Thread: AVG 8 antivirus unable to update
View Single Post
Old 12-03-2008, 12:01 PM   #3 (permalink)
hsnmz
Registered User
 
Join Date: Dec 2008
Posts: 14
OS: Win XP Service Pack 3


Re: AVG 8 antivirus unable to update
Thanks for the reply. Things seem to be working fine now, AVG is OK. Also the google search result links are not redirecting to unknown sites. Here is the Combofix Log

---------------------------------------------

ComboFix 08-12-02.02 - Hassan Mirza 2008-12-03 23:43:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1690 [GMT 5:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\HASSAN~1\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\HASSAN~1\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\resycled
c:\resycled\boot.com
c:\windows\system32\h@tkeysh@@k.dll
c:\windows\system32\kdwwz.exe
D:\resycled
d:\resycled\boot.com
E:\resycled
e:\resycled\boot.com
F:\resycled
f:\resycled\boot.com

----- BITS: Possible infected sites -----

hxxp://xxxlexelink.com
.
((((((((((((((((((((((((( Files Created from 2008-11-03 to 2008-12-03 )))))))))))))))))))))))))))))))
.

2008-12-02 23:22 . 2008-12-02 23:22 250 --a------ c:\windows\gmer.ini
2008-11-18 21:41 . 2008-11-18 21:41 27,904 --a------ c:\windows\system32\drivers\ndisprot.sys
2008-11-12 21:15 . 2008-09-04 22:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 21:15 . 2008-10-24 16:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 19:19 . 2008-11-12 19:19 <DIR> d-------- c:\windows\system32\Futuremark

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-19 02:22 --------- d-----w c:\documents and settings\Hassan Mirza\Application Data\BitTorrent
2008-11-18 17:06 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-19 09:10 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-10-07 08:33 6,133,856 ----a-w c:\windows\system32\drivers\nv4_mini.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="d:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"Launch Ai Booster"="d:\program files\ASUS\AI Booster\OverClk.exe" [2006-07-13 3712512]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-18 843776]
"WinPatrol"="d:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-01-27 316728]
"SunJavaUpdateSched"="d:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-05 1234712]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Program Files\\DAP\\DAP.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"e:\\Far Cry 2\\bin\\FarCry2.exe"=
"e:\\Far Cry 2\\bin\\FC2Launcher.exe"=
"e:\\Far Cry 2\\bin\\FC2Editor.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-09-13 97928]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-09-13 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-09-13 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-09-13 76040]
R2 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys [2008-05-17 2368]
S3 cpuz126;cpuz126;\??\c:\docume~1\HASSAN~1\LOCALS~1\Temp\cpuz.sys []
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-06-21 13352]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-11-18 27904]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-05-18 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-05-18 8320]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80bbcdfb-7967-11dc-b115-ec676d9b4ffb}]
\Shell\verb1\command - i:\thumbs.dn\1.{3aea-1069-a2de-08002b30309d}\Thumbs.BAT

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{950e4c06-c138-11dc-b144-d691050e69fa}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
\Shell\Explore\command - I:\system.exe
\Shell\Open\command - I:\system.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e962fbd7-1848-11dc-b0ce-a7b6942047fa}]
\Shell\verb1\command - h:\thumbs.dn\1.{3aea-1069-a2de-08002b30309d}\Thumbs.BAT
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BitTorrent DNA - c:\program files\DNA\btdna.exe
HKLM-Run-c:\windows\system32\kdwwz.exe - c:\windows\system32\kdwwz.exe



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-03 23:45:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
d:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\rundll32.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-12-03 23:47:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-03 18:47:31

Pre-Run: 1,579,016,192 bytes free
Post-Run: 2,040,954,880 bytes free

128 --- E O F --- 2008-11-12 18:55:39
Last edited by hsnmz; 12-03-2008 at 12:04 PM.
hsnmz is offline