Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Severe spyware found by NoAdware v5.0 after AVG v7.5 full to v8.0 full upgrade  (Read 33916 times)

0 Members and 1 Guest are viewing this topic.

lectrocrew

    Topic Starter


    Mentor

  • ole dog learning new tricks
  • Thanked: 21
    • Yes
    • Yes
    • My first self-built computer
  • Certifications: List
  • Computer: Specs
  • Experience: Familiar
  • OS: Windows 10
I have run NoAdware spyware software for about 5 years along with AVG Internet Security full version for 2 years, and previously with Norton Internet Security. NoAdware has been very effective at finding spyware that AVG and Norton paid no attention to.
 New situation = I just upgraded my AVG v7.5 to v8.0 and had some problems with slow surf speed and getting the firewall configured to work with my wireless router but after a re-install and a few hours of headaches the AVG 8.0 is working fine.
 My current problem is that after the AVG 8.0 upgrade, NoAdware v5.0 finds a directory file named "AntiVirusGold" in 'C/Program Files/AVG' and gives an option to remove this file from my computer. The NoAdware item description =
"Purports to be anti-spyware software, but has been known to be installed through extremely devious methods.".
 So what do I do; Allow NoAdware to remove the file, which will likely affect operation of AVG Internet Security, or add this "AntiVirusGold" file to the NoAdware ignore list? Or what other options do I have?

evilfantasy

  • Malware Removal Specialist
  • Moderator


  • Genius
  • Calm like a bomb
  • Thanked: 489
  • Experience: Familiar
  • OS: Windows 10
AntiVirusGold is a rouge program and isn't part of AVG.

lectrocrew

    Topic Starter


    Mentor

  • ole dog learning new tricks
  • Thanked: 21
    • Yes
    • Yes
    • My first self-built computer
  • Certifications: List
  • Computer: Specs
  • Experience: Familiar
  • OS: Windows 10
  Thanks  evilfantasy !!!
So I removed AntiVirusGold from the NoAdware 'ignore list', scanned again, and allowed this file to be removed.
 I guess NoAdware continues to be worth the $37 per year.  It found this file during a scan of 192,168 files on 2 hard drives in less than 4 minutes. The $52.95 per year AVG took over 2 hours to scan 288,277 files on those same drives and did not find the AntiVirusGold file.  What am I missing here?

evilfantasy

  • Malware Removal Specialist
  • Moderator


  • Genius
  • Calm like a bomb
  • Thanked: 489
  • Experience: Familiar
  • OS: Windows 10
I'm not very familiar with Noadware but it sounds like it is doing a good job.

It wouldn't hurt to post a Hijackthis log so we can see if there isn't anything else hiding.

Download and rename HijackThis (HJT)
  • Double-click on HJTInstall.
  • Click on the Install button.
  • It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe.
  • Upon install, HijackThis should open for you.
    • Close HijackThis and rename it.
    • Go to C:\Program Files\Trend Micro\HijackThis.exe
    • Right click on HijackThis.exe and select Rename.
    • Type in sniper.exe and press Enter.
    • Right-click on sniper.exe and select Send To > Desktop (create shortcut)
  • From the desktop open Hijackthis.
  • If using Windows Vista, Right-click and Run As Administrator.
  • Click on the Do a system scan and save a log file button
  • Hijackthis will scan and then a log will open in notepad.
  • Copy and then paste the entire contents of the log in your post.
    • Do not have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
Although we have renamed Hijackthis to sniper, we will still refer to it as Hijackthis or HJT.


lectrocrew

    Topic Starter


    Mentor

  • ole dog learning new tricks
  • Thanked: 21
    • Yes
    • Yes
    • My first self-built computer
  • Certifications: List
  • Computer: Specs
  • Experience: Familiar
  • OS: Windows 10
Done. Sorry it took so long, I had to get the grass cut before it rains.
 I clicked on the remove file from my computer button in NoAdware, but the 'AntiVirusGold' file showed up again after I restarted my computer and scanned again. I turned off system restore for all 3 drives {2 partitions on internal HD and 1 USB external drive}, clicked on remove file again in NoAdware then restarted again. The AntiVirusGold is still there after another scan with NoAdware.
This board will not let me post the HJT log file here. It says it exceeds the maximum character limit of 20000 characters. How should I post the log file results?

evilfantasy

  • Malware Removal Specialist
  • Moderator


  • Genius
  • Calm like a bomb
  • Thanked: 489
  • Experience: Familiar
  • OS: Windows 10
Save the Hijackthis log to your desktop then go here > http://savefile.com/

There is no need to sign up, just upload the file and then post the link to it back here.

lectrocrew

    Topic Starter


    Mentor

  • ole dog learning new tricks
  • Thanked: 21
    • Yes
    • Yes
    • My first self-built computer
  • Certifications: List
  • Computer: Specs
  • Experience: Familiar
  • OS: Windows 10
It won't let me upload my file due to invalid security code'. I typed the code correctly?

evilfantasy

  • Malware Removal Specialist
  • Moderator


  • Genius
  • Calm like a bomb
  • Thanked: 489
  • Experience: Familiar
  • OS: Windows 10
OK, take the log and copy and paste it into two different threads.

lectrocrew

    Topic Starter


    Mentor

  • ole dog learning new tricks
  • Thanked: 21
    • Yes
    • Yes
    • My first self-built computer
  • Certifications: List
  • Computer: Specs
  • Experience: Familiar
  • OS: Windows 10
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:31:36 PM, on 4/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Linksys EasyLink Advisor\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NoAdware5.0\NoAdware5.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Trend Micro\sniper.exe\sniper.exe.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

lectrocrew

    Topic Starter


    Mentor

  • ole dog learning new tricks
  • Thanked: 21
    • Yes
    • Yes
    • My first self-built computer
  • Certifications: List
  • Computer: Specs
  • Experience: Familiar
  • OS: Windows 10
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [lxdcmon.exe] "C:\Program Files\Lexmark 1300 Series\lxdcmon.exe"
O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent
O4 - HKLM\..\Run: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NoAdware5] "C:\Program Files\NoAdware5.0\NoAdware5.exe" :Min:
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://sports.espn.go.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205953650720
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://linksyssupport.webex.com/client/T26L/support/ieatgpc.cab
O18 - Protocol: bw+0 - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: offline-8876480 - {C8CA643D-457A-40C4-B904-1EFD32A9B0D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: lxdcCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe
O23 - Service: lxdc_device -   - C:\WINDOWS\system32\lxdccoms.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
O24 - Desktop Component 0: (no name) - F:\vulcan_1024x768.jpg
O24 - Desktop Component 1: (no name) - F:\Nalu_1920x1440.jpg
O24 - Desktop Component 2: (no name) - F:\Adrianne_1400x1050.jpg
O24 - Desktop Component 3: (no name) - C:\Documents and Settings\Owner\My Documents\My Pictures\black_cat.jpg
O24 - Desktop Component 4: (no name) - C:\Documents and Settings\Owner\My Documents\My Pictures\cat13b.jpg
O24 - Desktop Component 5: (no name) - C:\Documents and Settings\Owner\My Documents\My Pictures\wanimal3t.gif

--
End of file - 22730 bytes

evilfantasy

  • Malware Removal Specialist
  • Moderator


  • Genius
  • Calm like a bomb
  • Thanked: 489
  • Experience: Familiar
  • OS: Windows 10
Open Hijackthis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O18 - Protocol: bwz0s <<Place a check next to ALL 77 of these with Logitech in the name


Important: Close all windows except for Hijackthis and then click Fix checked.

Exit Hijackthis.

----------

Please download Malwarebytes' Anti-Malware (MBAM) to your desktop from either of these two links.(It is free, the paid version has real time protection)
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
    • Click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad.
    • Please  copy and paste the log into your next reply
    Note: If you accidentally close the log it can be retrieved at any time from the Malwarebytes' Anti-Malware main screen.
    • Launch Malwarebytes' Anti-Malware.
    • Click the Logs tab.
    • Double-click log-mm.dd.yyyy [xxxxxx].txt
    ----------

    Next post please add
    MBAM log

    lectrocrew

      Topic Starter


      Mentor

    • ole dog learning new tricks
    • Thanked: 21
      • Yes
      • Yes
      • My first self-built computer
    • Certifications: List
    • Computer: Specs
    • Experience: Familiar
    • OS: Windows 10
    Malwarebytes' Anti-Malware 1.11
    Database version: 658

    Scan type: Full Scan (C:\|F:\|L:\|)
    Objects scanned: 134225
    Time elapsed: 48 minute(s), 10 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    ===============
    Sorry it took so long. The scan took almost an hour and dinner with the family was ready just before the scan finished.
    As you can see, MBAM found nothing.
     Then I scaned with NoAdware again and found the AntiVirusGold is still there along with 16 not-critical cookies.
    What now?

    lectrocrew

      Topic Starter


      Mentor

    • ole dog learning new tricks
    • Thanked: 21
      • Yes
      • Yes
      • My first self-built computer
    • Certifications: List
    • Computer: Specs
    • Experience: Familiar
    • OS: Windows 10
    This AntiVirusGold is in the AVG 8.0 drivers, {C:\Program Files\AVG\AVG8\Drivers}.
    Here is my NoAdware log:

    Noadware 5.0

    ---------------------



    Removing Spyware Tracking Cookie...

    Removing Registry Tracking Cookie...

    Removing RegValues Tracking Cookie...

    Fixing RegValue dataTracking Cookie...

    Removing Cookies Tracking Cookie...



    [Deleted Cookie]

    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt



    [Deleted Cookie]

    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt



    [Deleted Cookie]

    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt



    [Deleted Cookie]

    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt



    [Deleted Cookie]

    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt



    [Deleted Cookie]

    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt



    [Deleted Cookie]

    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt



    [Deleted Cookie]

    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt



    [Deleted Cookie]

    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt



    [Deleted Cookie]

    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

    Removing Files Tracking Cookie...

    Removing Folders Tracking Cookie...

    Removing Spyware AntiVirusGold...

    Removing Registry AntiVirusGold...

    Removing RegValues AntiVirusGold...

    Fixing RegValue dataAntiVirusGold...

    Removing Cookies AntiVirusGold...

    Removing Files AntiVirusGold...

    Removing Folders AntiVirusGold...



    [Removing Directory...]

    C:\Program Files\AVG



    Could not delete (C:\Program Files\AVG\AVG8\Drivers) error code = 145

    Could not delete (C:\Program Files\AVG) error code = 145

    [Directory Removal Failed (Not Empty or already removed)]

    C:\Program Files\AVG


    evilfantasy

    • Malware Removal Specialist
    • Moderator


    • Genius
    • Calm like a bomb
    • Thanked: 489
    • Experience: Familiar
    • OS: Windows 10
    Where did you download AVG from?

    This scan will only take a few minutes.

    Download SmitfraudFix (by S!Ri) to your Desktop.
    • Extract all the files to your Destop.
    • A folder named SmitfraudFix will be created on your Desktop.
    • Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    • Select option #1 - Search by typing 1 and press Enter
      • This program will scan large amounts of files on your computer for known patterns so please be patient while it works.
      • When it is done, the results of the scan will be displayed and it will create a log named rapport.txt
        • This is in the root of your drive, eg: Local Disk C: or partition where your operating system is installed.
      • Please attach that log in your next reply.
    • Note: process.exe ( which is used by SmitFraudFIx ) is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/processutil/processutil.htm[/LEFT]

    lectrocrew

      Topic Starter


      Mentor

    • ole dog learning new tricks
    • Thanked: 21
      • Yes
      • Yes
      • My first self-built computer
    • Certifications: List
    • Computer: Specs
    • Experience: Familiar
    • OS: Windows 10
    SmitFraudFix v2.315

    Scan done at  9:10:45.10, Sun 04/20/2008
    Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\lxdccoms.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
    C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Logitech\SetPoint\LBTWiz.exe
    C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Linksys EasyLink Advisor\Linksys EasyLink Advisor\LinksysAgent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\NoAdware5.0\NoAdware5.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    hosts


    C:\


    C:\WINDOWS


    C:\WINDOWS\system


    C:\WINDOWS\Web


    C:\WINDOWS\system32


    C:\WINDOWS\system32\LogFiles


    C:\Documents and Settings\Owner


    C:\Documents and Settings\Owner\Application Data


    Start Menu


    C:\DOCUME~1\Owner\FAVORI~1


    Desktop


    C:\Program Files


    Corrupted keys


    Desktop Components
     
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="F:\\vulcan_1024x768.jpg"
    "SubscribedURL"="F:\\vulcan_1024x768.jpg"
    "FriendlyName"=""
     
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
    "Source"="F:\\Nalu_1920x1440.jpg"
    "SubscribedURL"="F:\\Nalu_1920x1440.jpg"
    "FriendlyName"=""
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
    "Source"="F:\\Adrianne_1400x1050.jpg"
    "SubscribedURL"="F:\\Adrianne_1400x1050.jpg"
    "FriendlyName"=""

    IEDFix
    !!!Attention, following keys are not inevitably infected!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    VACFix
    !!!Attention, following keys are not inevitably infected!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~2\\GOEC62~1.DLL,avgrsstx.dll"
    "LoadAppInit_DLLs"=dword:00000001


    Winlogon
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""


    Rustock



    DNS

    Description: Compact Wireless-G USB Adapter - Packet Scheduler Miniport
    DNS Server Search Order: 192.168.2.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{4934C8E4-4A75-4AF3-BA5D-2403C2DCD3BD}: DhcpNameServer=192.168.2.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{4934C8E4-4A75-4AF3-BA5D-2403C2DCD3BD}: DhcpNameServer=192.168.2.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{4934C8E4-4A75-4AF3-BA5D-2403C2DCD3BD}: DhcpNameServer=192.168.2.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1


    Scanning for wininet.dll infection


    End

    -----------------
    ALSO,
    To answer your question:
    I downloaded the AVG 8.0 file as a license upgrade from the Grisoft site here:
    http://www.grisoft.com/us.90223