3 replies to this topic

[Robsta1974]

Hi there ,

Realise you guys are way busy at the moment , i been screwed over the last few days with a nasty Trojan that would not let me open any AV program malabytes anything, it also kept redirecting my browser to obscure sites and not what i wanted. Anyway I done a fresh wipe and reinstall, Everythis was great and last night I got the thing again (I know what website its on now and what music file not to download :/ ) Anyway done some searching followed some advice and ran a program called Avenger which deleted the file that was stopping me load any AV program. I ran Malabytes and a host of others and removed them. Working great now but today I picked up a trojan but it got removed and healed so something could still be in my system. Here is logs if somebody has time to take a quick peek , i would appreciate

Thanks

ComboFix 09-08-06.01 - Robsta 07/08/2009 17:35.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.3311.2506 [GMT 1:00]
Running from: e:\various program downloads\New Program Files\PC scanning tools\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\run.log
c:\windows\system32\Data
c:\windows\system32\Drivers\ikdkgg.sys
c:\windows\system32\Drivers\owbuc.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-07-07 to 2009-08-07 )))))))))))))))))))))))))))))))
.

2009-08-07 16:21 . 2009-08-07 16:21 -------- d-----w- c:\program files\Trend Micro
2009-08-07 16:04 . 2009-08-07 16:04 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-08-07 16:04 . 2009-08-07 16:10 54 ----a-w- c:\windows\system32\rp_stats.dat
2009-08-07 16:04 . 2009-08-07 16:10 39 ----a-w- c:\windows\system32\rp_rules.dat
2009-08-07 14:29 . 2009-08-07 14:29 -------- d-----w- c:\program files\VDJ5
2009-08-06 20:53 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-06 20:53 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-06 20:52 . 2009-08-07 15:08 -------- d--h--w- C:\$AVG8.VAULT$
2009-08-06 20:34 . 2009-08-06 20:34 0 ----a-w- C:\backup.reg
2009-08-06 20:24 . 2009-08-06 20:24 -------- d-sh--w- c:\documents and settings\Administrator.ROBSTA-197410GB\IECompatCache
2009-08-06 20:16 . 2009-08-06 20:16 -------- d-sh--w- c:\documents and settings\Administrator.ROBSTA-197410GB\PrivacIE
2009-08-06 18:00 . 2009-08-07 16:10 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-08-06 17:56 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-06 17:44 . 2009-08-06 17:44 -------- d-sh--w- c:\documents and settings\Administrator.ROBSTA-197410GB\IETldCache
2009-08-06 17:28 . 2009-08-06 17:28 -------- d-----w- c:\windows\Sun
2009-08-05 21:04 . 2008-04-13 18:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-08-05 21:04 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-08-05 21:01 . 2004-06-15 06:00 7680 ----a-w- c:\windows\system32\CNMVS61.DLL
2009-08-05 21:01 . 2004-06-15 06:00 116736 ----a-w- c:\windows\system32\CNMLM61.DLL
2009-08-05 21:01 . 2004-06-04 16:34 86016 ----a-w- c:\windows\system32\CNMCP61.exe
2009-08-05 21:01 . 2009-08-05 21:01 -------- d--h--w- C:\BJPrinter
2009-08-05 20:29 . 2000-06-26 10:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2009-08-05 20:29 . 2001-06-26 07:15 38912 ------w- c:\windows\system32\picn20.dll
2009-08-05 20:28 . 2001-07-06 11:44 544768 ------w- c:\windows\system32\imagx5.dll
2009-08-05 20:28 . 2001-07-06 17:24 283920 ------w- c:\windows\system32\ImagXpr5.dll
2009-08-05 20:28 . 2001-07-06 13:41 569344 ------w- c:\windows\system32\imagr5.dll
2009-08-05 20:28 . 2009-08-05 20:32 -------- d-----w- c:\program files\Common Files\Ahead
2009-08-05 20:28 . 2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2009-08-05 20:28 . 2009-08-05 20:29 -------- d-----w- c:\program files\Ahead
2009-08-05 20:08 . 2009-08-07 14:46 -------- d-----w- c:\documents and settings\Robsta\Application Data\BitTorrent
2009-08-05 20:08 . 2009-08-05 20:08 -------- d-----w- c:\program files\BitTorrent
2009-08-05 19:40 . 2009-08-05 19:39 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-05 19:39 . 2009-08-05 19:39 -------- d-----w- c:\program files\Java
2009-08-05 19:39 . 2009-08-05 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-05 19:39 . 2009-08-05 20:16 -------- d-----w- c:\program files\NOS
2009-08-05 19:39 . 2009-08-05 19:39 152576 ----a-w- c:\documents and settings\Robsta\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-05 18:13 . 2009-08-05 20:41 -------- d-----w- c:\program files\mIRC
2009-08-05 18:09 . 2009-08-05 18:09 -------- d-----w- c:\program files\Virtual DJ Studio
2009-08-05 18:07 . 2005-11-30 21:20 2314332 ----a-w- c:\windows\system32\LIBMMD.DLL
2009-08-05 17:56 . 2006-10-26 18:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-08-05 17:55 . 2009-08-05 17:55 -------- d-----w- c:\program files\Microsoft Works
2009-08-05 17:55 . 2009-08-05 17:55 -------- d-----w- c:\program files\MSBuild
2009-08-05 17:52 . 2009-08-05 17:55 -------- d-----w- c:\windows\SHELLNEW
2009-08-05 17:52 . 2009-08-05 17:52 -------- d-----w- c:\documents and settings\Robsta\Local Settings\Application Data\Microsoft Help
2009-08-05 17:52 . 2009-08-05 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-05 17:52 . 2009-08-05 17:52 -------- d--h--r- C:\MSOCache
2009-08-05 17:45 . 2009-08-05 17:45 -------- d-----w- c:\documents and settings\Robsta\Application Data\Windows Search
2009-08-05 17:40 . 2009-08-05 17:40 -------- d-----w- c:\documents and settings\Robsta\Local Settings\Application Data\Identities
2009-08-05 17:40 . 2009-08-05 17:40 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-05 17:40 . 2009-08-05 20:16 -------- d-----w- c:\program files\Windows Desktop Search
2009-08-05 17:40 . 2009-08-05 17:40 -------- d-----w- c:\windows\system32\GroupPolicy
2009-08-05 17:40 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-08-05 17:40 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2009-08-05 17:40 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2009-08-05 17:39 . 2009-08-05 17:39 -------- d-----w- c:\program files\Windows Media Connect 2
2009-08-05 17:38 . 2009-08-05 17:39 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-08-05 17:38 . 2009-08-05 17:38 -------- d-----w- c:\windows\system32\LogFiles
2009-08-05 17:38 . 2009-07-01 07:08 101376 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-08-05 17:19 . 2009-08-05 17:19 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-05 17:08 . 2009-08-05 17:08 -------- d-----w- c:\windows\system32\scripting
2009-08-05 17:08 . 2009-08-05 17:08 -------- d-----w- c:\windows\system32\en
2009-08-05 17:08 . 2009-08-05 17:08 -------- d-----w- c:\windows\l2schemas
2009-08-05 17:08 . 2009-08-05 17:08 -------- d-----w- c:\windows\system32\bits
2009-08-05 17:06 . 2009-08-05 17:08 -------- d-----w- c:\windows\ServicePackFiles
2009-08-05 17:02 . 2009-08-05 17:02 -------- d-----w- c:\windows\EHome
2009-08-05 16:41 . 2009-08-05 17:40 -------- d-----w- c:\windows\ie8updates
2009-08-05 16:40 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-08-05 16:40 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-08-05 16:40 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-05 16:40 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-05 16:40 . 2009-07-03 17:09 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-08-05 16:32 . 2009-08-05 16:32 -------- d-sh--w- c:\documents and settings\Robsta\IECompatCache
2009-08-05 16:32 . 2009-08-05 16:32 -------- d-sh--w- c:\documents and settings\Robsta\PrivacIE
2009-08-05 16:31 . 2009-08-05 16:31 -------- d-sh--w- c:\documents and settings\Robsta\IETldCache
2009-08-05 16:29 . 2009-08-05 16:29 -------- dc-h--w- c:\windows\ie8
2009-08-05 16:20 . 2009-08-05 16:20 -------- d-----w- C:\9255d1afcc709e42dc7a9a
2009-08-05 16:16 . 2004-08-03 21:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2009-08-05 16:02 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-08-05 16:02 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-08-05 16:01 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-08-05 16:01 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-08-05 16:01 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-08-05 16:01 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-08-05 16:01 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-08-05 16:01 . 2009-02-09 12:10 729088 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-08-05 16:01 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-08-05 16:01 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-08-05 16:01 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-08-05 16:01 . 2009-02-06 11:08 2189056 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-05 16:01 . 2009-02-06 11:06 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-05 16:01 . 2009-02-06 10:32 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-05 15:56 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-08-05 15:56 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-08-05 15:55 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-08-05 15:55 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-08-05 15:53 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-08-05 15:52 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-08-05 15:52 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-08-05 15:51 . 2009-08-05 16:00 -------- d-----w- c:\documents and settings\Robsta\Application Data\mIRC
2009-08-04 23:13 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-08-04 23:13 . 2009-08-04 23:13 -------- d-----w- c:\documents and settings\Robsta\Application Data\Malwarebytes
2009-08-04 23:13 . 2009-08-06 20:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-04 23:13 . 2009-08-04 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-04 23:12 . 2009-08-04 23:12 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-04 23:12 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
2009-08-04 23:12 . 2009-08-04 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-04 23:12 . 2009-08-04 23:12 -------- d-----w- c:\program files\Lavasoft
2009-08-04 23:09 . 2009-08-04 23:09 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-04 23:09 . 2009-08-04 23:09 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-08-04 23:09 . 2009-08-04 23:09 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-04 23:09 . 2009-08-04 23:09 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-04 23:09 . 2009-08-07 13:39 -------- d-----w- c:\windows\system32\drivers\Avg
2009-08-04 23:09 . 2009-08-04 23:09 -------- d-----w- c:\program files\AVG
2009-08-04 23:09 . 2009-08-04 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-04 23:05 . 2009-08-06 17:29 69240 ----a-w- c:\documents and settings\Robsta\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-04 23:04 . 2009-08-04 23:04 -------- d-----w- c:\documents and settings\Robsta\Application Data\AVG8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-06 20:39 . 2009-08-04 21:58 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-06 20:22 . 2009-08-06 20:22 8 ----a-w- c:\program files\bemucocw.txt
2009-08-05 21:07 . 2009-08-05 18:20 -------- d-----w- c:\program files\Winamp
2009-08-05 20:33 . 2009-08-04 21:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-05 20:20 . 2009-08-05 20:20 -------- d-----w- c:\program files\Common Files\MGI Shared
2009-08-05 20:20 . 2009-08-05 20:20 -------- d-----w- c:\program files\MGI
2009-08-05 20:20 . 2009-08-05 20:20 -------- d-----w- c:\documents and settings\Robsta\Application Data\MGI
2009-08-05 18:28 . 2009-08-05 18:20 -------- d-----w- c:\documents and settings\Robsta\Application Data\Winamp
2009-08-05 17:09 . 2009-08-04 21:41 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-08-04 22:45 . 2009-08-04 22:45 -------- d-----w- c:\program files\Belkin
2009-08-04 22:44 . 2009-08-04 22:44 -------- d-----w- c:\documents and settings\Robsta\Application Data\AdobeUM
2009-08-04 22:43 . 2009-08-04 22:43 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-04 22:20 . 2009-08-04 22:20 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-08-04 22:15 . 2009-08-04 21:48 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-04 22:13 . 2009-08-04 22:12 -------- d-----w- c:\program files\Creative
2009-08-04 22:04 . 2009-08-04 22:04 -------- d-----w- c:\program files\AGEIA Technologies
2009-08-04 21:57 . 2009-08-04 21:57 -------- d-----w- c:\program files\NVIDIA Corporation
2009-08-04 21:57 . 2009-08-04 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-08-04 21:52 . 2009-08-04 21:52 -------- d-----w- c:\program files\DIFX
2009-08-04 21:48 . 2009-08-04 21:48 -------- d-----w- c:\program files\VIA
2009-08-04 21:42 . 2009-08-04 21:42 -------- d-----w- c:\program files\microsoft frontpage
2009-08-04 21:39 . 2009-08-04 21:39 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-14 18:54 . 2009-08-04 21:57 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-07-14 18:54 . 2009-08-04 21:56 868352 ----a-w- c:\windows\system32\nvapi.dll
2009-07-14 18:54 . 2009-08-04 21:56 7741664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-07-14 18:54 . 2009-08-04 21:56 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
2009-07-14 18:54 . 2009-08-04 21:56 2002944 ----a-w- c:\windows\system32\nvcuda.dll
2009-07-14 18:54 . 2009-08-04 21:56 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-07-14 18:54 . 2009-08-04 21:56 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-07-14 18:54 . 2009-08-04 21:56 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-07-14 18:54 . 2009-08-04 21:56 10457088 ----a-w- c:\windows\system32\nvoglnt.dll
2009-07-14 18:54 . 2009-08-04 21:56 5842816 ----a-w- c:\windows\system32\nv4_disp.dll
2009-07-14 18:54 . 2009-08-04 21:56 1597690 ----a-w- c:\windows\system32\nvdata.bin
2009-07-14 12:34 . 2009-07-14 12:34 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-07-14 12:34 . 2009-07-14 12:34 8085504 ----a-w- c:\windows\system32\nvdispsr.dll
2009-07-14 12:34 . 2009-07-14 12:34 4923392 ----a-w- c:\windows\system32\nvdisps.dll
2009-07-14 12:34 . 2009-07-14 12:34 4640768 ----a-w- c:\windows\system32\nvgamesr.dll
2009-07-14 12:34 . 2009-07-14 12:34 458752 ----a-w- c:\windows\system32\nvmccssr.dll
2009-07-14 12:34 . 2009-07-14 12:34 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-07-14 12:34 . 2009-07-14 12:34 2854912 ----a-w- c:\windows\system32\nvmoblsr.dll
2009-07-14 12:34 . 2009-07-14 12:34 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-07-14 12:34 . 2009-07-14 12:34 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-07-14 12:34 . 2009-07-14 12:34 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-07-14 12:34 . 2009-07-14 12:34 13877248 ----a-w- c:\windows\system32\nvcpl.dll
2009-07-14 12:34 . 2009-07-14 12:34 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-07-14 12:34 . 2009-07-14 12:34 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-07-10 06:01 . 2009-08-04 21:57 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-07-03 17:09 . 2006-02-28 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:36 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2006-02-28 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-08 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-04 2000152]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"P17Helper"="P17.dll" - c:\windows\system32\P17.dll [2005-05-03 64512]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Belkin Wireless Utility.lnk - c:\program files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\Belkinwcui.exe [2009-8-4 1523712]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-04 23:09 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [05/08/2009 00:13 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [05/08/2009 00:09 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [05/08/2009 00:09 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [05/08/2009 00:09 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [05/08/2009 00:09 297752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03/07/2009 15:49 1029456]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\progra~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS [04/08/2009 23:45 17149]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-07 17:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3560)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2009-08-07 17:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-07 16:41

Pre-Run: 95,846,961,152 bytes free
Post-Run: 95,800,053,760 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

310 --- E O F --- 2009-08-05 17:49


Malwarebytes' Anti-Malware 1.40
Database version: 2574
Windows 5.1.2600 Service Pack 3

07/08/2009 17:03:43
mbam-log-2009-08-07 (17-03-43).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 143206
Time elapsed: 15 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:21:36, on 07/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\Belkinwcui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.bat
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Belkin Wireless Utility.lnk = C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\Belkinwcui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...t/PCPitStop.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5847 bytes

[Robsta1974]

PS i meant to say I have 3 AV type programs , AVG 8.0 Free, Malabytes and Ad-Aware Anniversary edition but for some reason ad-aware will not run at all. That makes me thing something is lurking about in there. I am trying to download superantispyware and wish to install that again. Is there an alternative to Ad-aware it dont seem great

[AdvancedSetup]

I apologize for the long delay however the site has been swamped with too many requests and your post appears to have been overlooked in the rush.
If you still require assistance please let us know.

[AdvancedSetup]

Since you appear to no longer be monitoring this post we will assume that you've already addressed the issue and no logner require assistance and we will close the post now.

If however you do still require assistance please send a private message to open the post again.