Security tool+No net access

4 posters

WiredWX Christian Hobby Weather Tools :: Archive :: Technical Support

Security tool+No net access16th December 2009, 11:40 pm

Daughters computer is infected with 'security tool' blocks net access. blocks task manager. blocks cd/dvd drive. normal scanner (avira) blocked. Is there any way i can stop processes manually? cannot access progs such as 'nkill' so we seem to be in a bind. any help would be gratefully received.

Last edited by humpee on 17th December 2009, 12:48 am; edited 1 time in total (Reason for editing : subject has been covered, but most infected comps seem to have access to net...and can download fix's.)

Re: Security tool+No net access17th December 2009, 1:15 am

Can you transfer tools via USB from another machine, back to this infection machine?

Please download the current version of HijackThis from HERE

Double click and run the installer.
It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
After installing, you should get the user agreement, press accept and Hijack This will run.
Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.

Re: Security tool+No net access17th December 2009, 5:55 am

no cant

Re: Security tool+No net access17th December 2009, 6:00 pm

Do you have Firefox installed? try using a different browser.

Re: Security tool+No net access17th December 2009, 11:33 pm

wish i could....only have explorer

Re: Security tool+No net access17th December 2009, 11:34 pm

looks like its clean format time Sad tearing

Re: Security tool+No net access17th December 2009, 11:35 pm

=/ Can you write tools to a CD and transfer them over? or a network connection to another machine?

Re: Security tool+No net access17th December 2009, 11:37 pm

i tried to use a cd with tools but cd/dvd drive blocked

Re: Security tool+No net access17th December 2009, 11:37 pm

hey i have securty tool virus on my computer i cant open any task manager or download any things from any websites because it will just close any files i try to open help please?!

Re: Security tool+No net access17th December 2009, 11:39 pm

ocastillo - Create your own topic please. Smile...

humpee - Don't give up on me, I'll find a way around this malware, even if it kills me.

Can you boot to safe mode with networking? might give us a slim chance.

Re: Security tool+No net access17th December 2009, 11:57 pm

yes...got into safe mode

Re: Security tool+No net access18th December 2009, 12:10 am

Does IE work any better in Safe Mode?

Re: Security tool+No net access18th December 2009, 12:20 am

still cant get online....message is 'connection terminated'

Re: Security tool+No net access18th December 2009, 12:26 am

Well, maybe we can use Windows tool to at least disable. Go to Start > Run. In the Run box, type in msconfig and hit enter.

Go into the Startup tab, copy down all the left side names (more than likely I will know a lot of them and know they are legit), just a matter of finding one that doesn't look right to me and disable it.

Copy and paste all the names back here.

Re: Security tool+No net access18th December 2009, 6:43 am

smax4pnp
igfxtray
hkcmd
igfxpers
PDVDServ
Language
NeroCheck
NBHGui
InCD
IMJPMIG
ImScInst
TINTSETP
TINTSETP
sgpUpdaters
SearchGuardPlus

Reader_sl
CNSLMAIN
BJMyPrt
SMSTray
MAAgent
64241926
ctfmon
IMVU
OpenOffice.org 3.0

Re: Security tool+No net access18th December 2009, 11:03 am

Hello.
Go back into the Startup tab, and untick the following 3 items:

sgpUpdaters
SearchGuardPlus
64241926

Reboot normally.
Can you get online now?

c: will only start using explore18th December 2009, 10:18 pm

c: will only open when using right click dropdown/explore. have tried deleting mountpoints2... worked till pc was restarted. very slow startup. here is log from hijack thLogfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 9:11:23 AM, on 12/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Seagate\Sync\SeaSyncServices.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\shaun.SHAUN-E0EAD128A\Desktop\playing stuff2\SoundMAX\SMax4.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: YouWontFindBetterDeals - {344514E9-DD71-110C-2C29-C87A37ADD6F4} - C:\Program Files\YouWontFindBetterDeals\YouWontFindBetterDeals.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMax] "C:\Documents and Settings\shaun.SHAUN-E0EAD128A\Desktop\playing stuff2\SoundMAX\SMax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [AvgRemover] C:\Documents and Settings\shaun.SHAUN-E0EAD128A\Local Settings\Temporary Internet Files\Content.IE5\3MXXJEOM\avgremover[1].exe /run_number=2 /avgdir="C:\Program Files\AVG\AVG8" /avgdatadir="C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8" /ndis_nextstep=1
O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\SHAUN~1.SHA\LOCALS~1\Temp\herss.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247020180988
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Program Files\Seagate\Sync\SeaSyncServices.exe

--
End of file - 7273 bytes
is scan.

Re: Security tool+No net access18th December 2009, 10:25 pm

humpee, please do not start a new topic. Keep all information in this one.

Therefore, I have merged your new topic in to this one.

Re: Security tool+No net access18th December 2009, 10:32 pm

sry dragon master......this recent post is my own computer...(c: wont open) i wanted to enter a different post....guess i messed up......sry the previous post was my daughters computer, i am using the phone to give her your instructions. currently, after unchecking the boxes in startup, she has regained net access. i have told her to download hijack this, scan. and log on with you guys. Thanx for your help, and i am sorry for any confusion i have caused.

Re: Security tool+No net access18th December 2009, 10:43 pm

Humpee - Please stay under one username too, gets really confusing for me if a new person jumps in half way through.

Open HijackThis
Choose "Do a system scan only"
Check the boxes in front of these lines:

O2 - BHO: YouWontFindBetterDeals - {344514E9-DD71-110C-2C29-C87A37ADD6F4} - C:\Program Files\YouWontFindBetterDeals\YouWontFindBetterDeals.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O4 - HKLM\..\RunOnce: [AvgRemover] C:\Documents and Settings\shaun.SHAUN-E0EAD128A\Local Settings\Temporary Internet Files\Content.IE5\3MXXJEOM\avgremover[1].exe /run_number=2 /avgdir="C:\Program Files\AVG\AVG8" /avgdatadir="C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8" /ndis_nextstep=1
O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\SHAUN~1.SHA\LOCALS~1\Temp\herss.exe
Press "Fix Checked"
Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Re: Security tool+No net access18th December 2009, 11:36 pm

did as directed, here is log Malwarebytes' Anti-Malware 1.42
Database version: 3388
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/19/2009 10:26:59 AM
mbam-log-2009-12-19 (10-26-59).txt

Scan type: Quick Scan
Objects scanned: 140861
Time elapsed: 4 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\youwontfindbetterdeals.youwontfindbetterdeals (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\youwontfindbetterdeals.youwontfindbetterdeals.1 (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{418d86be-7386-4f1a-83e0-53604adbda74} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{344514e9-dd71-110c-2c29-c87a37add6f4} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bb4c402f-882a-4526-8c08-51278ea437c1} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{344514e9-dd71-110c-2c29-c87a37add6f4} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{344514e9-dd71-110c-2c29-c87a37add6f4} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{344514e9-dd71-110c-2c29-c87a37add6f4} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\YouWontFindBetterDeals.dll (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\YouWontFindBetterDeals (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\NOD32KVBIT (Trojan.Frethog) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{bb4c402f-882a-4526-8c08-51278ea437c1} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.hȋdden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\AhnRpta.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
still can't open c: without using 'explore' option

Re: Security tool+No net access18th December 2009, 11:45 pm

Hello.
Do you have any external drives? they are also infected and need to be cleaned.

Hello.

Download combofix from here
Link 1

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV.
Double click on ComboFix.exe.
Follow the prompts. NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Re: Security tool+No net access19th December 2009, 12:01 am

yes 1 external..seagate drive

Re: Security tool+No net access19th December 2009, 12:03 am

kittyfix?

Re: Security tool+No net access19th December 2009, 12:17 am

Yeah, it's renamed. Goofy

Re: Security tool+No net access19th December 2009, 12:19 am

rename to combo-fix?

Re: Security tool+No net access19th December 2009, 12:20 am

No, it's already renamed. Sorry, I took your last post as a question why it's called KittyFix when my post says Combofix. LMBO or ROFL

Re: Security tool+No net access19th December 2009, 12:59 am

ComboFix 09-12-18.01 - shaun 12/19/2009 11:35:22.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.106 [GMT 11:00]
Running from: c:\processexplorer\KittyFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\Shaun\Favorites\Download programs.url
c:\documents and settings\Shaun\Favorites\Games.url
c:\documents and settings\Shaun\Favorites\Translator.url
c:\documents and settings\Shaun\Favorites\Videos.url
c:\recycler\S-1-5-21-527237240-1801674531-725345543-1003
C:\SETUP.BAT
C:\Thumbs.db
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000019_.tmp.dll
c:\windows\system32\_000020_.tmp.dll
c:\windows\system32\_000021_.tmp.dll
c:\windows\system32\_000022_.tmp.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_AVPsys

((((((((((((((((((((((((( Files Created from 2009-11-19 to 2009-12-19 )))))))))))))))))))))))))))))))
.

2009-12-18 23:14 . 2009-12-18 23:14 -------- d-----w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Malwarebytes
2009-12-18 23:14 . 2009-12-03 05:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-18 23:14 . 2009-12-03 05:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-18 23:07 . 2009-12-18 23:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-18 23:07 . 2009-12-18 23:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-12-18 22:10 . 2009-12-18 22:10 388096 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-12-18 22:10 . 2009-12-18 22:10 -------- d-----w- c:\program files\TrendMicro
2009-12-16 21:41 . 2009-12-16 21:41 -------- d-----w- C:\VJVod_Cache
2009-12-16 21:41 . 2009-12-16 21:41 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\nagasoft
2009-12-16 09:53 . 2009-12-16 09:53 -------- d-----w- C:\New Folder
2009-12-16 09:51 . 2009-12-19 00:26 -------- d-----w- C:\ProcessExplorer
2009-12-16 02:57 . 2009-12-16 02:57 -------- d-----w- c:\windows\system32\Nagasoft
2009-12-03 00:34 . 2009-12-09 06:01 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-03 00:34 . 2009-03-29 22:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-03 00:34 . 2009-02-13 00:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-03 00:34 . 2009-02-13 00:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-03 00:34 . 2009-12-03 00:34 -------- d-----w- c:\program files\Avira
2009-12-03 00:34 . 2009-12-03 00:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira
2009-11-29 04:32 . 2009-11-29 04:32 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-29 04:31 . 2009-11-29 04:31 -------- d-----w- C:\$AVG8.VAULT$
2009-11-29 04:31 . 2009-11-29 04:31 -------- d-----w- c:\windows\system32\drivers\Avg(2)
2009-11-29 04:30 . 2009-11-29 04:30 -------- d-----w- c:\windows\SxsCaPendDel
2009-11-28 20:56 . 2009-12-03 01:37 152576 ----a-w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-28 09:29 . 2009-12-03 01:34 79488 ----a-w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-19 01:24 . 2009-11-19 01:24 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-17 06:55 . 2009-10-22 09:36 -------- d-----w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\LimeWire
2009-12-16 07:57 . 2009-10-02 05:27 862040 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-16 07:57 . 2009-10-02 05:27 206944 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-16 07:57 . 2009-10-02 05:27 390288 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-16 07:57 . 2009-10-29 22:56 537576 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-16 07:57 . 2009-10-02 05:27 370744 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-16 07:57 . 2009-10-02 05:27 163728 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-12-16 07:57 . 2009-10-02 05:27 194104 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-16 07:57 . 2009-10-02 05:27 327000 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-12-16 07:56 . 2009-10-02 05:27 87496 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-12-16 07:56 . 2009-10-02 05:26 933120 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-16 07:56 . 2009-10-02 05:26 641632 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-12-16 07:56 . 2009-10-02 05:26 816272 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-16 07:56 . 2009-10-02 05:26 822904 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-16 07:56 . 2009-10-02 05:26 1638640 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-16 07:56 . 2009-10-02 05:26 788880 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-16 07:56 . 2009-10-02 05:26 1184912 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-03 01:37 . 2009-10-22 09:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-03 01:37 . 2007-09-13 01:23 -------- d-----w- c:\program files\Java
2009-11-29 21:54 . 2009-10-01 08:14 -------- d-----w- c:\program files\Paltalk Messenger
2009-11-03 11:43 . 2009-11-03 11:43 -------- d-----w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\ImgBurn
2009-11-03 04:07 . 2009-11-03 04:07 -------- d-----w- c:\program files\Daniusoft
2009-10-29 22:56 . 2009-10-29 22:56 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-29 22:56 . 2009-10-29 22:56 93360 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-10-29 22:56 . 2009-10-29 22:56 554280 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2009-10-29 22:56 . 2009-10-02 05:48 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-29 22:56 . 2009-10-02 05:27 15880 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-10-29 22:56 . 2009-10-29 22:56 212480 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-10-29 22:56 . 2009-10-29 22:56 283944 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-10-29 22:56 . 2009-10-29 22:56 1223976 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-10-29 22:56 . 2009-10-29 22:56 242984 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-10-29 22:55 . 2009-10-02 05:27 5908024 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-10-29 22:51 . 2009-10-29 22:51 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-28 23:39 . 2009-10-28 23:26 1649 ----a-w- c:\windows\system32\nodes.txt.tmp
2009-10-22 01:24 . 2009-10-22 01:24 10134 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe
2009-10-22 01:23 . 2008-01-08 00:59 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-10-22 01:23 . 2009-10-22 01:23 10134 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe
2009-10-22 01:23 . 2009-10-22 01:23 10134 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{EA516024-D84D-41F1-814F-83175A6188F2}\ARPPRODUCTICON.exe
2009-10-06 11:58 . 2009-10-06 10:25 696352 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-06 11:58 . 2009-10-06 10:25 5408 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-10-04 05:08 . 2009-10-04 05:08 1962544 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-10-03 08:15 . 2009-10-29 22:51 2924848 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-10-02 05:27 . 2009-10-02 05:27 17632 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2009-10-02 05:27 . 2009-10-02 05:27 68640 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\lbd.sys
2009-10-02 05:27 . 2009-10-02 05:26 525792 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\DIFxAPI.dll
2009-10-02 05:26 . 2009-10-02 05:26 303976 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe
2009-10-02 05:26 . 2009-10-02 05:26 640760 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-09-23 12:55 . 2009-10-02 02:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2008-01-09 08:43 . 2008-01-09 08:41 2293848 -c--a-w- c:\program files\FLV PlayerFCSetup.exe
2008-01-09 08:41 . 2008-01-09 08:38 3928264 -c--a-w- c:\program files\FLV PlayerRCATSetup.exe
2008-01-09 08:22 . 2008-01-09 08:22 411248 -c--a-w- c:\program files\FLV PlayerRCSetup.exe
2007-10-06 07:14 . 2007-10-06 07:14 52 -c--a-w- c:\program files\Save Windows and Programs (No Data or Documents).BDF
2007-10-06 07:14 . 2007-10-06 07:14 52 -c--a-w- c:\program files\Save Data and Documents Only.BDF
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-04 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="realsched.exe -osboot" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-09 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-03 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-9-26 11550720]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"nwiz"=nwiz.exe /install
"StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Documents and Settings\\shaun.SHAUN-E0EAD128A\\Desktop\\Unused Desktop Shortcuts\\Call of Duty\\Call of Duty MP.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56468:TCP"= 56468:TCP:Pando Media Booster
"56468:UDP"= 56468:UDP:Pando Media Booster

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/2/2009 1:55 PM 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/3/2009 11:34 AM 108289]
R2 Seagate Sync Service;Seagate Sync Service;c:\program files\Seagate\Sync\SeaSyncServices.exe [1/18/2007 3:20 PM 24120]
R3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [11/3/2009 3:07 PM 16896]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 10:17 PM 1184912]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-avgrsstarter - avgrsstx.dll
AddRemove-PerformanceAdSystem - c:\program files\YouWontFindBetterDeals\uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-19 11:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1417001333-1897051121-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A5EC7AA0-DCBE-817A-0FB6-D050177AC852}*]
"hamhmcogmphechon"=hex:6a,61,62,69,64,67,6b,6c,6e,69,62,63,6c,70,65,66,66,69,
66,64,00,00
"iaokgcmnliddnfcdli"=hex:6a,61,62,69,64,67,6b,6c,6e,69,62,63,6c,70,65,66,66,69,
66,64,00,00
"hakkmakkoelaneba"=hex:6b,61,62,6c,6d,63,65,6e,6d,61,62,62,6c,61,63,6c,61,6d,
63,6a,67,66,00,00
"hakkmakkbfagbgee"=hex:70,62,62,6b,6e,6f,6b,6f,64,6d,64,6d,6f,6c,68,6d,67,62,
6c,6c,6d,68,6b,6e,6e,61,65,6e,6f,6c,62,70,70,66,66,63,62,6c,61,69,68,6e,63,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3100)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-12-19 11:49:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-19 00:49

Pre-Run: 37,706,444,800 bytes free
Post-Run: 37,666,697,216 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /usepmtimer /noexecute=optin

- - End Of File - - A227CF7C9B2A5A58503C7DD5A33853B5

Re: Security tool+No net access19th December 2009, 1:11 am

Okay, good work. Before we remove the leftovers, is AVG still installed on this machine or did it corrupt itself on you?

Combofix says AVG is active, yet I only see some leftover dead drivers and no run values.

Completely Uninstall AVG software

Download and run avgremover.exe

For 32-Bit, Download: avgremover.exe

Re: Security tool+No net access19th December 2009, 1:13 am

corrupted....tried to get rid of it but ......

Re: Security tool+No net access19th December 2009, 1:17 am

Thought so, AVG did the same to me. Run the uninstaller I posted above, then we'll take out them leftovers. Once you have run the uninstall:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:

Driver::
Avgfwdx
Avgfwfd

RegNull::
[HKEY_USERS\S-1-5-21-1417001333-1897051121-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A5EC7AA0-DCBE-817A-0FB6-D050177AC852}*]
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

Re: Security tool+No net access19th December 2009, 1:59 am

ComboFix 09-12-18.01 - shaun 12/19/2009 12:41:42.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.249 [GMT 11:00]
Running from: c:\processexplorer\KittyFix.exe
Command switches used :: c:\documents and settings\shaun.SHAUN-E0EAD128A\My Documents\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Avgfwdx
-------\Service_Avgfwfd

((((((((((((((((((((((((( Files Created from 2009-11-19 to 2009-12-19 )))))))))))))))))))))))))))))))
.

2009-12-18 23:14 . 2009-12-18 23:14 -------- d-----w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Malwarebytes
2009-12-18 23:14 . 2009-12-03 05:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-18 23:14 . 2009-12-03 05:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-18 23:07 . 2009-12-18 23:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-18 23:07 . 2009-12-18 23:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-12-18 22:10 . 2009-12-18 22:10 -------- d-----w- c:\program files\TrendMicro
2009-12-16 21:41 . 2009-12-16 21:41 -------- d-----w- C:\VJVod_Cache
2009-12-16 21:41 . 2009-12-16 21:41 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\nagasoft
2009-12-16 09:53 . 2009-12-16 09:53 -------- d-----w- C:\New Folder
2009-12-16 09:51 . 2009-12-19 01:33 -------- d-----w- C:\ProcessExplorer
2009-12-16 02:57 . 2009-12-16 02:57 -------- d-----w- c:\windows\system32\Nagasoft
2009-12-03 00:34 . 2009-12-09 06:01 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-03 00:34 . 2009-03-29 22:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-03 00:34 . 2009-02-13 00:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-03 00:34 . 2009-02-13 00:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-03 00:34 . 2009-12-03 00:34 -------- d-----w- c:\program files\Avira
2009-12-03 00:34 . 2009-12-03 00:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira
2009-11-29 04:32 . 2009-11-29 04:32 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-29 04:31 . 2009-11-29 04:31 -------- d-----w- C:\$AVG8.VAULT$
2009-11-29 04:31 . 2009-11-29 04:31 -------- d-----w- c:\windows\system32\drivers\Avg(2)
2009-11-29 04:30 . 2009-11-29 04:30 -------- d-----w- c:\windows\SxsCaPendDel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-18 22:10 . 2009-12-18 22:10 388096 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-12-17 06:55 . 2009-10-22 09:36 -------- d-----w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\LimeWire
2009-12-16 07:57 . 2009-10-02 05:27 862040 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-16 07:57 . 2009-10-02 05:27 206944 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-16 07:57 . 2009-10-02 05:27 390288 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-16 07:57 . 2009-10-29 22:56 537576 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-16 07:57 . 2009-10-02 05:27 370744 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-16 07:57 . 2009-10-02 05:27 163728 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-12-16 07:57 . 2009-10-02 05:27 194104 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-16 07:57 . 2009-10-02 05:27 327000 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-12-16 07:56 . 2009-10-02 05:27 87496 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-12-16 07:56 . 2009-10-02 05:26 933120 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-16 07:56 . 2009-10-02 05:26 641632 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-12-16 07:56 . 2009-10-02 05:26 816272 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-16 07:56 . 2009-10-02 05:26 822904 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-16 07:56 . 2009-10-02 05:26 1638640 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-16 07:56 . 2009-10-02 05:26 788880 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-16 07:56 . 2009-10-02 05:26 1184912 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-03 01:37 . 2009-10-22 09:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-03 01:37 . 2007-09-13 01:23 -------- d-----w- c:\program files\Java
2009-12-03 01:37 . 2009-11-28 20:56 152576 ----a-w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-03 01:34 . 2009-11-28 09:29 79488 ----a-w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-29 21:54 . 2009-10-01 08:14 -------- d-----w- c:\program files\Paltalk Messenger
2009-11-03 11:43 . 2009-11-03 11:43 -------- d-----w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\ImgBurn
2009-11-03 04:07 . 2009-11-03 04:07 -------- d-----w- c:\program files\Daniusoft
2009-10-29 22:56 . 2009-10-29 22:56 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-29 22:56 . 2009-10-29 22:56 93360 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-10-29 22:56 . 2009-10-29 22:56 554280 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2009-10-29 22:56 . 2009-10-02 05:48 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-29 22:56 . 2009-10-02 05:27 15880 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-10-29 22:56 . 2009-10-29 22:56 212480 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-10-29 22:56 . 2009-10-29 22:56 283944 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-10-29 22:56 . 2009-10-29 22:56 1223976 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-10-29 22:56 . 2009-10-29 22:56 242984 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-10-29 22:55 . 2009-10-02 05:27 5908024 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-10-29 22:51 . 2009-10-29 22:51 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-28 23:39 . 2009-10-28 23:26 1649 ----a-w- c:\windows\system32\nodes.txt.tmp
2009-10-22 01:24 . 2009-10-22 01:24 10134 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe
2009-10-22 01:23 . 2008-01-08 00:59 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-10-22 01:23 . 2009-10-22 01:23 10134 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe
2009-10-22 01:23 . 2009-10-22 01:23 10134 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{EA516024-D84D-41F1-814F-83175A6188F2}\ARPPRODUCTICON.exe
2009-10-06 11:58 . 2009-10-06 10:25 696352 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-06 11:58 . 2009-10-06 10:25 5408 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-10-04 05:08 . 2009-10-04 05:08 1962544 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-10-03 08:15 . 2009-10-29 22:51 2924848 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-10-02 05:27 . 2009-10-02 05:27 17632 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2009-10-02 05:27 . 2009-10-02 05:27 68640 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\lbd.sys
2009-10-02 05:27 . 2009-10-02 05:26 525792 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\DIFxAPI.dll
2009-10-02 05:26 . 2009-10-02 05:26 303976 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe
2009-10-02 05:26 . 2009-10-02 05:26 640760 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-09-23 12:55 . 2009-10-02 02:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2008-01-09 08:43 . 2008-01-09 08:41 2293848 -c--a-w- c:\program files\FLV PlayerFCSetup.exe
2008-01-09 08:41 . 2008-01-09 08:38 3928264 -c--a-w- c:\program files\FLV PlayerRCATSetup.exe
2008-01-09 08:22 . 2008-01-09 08:22 411248 -c--a-w- c:\program files\FLV PlayerRCSetup.exe
2007-10-06 07:14 . 2007-10-06 07:14 52 -c--a-w- c:\program files\Save Windows and Programs (No Data or Documents).BDF
2007-10-06 07:14 . 2007-10-06 07:14 52 -c--a-w- c:\program files\Save Data and Documents Only.BDF
.

((((((((((((((((((((((((((((( SnapShot@2009-12-19_00.44.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-19 01:49 . 2009-12-19 01:49 16384 c:\windows\Temp\Perflib_Perfdata_5d0.dat
+ 2009-07-06 02:37 . 2009-12-19 00:47 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-07-06 02:37 . 2009-12-18 23:30 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-04 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="realsched.exe -osboot" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-09 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-03 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-9-26 11550720]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"nwiz"=nwiz.exe /install
"StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Documents and Settings\\shaun.SHAUN-E0EAD128A\\Desktop\\Unused Desktop Shortcuts\\Call of Duty\\Call of Duty MP.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56468:TCP"= 56468:TCP:Pando Media Booster
"56468:UDP"= 56468:UDP:Pando Media Booster

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/2/2009 1:55 PM 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/3/2009 11:34 AM 108289]
R2 Seagate Sync Service;Seagate Sync Service;c:\program files\Seagate\Sync\SeaSyncServices.exe [1/18/2007 3:20 PM 24120]
R3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [11/3/2009 3:07 PM 16896]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 10:17 PM 1184912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-19 12:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2860)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-12-19 12:56:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-19 01:56
ComboFix2.txt 2009-12-19 00:49

Pre-Run: 37,675,393,024 bytes free
Post-Run: 37,640,593,408 bytes free

- - End Of File - - 8736FA11CAA5CD303A0392C885B7D7C5

Re: Security tool+No net access19th December 2009, 2:06 am

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?

Re: Security tool+No net access19th December 2009, 2:11 am

faster thanks....combo stated that avg was still lurking though

Re: Security tool+No net access19th December 2009, 2:17 am

combofix uninstalled...but messaged that avg was still there

Re: Security tool+No net access19th December 2009, 3:44 pm

Did you run the AVG uninstaller? Smile...

Re: Security tool+No net access20th December 2009, 5:02 am

yep ..twice

Re: Security tool+No net access20th December 2009, 2:34 pm

Please re-download Combofix.

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:

SecCenter::
{17DDD097-36FF-435F-9E1B-52D74245D6BF}
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

Re: Security tool+No net access20th December 2009, 11:38 pm

done as directComboFix 09-12-18.03 - shaun 12/21/2009 10:26:12.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.133 [GMT 11:00]
Running from: c:\processexplorer\KittyFix.exe
Command switches used :: c:\processexplorer\CFScript.lnk
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-11-20 to 2009-12-20 )))))))))))))))))))))))))))))))
.

2009-12-18 23:14 . 2009-12-18 23:14 -------- d-----w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Malwarebytes
2009-12-18 23:14 . 2009-12-03 05:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-18 23:14 . 2009-12-03 05:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-18 23:07 . 2009-12-18 23:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-18 23:07 . 2009-12-18 23:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-12-18 22:10 . 2009-12-18 22:10 388096 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-12-18 22:10 . 2009-12-18 22:10 -------- d-----w- c:\program files\TrendMicro
2009-12-16 21:41 . 2009-12-16 21:41 -------- d-----w- C:\VJVod_Cache
2009-12-16 21:41 . 2009-12-16 21:41 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\nagasoft
2009-12-16 09:53 . 2009-12-16 09:53 -------- d-----w- C:\New Folder
2009-12-16 09:51 . 2009-12-20 23:26 -------- d-----w- C:\ProcessExplorer
2009-12-16 02:57 . 2009-12-16 02:57 -------- d-----w- c:\windows\system32\Nagasoft
2009-12-03 00:34 . 2009-12-09 06:01 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-03 00:34 . 2009-03-29 22:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-03 00:34 . 2009-02-13 00:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-03 00:34 . 2009-02-13 00:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-03 00:34 . 2009-12-03 00:34 -------- d-----w- c:\program files\Avira
2009-12-03 00:34 . 2009-12-03 00:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira
2009-11-29 04:32 . 2009-11-29 04:32 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-29 04:31 . 2009-11-29 04:31 -------- d-----w- C:\$AVG8.VAULT$
2009-11-29 04:30 . 2009-11-29 04:30 -------- d-----w- c:\windows\SxsCaPendDel
2009-11-28 20:56 . 2009-12-03 01:37 152576 ----a-w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-28 09:29 . 2009-12-03 01:34 79488 ----a-w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-17 06:55 . 2009-10-22 09:36 -------- d-----w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\LimeWire
2009-12-16 07:57 . 2009-10-02 05:27 862040 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-16 07:57 . 2009-10-02 05:27 206944 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-16 07:57 . 2009-10-02 05:27 390288 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-16 07:57 . 2009-10-29 22:56 537576 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-16 07:57 . 2009-10-02 05:27 370744 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-16 07:57 . 2009-10-02 05:27 163728 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-12-16 07:57 . 2009-10-02 05:27 194104 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-16 07:57 . 2009-10-02 05:27 327000 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-12-16 07:56 . 2009-10-02 05:27 87496 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-12-16 07:56 . 2009-10-02 05:26 933120 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-16 07:56 . 2009-10-02 05:26 641632 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-12-16 07:56 . 2009-10-02 05:26 816272 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-16 07:56 . 2009-10-02 05:26 822904 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-16 07:56 . 2009-10-02 05:26 1638640 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-16 07:56 . 2009-10-02 05:26 788880 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-16 07:56 . 2009-10-02 05:26 1184912 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-03 01:37 . 2009-10-22 09:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-03 01:37 . 2007-09-13 01:23 -------- d-----w- c:\program files\Java
2009-11-29 21:54 . 2009-10-01 08:14 -------- d-----w- c:\program files\Paltalk Messenger
2009-11-03 11:43 . 2009-11-03 11:43 -------- d-----w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\ImgBurn
2009-11-03 04:07 . 2009-11-03 04:07 -------- d-----w- c:\program files\Daniusoft
2009-10-29 22:56 . 2009-10-29 22:56 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-29 22:56 . 2009-10-29 22:56 93360 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-10-29 22:56 . 2009-10-29 22:56 554280 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2009-10-29 22:56 . 2009-10-02 05:48 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-29 22:56 . 2009-10-02 05:27 15880 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-10-29 22:56 . 2009-10-29 22:56 212480 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-10-29 22:56 . 2009-10-29 22:56 283944 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-10-29 22:56 . 2009-10-29 22:56 1223976 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-10-29 22:56 . 2009-10-29 22:56 242984 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-10-29 22:55 . 2009-10-02 05:27 5908024 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-10-29 22:51 . 2009-10-29 22:51 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-28 23:39 . 2009-10-28 23:26 1649 ----a-w- c:\windows\system32\nodes.txt.tmp
2009-10-22 01:24 . 2009-10-22 01:24 10134 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe
2009-10-22 01:23 . 2008-01-08 00:59 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-10-22 01:23 . 2009-10-22 01:23 10134 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe
2009-10-22 01:23 . 2009-10-22 01:23 10134 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{EA516024-D84D-41F1-814F-83175A6188F2}\ARPPRODUCTICON.exe
2009-10-06 11:58 . 2009-10-06 10:25 696352 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-06 11:58 . 2009-10-06 10:25 5408 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-10-04 05:08 . 2009-10-04 05:08 1962544 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-10-03 08:15 . 2009-10-29 22:51 2924848 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-10-02 05:27 . 2009-10-02 05:27 17632 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2009-10-02 05:27 . 2009-10-02 05:27 68640 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\lbd.sys
2009-10-02 05:27 . 2009-10-02 05:26 525792 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\DIFxAPI.dll
2009-10-02 05:26 . 2009-10-02 05:26 303976 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe
2009-10-02 05:26 . 2009-10-02 05:26 640760 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-09-23 12:55 . 2009-10-02 02:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2008-01-09 08:43 . 2008-01-09 08:41 2293848 -c--a-w- c:\program files\FLV PlayerFCSetup.exe
2008-01-09 08:41 . 2008-01-09 08:38 3928264 -c--a-w- c:\program files\FLV PlayerRCATSetup.exe
2008-01-09 08:22 . 2008-01-09 08:22 411248 -c--a-w- c:\program files\FLV PlayerRCSetup.exe
2007-10-06 07:14 . 2007-10-06 07:14 52 -c--a-w- c:\program files\Save Windows and Programs (No Data or Documents).BDF
2007-10-06 07:14 . 2007-10-06 07:14 52 -c--a-w- c:\program files\Save Data and Documents Only.BDF
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-04 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="realsched.exe -osboot" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-09 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-03 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-9-26 11550720]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"nwiz"=nwiz.exe /install
"StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Documents and Settings\\shaun.SHAUN-E0EAD128A\\Desktop\\Unused Desktop Shortcuts\\Call of Duty\\Call of Duty MP.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56468:TCP"= 56468:TCP:Pando Media Booster
"56468:UDP"= 56468:UDP:Pando Media Booster

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/2/2009 1:55 PM 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/3/2009 11:34 AM 108289]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 10:17 PM 1184912]
R2 Seagate Sync Service;Seagate Sync Service;c:\program files\Seagate\Sync\SeaSyncServices.exe [1/18/2007 3:20 PM 24120]
R3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [11/3/2009 3:07 PM 16896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.

**************************************************************************
scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3240)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-12-21 10:34:54
ComboFix-quarantined-files.txt 2009-12-20 23:34
ComboFix2.txt 2009-12-19 01:56

Pre-Run: 39,259,381,760 bytes free
Post-Run: 39,228,141,568 bytes free

- - End Of File - - 4534F87C5CBB17143CDAC170E554CACF
ed.

Re: Security tool+No net access21st December 2009, 12:05 am

Hello.
That didn't work because you didn't save the file right.

c:\processexplorer\CFScript.lnk

You need to save it as a text file (.txt)

Re: Security tool+No net access21st December 2009, 12:54 am

saved as trext.....combofix goes into reduced functionality mode and vanishes...

Re: Security tool+No net access21st December 2009, 12:57 am

Delete the copy you have and download it again, then it works.

Re: Security tool+No net access21st December 2009, 1:34 am

ComboFix 09-12-20.03 - shaun 12/21/2009 12:22:20.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.153 [GMT 11:00]
Running from: c:\processexplorer\KittyFix.exe
Command switches used :: c:\processexplorer\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2009-11-21 to 2009-12-21 )))))))))))))))))))))))))))))))
.

2009-12-18 23:14 . 2009-12-18 23:14 -------- d-----w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Malwarebytes
2009-12-18 23:14 . 2009-12-03 05:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-18 23:14 . 2009-12-03 05:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-18 23:07 . 2009-12-18 23:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-18 23:07 . 2009-12-18 23:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-12-18 22:10 . 2009-12-18 22:10 388096 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-12-18 22:10 . 2009-12-18 22:10 -------- d-----w- c:\program files\TrendMicro
2009-12-16 21:41 . 2009-12-16 21:41 -------- d-----w- C:\VJVod_Cache
2009-12-16 21:41 . 2009-12-16 21:41 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\nagasoft
2009-12-16 09:53 . 2009-12-16 09:53 -------- d-----w- C:\New Folder
2009-12-16 09:51 . 2009-12-21 01:22 -------- d-----w- C:\ProcessExplorer
2009-12-16 02:57 . 2009-12-16 02:57 -------- d-----w- c:\windows\system32\Nagasoft
2009-12-03 00:34 . 2009-12-09 06:01 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-03 00:34 . 2009-03-29 22:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-03 00:34 . 2009-02-13 00:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-03 00:34 . 2009-02-13 00:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-03 00:34 . 2009-12-03 00:34 -------- d-----w- c:\program files\Avira
2009-12-03 00:34 . 2009-12-03 00:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira
2009-11-29 04:32 . 2009-11-29 04:32 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-29 04:31 . 2009-11-29 04:31 -------- d-----w- C:\$AVG8.VAULT$
2009-11-29 04:30 . 2009-11-29 04:30 -------- d-----w- c:\windows\SxsCaPendDel
2009-11-28 20:56 . 2009-12-03 01:37 152576 ----a-w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-28 09:29 . 2009-12-03 01:34 79488 ----a-w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-17 06:55 . 2009-10-22 09:36 -------- d-----w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\LimeWire
2009-12-16 07:57 . 2009-10-02 05:27 862040 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-16 07:57 . 2009-10-02 05:27 206944 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-16 07:57 . 2009-10-02 05:27 390288 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-16 07:57 . 2009-10-29 22:56 537576 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-16 07:57 . 2009-10-02 05:27 370744 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-16 07:57 . 2009-10-02 05:27 163728 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-12-16 07:57 . 2009-10-02 05:27 194104 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-16 07:57 . 2009-10-02 05:27 327000 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-12-16 07:56 . 2009-10-02 05:27 87496 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-12-16 07:56 . 2009-10-02 05:26 933120 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-16 07:56 . 2009-10-02 05:26 641632 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-12-16 07:56 . 2009-10-02 05:26 816272 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-16 07:56 . 2009-10-02 05:26 822904 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-16 07:56 . 2009-10-02 05:26 1638640 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-16 07:56 . 2009-10-02 05:26 788880 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-16 07:56 . 2009-10-02 05:26 1184912 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-03 01:37 . 2009-10-22 09:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-03 01:37 . 2007-09-13 01:23 -------- d-----w- c:\program files\Java
2009-11-29 21:54 . 2009-10-01 08:14 -------- d-----w- c:\program files\Paltalk Messenger
2009-11-03 11:43 . 2009-11-03 11:43 -------- d-----w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\ImgBurn
2009-11-03 04:07 . 2009-11-03 04:07 -------- d-----w- c:\program files\Daniusoft
2009-10-29 22:56 . 2009-10-29 22:56 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-29 22:56 . 2009-10-29 22:56 93360 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-10-29 22:56 . 2009-10-29 22:56 554280 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2009-10-29 22:56 . 2009-10-02 05:48 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-29 22:56 . 2009-10-02 05:27 15880 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-10-29 22:56 . 2009-10-29 22:56 212480 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-10-29 22:56 . 2009-10-29 22:56 283944 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-10-29 22:56 . 2009-10-29 22:56 1223976 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-10-29 22:56 . 2009-10-29 22:56 242984 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-10-29 22:55 . 2009-10-02 05:27 5908024 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-10-29 22:51 . 2009-10-29 22:51 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-28 23:39 . 2009-10-28 23:26 1649 ----a-w- c:\windows\system32\nodes.txt.tmp
2009-10-22 01:24 . 2009-10-22 01:24 10134 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe
2009-10-22 01:23 . 2009-10-22 01:23 10134 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe
2009-10-22 01:23 . 2009-10-22 01:23 10134 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{EA516024-D84D-41F1-814F-83175A6188F2}\ARPPRODUCTICON.exe
2009-10-06 11:58 . 2009-10-06 10:25 696352 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-06 11:58 . 2009-10-06 10:25 5408 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-10-04 05:08 . 2009-10-04 05:08 1962544 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-10-03 08:15 . 2009-10-29 22:51 2924848 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-10-02 05:27 . 2009-10-02 05:27 17632 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2009-10-02 05:27 . 2009-10-02 05:27 68640 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\lbd.sys
2009-10-02 05:27 . 2009-10-02 05:26 525792 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\DIFxAPI.dll
2009-10-02 05:26 . 2009-10-02 05:26 303976 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe
2009-10-02 05:26 . 2009-10-02 05:26 640760 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-09-23 12:55 . 2009-10-02 02:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2008-01-09 08:43 . 2008-01-09 08:41 2293848 -c--a-w- c:\program files\FLV PlayerFCSetup.exe
2008-01-09 08:41 . 2008-01-09 08:38 3928264 -c--a-w- c:\program files\FLV PlayerRCATSetup.exe
2008-01-09 08:22 . 2008-01-09 08:22 411248 -c--a-w- c:\program files\FLV PlayerRCSetup.exe
2007-10-06 07:14 . 2007-10-06 07:14 52 -c--a-w- c:\program files\Save Windows and Programs (No Data or Documents).BDF
2007-10-06 07:14 . 2007-10-06 07:14 52 -c--a-w- c:\program files\Save Data and Documents Only.BDF
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-04 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="realsched.exe -osboot" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-09 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-03 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-9-26 11550720]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"nwiz"=nwiz.exe /install
"StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Documents and Settings\\shaun.SHAUN-E0EAD128A\\Desktop\\Unused Desktop Shortcuts\\Call of Duty\\Call of Duty MP.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56468:TCP"= 56468:TCP:Pando Media Booster
"56468:UDP"= 56468:UDP:Pando Media Booster

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/2/2009 1:55 PM 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/3/2009 11:34 AM 108289]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 10:17 PM 1184912]
R2 Seagate Sync Service;Seagate Sync Service;c:\program files\Seagate\Sync\SeaSyncServices.exe [1/18/2007 3:20 PM 24120]
R3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [11/3/2009 3:07 PM 16896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-21 12:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2808)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-12-21 12:30:53
ComboFix-quarantined-files.txt 2009-12-21 01:30

Pre-Run: 39,225,159,680 bytes free
Post-Run: 39,213,617,152 bytes free

- - End Of File - - 5AE89D108E68757DABFC0C2D906FEDDE

Re: Security tool+No net access21st December 2009, 7:02 pm

There, no more AVG.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?

Re: Security tool+No net access21st December 2009, 10:35 pm

thnx belahzur.......no one could ever accuse you of giving up easy. you have done me a huge service which would otherwise have meant a trip to the computer shop.....and a lot of cost probably. The machine seems to be running quite well now...for an antique. Thanks again. Thank You!

Security tool+No net access

descriptionSecurity tool+No net access16th December 2009, 11:40 pm

descriptionRe: Security tool+No net access17th December 2009, 1:15 am

descriptionRe: Security tool+No net access17th December 2009, 5:55 am

descriptionRe: Security tool+No net access17th December 2009, 6:00 pm

descriptionRe: Security tool+No net access17th December 2009, 11:33 pm

descriptionRe: Security tool+No net access17th December 2009, 11:34 pm

descriptionRe: Security tool+No net access17th December 2009, 11:35 pm

descriptionRe: Security tool+No net access17th December 2009, 11:37 pm

descriptionRe: Security tool+No net access17th December 2009, 11:37 pm

descriptionRe: Security tool+No net access17th December 2009, 11:39 pm

descriptionRe: Security tool+No net access17th December 2009, 11:57 pm

descriptionRe: Security tool+No net access18th December 2009, 12:10 am

descriptionRe: Security tool+No net access18th December 2009, 12:20 am

descriptionRe: Security tool+No net access18th December 2009, 12:26 am

descriptionRe: Security tool+No net access18th December 2009, 6:43 am

descriptionRe: Security tool+No net access18th December 2009, 11:03 am

descriptionc: will only start using explore18th December 2009, 10:18 pm

descriptionRe: Security tool+No net access18th December 2009, 10:25 pm

descriptionRe: Security tool+No net access18th December 2009, 10:32 pm

descriptionRe: Security tool+No net access18th December 2009, 10:43 pm

descriptionRe: Security tool+No net access18th December 2009, 11:36 pm

descriptionRe: Security tool+No net access18th December 2009, 11:45 pm

descriptionRe: Security tool+No net access19th December 2009, 12:01 am

descriptionRe: Security tool+No net access19th December 2009, 12:03 am

descriptionRe: Security tool+No net access19th December 2009, 12:17 am

descriptionRe: Security tool+No net access19th December 2009, 12:19 am

descriptionRe: Security tool+No net access19th December 2009, 12:20 am

descriptionRe: Security tool+No net access19th December 2009, 12:59 am

descriptionRe: Security tool+No net access19th December 2009, 1:11 am

descriptionRe: Security tool+No net access19th December 2009, 1:13 am

descriptionRe: Security tool+No net access19th December 2009, 1:17 am

descriptionRe: Security tool+No net access19th December 2009, 1:59 am

descriptionRe: Security tool+No net access19th December 2009, 2:06 am

descriptionRe: Security tool+No net access19th December 2009, 2:11 am

descriptionRe: Security tool+No net access19th December 2009, 2:17 am

descriptionRe: Security tool+No net access19th December 2009, 3:44 pm

descriptionRe: Security tool+No net access20th December 2009, 5:02 am

descriptionRe: Security tool+No net access20th December 2009, 2:34 pm

descriptionRe: Security tool+No net access20th December 2009, 11:38 pm

descriptionRe: Security tool+No net access21st December 2009, 12:05 am

descriptionRe: Security tool+No net access21st December 2009, 12:54 am

descriptionRe: Security tool+No net access21st December 2009, 12:57 am

descriptionRe: Security tool+No net access21st December 2009, 1:34 am

descriptionRe: Security tool+No net access21st December 2009, 7:02 pm

descriptionRe: Security tool+No net access21st December 2009, 10:35 pm

descriptionRe: Security tool+No net access