Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Severe spyware found by NoAdware v5.0 after AVG v7.5 full to v8.0 full upgrade  (Read 33910 times)

0 Members and 1 Guest are viewing this topic.

lectrocrew

    Topic Starter


    Mentor

  • ole dog learning new tricks
  • Thanked: 21
    • Yes
    • Yes
    • My first self-built computer
  • Certifications: List
  • Computer: Specs
  • Experience: Familiar
  • OS: Windows 10
I went to work at 10pm last night till 7am so I probably won't stay awake much longer. I'll check back later to see if you've posted anything further or need more information. Thanks a ton for all your help!!!
Mike

evilfantasy

  • Malware Removal Specialist
  • Moderator


  • Genius
  • Calm like a bomb
  • Thanked: 489
  • Experience: Familiar
  • OS: Windows 10
That didn't find it.

More thorough scan....

Please download Combofix by sUBs from one of the below links.
(Try all three if necessary)Important! Combofix.exe MUST be saved to and ran from the Desktop.
  • Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.
  • Important! Temporarily disable your antivirus, script blocking and any antispyware real time protection before performing a scan.
    • Click this link to see a list of security programs that should be disabled and how to disable them.
    • If yours is not listed and you don't know how to disable it, please ask.
  • Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run.
  • Double click combofix.exe & follow the prompts.
    • Choose Yes to accept the Disclaimers.[
    • When finished, it will produce a log for you.
    • Post that log in your next reply.
    Warning: Do not mouseclick combofix's window while it is running. That may cause it to stall
    • If Combofix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your computer.
    • Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet.
    If needed, see this Combofix tutorial with screenshots that will detail the downloading and running of combofix more thoroughly. Still be sure to rename combofix as detailed above.

    ----------

    Next post
    Combofix log

    lectrocrew

      Topic Starter


      Mentor

    • ole dog learning new tricks
    • Thanked: 21
      • Yes
      • Yes
      • My first self-built computer
    • Certifications: List
    • Computer: Specs
    • Experience: Familiar
    • OS: Windows 10
    Quote
    Click this link to see a list of security programs that should be disabled and how to disable them.

    If yours is not listed and you don't know how to disable it, please ask.

    I have Combofix.exe and Windows XP boot disk downloaded to my desktop and ready to run but:
    The instructions given in the link to disable AVG don't work for AVG8. It works for AVG 7.5, I've done that before. I cannot find a way to disable antivirus, antispyware or anti rootkit. All others I have disabled {firewall, e-mail scanner, resident sheild, anti spam, search sheild, active surf sheild ect.}
    The AVG website is not much help.
    http://www.grisoft.com/ww.faq.num-1209#faq_1209



    patio

    • Moderator


    • Genius
    • Maud' Dib
    • Thanked: 1723
      • Yes
    • Experience: Beginner
    • OS: Windows 7
    Disable the FireFox / AVG addon and see if this helps...
    Restart FireFox after doing so.
    " Anyone who goes to a psychiatrist should have his head examined. "

    lectrocrew

      Topic Starter


      Mentor

    • ole dog learning new tricks
    • Thanked: 21
      • Yes
      • Yes
      • My first self-built computer
    • Certifications: List
    • Computer: Specs
    • Experience: Familiar
    • OS: Windows 10
     I disabled the AVG add-ons but still don't see where to disable the anti virus, spyware, rootkit.
    I can terminate processes from the AVG system tools menu, but I'm not sure which process I need to terminate. I tried this route once but the 2nd process I terminated, ended the AVG control panel I was using although it returned after reboot.
     I don't know if terminating processes is even an optional way to disable the program, but since I can't find this control anywhere including advanced settings, will it work for what I'm trying to do?
    My terminate process options are:
    avgam.exe
    avgemc.exe

    lectrocrew

      Topic Starter


      Mentor

    • ole dog learning new tricks
    • Thanked: 21
      • Yes
      • Yes
      • My first self-built computer
    • Certifications: List
    • Computer: Specs
    • Experience: Familiar
    • OS: Windows 10
    Sorry
    I hit the enter button by mistake. I have more terminate process options. Please give me a moment to type them

    lectrocrew

      Topic Starter


      Mentor

    • ole dog learning new tricks
    • Thanked: 21
      • Yes
      • Yes
      • My first self-built computer
    • Certifications: List
    • Computer: Specs
    • Experience: Familiar
    • OS: Windows 10
    Additional options =
    avgfws8.exe
    avgnsx.exe
    avgrsx.exe
    avgsystx.exe
    avgtray.exe
    avgui.exe
    avgwdsvc.exe

    evilfantasy

    • Malware Removal Specialist
    • Moderator


    • Genius
    • Calm like a bomb
    • Thanked: 489
    • Experience: Familiar
    • OS: Windows 10
    Just try running Combofix. AVG may not block it from running. If it does block it then we will run it a different way.

    Combofix uses scripts that some AV's see as malicious.

    patio

    • Moderator


    • Genius
    • Maud' Dib
    • Thanked: 1723
      • Yes
    • Experience: Beginner
    • OS: Windows 7
    Sorry for jumpin in EF.
    I just finished reading AVG 8.0 installs an addon to Firefox and thought it may be the hangup.

    patio.
    " Anyone who goes to a psychiatrist should have his head examined. "

    evilfantasy

    • Malware Removal Specialist
    • Moderator


    • Genius
    • Calm like a bomb
    • Thanked: 489
    • Experience: Familiar
    • OS: Windows 10
    Any time Patio. Useful advice is always welcome.

    lectrocrew

      Topic Starter


      Mentor

    • ole dog learning new tricks
    • Thanked: 21
      • Yes
      • Yes
      • My first self-built computer
    • Certifications: List
    • Computer: Specs
    • Experience: Familiar
    • OS: Windows 10
    OK. Sorry for the delay. Another night at work. When I got home this morning I scanned with NoAdware again. Only 1 threat, AntiVirusGold. I then disabled NoAdware and what parts of AVG that I could, then I ran combofix per instructions I printed from the bleeping computer website.
    After it ran I saved the combofix logfile and I will try to post it in another reply, or 2 separate replies {it is large}..
    Immediately after running combofix, with no re-boot, I enabled NoAdware and scanned in quickscan mode. It found 5 threats as listed below. I did not allow NoAdware to remove any of the threats yet.
    ---------------------------------
    Noadware v5.0 --------------------------

    Reference File = C:\Program Files\NoAdware5.0\noadware4_041808.na

    ---------------------------



    Spyware Name = Kazaa

    Location = HKEY_CURRENT_USER\software\kazaa

    Type = RegKey

    Spyware Name = Kazaa

    Location = HKEY_CURRENT_USER\Software\Kazaa\LocalContent

    Type = RegKey

    Spyware Name = Backdoor.Bifrose

    Location = HKEY_CURRENT_USER\Software\Wget

    Type = RegKey

    Spyware Name = Trojan.PWS.Tanspy

    Location = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\load

    Type = RegKey

    Spyware Name = AntiVirusGold

    Location = C:\Program Files\AVG

    Type = Directory



    ---------------------------------
     Next I started a scan with AVG.  I'll probably post this reply before it finishes it's scan due to time but so far it has scanned 474xxx objects and found 8 suspect files but list 0 as threats thus far. I'll post that log when it finishes.
    ------------------------
     

    lectrocrew

      Topic Starter


      Mentor

    • ole dog learning new tricks
    • Thanked: 21
      • Yes
      • Yes
      • My first self-built computer
    • Certifications: List
    • Computer: Specs
    • Experience: Familiar
    • OS: Windows 10
    My combofix log {part 1}:

    ComboFix 08-04-20.2 - Owner 2008-04-21  8:29:46.1 - NTFSx86
    Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.1548 [GMT -4:00]
    Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
     * Created a new restore point
    .

    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\tmp70.tmp
    C:\WINDOWS\system32\tmp71.tmp
    C:\WINDOWS\system32\tmp72.tmp

    .
    (((((((((((((((((((((((((   Files Created from 2008-03-21 to 2008-04-21  )))))))))))))))))))))))))))))))
    .

    2008-04-20 09:10 . 2008-04-20 09:09   289,144   --a------   C:\WINDOWS\system32\VCCLSID.exe
    2008-04-20 09:10 . 2008-04-20 09:09   288,417   --a------   C:\WINDOWS\system32\SrchSTS.exe
    2008-04-20 09:10 . 2008-04-20 09:09   86,528   --a------   C:\WINDOWS\system32\VACFix.exe
    2008-04-20 09:10 . 2008-04-20 09:09   82,432   --a------   C:\WINDOWS\system32\IEDFix.exe
    2008-04-20 09:10 . 2008-04-20 09:09   53,248   --a------   C:\WINDOWS\system32\Process.exe
    2008-04-20 09:10 . 2008-04-20 09:09   51,200   --a------   C:\WINDOWS\system32\dumphive.exe
    2008-04-20 09:10 . 2008-04-20 09:09   25,600   --a------   C:\WINDOWS\system32\WS2Fix.exe
    2008-04-20 09:10 . 2008-04-20 09:10   3,318   --a------   C:\WINDOWS\system32\tmp.reg
    2008-04-19 18:40 . 2008-04-19 18:40   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-19 18:40 . 2008-04-19 18:40   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\Malwarebytes
    2008-04-19 18:40 . 2008-04-19 18:40   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-19 15:06 . 2008-04-19 17:09   <DIR>   d--------   C:\Program Files\Trend Micro
    2008-04-18 22:36 . 2008-04-18 22:36   <DIR>   dr-h-----   C:\Documents and Settings\Owner\Application Data\SecuROM
    2008-04-18 22:36 . 2008-04-18 22:36   107,888   --a------   C:\WINDOWS\system32\CmdLineExt.dll
    2008-04-18 22:32 . 2008-04-18 22:32   <DIR>   d--------   C:\WINDOWS\system32\AGEIA
    2008-04-18 22:32 . 2008-04-18 22:32   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
    2008-04-18 22:32 . 2008-04-18 22:32   <DIR>   d--------   C:\Program Files\AGEIA Technologies
    2008-04-18 22:32 . 2005-05-26 15:34   2,297,552   --a------   C:\WINDOWS\system32\d3dx9_26.dll
    2008-04-18 22:21 . 2008-04-19 01:33   <DIR>   d--------   C:\Program Files\Rail Simulator
    2008-04-18 17:58 . 2008-04-20 16:08   <DIR>   d--------   C:\WINDOWS\system32\drivers\Avg
    2008-04-18 17:58 . 2008-04-18 17:58   96,520   --a------   C:\WINDOWS\system32\drivers\avgldx86.sys
    2008-04-18 17:58 . 2008-04-18 17:58   75,272   --a------   C:\WINDOWS\system32\drivers\avgtdix.sys
    2008-04-18 17:58 . 2008-04-18 17:58   12,424   --a------   C:\WINDOWS\system32\drivers\avgrkx86.sys
    2008-04-18 17:58 . 2008-04-18 17:58   10,520   --a------   C:\WINDOWS\system32\avgrsstx.dll
    2008-04-18 17:38 . 2008-04-18 17:38   45,568   --a------   C:\WINDOWS\system32\avgfwdx.dll
    2008-04-18 17:38 . 2008-04-18 17:38   22,528   --a------   C:\WINDOWS\system32\drivers\avgfwdx.sys
    2008-04-18 13:17 . 2008-04-20 15:16   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Avg8
    2008-04-17 09:11 . 2008-04-17 21:26   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
    2008-04-17 09:11 . 2008-04-17 09:11   12,424   --a------   C:\WINDOWS\system32\drivers\avgrkx86.sys.install_backup
    2008-04-17 09:11 . 2008-04-17 09:11   10,520   --a------   C:\WINDOWS\system32\avgrsstx.dll.install_backup
    2008-04-17 09:10 . 2008-04-17 09:10   <DIR>   d--------   C:\Program Files\AVG
    2008-04-17 09:09 . 2008-04-17 20:57   <DIR>   d--------   C:\WINDOWS\SxsCaPendDel
    2008-04-07 20:02 . 2008-04-07 20:02   <DIR>   d--------   C:\Documents and Settings\Owner\Bluetooth Software
    2008-04-07 19:56 . 2008-04-07 19:56   <DIR>   d--------   C:\Documents and Settings\LocalService\Application Data\Logitech
    2008-04-07 19:56 . 2008-04-07 19:56   118,784   -r-------   C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
    2008-04-07 19:55 . 2008-04-07 20:01   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\Logitech
    2008-04-07 19:55 . 2008-04-07 19:55   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Logitech
    2008-04-07 19:55 . 2005-10-05 12:00   47,104   --a------   C:\WINDOWS\system32\drivers\vserial.sys
    2008-04-07 19:55 . 2005-10-05 12:00   18,167   --a------   C:\WINDOWS\system32\drivers\vsb.sys
    2008-04-07 19:54 . 2008-04-07 19:56   <DIR>   d--------   C:\Program Files\Logitech
    2008-04-07 19:54 . 2008-04-07 19:54   <DIR>   d--------   C:\Program Files\Common Files\Logitech
    2008-04-07 19:51 . 2008-04-07 19:51   <DIR>   d--------   C:\Program Files\WIDCOMM
    2008-04-07 16:48 . 2008-04-07 16:48   <DIR>   d--------   C:\Program Files\Safari
    2008-04-07 16:45 . 2008-04-07 16:45   <DIR>   d--------   C:\Program Files\iTunes
    2008-04-07 16:45 . 2008-04-07 16:45   <DIR>   d--------   C:\Program Files\iPod
    2008-04-07 16:44 . 2008-04-07 16:44   <DIR>   d--------   C:\Program Files\QuickTime
    2008-04-06 16:31 . 2008-04-07 07:49   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\Ulead Systems
    2008-04-06 16:29 . 2008-04-06 16:29   <DIR>   d--------   C:\Program Files\Ulead Systems
    2008-04-06 15:14 . 2005-11-24 19:51   245,248   --a------   C:\WINDOWS\system32\rt73.sys
    2008-04-06 15:14 . 2008-04-06 15:14   20,747   --a------   C:\WINDOWS\system32\drivers\AegisP.sys
    2008-04-06 15:14 . 2005-12-06 04:24   7,846   --a------   C:\WINDOWS\system32\rt73.cat
    2008-04-06 15:14 . 2008-04-06 15:14   1,361   --a------   C:\WINDOWS\system32\WLAN.INI
    2008-04-06 13:14 . 2008-04-06 16:29   <DIR>   d--------   C:\Program Files\Common Files\Ulead Systems
    2008-04-06 13:14 . 2008-04-06 16:30   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Ulead Systems
    2008-04-04 12:21 . 2006-12-28 13:12   290,816   --a------   C:\WINDOWS\system32\hcwzblast.dll
    2008-04-04 12:21 . 2007-03-28 07:16   90,175   --a------   C:\WINDOWS\system32\hcwblast.ocx
    2008-04-04 12:21 . 2007-03-28 07:15   65,603   --a------   C:\WINDOWS\system32\hcwIRblast.dll
    2008-04-04 12:21 . 2005-07-28 13:33   40,960   --a------   C:\WINDOWS\system32\GButton.ocx
    2008-04-04 12:21 . 2004-10-06 14:03   248   --a------   C:\WINDOWS\HCWBlast_sav.ini
    2008-04-04 12:21 . 2004-10-06 14:03   248   --a------   C:\WINDOWS\HCWBlast.ini
    2008-04-04 12:20 . 2008-04-04 12:20   <DIR>   d--------   C:\WINDOWS\system32\Hauppauge
    2008-04-04 12:20 . 2008-04-04 12:20   <DIR>   d--------   C:\Program Files\nanoPEG for WinTV
    2008-04-04 12:20 . 2008-04-04 12:20   <DIR>   d--------   C:\Program Files\Common Files\IviSDK
    2008-04-04 12:18 . 2008-04-18 18:51   <DIR>   d--------   C:\Program Files\WinTV
    2008-04-04 12:18 . 2008-04-06 07:58   <DIR>   d--------   C:\MyVideos
    2008-04-04 12:16 . 2004-08-03 23:10   85,376   --a------   C:\WINDOWS\system32\drivers\NABTSFEC.sys
    2008-04-04 12:15 . 2007-05-10 14:43   367,744   -ra------   C:\WINDOWS\system32\drivers\hcw18bda.sys
    2008-04-03 20:44 . 2008-04-03 20:44   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\vlc
    2008-04-03 20:43 . 2008-04-09 12:40   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\dvdcss
    2008-04-03 20:41 . 2008-04-03 20:41   <DIR>   d--------   C:\Program Files\VideoLAN
    2008-04-02 16:45 . 2008-04-18 18:06   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
    2008-04-02 16:45 . 2008-04-02 16:45   1,409   --a------   C:\WINDOWS\QTFont.for
    2008-04-02 16:43 . 2008-04-02 16:43   <DIR>   d--------   C:\Program Files\Bonjour
    2008-04-02 16:43 . 2008-04-10 13:45   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\Apple Computer
    2008-04-02 16:42 . 2008-04-18 22:32   <DIR>   d----c---   C:\WINDOWS\system32\DRVSTORE
    2008-04-02 16:42 . 2008-04-02 16:42   <DIR>   d--------   C:\Program Files\Apple Software Update
    2008-04-02 16:42 . 2008-04-02 16:43   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-04-02 16:41 . 2008-04-02 16:41   <DIR>   d--------   C:\Program Files\Common Files\Apple
    2008-04-02 16:41 . 2008-04-02 16:41   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Apple
    2008-04-01 13:01 . 2008-04-01 13:01   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\CyberLink
    2008-04-01 12:54 . 2008-04-01 12:54   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\CyberLink
    2008-04-01 12:42 . 2008-04-01 12:43   <DIR>   d--------   C:\Program Files\CyberLink
    2008-03-31 21:46 . 2008-03-31 21:55   <DIR>   d--------   C:\WINDOWS\NV35842212.TMP
    2008-03-31 21:46 . 2007-12-10 14:24   159,458   --a------   C:\WINDOWS\system32\nvapps.nvb
    2008-03-31 21:44 . 2008-03-31 21:44   <DIR>   d--------   C:\NVIDIA
    2008-03-31 21:36 . 2008-03-31 21:36   <DIR>   d--------   C:\Program Files\SystemRequirementsLab
    2008-03-31 17:03 . 2008-03-31 17:03   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Ahead
    2008-03-31 17:01 . 2008-03-31 17:01   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Nero
    2008-03-31 13:18 . 2008-03-31 13:18   <DIR>   d--------   C:\Program Files\MSXML 4.0
    2008-03-31 12:40 . 2008-03-31 12:40   <DIR>   d--------   C:\Program Files\Windows Media Connect 2
    2008-03-31 12:40 . 2004-08-12 10:10   221,184   --a------   C:\WINDOWS\system32\wmpns.dll
    2008-03-31 12:38 . 2008-03-31 12:38   <DIR>   d--------   C:\WINDOWS\system32\LogFiles
    2008-03-31 12:38 . 2008-03-31 12:39   <DIR>   d--------   C:\WINDOWS\system32\drivers\UMDF
    2008-03-31 12:08 . 2008-04-15 07:39   69   --a------   C:\WINDOWS\NeroDigital.ini
    2008-03-31 10:59 . 2008-03-31 10:59   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\Ahead
    2008-03-31 10:54 . 2008-03-31 10:54   <DIR>   d--------   C:\Program Files\Nero
    2008-03-31 10:54 . 2008-03-31 17:02   <DIR>   d--------   C:\Program Files\Common Files\Ahead
    2008-03-28 23:37 . 2008-03-28 23:37   90,112   --a------   C:\WINDOWS\system32\QuickTimeVR.qtx
    2008-03-28 23:37 . 2008-03-28 23:37   57,344   --a------   C:\WINDOWS\system32\QuickTime.qts
    2008-03-25 10:34 . 2006-12-06 00:19   44   --a------   C:\WINDOWS\system32\lxdcrwrd.ini
    2008-03-25 10:33 . 2008-03-25 10:35   <DIR>   d--------   C:\Program Files\Lexmark 1300 Series
    2008-03-25 10:33 . 2007-05-17 09:54   323,584   --a------   C:\WINDOWS\system32\LXDChcp.dll
    2008-03-25 10:33 . 2007-05-17 10:09   286,720   --a------   C:\WINDOWS\system32\LXDCinst.dll
    2008-03-25 10:33 . 2008-03-25 10:34   131,959   --a------   C:\WINDOWS\system32\LexFiles.ulf
    2008-03-25 10:32 . 2007-03-28 09:16   344,064   -ra------   C:\WINDOWS\system32\lxdccoin.dll
    2008-03-25 10:32 . 2007-03-18 21:45   77,906   -ra------   C:\WINDOWS\system32\lxdccfg.dll
    2008-03-25 10:32 . 2007-05-25 05:19   1,827   -ra------   C:\WINDOWS\system32\lxdc.loc
    2008-03-24 16:13 . 2008-03-25 10:33   <DIR>   d--------   C:\Program Files\Lexmark Toolbar
    2008-03-24 16:03 . 2008-02-22 02:33   69,632   --a------   C:\WINDOWS\system32\javacpl.cpl
    2008-03-24 04:29 . 2008-03-24 04:29   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\Leadertech
    2008-03-24 03:02 . 2008-03-24 03:02   <DIR>   d--------   C:\WINDOWS\Sun
    2008-03-23 04:38 . 2008-03-23 04:38   <DIR>   d--------   C:\Program Files\Linksys Wireless-G Print Server
    2008-03-23 04:38 . 2006-10-18 18:32   37,248   --a------   C:\WINDOWS\system32\lknuhub.sys
    2008-03-23 04:38 . 2006-10-18 18:32   11,648   --a------   C:\WINDOWS\system32\lknucmp.sys
    2008-03-23 04:38 . 2006-10-18 18:35   1,393   --a------   C:\WINDOWS\system32\lknucmp.inf
    2008-03-23 04:38 . 2006-10-18 18:36   1,371   --a------   C:\WINDOWS\system32\lknuhub.inf
    2008-03-22 20:00 . 2008-03-22 20:01   16,826   --ah-----   C:\WINDOWS\system32\brdiag.GID
    2008-03-21 21:02 . 2008-03-22 14:37   247   --a------   C:\WINDOWS\BRMRCV.INI
    2008-03-21 20:53 . 2008-03-21 20:53   <DIR>   d--------   C:\Brother
    2008-03-21 18:22 . 2008-03-21 18:22   1,673,180   --a------   C:\Program Files\WRT54GSv7_7.50.5_fw_US_code.bin
    2008-03-21 17:52 . 2006-10-18 18:32   37,248   --a------   C:\WINDOWS\system32\drivers\lknuhub.sys
    2008-03-21 17:52 . 2006-10-18 18:32   11,136   --a------   C:\WINDOWS\system32\drivers\lknuhst.sys
    2008-03-21 17:51 . 2007-02-28 22:58   813   -ra------   C:\setup.iss
    2008-03-21 16:56 . 2008-03-23 05:41   <DIR>   d--------   C:\Program Files\Brownie
    2008-03-21 16:55 . 2008-03-22 19:58   <DIR>   d--------   C:\Program Files\Brother

    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-20 17:43   ---------   d-----w   C:\Program Files\Lx_cats
    2008-04-08 00:02   19,372   ----a-w   C:\WINDOWS\system32\drivers\frmupgr.sys
    2008-04-07 23:56   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
    2008-04-06 19:14   ---------   d-----w   C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor
    2008-03-29 10:55   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\nView_Profiles
    2008-03-24 20:03   ---------   d-----w   C:\Program Files\Java
    2008-03-23 05:00   ---------   d-s---w   C:\Documents and Settings\All Users\Application Data\Memeo
    2008-03-23 00:13   ---------   d--h--w   C:\Documents and Settings\Owner\Application Data\GTek
    2008-03-21 20:55   ---------   d-----w   C:\Program Files\Common Files\InstallShield
    2008-03-21 20:28   ---------   d-----w   C:\Program Files\Common Files\Adobe
    2008-03-21 00:43   ---------   d-----w   C:\Program Files\Enroute Imaging
    2008-03-21 00:36   ---------   d-----w   C:\Program Files\OLYMPUS
    2008-03-20 21:58   ---------   d-----w   C:\Program Files\Analog Devices
    2008-03-20 21:02   ---------   d-----w   C:\Program Files\Picasa2
    2008-03-20 00:28   ---------   d-----w   C:\Program Files\Common Files\MySoftware
    2008-03-19 23:32   ---------   d-----w   C:\Program Files\Google
    2008-03-19 23:31   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\InstallShield
    2008-03-19 23:29   ---------   d-----w   C:\Program Files\Western Digital Technologies
    2008-03-19 22:23   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\NVIDIA
    2008-03-19 20:47   ---------   d-----w   C:\Documents and Settings\Owner\Application Data\Corel
    2008-03-19 20:45   ---------   d-----w   C:\Program Files\Intel
    2008-03-19 20:04   ---------   d-----w   C:\Program Files\WexTech
    2008-03-19 20:04   ---------   d-----w   C:\Program Files\Common Files\WexTech Shared
    2008-03-19 20:04   ---------   d-----w   C:\Program Files\Common Files\LHSPF
    2008-03-19 20:01   ---------   d-----w   C:\Program Files\Corel
    2008-03-19 20:01   ---------   d-----w   C:\Program Files\Borland
    2008-03-19 19:48   ---------   d-----w   C:\Documents and Settings\Owner\Application Data\Sonic
    2008-03-19 19:47   ---------   d-----w   C:\Program Files\Common Files\Sonic
    2008-03-19 19:46   ---------   d-----w   C:\Program Files\Sonic
    2008-03-19 18:32   ---------   d-----w   C:\Program Files\Linksys EasyLink Advisor
    2008-03-19 18:18   499,712   ----a-w   C:\WINDOWS\system32\msvcp71.dll
    2008-03-19 18:18   348,160   ----a-w   C:\WINDOWS\system32\msvcr71.dll
    2008-03-19 17:16   ---------   d-----w   C:\Program Files\Microsoft IntelliType Pro
    2008-03-19 17:16   ---------   d-----w   C:\Program Files\Microsoft IntelliPoint
    2008-03-19 14:48   ---------   d--ha-w   C:\Documents and Settings\All Users\Application Data\GTek
    2008-03-19 13:47   ---------   d-----w   C:\Program Files\Western Digital
    2008-03-19 13:47   ---------   d-----w   C:\Program Files\Common Files\Java
    2008-03-19 13:47   ---------   d-----w   C:\Program Files\B's Recorder GOLD5
    2008-03-19 13:47   ---------   d-----w   C:\Program Files\ArcSoft
    2008-03-19 13:47   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-03-19 09:47   1,845,248   ----a-w   C:\WINDOWS\system32\win32k.sys
    2008-03-19 02:55   ---------   d-----w   C:\Program Files\microsoft frontpage
    2008-03-01 13:06   826,368   ----a-w   C:\WINDOWS\system32\wininet.dll
    2008-02-23 02:38   43,872   ----a-w   C:\WINDOWS\system32\drivers\pxhelp20.sys
    2008-02-20 06:51   282,624   ----a-w   C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:32   45,568   ----a-w   C:\WINDOWS\system32\dnsrslvr.dll
    2008-01-29 16:02   107,368   ----a-w   C:\WINDOWS\system32\GEARAspi.dll
    .


    lectrocrew

      Topic Starter


      Mentor

    • ole dog learning new tricks
    • Thanked: 21
      • Yes
      • Yes
      • My first self-built computer
    • Certifications: List
    • Computer: Specs
    • Experience: Familiar
    • OS: Windows 10
    combofix {part 2}

    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
    2008-04-18 17:58   2051328   --a------   C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-04-18 17:58 2051328]

    [HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
    [HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-04-18 17:58 2051328]

    [HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
    [HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 19:16 454784]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 09:56 15360]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-04-07 19:56 36864]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
    "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 02:05 122939]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35 94208]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688]
    "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [ ]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 14:42 1404928]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "lxdcmon.exe"="C:\Program Files\Lexmark 1300 Series\lxdcmon.exe" [ ]
    "lxdcamon"="C:\Program Files\Lexmark 1300 Series\lxdcamon.exe" [2007-04-30 04:19 20480]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-09-05 12:19 94208 C:\WINDOWS\KHALMNPR.Exe]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-09-05 12:19 94208 C:\WINDOWS\KHALMNPR.Exe]
    "Logitech BT Wizard"="LBTWiz.exe" []
    "Easy Synchronization"="C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 12:00 53248]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-08-17 23:19:54 622653]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-04-07 19:56:23 196608]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-04-07 19:54:51 671744]

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    Source= F:\vulcan_1024x768.jpg
    FriendlyName=

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
    Source= F:\Nalu_1920x1440.jpg
    FriendlyName=

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
    Source= F:\Adrianne_1400x1050.jpg
    FriendlyName=

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
    Source= C:\Documents and Settings\Owner\My Documents\My Pictures\black_cat.jpg
    FriendlyName=

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\4]
    Source= C:\Documents and Settings\Owner\My Documents\My Pictures\cat13b.jpg
    FriendlyName=

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\5]
    Source= C:\Documents and Settings\Owner\My Documents\My Pictures\wanimal3t.gif
    FriendlyName=

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= C:\Program Files\Logitech\Easy Synchronization\shellexecutehook.dll [2005-10-05 12:00 69632]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2006-10-25 19:01 65536 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
    "msacm.mpegacm"= mpegacm.acm

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoStart IR.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoStart IR.lnk
    backup=C:\WINDOWS\pss\AutoStart IR.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Application Director 9.LNK]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Application Director 9.LNK
    backup=C:\WINDOWS\pss\Desktop Application Director 9.LNKCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MySoftware InterCom.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MySoftware InterCom.lnk
    backup=C:\WINDOWS\pss\MySoftware InterCom.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    --a------ 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
    --a------ 2008-04-18 17:58 1177368 C:\PROGRA~1\AVG\AVG8\avgtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    --a------ 2008-03-19 19:32 1862144 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
    --a------ 2007-02-05 19:52 849280 C:\Program Files\Microsoft IntelliPoint\ipoint.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
    --a------ 2006-11-21 21:08 813912 C:\Program Files\Microsoft IntelliType Pro\itype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
    --a------ 2007-01-08 22:17 52256 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSDiagnosticM]
    --a------ 2007-02-27 16:29 315392 C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    --------- 2007-01-08 22:26 68640 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Quick-Drop]
    --------- 2006-06-06 11:47 118784 C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 5 SE\Ulead DVD MovieFactory 5\Quick-Drop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
    --a------ 2004-01-07 02:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "UleadBurningHelper"=2 (0x2)
    "RichVideo"=2 (0x2)
    "NBService"=3 (0x3)
    "iPod Service"=3 (0x3)
    "gusvc"=3 (0x3)
    "GoogleDesktopManager"=3 (0x3)
    "Apple Mobile Device"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\WINDOWS\\system32\\lxdccoms.exe"=
    "C:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe"=
    "C:\\Program Files\\Lexmark 1300 Series\\app4r.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
    "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcpswx.exe"=
    "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcjswx.exe"=
    "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdctime.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "135:TCP"= 135:TCP:TCP Port 135
    "5000:TCP"= 5000:TCP:TCP Port 5000
    "5001:TCP"= 5001:TCP:TCP Port 5001
    "5002:TCP"= 5002:TCP:TCP Port 5002
    "5003:TCP"= 5003:TCP:TCP Port 5003
    "5004:TCP"= 5004:TCP:TCP Port 5004
    "5005:TCP"= 5005:TCP:TCP Port 5005
    "5006:TCP"= 5006:TCP:TCP Port 5006
    "5007:TCP"= 5007:TCP:TCP Port 5007
    "5008:TCP"= 5008:TCP:TCP Port 5008
    "5009:TCP"= 5009:TCP:TCP Port 5009
    "5010:TCP"= 5010:TCP:TCP Port 5010
    "5011:TCP"= 5011:TCP:TCP Port 5011
    "5012:TCP"= 5012:TCP:TCP Port 5012
    "5013:TCP"= 5013:TCP:TCP Port 5013
    "5014:TCP"= 5014:TCP:TCP Port 5014
    "5015:TCP"= 5015:TCP:TCP Port 5015
    "5016:TCP"= 5016:TCP:TCP Port 5016
    "5017:TCP"= 5017:TCP:TCP Port 5017
    "5018:TCP"= 5018:TCP:TCP Port 5018
    "5019:TCP"= 5019:TCP:TCP Port 5019
    "5020:TCP"= 5020:TCP:TCP Port 5020

    R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-04-18 17:58]
    R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-18 17:58]
    R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-04-18 17:57]
    R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-18 17:57]
    R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-04-18 17:57]
    R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-04-18 17:58]
    R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-10-25 19:10]
    R2 lxdc_device;lxdc_device;C:\WINDOWS\system32\lxdccoms.exe [2007-05-25 05:38]
    R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-04-18 17:38]
    R3 hcw18bda;Hauppauge WinTV 418 Driver;C:\WINDOWS\system32\drivers\hcw18bda.sys [2007-05-10 14:43]
    R3 lknuhst;Linksys Network USB Host Controller;C:\WINDOWS\system32\DRIVERS\lknuhst.sys [2006-10-18 18:32]
    R3 LKNUHUB;Linksys Network USB Root Hub;C:\WINDOWS\system32\DRIVERS\lknuhub.sys [2006-10-18 18:32]
    S2 lxdcCATSCustConnectService;lxdcCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe [2007-05-25 05:38]
    S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-04-18 17:38]
    S3 HauppaugeTVServer;HauppaugeTVServer;C:\PROGRA~1\WinTV\HCWTVS~1.EXE [2007-02-20 15:11]
    S3 ngrpci;NETGEAR FA310TX Fast Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\ngrpci.sys [2001-08-17 13:12]

    *Newly Created Service* - CATCHME
    *Newly Created Service* - GTNDIS5
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-21 08:31:35
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    **************************************************************************
    .
    Completion time: 2008-04-21  8:34:03
    ComboFix-quarantined-files.txt  2008-04-21 12:33:01

    Pre-Run: 18,073,759,744 bytes free
    Post-Run: 19,050,729,472 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

    384   --- E O F ---   2008-04-09 02:06:51

    evilfantasy

    • Malware Removal Specialist
    • Moderator


    • Genius
    • Calm like a bomb
    • Thanked: 489
    • Experience: Familiar
    • OS: Windows 10
    Did Noadware just start reporting this infection when you installed AVG8?

    Could this be a false positive?

    Use the Kaspersky Online Scanner
    • Click Accept.
    • Answer Yes, when prompted to install an ActiveX component.
    • The program will then begin downloading the latest definition files.
    • Once the files have been downloaded click on NEXT
    • Locate the Scan Settings button & configure to:
      • Scan using the following Anti-Virus database:

          • Extended[/COLOR]
          • Scan Options:

              • Scan Archives[/COLOR]
                • Scan Mail Bases[/COLOR]
              • Click OK & have it scan My Computer
              When the scan is done, in the Scan is complete window (below), any infection is displayed.
              There is no option to clean/disinfect, however, we need to analyze the information on the report.

              To obtain the report:
              Click on: Save Report As...



              • Next, in the Save as prompt, Save in area, select: Desktop.
              • In the File name area, use KScan, or something similar.
              • In Save as type: click the drop arrow and select: Text file [*.txt]
              • Then, click: Save


              Please copy and paste the Kaspersky Online Scanner Report in your next post.

              ---------------

              Next post
              Kaspersky log

        lectrocrew

          Topic Starter


          Mentor

        • ole dog learning new tricks
        • Thanked: 21
          • Yes
          • Yes
          • My first self-built computer
        • Certifications: List
        • Computer: Specs
        • Experience: Familiar
        • OS: Windows 10
        Quote
        Did Noadware just start reporting this infection when you installed AVG8?
        Yes, I believe so. My NoAdware autoscans every morning {provided my computer is on, which it usually is}, at 6am while I'm at work, the last scan log for 4-17-2008 completed at 6:05am without the AntiVirusGold in it is here:
        =======================
        Noadware v5.0 --------------------------

        Reference File = C:\Program Files\NoAdware5.0\noadware4_040408.na

        ---------------------------



        Spyware Name = Tracking Cookie

        Location = adinterax

        Type = Cookie

        Spyware Name = Tracking Cookie

        Location = adopt.specificclick

        Type = Cookie

        Spyware Name = Tracking Cookie

        Location = specificclick

        Type = Cookie

        ======================

        The scan for 4-18-2008 completed at 6:04am is here:
        =======================

        Noadware v5.0 --------------------------

        Reference File = C:\Program Files\NoAdware5.0\noadware4_041608.na

        ---------------------------



        Spyware Name = Tracking Cookie

        Location = ad.yieldmanager

        Type = Cookie

        Spyware Name = Tracking Cookie

        Location = bluestreak

        Type = Cookie

        Spyware Name = Tracking Cookie

        Location = media.adrevolver

        Type = Cookie

        Spyware Name = Tracking Cookie

        Location = ssl-hints.netflame

        Type = Cookie

        Spyware Name = AntiVirusGold

        Location = C:\Program Files\AVG

        Type = Directory

        =======================
        Quote
        Could this be a false positive?

        I guess so, although you make that call. I didn't know there was such a thing as a false positive.

        Should I do anything about the files found after the combofix ran or continue to the "Kaspersky Online Scanner" now?