AVG 8 antivirus unable to update

[hsnmz]

hi

for a few days, the AVG antivirus has been unable to update autmatically or amnually. also anti virus web sites are not opening. sometimes when i click a search result in google the IE is redirected to some other website instead of the link clicked.

I am attaching the contents of DDS.txt
------------------------------------------


DDS (Version 1.0) - NTFSx86
Run by Hassan Mirza at 23:28:56.21 on Tue 12/02/2008
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1481 [GMT 5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
d:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Hassan Mirza\Desktop\dds.com
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mWinlogon: System=kdwwz.exe
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - d:\program files\java\jre1.6.0_07\bin\ssv.dll
TB: {62999427-33FC-4baf-9C9C-BCE6BD127F08} - d:\program files\dap\DAPIEBar.dll
uRun: [NVIDIA nTune] "d:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [Launch Ai Booster] "d:\program files\asus\ai booster\OverClk.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [WinPatrol] d:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [SunJavaUpdateSched] "d:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
StartupFolder: c:\docume~1\hassan~1\startm~1\programs\startup\adobeg~1.lnk - c:\windows\ime\svchost.exe
IE: &Download with &DAP - d:\progra~1\dap\dapextie.htm
IE: Download &all with DAP - d:\progra~1\dap\dapextie2.htm
IE: {669695BC-A811-4A9D-8CDF-BA8C795F261C} - d:\progra~1\dap\DAP.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - d:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {669695BC-A811-4A9D-8CDF-BA8C795F261C} - d:\progra~1\dap\DAP.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: {DF144F77-6011-4F19-93A7-0186C541DA7F} = 85.255.112.74;85.255.112.191
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - d:\progra~1\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - d:\progra~1\dap\dapie.dll
Name-Space Handler: HTTPS\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - d:\progra~1\dap\dapie.dll
AppInit_DLLs: avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli scecli scecli

============= SERVICES / DRIVERS ===============

R0 nvgts;nvgts;c:\windows\system32\drivers\nvgts.sys [2008-8-18 145952]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-13 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-9-13 26824]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-9-13 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-9-13 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-9-13 76040]
R2 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys [2008-5-17 2368]
S3 cpuz126;cpuz126;\??\c:\docume~1\hassan~1\locals~1\temp\cpuz.sys []
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-6-21 13352]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-11-18 27904]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-5-18 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-5-18 8320]

=============== Created Last 30 ================

2008-12-02 23:22 250 a------- c:\windows\gmer.ini
2008-11-19 23:00 20,480 a------- c:\windows\system32\H@tKeysH@@k.DLL
2008-11-19 22:16 <DIR> --d-h--- C:\autorun.inf
2008-11-18 21:41 27,904 a------- c:\windows\system32\drivers\ndisprot.sys
2008-11-18 21:40 <DIR> --dshr-- C:\resycled
2008-11-12 21:15 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 21:15 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2008-11-12 19:19 <DIR> --d----- c:\windows\system32\Futuremark

==================== Find3M ====================

2008-11-19 07:22 <DIR> --d----- c:\docume~1\hassan~1\applic~1\BitTorrent
2008-11-18 22:13 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-10-19 14:10 103,736 a------- c:\windows\system32\PnkBstrB.exe
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-15 17:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-13 19:03 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-09-13 18:46 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-09-13 17:44 22,780 a------- c:\windows\system32\emptyregdb.dat
2008-09-13 17:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2008-09-10 06:14 1,307,648 a------- c:\windows\system32\msxml6.dll
2008-09-04 22:15 1,106,944 a------- c:\windows\system32\msxml3.dll
2008-09-04 18:52 <DIR> --d----- c:\docume~1\hassan~1\applic~1\LG Electronics
2008-07-18 10:16 <DIR> --d----- c:\docume~1\hassan~1\applic~1\Ubisoft
2008-07-15 23:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Ubisoft
2008-07-15 17:00 <DIR> --d----- c:\docume~1\hassan~1\applic~1\DNA
2008-06-22 00:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BVRP Software
2008-06-22 00:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sony Ericsson
2008-06-21 23:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Downloaded Installations
2008-06-20 21:13 <DIR> --d----- c:\docume~1\hassan~1\applic~1\Nokia
2008-05-30 20:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NFS Underground
2008-05-19 16:34 <DIR> --d----- c:\docume~1\hassan~1\applic~1\Datalayer
2008-05-18 00:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nokia
2008-05-18 00:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Installations
2008-05-17 17:07 <DIR> --d----- c:\docume~1\hassan~1\applic~1\WinPatrol
2007-11-05 23:02 <DIR> --d----- c:\docume~1\hassan~1\applic~1\Bioshock
2007-08-18 00:32 <DIR> --d----- c:\docume~1\hassan~1\applic~1\COWON
2007-08-14 03:09 <DIR> --d----- c:\docume~1\hassan~1\applic~1\TMNT
2007-07-09 23:21 <DIR> --d----- c:\docume~1\hassan~1\applic~1\Activision
2007-06-11 23:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Suite
2007-06-11 23:52 <DIR> --d----- c:\docume~1\hassan~1\applic~1\PC Suite

============= FINISH: 23:30:12.48 ===============

[Angelfire777]

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix


* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

[hsnmz]

Thanks for the reply. Things seem to be working fine now, AVG is OK. Also the google search result links are not redirecting to unknown sites. Here is the Combofix Log

---------------------------------------------

ComboFix 08-12-02.02 - Hassan Mirza 2008-12-03 23:43:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1690 [GMT 5:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\HASSAN~1\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\HASSAN~1\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\resycled
c:\resycled\boot.com
c:\windows\system32\h@tkeysh@@k.dll
c:\windows\system32\kdwwz.exe
D:\resycled
d:\resycled\boot.com
E:\resycled
e:\resycled\boot.com
F:\resycled
f:\resycled\boot.com

----- BITS: Possible infected sites -----

hxxp://xxxlexelink.com
.
((((((((((((((((((((((((( Files Created from 2008-11-03 to 2008-12-03 )))))))))))))))))))))))))))))))
.

2008-12-02 23:22 . 2008-12-02 23:22 250 --a------ c:\windows\gmer.ini
2008-11-18 21:41 . 2008-11-18 21:41 27,904 --a------ c:\windows\system32\drivers\ndisprot.sys
2008-11-12 21:15 . 2008-09-04 22:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 21:15 . 2008-10-24 16:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 19:19 . 2008-11-12 19:19 <DIR> d-------- c:\windows\system32\Futuremark

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-19 02:22 --------- d-----w c:\documents and settings\Hassan Mirza\Application Data\BitTorrent
2008-11-18 17:06 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-19 09:10 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-10-07 08:33 6,133,856 ----a-w c:\windows\system32\drivers\nv4_mini.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="d:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"Launch Ai Booster"="d:\program files\ASUS\AI Booster\OverClk.exe" [2006-07-13 3712512]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-18 843776]
"WinPatrol"="d:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-01-27 316728]
"SunJavaUpdateSched"="d:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-05 1234712]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Program Files\\DAP\\DAP.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"e:\\Far Cry 2\\bin\\FarCry2.exe"=
"e:\\Far Cry 2\\bin\\FC2Launcher.exe"=
"e:\\Far Cry 2\\bin\\FC2Editor.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-09-13 97928]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-09-13 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-09-13 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-09-13 76040]
R2 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys [2008-05-17 2368]
S3 cpuz126;cpuz126;\??\c:\docume~1\HASSAN~1\LOCALS~1\Temp\cpuz.sys []
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-06-21 13352]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-11-18 27904]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-05-18 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-05-18 8320]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80bbcdfb-7967-11dc-b115-ec676d9b4ffb}]
\Shell\verb1\command - i:\thumbs.dn\1.{3aea-1069-a2de-08002b30309d}\Thumbs.BAT

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{950e4c06-c138-11dc-b144-d691050e69fa}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
\Shell\Explore\command - I:\system.exe
\Shell\Open\command - I:\system.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e962fbd7-1848-11dc-b0ce-a7b6942047fa}]
\Shell\verb1\command - h:\thumbs.dn\1.{3aea-1069-a2de-08002b30309d}\Thumbs.BAT
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BitTorrent DNA - c:\program files\DNA\btdna.exe
HKLM-Run-c:\windows\system32\kdwwz.exe - c:\windows\system32\kdwwz.exe



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-03 23:45:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
d:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\rundll32.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-12-03 23:47:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-03 18:47:31

Pre-Run: 1,579,016,192 bytes free
Post-Run: 2,040,954,880 bytes free

128 --- E O F --- 2008-11-12 18:55:39

[Angelfire777]

Hi,

Are you using the free version of Download Accelerator Plus?

If so, I recommend you to uninstall it as it is heavily ad-supported.


*I see you have P2P software ( BitTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here, here, and here.

I would strongly recommend that you uninstall it, however that choice is up to you. If you choose to remove this program, you can do so via Control Panel >> add/remove programs

If you decide to uninstall the p2p applications, also delete these Folder if they still exist:

C:\Program Files\BitTorrent
c:\documents and settings\Hassan Mirza\Application Data\BitTorrent

*Download Flash_Disinfector from here and save it to your desktop.
Doubleclick on Flash_Disinfector.exe to run it and follow the prompts.
Wait until it has finished scanning and then exit the program.
The utility may ask you to insert your flash drive and/or other removable drives. This may include your mobile phone.
Please do so and allow the utility to clean up those drives as well.

DO NOT remove your flashdrive until I tell you to do so.


*Open notepad.
Copy and paste the text inside the code box below to notepad

Code:

File::
c:\windows\system32\drivers\ndisprot.sys
c:\docume~1\HASSAN~1\LOCALS~1\Temp\cpuz.sys
I:\system.exe
Folder::
i:\thumbs.dn
h:\thumbs.dn
Driver::
cpuz126
Ndisprot
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80bbcdfb-7967-11dc-b115-ec676d9b4ffb}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{950e4c06-c138-11dc-b144-d691050e69fa}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e962fbd7-1848-11dc-b0ce-a7b6942047fa}]

• Save and Name it as "CFScript"
• Drag and drop CFScript.txt to your copy of combofix.
• You can take a look at the image below if you're unsure on how to do it.
  
• Combofix wil restart your machine then it will produce a log afterwards.

*Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 6 Update 11.
• Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 11".
• Click the "Download" button to the right.
• For Platform, select "Windows"
• For language, select your language
• Read the License agreement and then Check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement".
• Click Continue
• Click on the link to download Windows Offline Installation and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  - Examples of older versions in Add or Remove Programs:
  • Java(TM) 6 Update 7
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version.

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)

• On the General tab, under Temporary Internet Files, click the Settings button.
• Next, click on the Delete Files button
• There are two options in the window to clear the cache - Leave BOTH Checked
  • Applications and Applets
    Trace and Log Files
• Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
• Click OK to leave the Temporary Files Window
• Click OK to leave the Java Control Panel.

*Next, it's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

1. Click Accept, when prompted to download and install the program files and database of malware definitions.


2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
  
• Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.

• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
  
  
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

On your next reply, please include a

• kaspersky scan log
• combofix log

[hsnmz]

After running the Flash Disinfector the internet speed became very slow.
kaspersky scan is not running, first it gave me an error "Starting java applet has failed! Please go online to use this program" with an OK button. After pressing OK nothing happened for next 30 minutes. I uninstalled and reinstalled the java update 11 but still Kaspersky gave same error. I followed all the steps as you instructed. Now the internet is very slow. Still combofix ran fine and I am attaching its log below

===================================

ComboFix 08-12-03.03 - Hassan Mirza 2008-12-04 23:30:22.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1600 [GMT 5:00]
Running from: c:\documents and settings\Hassan Mirza\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Hassan Mirza\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\docume~1\HASSAN~1\LOCALS~1\Temp\cpuz.sys
c:\windows\system32\drivers\ndisprot.sys
I:\system.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\ndisprot.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CPUZ126
-------\Legacy_NDISPROT
-------\Service_cpuz126
-------\Service_Ndisprot


((((((((((((((((((((((((( Files Created from 2008-11-04 to 2008-12-04 )))))))))))))))))))))))))))))))
.

2008-12-04 23:15 . 2008-12-04 23:15 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-04 21:48 . 2008-12-04 21:48 <DIR> d--hs---- c:\documents and settings\Hassan Mirza\UserData
2008-12-02 23:22 . 2008-12-02 23:22 250 --a------ c:\windows\gmer.ini
2008-11-12 21:15 . 2008-09-04 22:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 21:15 . 2008-10-24 16:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 19:19 . 2008-11-12 19:19 <DIR> d-------- c:\windows\system32\Futuremark

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-19 02:22 --------- d-----w c:\documents and settings\Hassan Mirza\Application Data\BitTorrent
2008-11-18 17:13 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-11-18 17:06 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-19 09:10 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-10-19 09:10 103,736 ----a-w c:\windows\system32\PnkBstrB.exe
2008-10-16 09:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 09:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 09:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 09:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 09:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 09:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 09:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 09:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-09-30 11:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-13 13:46 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((( snapshot@2008-12-03_23.47.00.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-04 18:33:30 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4d8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="d:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"Launch Ai Booster"="d:\program files\ASUS\AI Booster\OverClk.exe" [2006-07-13 3712512]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-18 843776]
"WinPatrol"="d:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-01-27 316728]
"SunJavaUpdateSched"="d:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-04 1261336]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Program Files\\DAP\\DAP.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"e:\\Far Cry 2\\bin\\FarCry2.exe"=
"e:\\Far Cry 2\\bin\\FC2Launcher.exe"=
"e:\\Far Cry 2\\bin\\FC2Editor.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-09-13 97928]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-09-13 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-09-13 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-09-13 76040]
R2 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys [2008-05-17 2368]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-06-21 13352]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-05-18 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-05-18 8320]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-04 23:32:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
d:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\rundll32.exe
c:\progra~1\AVG\AVG8\avgupd.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-12-04 23:35:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-04 18:34:50
ComboFix2.txt 2008-12-03 18:47:56

Pre-Run: 1,963,597,824 bytes free
Post-Run: 1,974,329,344 bytes free

130 --- E O F --- 2008-11-12 18:55:39

[Angelfire777]

Hi,

I've never heard of something like that before.. Internet speed became slow after running flash disinfector? Have you tried resetting your connection?

Go here to run an online scannner from ESET.

• Note: You will need to use Internet explorer for this scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
• Click Scan
• Wait for the scan to finish
• Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
• Copy and paste that log as a reply to this topic, along with a new HijackThis log and a description of any remaining problems

[hsnmz]

Today my internet connection worked fine. Maybe something was wrong with my internet provider server. anyhow folowing is the ESET log. Under ESET is the DDS log and other attached files. Thanks

============================================

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3667 (20081205)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=d3a2786164e92848896047c6b8d47f3b
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-12-05 04:59:52
# local_time=2008-12-05 09:59:52 (+0500, West Asia Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=247640
# found=5
# scan_time=1331
C:\Qoobox\Quarantine\C\resycled\boot.com.vir a variant of Win32/Kryptik.BT trojan 19E8913EC0D8B1287C86623A72A728E9
C:\Qoobox\Quarantine\C\WINDOWS\system32\H@tKeysH@@k.DLL.vir Win32/Keylogger.HotKeysHook.A virus 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\kdwwz.exe.vir a variant of Win32/Kryptik.BT trojan FD379C6559C6D21C888FC0F37D0B2872
C:\WINDOWS\ime\Thumbs.sys Win32/VB.NDR trojan 1D68FA10CE328A4F849D190BFD141726
D:\viewty BU\EFS Mediabuilder\EFS MODULE BUILDER by AKOM1976.exe probably a variant of Win32/Delf trojan 2ED242F4B4823F44A7BB5EBD7049947D

===================================


DDS (Version 1.0) - NTFSx86
Run by Hassan Mirza at 2233.89 on Fri 12/05/2008
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1420 [GMT 5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\ASUS\AI Booster\OverClk.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
d:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Hassan Mirza\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {62999427-33FC-4baf-9C9C-BCE6BD127F08} - d:\program files\dap\DAPIEBar.dll
uRun: [NVIDIA nTune] "d:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Launch Ai Booster] "d:\program files\asus\ai booster\OverClk.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [WinPatrol] d:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\hassan~1\startm~1\programs\startup\adobeg~1.lnk - c:\windows\ime\svchost.exe
IE: &Download with &DAP - d:\progra~1\dap\dapextie.htm
IE: Download &all with DAP - d:\progra~1\dap\dapextie2.htm
IE: {669695BC-A811-4A9D-8CDF-BA8C795F261C} - d:\progra~1\dap\DAP.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {669695BC-A811-4A9D-8CDF-BA8C795F261C} - d:\progra~1\dap\DAP.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: {DF144F77-6011-4F19-93A7-0186C541DA7F} = 203.99.163.240,203.99.163.243
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - d:\progra~1\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - d:\progra~1\dap\dapie.dll
Name-Space Handler: HTTPS\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - d:\progra~1\dap\dapie.dll
AppInit_DLLs: avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 nvgts;nvgts;c:\windows\system32\drivers\nvgts.sys [2008-8-18 145952]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-13 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-9-13 26824]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-9-13 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-9-13 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-9-13 76040]
R2 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys [2008-5-17 2368]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-6-21 13352]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-5-18 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-5-18 8320]

=============== Created Last 30 ================

2008-12-05 21:33 <DIR> --d----- c:\program files\EsetOnlineScanner
2008-12-05 01:25 73,728 a------- c:\windows\system32\javacpl.cpl
2008-12-05 00:09 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-04 23:29 <DIR> --d----- C:\ComboFix
2008-12-04 23:15 <DIR> --d-h--- C:\$AVG8.VAULT$
2008-12-04 21:48 <DIR> --dsh--- c:\documents and settings\hassan mirza\UserData
2008-12-03 23:39 161,792 a------- c:\windows\SWREG.exe
2008-12-03 23:39 98,816 a------- c:\windows\sed.exe
2008-12-03 23:27 <DIR> --dshr-- C:\cmdcons
2008-12-02 23:22 250 a------- c:\windows\gmer.ini
2008-11-19 22:16 <DIR> --d-h--- C:\autorun.inf
2008-11-12 21:15 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 21:15 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2008-11-12 19:19 <DIR> --d----- c:\windows\system32\Futuremark

==================== Find3M ====================

2008-11-19 07:22 <DIR> --d----- c:\docume~1\hassan~1\applic~1\BitTorrent
2008-11-18 22:13 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-10-19 14:10 103,736 a------- c:\windows\system32\PnkBstrB.exe
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-15 17:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-13 19:03 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-09-13 18:46 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-09-13 17:44 22,780 a------- c:\windows\system32\emptyregdb.dat
2008-09-13 17:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2008-09-10 06:14 1,307,648 a------- c:\windows\system32\msxml6.dll
2008-09-04 18:52 <DIR> --d----- c:\docume~1\hassan~1\applic~1\LG Electronics
2008-07-18 10:16 <DIR> --d----- c:\docume~1\hassan~1\applic~1\Ubisoft
2008-07-15 23:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Ubisoft
2008-07-15 17:00 <DIR> --d----- c:\docume~1\hassan~1\applic~1\DNA
2008-06-22 00:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BVRP Software
2008-06-22 00:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sony Ericsson
2008-06-21 23:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Downloaded Installations
2008-06-20 21:13 <DIR> --d----- c:\docume~1\hassan~1\applic~1\Nokia
2008-05-30 20:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NFS Underground
2008-05-19 16:34 <DIR> --d----- c:\docume~1\hassan~1\applic~1\Datalayer
2008-05-18 00:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nokia
2008-05-18 00:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Installations
2008-05-17 17:07 <DIR> --d----- c:\docume~1\hassan~1\applic~1\WinPatrol
2007-11-05 23:02 <DIR> --d----- c:\docume~1\hassan~1\applic~1\Bioshock
2007-08-18 00:32 <DIR> --d----- c:\docume~1\hassan~1\applic~1\COWON
2007-08-14 03:09 <DIR> --d----- c:\docume~1\hassan~1\applic~1\TMNT
2007-07-09 23:21 <DIR> --d----- c:\docume~1\hassan~1\applic~1\Activision
2007-06-11 23:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Suite
2007-06-11 23:52 <DIR> --d----- c:\docume~1\hassan~1\applic~1\PC Suite

============= FINISH: 2241.54 ===============

[Angelfire777]

Hi,

delete this file: C:\WINDOWS\ime\Thumbs.sys

is your EFS Mediabuilder legit?


how is your computer running?

[hsnmz]

Hello,

file deleted.

EFS was downloaded @ http://www.mygreatphone.com/forum/mo...tions-hacking/

Computer is running OK. no problems or slow speeds anymore. I have not downloaded anything from anysite during last few days but since yesterday AVG has stopped updating again. It gives an error "Invalid Update Control CTF file".

I am really grateful for all your help.

[Angelfire777]

Hi,

Open notepad.
Copy and paste the text inside the Code Box below into Notepad
Choose File > Save As and under "Save as type", choose "All Files".
Type clean.bat in the File name and save it to your desktop.

Code:

@echo off 
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in ( 
"c:\docume~1\hassan~1\startm~1\programs\startup\adobeg~1.lnk"
"c:\windows\ime\svchost.exe"
) do ( 
del /a/f/q %%g 
if exist %%g echo.%%g >>"%temp%\log.txt" 
)>nul 2>&1 

del /a/f/q "C:\Documents and Settings\All Users\Application Data\Avg8\update\download\*.ctf"

if exist "%temp%\log.txt" (start notepad "%temp%\log.txt" 
) else echo.Deleted Successfully! 
echo. 
pause 
del %0

Locate clean.bat on your Desktop and double-click on it. Tell me what it says.

also, let me know if it fixes your AVG issue.

[hsnmz]

Hello,

it said "Deleted Successfully"

AVG is working fine now and has updated. Everything seems to be working OK.
Thanks again

[Angelfire777]

Click start > run > copy and paste:

combofix /u

That will hide your system files, clear your system restore cache and uninstall combofix.

Note: Make sure you update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

Please check out Tony Klein's article "How did I get infected in the first place?"

And miekiemoes' "How to Prevent Malware"

Happy safe surfing!

Note: Please reply to this thread one last time so I could mark it as resolved.

[hsnmz]

Hi,

combofix / u done

Thank you for your help. Take care