program files\Enigma Software Group
2009-04-26 23:08 15,688 a------- c:\windows\system32\lsdelete.exe
2009-04-26 22:45 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-04-26 22:44 -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-26 22:43 --d----- c:\program files\Lavasoft
2009-04-26 22:31 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-26 22:31 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-26 18:36 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-26 18:36 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-26 18:34 10,752 a------- c:\windows\system32\iehelper.dll
2009-04-26 15:29 --d-h--- C:\$AVG8.VAULT$
2009-04-26 15:13 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-04-26 15:13 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-26 15:13 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-04-26 15:13 --d----- c:\windows\system32\drivers\Avg
2009-04-26 15:13 --d----- c:\program files\AVG
2009-04-26 15:00 --d----- c:\docume~1\vinces~1\applic~1\AVGTOOLBAR
2009-04-26 14:59 --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-04-26 03:54 294,416 a------- c:\windows\sysguard.exe
2009-04-19 15:54 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-19 15:54 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-19 15:54 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-11 00:04 32,377 a------- c:\windows\system32\drivers\prodigy.sys
2009-04-11 00:03 --d----- c:\program files\NSS
2009-04-10 10:55 26,112 ac------ c:\windows\system32\dllcache\usbser.sys
2009-04-10 10:55 26,112 a------- c:\windows\system32\drivers\usbser.sys
2009-04-10 10:53 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-04-10 10:53 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-04-10 10:00 18,816 a------- c:\windows\system32\drivers\pccsmcfd.sys
2009-04-10 10:00 --d----- c:\program files\PC Connectivity Solution
2009-04-10 09:41 --d----- c:\docume~1\alluse~1\applic~1\Nokia
2009-04-10 09:22 8,320 a------- c:\windows\system32\drivers\nmwcdnsuc.sys
2009-04-10 09:22 138,112 a------- c:\windows\system32\drivers\nmwcdnsu.sys

==================== Find3M ====================

2009-03-06 15:22 284,160 a------- c:\windows\system32\pdh.dll
2009-02-20 09:10 666,112 a------- c:\windows\system32\wininet.dll
2009-02-20 09:10 81,920 a------- c:\windows\system32\ieencode.dll
2009-02-09 13:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 13:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 13:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 13:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 12:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-07 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 12:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 12:08 2,189,056 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 11:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-03 20:59 56,832 a------- c:\windows\system32\secur32.dll

============= FINISH: 19:19:53.86 ===============

vince
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2009-04-27
Gender : Male
OS : XP

View user profile

Back to top Go down

Re: Nuqel.E bankerfox has disabled internet access and my anti spyware cant update

Post by Belahzur on Mon Apr 27, 2009 7:05 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Nuqel.E bankerfox has disabled internet access and my anti spyware cant update

Post by vince on Mon Apr 27, 2009 7:45 pm

Sorry, have loaded software to desktop but double click just makes computer hang for ages nohing happens, it won't install
Any ideas thanks ?

vince
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2009-04-27
Gender : Male
OS : XP

View user profile

Back to top Go down

Re: Nuqel.E bankerfox has disabled internet access and my anti spyware cant update

Post by Belahzur on Mon Apr 27, 2009 8:14 pm

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop


Note: This tool was posted specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


2. Now, start The Avenger program by clicking on its icon on your desktop.

  • Leave the script box empty.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
3. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Nuqel.E bankerfox has disabled internet access and my anti spyware cant update

Post by vince on Mon Apr 27, 2009 9:01 pm

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "UACd.sys" found!
ImagePath: \systemroot\system32\drivers\UAClhdvpjyylkjbaor.sys
Driver disabled successfully.

Rootkit scan completed.


Completed script processing.

*******************

Finished! Terminate.

Have just re launched the malwarebytes and it is running at last, very slowly but I'm further down the line than I have been in the last week.
Thanks

vince
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2009-04-27
Gender : Male
OS : XP

View user profile

Back to top Go down

Re: Nuqel.E bankerfox has disabled internet access and my anti spyware cant update

Post by Belahzur on Mon Apr 27, 2009 9:03 pm

Don't use MBAM yet, we aren't done with the avenger.

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Drivers to delete:
UACd.sys

Files to delete:
C:\WINDOWS\system32\drivers\UAClhdvpjyylkjbaor.sys
c:\windows\system32\iehelper.dll
c:\windows\sysguard.exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Nuqel.E bankerfox has disabled internet access and my anti spyware cant update

Post by vince on Mon Apr 27, 2009 9:07 pm

Will follow last post in a moment, have just managed t get bad machine on line so dealing direct now instead of via usb stick

vince
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2009-04-27
Gender : Male
OS : XP

View user profile

Back to top Go down

Re: Nuqel.E bankerfox has disabled internet access and my anti spyware cant update

Post by Belahzur on Mon Apr 27, 2009 9:12 pm

The infection (the rootkit) is what was blocking internet access, so now it's disable, the net works.
We have to put a stop it to 100% before it can do anything else.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Nuqel.E bankerfox has disabled internet access and my anti spyware cant update

Post by vince on Mon Apr 27, 2009 9:32 pm

Forgot to tick disable rootkits found, but this is the text file.
Should I run again, I'll happily wait for your reply on this one , you are amazing !!

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "UACd.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\UAClhdvpjyylkjbaor.sys" deleted successfully.

Error: file "c:\windows\system32\iehelper.dll" not found!
Deletion of file "c:\windows\system32\iehelper.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "c:\windows\sysguard.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

vince
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2009-04-27
Gender : Male
OS : XP

View user profile

Back to top Go down

Re: Nuqel.E bankerfox has disabled internet access and my anti spyware cant update

Post by Belahzur on Mon Apr 27, 2009 9:34 pm

Update and run MBAM now, lets that run and post the log when done.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Nuqel.E bankerfox has disabled internet access and my anti spyware cant update

Post by vince on Mon Apr 27, 2009 10:32 pm

Hi,
Ran Mbam, it came up with 11 infections, clicked on quarantine and the program hung, left it for around 40 mins, nothing. also cant get on internet again, it hangs while trying to get to home page.
Sorry its not great news.

Am running again to hopefully complete.


Last edited by vince on Mon Apr 27, 2009 10:52 pm; edited 1 time in total (Reason for editing : to save posting an extra)

vince
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2009-04-27
Gender : Male
OS : XP

View user profile

Back to top Go down

Re: Nuqel.E bankerfox has disabled internet access and my anti spyware cant update

Post by vince on Mon Apr 27, 2009 10:54 pm

Ran again, hit remove and it say's quarantining, but again seems to have locked up , how long should I wait.

vince
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2009-04-27
Gender : Male
OS : XP

View user profile

Back to top Go down

Re: Nuqel.E bankerfox has disabled internet access and my anti spyware cant update

Post by Belahzur on Mon Apr 27, 2009 11:18 pm

Okay, lets do another scan using this.


  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV. (AVG8 and Ad-watch)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Nuqel.E bankerfox has disabled internet access and my anti spyware cant update

Post by vince on Mon Apr 27, 2009 11:37 pm

Combofix want to go on internet to download the windows recovery console. but I cant get on. again



Managed to get on am following instructions !!!


Last edited by vince on Mon Apr 27, 2009 11:45 pm; edited 1 time in total (Reason for editing : situation changed)

vince
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2009-04-27
Gender : Male
OS : XP

View user profile

Back to top Go down

Re: Nuqel.E bankerfox has disabled internet access and my anti spyware cant update

Post by vince on Tue Apr 28, 2009 12:15 am

post1 , txt split to fit on message board

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.502.213 [GMT 1:00]
Running from: c:\documents and settings\Vince Sharpe\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\VINCES~1\LOCALS~1\Temp\~WS2.tmp
c:\docume~1\VINCES~1\LOCALS~1\Temp\~WS3.tmp
c:\docume~1\VINCES~1\LOCALS~1\Temp\~WS4.tmp
c:\documents and settings\Vince Sharpe\Local Settings\Temp\~WS2.tmp
c:\documents and settings\Vince Sharpe\Local Settings\Temp\~WS3.tmp
c:\documents and settings\Vince Sharpe\Local Settings\Temp\~WS4.tmp
c:\windows\rs.txt
c:\windows\system32\UACasoyltodgictjmq.dll
c:\windows\system32\UACcftpuyxiusjwkrm.dll
c:\windows\system32\UACdolxmkmlonmtnsb.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACmeadxcnhrvrxehc.dll
c:\windows\system32\UACnfdqlaheyeorbql.log
c:\windows\system32\UACpjddcfrqhkxnmrs.dat
c:\windows\system32\UACyifvgdbhfnetpyk.dll

Infected copy of c:\windows\system32\sfcfiles.dll was found and disinfected
Restored copy from - c:\windows\$NtServicePackUninstall$\sfcfiles.dll


.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SFC
-------\Service_sfc


((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-4-27 )))))))))))))))))))))))))))))))
.

2009-04-27 20:59 . 2009-04-27 20:59 -------- d-----w c:\documents and settings\Vince Sharpe\Application Data\Malwarebytes
2009-04-27 20:37 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-27 20:37 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-27 20:12 . 2009-04-27 20:12 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-27 14:07 . 2009-04-27 17:39 -------- d-----w c:\program files\Enigma Software Group
2009-04-26 22:08 . 2009-03-09 19:06 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-26 21:45 . 2009-03-09 19:06 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-26 21:44 . 2009-04-26 21:44 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-26 21:43 . 2009-04-26 21:43 -------- d-----w c:\program files\Lavasoft
2009-04-26 21:43 . 2009-04-26 21:43 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-26 17:36 . 2009-04-27 22:37 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-26 14:29 . 2009-04-27 20:57 -------- d--h--w C:\$AVG8.VAULT$
2009-04-26 14:13 . 2009-04-26 14:13 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-26 14:13 . 2009-04-26 14:13 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-26 14:13 . 2009-04-26 14:13 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-26 14:13 . 2009-04-26 14:13 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-26 14:13 . 2009-04-26 14:13 -------- d-----w c:\documents and settings\Administrator\Application Data\AVGTOOLBAR
2009-04-26 14:13 . 2009-04-26 14:13 -------- d-----w c:\program files\AVG
2009-04-26 14:00 . 2009-04-26 17:20 -------- d-----w c:\documents and settings\Vince Sharpe\Application Data\AVGTOOLBAR
2009-04-26 13:59 . 2009-04-26 21:04 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-19 14:54 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-19 14:54 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-19 14:53 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-19 14:53 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-19 14:53 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-19 14:53 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-19 14:53 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-19 14:53 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-19 14:53 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-19 14:53 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-19 14:53 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-10 23:04 . 2006-08-29 14:56 32377 ----a-w c:\windows\system32\drivers\prodigy.sys
2009-04-10 23:03 . 2009-04-10 23:04 -------- d-----w c:\program files\NSS
2009-04-10 09:55 . 2008-04-13 18:45 26112 -c--a-w c:\windows\system32\dllcache\usbser.sys
2009-04-10 09:55 . 2008-04-13 18:45 26112 ----a-w c:\windows\system32\drivers\usbser.sys
2009-04-10 09:01 . 2009-04-10 09:54 -------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-04-10 09:00 . 2008-08-26 08:26 18816 ----a-w c:\windows\system32\drivers\pccsmcfd.sys
2009-04-10 09:00 . 2009-04-10 09:00 -------- d-----w c:\program files\PC Connectivity Solution
2009-04-10 08:41 . 2009-04-10 08:41 -------- d-----w c:\documents and settings\All Users\Application Data\Nokia
2009-04-10 08:22 . 2008-02-01 14:17 8320 ----a-w c:\windows\system32\drivers\nmwcdnsuc.sys
2009-04-10 08:22 . 2008-02-01 14:17 138112 ----a-w c:\windows\system32\drivers\nmwcdnsu.sys
2009-04-10 08:19 . 2009-04-10 23:17 -------- d-----w c:\documents and settings\All Users\Application Data\Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-26 05:57 . 2004-08-12 12:24 -------- d-----w c:\program files\Google
2009-04-25 17:12 . 2009-03-04 23:07 -------- d-----w c:\program files\SopCast
2009-04-10 09:53 . 2009-04-10 09:53 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-04-10 09:53 . 2009-04-10 09:53 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-04-10 09:02 . 2005-08-28 18:42 -------- d-----w c:\program files\Nokia
2009-04-10 09:00 . 2009-02-13 14:44 -------- d-----w c:\program files\DIFX
2009-04-10 08:59 . 2004-08-12 10:22 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-27 18:11 . 2004-08-12 11:28 42224 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-27 17:52 . 2009-03-27 17:52 -------- d-----w c:\program files\3Com
2009-03-26 12:36 . 2009-03-26 12:36 -------- d-----w c:\program files\MSBuild
2009-03-22 11:10 . 2009-03-22 11:09 -------- d-----w c:\program files\iTunes
2009-03-22 11:09 . 2009-03-22 11:09 -------- d-----w c:\program files\iPod
2009-03-22 11:09 . 2008-11-28 17:47 -------- d-----w c:\program files\Common Files\Apple
2009-03-22 11:06 . 2009-03-22 11:06 -------- d-----w c:\program files\Bonjour
2009-03-22 11:06 . 2008-11-28 17:49 -------- d-----w c:\program files\QuickTime
2009-03-14 20:47 . 2009-03-14 20:47 -------- d-----w c:\program files\Uniblue
2009-03-14 20:37 . 2009-03-14 20:37 -------- d-----w c:\program files\Reference Assemblies
2009-03-06 14:22 . 2004-08-11 18:09 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-20 08:10 . 2004-08-11 18:09 666112 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:10 . 2004-08-12 11:17 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2004-08-11 18:09 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-11 18:09 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2004-08-11 18:09 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-11 18:08 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2004-08-11 18:09 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 18:02 . 2002-08-29 01:04 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 11:11 . 2004-08-11 18:09 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2004-08-11 18:09 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-11 18:09 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:59 . 2004-08-11 18:09 56832 ----a-w c:\windows\system32\secur32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-11-17 53341]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-26 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-09 136600]
"SonyPowerCfg"="c:\program files\sony\vaio power management\SPMgr.exe" [2004-06-29 180224]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 176128]
"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2006-04-04 147456]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2003-08-18 1048576]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2005-12-07 09:33 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-07-01 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-07-01 118784]
"HKSERV.EXE"="c:\program files\Sony\HotKey Utility\HKserv.exe" [2004-07-09 122880]
"DataLayer"="c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-06-07 819712]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-07 114688]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-26 1932568]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"VAIO Update 2"="c:\program files\sony\vaio update 2\VAIOUpdt.exe" [2004-06-29 147456]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2002-03-14 45056]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-7-30 217195]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-4-6 113664]
Audio Filter.lnk - c:\program files\sony\sonicstage mastering studio\audio filter\SSMSFilter.exe [2005-4-6 2707456]
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2008-9-24 110647]
web'n'walk Manager.lnk - c:\program files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe [2007-11-7 794624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-26 14:13 10520 ----a-w c:\windows\system32\avgrsstx.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= SSMSFltr.dll
"mixer1"= SSMSFltr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
backup=c:\windows\pss\AOL 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Broadband Check-Up.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL Broadband Check-Up.lnk
backup=c:\windows\pss\AOL Broadband Check-Up.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\sony\\sonicstage\\Omgjbox.exe"=
"c:\\Program Files\\Adobe\\Acrobat 6.0\\Acrobat Elements\\Acrobat Elements.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\sony\\vaio media 3.1\\Vc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AOL 9.0a\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1161085292\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1161085292\\ee\\aim6.exe"=
"c:\\Program Files\\Cyberlink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\Cyberlink\\PowerCinema\\PCMService.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

vince
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2009-04-27
Gender : Male
OS : XP

View user profile

Back to top Go down

Re: Nuqel.E bankerfox has disabled internet access and my anti spyware cant update

Post by vince on Tue Apr 28, 2009 12:16 am

Post 2 rest of txt.

R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2007-07-09 95744]
R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2007-06-26 51968]
R3 GTPTSER;GT PT SER;c:\windows\system32\DRIVERS\gtptser.sys [2007-03-30 8064]
R3 hcw66xxx;WinTV HVR-900H;c:\windows\system32\Drivers\hcw66xxx.sys [2008-02-27 418304]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-04-06 38496]
R3 memcard;PCMCIA Memory Card Driver;c:\windows\system32\DRIVERS\memcard.sys [2001-08-17 8320]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
R3 pelmouse;Mouse Suite Driver;c:\windows\system32\DRIVERS\pelmouse.sys [2002-06-28 17251]
R3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\DRIVERS\pelusblf.sys [2001-07-24 7520]
R3 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe [2004-07-08 118877]
R3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe [2004-07-08 278528]
R3 ZD1211U(3COM Corporation);3COM OfficeConnect Wireless 11g Compact USB Adapter(3COM Corporation);c:\windows\system32\DRIVERS\zd1211u.sys [2005-03-28 274432]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-03-09 64160]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-26 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-26 108552]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-26 298264]
S2 EPGService;EPGService;c:\progra~1\WinTV\EPG Services\System\EPGService.exe [2006-07-19 435200]
S2 GtDetectSc;GtDetectSc;c:\program files\T-Mobile\web'n'walk Manager\GtDetectSc.exe [2007-11-05 204915]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
S3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\DRIVERS\SonyPI.sys [2002-08-20 71961]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31f4d1b4-c231-11d9-8305-000e3589c2ae}]
\Shell\AutoRun\command - G:\
\Shell\open\Command - rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{338af8c2-eb13-11dd-863f-00038a000015}]
\Shell\AutoRun\command - G:\
\Shell\open\Command - rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a28d093-ab60-11d9-82bc-00038a000015}]
\Shell\AutoRun\command - G:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de1f4ba0-25b4-11de-8684-00038a000015}]
\Shell\AutoRun\command - G:\
\Shell\open\Command - rundll32.exe .\desktop.dll,InstallM
.
Contents of the 'Scheduled Tasks' folder

2009-04-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]

2009-04-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{C5968DB3-3160-4DA8-AF6D-019FE3ED863E} - c:\program files\IEToolbar\Cashback Guardian\CashbackGuardian.dll
HKCU-Run-NBJ - d:\programs-vince\Ahead\Nero BackItUp\NBJ.exe
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-Aim6 - (no file)
HKLM-Run-PDService.exe - c:\program files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
SSODL-UpdateCheck-{9B3074A1-D449-4209-8103-D14D03B90280} - c:\windows\system32\mstmdm.dll


.
------- Supplementary Scan -------
.
uSearch Page = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-04-28 00:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\windows\system32\SSMSFltr.dll

- - - - - - - > 'lsass.exe'(720)
c:\windows\system32\SSMSFltr.dll

- - - - - - - > 'explorer.exe'(1380)
c:\windows\system32\SSMSFltr.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\progra~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\windows\system32\igfxext.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\sony\HotKey Utility\HKWnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\wanmpsvc.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Cyberlink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\program files\Cyberlink\PowerCinema\Kernel\TV\CLSched.exe
.
**************************************************************************
.
Completion time: 2009-04-27 1:08 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-28 00:08

Pre-Run: 6,653,755,392 bytes free
Post-Run: 7,850,221,568 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

321 --- E O F --- 2009-04-25 00:18

vince
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2009-04-27
Gender : Male
OS : XP

View user profile

Back to top Go down

Re: Nuqel.E bankerfox has disabled internet access and my anti spyware cant update

Post by Belahzur on Tue Apr 28, 2009 12:24 am

Hello.

  • Now open a new notepad file.
  • Input this into the notepad file:

    Windows Registry Editor Version 5.00

    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31f4d1b4-c231-11d9-8305-000e3589c2ae}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{338af8c2-eb13-11dd-863f-00038a000015}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de1f4ba0-25b4-11de-8684-00038a000015}]

  • Save this as fix.reg, save it to your desktop.
  • Double click fix.reg to run it.
  • Select yes to the registry merge prompt.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

Please update AVG now and let me know how the machine is running.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Nuqel.E bankerfox has disabled internet access and my anti spyware cant update

Post by vince on Tue Apr 28, 2009 1:05 am

Hi, Have updated avg8.5 and reactivated.
I am posing this using the previous bad machine, so yes it looks good and fixed.
It's a little slow to load up, I suppose thats due to all the rubbish thats been pulled , squashed and dumped on it over the last few days.
There are no restore points in system restore, not sure whether they were supposed to come back or not. i did regularly create them but they are not there any more.
Machine is working though so I'm one happy guy.
Many many thanks Belahzur,
I will sing your praises to everyone I know.
Its quite odd that you have helpedme so much yet I have no idea who you are. I suppose thats the anonymous world of the net.
Good luck in whatever your doing.
Many many thanks again.
( if your happy with the outcome that is )

vince
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2009-04-27
Gender : Male
OS : XP

View user profile

Back to top Go down

Re: Nuqel.E bankerfox has disabled internet access and my anti spyware cant update

Post by Belahzur on Tue Apr 28, 2009 1:11 pm

Hello.
The slowness could be due to number of stuff running at startup, because they run as a process too.
If you want, we can stop some of the un-needed junk from running.

Sadly, I will never show myself, or my real name. This is a public forum, we are fighting against the bad guys. I've seen the dark side of the internet, I know what they are capable of, it's very easy to track someone using the internet nowadays.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Nuqel.E bankerfox has disabled internet access and my anti spyware cant update

Post by vince on Tue Apr 28, 2009 7:32 pm

Many thanks again,
Have done some unticking in msconfig to improve things a little.
Great work thanks

vince
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2009-04-27
Gender : Male
OS : XP

View user profile

Back to top Go down

Re: Nuqel.E bankerfox has disabled internet access and my anti spyware cant update

Post by vince on Wed Apr 29, 2009 1:27 pm

Is there another alternative to msconfig, I seem to have a lot of process' running but not much inthe toolbar. ?

vince
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2009-04-27
Gender : Male
OS : XP

View user profile

Back to top Go down

Re: Nuqel.E bankerfox has disabled internet access and my anti spyware cant update

Post by Belahzur on Wed Apr 29, 2009 2:25 pm

In Hijack This, toolbar section is O3.
Usually there isn't a lot of toolbars if you don't install toolbars.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Nuqel.E bankerfox has disabled internet access and my anti spyware cant update

Post by vince on Thu Apr 30, 2009 5:29 pm

Is it possible that the problems I had could have affected my mail server settings from outlook and my nokia e71 mobile phone, which i was picking emails up on while laptop was out of order. as the phone has ground to halt .
Thanks
Vince

vince
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2009-04-27
Gender : Male
OS : XP

View user profile

Back to top Go down

Re: Nuqel.E bankerfox has disabled internet access and my anti spyware cant update

Post by Belahzur on Thu Apr 30, 2009 5:38 pm

Hello.
Did you have your phone plugged in via a USB while you were infected?

I don't think this rootkit can jump via USB infections, it wasn't the right type of variant, but let me know anyway.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Nuqel.E bankerfox has disabled internet access and my anti spyware cant update

Post by vince on Sun May 17, 2009 1:12 am

Hi Guys,
Problems have crept back at me, I cannot get to load windows fully, i get the blue screen of death, have posted a new topic in system problems , but had no reply yet, so dont know whether you'll see this or not, or can you check my other post. the details are all there. Look forward to hearing from you again.
Many thanks
Vince

vince
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2009-04-27
Gender : Male
OS : XP

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum