Virus?

:( Still doesn't work after cleaning it...This is so frustrating...Google is like the page i view the most and i cant even get onto it...

Anyone else have any suggestions?
 
Can I see the Kapersky log please?

Those locked and skipped objects can be the problem.
 
Woops sorry.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, September 24, 2007 12:59:57 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 24/09/2007
Kaspersky Anti-Virus database records: 422758
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Critical Areas:
C:\WINDOWS
C:\DOCUME~1\Alson\LOCALS~1\Temp\

Scan Statistics:
Total number of scanned objects: 22682
Number of viruses found: 1
Number of infected objects: 1
Number of suspicious objects: 0
Duration of the scan process: 00:24:40

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\DOCUME~1\Alson\LOCALS~1\Temp\NERO13366\Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\DOCUME~1\Alson\LOCALS~1\Temp\Perflib_Perfdata_b10.dat Object is locked skipped
C:\DOCUME~1\Alson\LOCALS~1\Temp\Perflib_Perfdata_b34.dat Object is locked skipped
C:\DOCUME~1\Alson\LOCALS~1\Temp\Perflib_Perfdata_d04.dat Object is locked skipped
C:\DOCUME~1\Alson\LOCALS~1\Temp\~DF4C70.tmp Object is locked skipped
C:\DOCUME~1\Alson\LOCALS~1\Temp\~DF4CC7.tmp Object is locked skipped
C:\DOCUME~1\Alson\LOCALS~1\Temp\~DFACB4.tmp Object is locked skipped
C:\DOCUME~1\Alson\LOCALS~1\Temp\~DFAD71.tmp Object is locked skipped
C:\DOCUME~1\Alson\LOCALS~1\Temp\~ROMFN_00000DBC Object is locked skipped

Scan process completed.
Click to expand...

I think this problems getting worse... www.google.com/gmail doesnt work anymore... and my msn messenger doesnt even work... grr..
 
Ok...Weird...

Normally i manually configure my IP through this computer...but i felt like testing whether automatic configuration would work. I usually use manual config for the ports on azureus and stuff...

Well anyway, after i clicked on the automatic config, all these notification boxes popped up near the system tray from avg, saying that profile has been changed bla bla. Then everything worked again?

Im not sure whether its AVG that caused all these problems... or possibly my router screwing me up... i'll have to test it a bit further... ugh.

Thanks a lot guys. =D
 
Please download the ComboFix by sUBs:

NOTE: In the event you already have ComboFix, this is a new version that you have to download.
  • Save it to your desktop.
  • Double-click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION:
Please do NOT mouse-click ComboFix's window while it is running. That may cause it to stall.
Also, please do NOT adjust your time format while ComboFix is running.
 
Don't know what that program was for...but heres the log.

ComboFix 07-09-21.2 - "Alson" 2007-09-25 15:51:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.114 [GMT 10:00]
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-08-25 to 2007-09-25 )))))))))))))))))))))))))))))))
.

2007-09-25 15:50 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-25 00:05 <DIR> d-------- C:\Program Files\CCleaner
2007-09-24 12:20 <DIR> d-------- C:\WINDOWS\pss
2007-09-24 11:59 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-24 11:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-09-24 02:02 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-09-24 02:02 <DIR> d-------- C:\DOCUME~1\Alson\APPLIC~1\SUPERAntiSpyware.com
2007-09-24 02:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-24 01:34 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-24 01:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-24 01:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-19 01:22 <DIR> d-------- C:\DOCUME~1\Alson\APPLIC~1\Ahead
2007-09-19 01:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-09-19 01:18 <DIR> d-------- C:\Program Files\Nero
2007-09-19 01:18 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-09-19 01:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-09-18 13:34 <DIR> d-------- C:\Downloads
2007-09-18 13:31 <DIR> d-------- C:\Program Files\Free Download Manager
2007-09-18 13:31 <DIR> d-------- C:\DOCUME~1\Alson\APPLIC~1\Free Download Manager
2007-09-16 10:33 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-09-16 03:31 <DIR> d-------- C:\My Music
2007-09-16 01:32 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-09-16 01:31 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-09-16 01:31 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-09-16 01:31 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-09-16 01:25 <DIR> dr-h----- C:\MSOCache
2007-09-15 08:04 <DIR> d-------- C:\DOCUME~1\Alson\APPLIC~1\Nexon
2007-09-15 07:43 <DIR> d-------- C:\Nexon
2007-09-13 10:34 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-09-13 10:32 <DIR> d-------- C:\Program Files\QuickTime
2007-09-13 10:32 <DIR> d-------- C:\Program Files\Apple Software Update
2007-09-13 10:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-09-13 10:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-09-11 06:09 <DIR> d-------- C:\DOCUME~1\Alson\APPLIC~1\dvdcss
2007-09-11 05:20 <DIR> d-------- C:\Program Files\Winamp
2007-09-11 03:07 <DIR> d-------- C:\Program Files\Foxit Software
2007-09-11 01:28 <DIR> d-------- C:\DOCUME~1\Alson\Shared
2007-09-11 01:28 <DIR> d-------- C:\DOCUME~1\Alson\Incomplete
2007-09-11 01:28 <DIR> d-------- C:\DOCUME~1\Alson\APPLIC~1\LimeWire
2007-09-11 01:27 <DIR> d-------- C:\Program Files\LimeWire
2007-09-10 23:29 <DIR> d-------- C:\WINDOWS\New Folder
2007-09-09 12:55 <DIR> d-------- C:\DOCUME~1\Alson\APPLIC~1\vlc
2007-09-09 12:51 <DIR> d-------- C:\Program Files\VideoLAN
2007-09-08 15:43 <DIR> d-------- C:\DOCUME~1\Alson\APPLIC~1\AdobeUM
2007-09-08 15:30 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2007-09-08 15:18 76,067 --a------ C:\WINDOWS\War3Unin.dat
2007-09-08 15:18 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-09-08 15:18 139,264 --a------ C:\WINDOWS\War3Unin.exe
2007-09-08 15:15 <DIR> d-------- C:\Program Files\WinPcap
2007-09-08 15:14 <DIR> d-------- C:\Program Files\WC3Banlist
2007-09-08 15:13 <DIR> d-------- C:\Program Files\Warcraft III
2007-09-08 05:42 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2007-09-07 11:27 1,156 --a------ C:\WINDOWS\mozver.dat
2007-09-07 11:07 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-09-07 11:01 <DIR> d-------- C:\Program Files\Windows Live
2007-09-07 11:01 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2007-09-07 10:59 <DIR> d-------- C:\DOCUME~1\Alson\Contacts
2007-09-07 10:57 <DIR> d-------- C:\Program Files\MSN Messenger
2007-09-07 10:54 <DIR> d-------- C:\Program Files\Acclaim
2007-09-07 10:52 0 --a------ C:\WINDOWS\nsreg.dat
2007-09-07 10:29 <DIR> d-------- C:\DOCUME~1\Alson\APPLIC~1\ATI
2007-09-07 10:28 546 --a------ C:\WINDOWS\system32\ABA6J.DAT
2007-09-07 10:27 <DIR> d-------- C:\DOCUME~1\Alson\WINDOWS
2007-09-07 10:27 <DIR> d-------- C:\DOCUME~1\Alson\APPLIC~1\Symantec
2007-09-07 10:27 <DIR> d-------- C:\DOCUME~1\Alson\APPLIC~1\Intel
2007-09-07 10:26 <DIR> d-------- C:\WINDOWS\system32\config\SYSTEM~1\WINDOWS
2007-09-06 17:26 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\WINDOWS
2007-09-06 17:18 <DIR> d--hs---- C:\Recycled
2007-09-06 17:11 <DIR> d-------- C:\Program Files\Toshiba
2007-09-06 17:09 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Intel
2007-09-06 17:08 21,275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-09-06 17:08 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE
2007-09-06 17:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel
2007-09-06 17:07 606,848 --a------ C:\WINDOWS\flashax.exe
2007-09-06 17:07 503,808 --a------ C:\WINDOWS\Asus_A_Series_ScreenSaver.scr
2007-09-06 17:07 5,516,371 --a------ C:\WINDOWS\A-series Demo.exe
2007-09-06 17:07 266,240 --a------ C:\WINDOWS\ASUS A Series ScreenSaver Uninstaller.exe
2007-09-06 17:07 12,288 --a------ C:\WINDOWS\impborl.dll
2007-09-06 17:07 <DIR> d-------- C:\WINDOWS\Asus_A_Series_ScreenSaver dir
2007-09-06 17:04 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-09-06 17:04 <DIR> d-------- C:\Program Files\ATI Technologies
2007-09-06 17:00 <DIR> d-------- C:\Program Files\Symantec
2007-09-06 17:00 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-09-06 12:15 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-09-06 12:06 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-09-06 09:31 8,704 --a------ C:\WINDOWS\system32\dllcache\batt.dll
2007-09-06 09:31 22,016 --a------ C:\WINDOWS\system32\dllcache\agt0408.dll
2007-09-06 09:31 19,968 --a------ C:\WINDOWS\system32\dllcache\agt040e.dll
2007-09-06 09:31 19,456 --a------ C:\WINDOWS\system32\dllcache\agt041f.dll
2007-09-06 09:31 19,456 --a------ C:\WINDOWS\system32\dllcache\agt0419.dll
2007-09-06 09:31 19,456 --a------ C:\WINDOWS\system32\dllcache\agt0415.dll
2007-09-06 09:31 19,456 --a------ C:\WINDOWS\system32\dllcache\agt0405.dll
2007-09-06 07:49 <DIR> d--h----- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
2007-09-06 07:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
2007-09-06 07:00 9,216 --a------ C:\WINDOWS\system32\avgwlntf.dll
2007-09-06 07:00 110,592 --a------ C:\WINDOWS\system32\avgfwafu.dll
2007-09-06 06:59 <DIR> d-------- C:\DOCUME~1\Alson\APPLIC~1\WinRAR
2007-09-06 06:43 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-09-06 06:37 <DIR> d-------- C:\Program Files\Azureus
2007-09-06 06:37 <DIR> d-------- C:\DOCUME~1\Alson\APPLIC~1\Azureus

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-06 17:00 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-09-06 16:59 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-06 16:56 --------- d-------- C:\Program Files\Wireless Console 2
2007-09-06 16:56 --------- d-------- C:\Program Files\Synaptics
2007-09-06 16:54 --------- d-------- C:\Program Files\Asus
2007-09-06 16:52 --------- d-------- C:\Program Files\Realtek
2007-09-06 16:48 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-06 16:48 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-09-06 16:46 --------- d-------- C:\Program Files\Intel
2007-09-06 16:45 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
2007-09-06 16:38 --------- d-------- C:\Program Files\microsoft frontpage
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-06-27 19:05 972072 --a------ C:\WINDOWS\UNNeroMediaHome.exe
2007-06-27 01:13 851968 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 00:09 658944 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 16:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 16:08 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-26 14:12 972072 --a------ C:\WINDOWS\UNNeroVision.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2005-11-10 04:47]
"SMSERIAL"="sm56hlpr.exe" [2005-05-26 16:12 C:\WINDOWS\sm56hlpr.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-06 05:39 C:\WINDOWS\RTHDCPL.EXE]
"ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2005-11-02 19:33]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2005-10-05 17:50]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-20 23:26]
"ABLKSR"="C:\WINDOWS\ABLKSR\ABLKSR.exe" [2006-01-02 19:14]
"ATICCC"="c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-12-28 12:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-21 08:56]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
ASUS ChkMail.lnk - C:\Program Files\Asus\Asus ChkMail\ChkMail.exe [2007-09-06 16:54:50]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 11:11:42]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-09-06 07:00 9216 C:\WINDOWS\system32\avgwlntf.dll

R3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a03c118-5e2f-11dc-bda8-0015f2e8526e}]
Auto\command- oxbvpen.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL oxbvpen.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c066b555-5d78-11dc-bda5-00130205c789}]
AutoRun\command- ntde1ect.com
explore\Command- ntde1ect.com
open\Command- ntde1ect.com

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-25 15:52:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-25 15:53:27
.
--- E O F ---
Click to expand...
 
Well if changing some settings worked, maybe it was AVG having conflicts with your router.

I have found no spyware, so as long as you scan your computer regularly, you're fine. Also this is just a suggestion, you do as you want, but I found you're using some P2P softwares such as Limewire and Azureus which are the best way to get infected by trojans and spywares. I recommend you ONLY use them for legal file uplaoding/downloading.

Post back here if the problem comes back.

Webbenji

PS: Combofix is a program that helps me see if you got any spyware hidden and remove them.
 
Hmm i see...

I wonder what triggered them to conflict with one another...

Thanks for your help Webbenji.
 
Xpire,

Your ComboFix log is showing signs of a USB Flash Drive Infection.

Please attach your flash drive to the computer.

Open notepad (Start > Run and type notepad) and copy/paste the text in the quote box below to it:

Code: 
File::
C:\WINDOWS\system32\oxbvpen.exe
C:\ntde1ect.com

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a03c118-5e2f-11dc-bda8-0015f2e8526e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c066b555-5d78-11dc-bda5-00130205c789}]

Save this as "CFScript"

CFScript.gif


Refering to the picture above, drag CFScript into ComboFix.exe

Run ComboFix again and post the resultant log file please.

Do not mouseclick Combofix's window whilst it's running. That may cause it to stall.
 
Hmm i have a couple of flash drives that are occasionally attached to this computer, most usually my friend's flash drives as i don't own one myself.

Will that CFScript work with my iPod plugged in? even though i haven't plugged it in for a long time.. i don't think its the iPod that's infected.
 
I would imagine it's more likely to be your friend's. The infected flash drive will be disinfected if attached while running CFScript. Either way there are files and registry keys on your own machine which need removing by ComboFix. If you can't track down the infected flash drive, ban your friends from using them!!
 
I see i see...haha.

Then should i attached the seperate flash drives and run CFScript each time? Or once is enough?

Thanks for the help guys.
 
There's no harm in running it for each flash drive attached.

After each run a new text file will be created with the results. Instead of posting them all, Attach them to your post. Edit each text file at the top to include the flash drive owner's name. That way you can hit them with a big stick once we track down the culprit. :D
 
ComboFix 07-10-02.2 - Alson 2007-10-03 0:46:26.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.315 [GMT 10:00]
Running from: C:\Documents and Settings\Alson\Desktop\ComboFix(2).exe
Command switches used :: C:\Documents and Settings\Alson\Desktop\[email protected]
* Created a new restore point

FILE::
C:\WINDOWS\system32\oxbvpen.exe
C:\ntde1ect.com
.

((((((((((((((((((((((((( Files Created from 2007-09-02 to 2007-10-02 )))))))))))))))))))))))))))))))
.

2007-10-03 00:10 <DIR> d-------- C:\Program Files\Foxit Software
2007-09-29 01:28 <DIR> d-------- C:\Full House Season 7 (Dvdrip Dark_Stalker)
2007-09-28 01:31 <DIR> d-------- C:\Program Files\CD_DVD-ROM Generator 1.20
2007-09-27 18:38 <DIR> d-------- C:\Documents and Settings\Alson\Application Data\OnReally
2007-09-27 18:35 <DIR> d-------- C:\Program Files\OnReally
2007-09-26 00:09 <DIR> d-------- C:\Invisible Target (R3)(2007) NTSC
2007-09-25 15:50 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-25 00:05 <DIR> d-------- C:\Program Files\CCleaner
2007-09-24 12:20 <DIR> d-------- C:\WINDOWS\pss
2007-09-24 11:59 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-24 11:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-09-24 02:02 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-09-24 02:02 <DIR> d-------- C:\Documents and Settings\Alson\Application Data\SUPERAntiSpyware.com
2007-09-24 02:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-09-24 01:34 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-24 01:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-09-24 01:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-19 01:22 <DIR> d-------- C:\Documents and Settings\Alson\Application Data\Ahead
2007-09-19 01:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2007-09-19 01:18 <DIR> d-------- C:\Program Files\Nero
2007-09-19 01:18 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-09-19 01:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-09-18 13:34 <DIR> d-------- C:\Downloads
2007-09-18 13:31 <DIR> d-------- C:\Program Files\Free Download Manager
2007-09-18 13:31 <DIR> d-------- C:\Documents and Settings\Alson\Application Data\Free Download Manager
2007-09-16 10:33 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-09-16 03:31 <DIR> d-------- C:\My Music
2007-09-16 01:32 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-09-16 01:31 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-09-16 01:31 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-09-16 01:31 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-09-16 01:25 <DIR> dr-h----- C:\MSOCache
2007-09-15 08:04 <DIR> d-------- C:\Documents and Settings\Alson\Application Data\Nexon
2007-09-15 07:43 <DIR> d-------- C:\Nexon
2007-09-13 10:34 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-09-13 10:32 <DIR> d-------- C:\Program Files\QuickTime
2007-09-13 10:32 <DIR> d-------- C:\Program Files\Apple Software Update
2007-09-13 10:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-13 10:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-09-11 06:09 <DIR> d-------- C:\Documents and Settings\Alson\Application Data\dvdcss
2007-09-11 05:20 <DIR> d-------- C:\Program Files\Winamp
2007-09-11 01:28 <DIR> d-------- C:\Documents and Settings\Alson\Shared
2007-09-11 01:28 <DIR> d-------- C:\Documents and Settings\Alson\Incomplete
2007-09-11 01:28 <DIR> d-------- C:\Documents and Settings\Alson\Application Data\LimeWire
2007-09-11 01:27 <DIR> d-------- C:\Program Files\LimeWire
2007-09-10 23:29 <DIR> d-------- C:\WINDOWS\New Folder
2007-09-09 12:55 <DIR> d-------- C:\Documents and Settings\Alson\Application Data\vlc
2007-09-09 12:51 <DIR> d-------- C:\Program Files\VideoLAN
2007-09-08 15:43 <DIR> d-------- C:\Documents and Settings\Alson\Application Data\AdobeUM
2007-09-08 15:30 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2007-09-08 15:18 76,067 --a------ C:\WINDOWS\War3Unin.dat
2007-09-08 15:18 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-09-08 15:18 139,264 --a------ C:\WINDOWS\War3Unin.exe
2007-09-08 15:15 <DIR> d-------- C:\Program Files\WinPcap
2007-09-08 15:14 <DIR> d-------- C:\Program Files\WC3Banlist
2007-09-08 15:13 <DIR> d-------- C:\Program Files\Warcraft III
2007-09-08 05:42 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2007-09-07 11:27 1,156 --a------ C:\WINDOWS\mozver.dat
2007-09-07 11:07 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-09-07 11:01 <DIR> d-------- C:\Program Files\Windows Live
2007-09-07 11:01 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2007-09-07 10:59 <DIR> d-------- C:\Documents and Settings\Alson\Contacts
2007-09-07 10:57 <DIR> d-------- C:\Program Files\MSN Messenger
2007-09-07 10:54 <DIR> d-------- C:\Program Files\Acclaim
2007-09-07 10:52 0 --a------ C:\WINDOWS\nsreg.dat
2007-09-07 10:29 <DIR> d-------- C:\Documents and Settings\Alson\Application Data\ATI
2007-09-07 10:28 546 --a------ C:\WINDOWS\system32\ABA6J.DAT
2007-09-07 10:27 <DIR> d-------- C:\Documents and Settings\Alson\WINDOWS
2007-09-07 10:27 <DIR> d-------- C:\Documents and Settings\Alson\Application Data\Symantec
2007-09-07 10:27 <DIR> d-------- C:\Documents and Settings\Alson\Application Data\Intel
2007-09-07 10:26 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2007-09-06 17:26 <DIR> d-------- C:\Documents and Settings\Default User\WINDOWS
2007-09-06 17:18 <DIR> d--hs---- C:\Recycled
2007-09-06 17:11 <DIR> d-------- C:\Program Files\Toshiba
2007-09-06 17:09 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2007-09-06 17:08 21,275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-09-06 17:08 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE
2007-09-06 17:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intel
2007-09-06 17:07 606,848 --a------ C:\WINDOWS\flashax.exe
2007-09-06 17:07 503,808 --a------ C:\WINDOWS\Asus_A_Series_ScreenSaver.scr
2007-09-06 17:07 5,516,371 --a------ C:\WINDOWS\A-series Demo.exe
2007-09-06 17:07 266,240 --a------ C:\WINDOWS\ASUS A Series ScreenSaver Uninstaller.exe
2007-09-06 17:07 12,288 --a------ C:\WINDOWS\impborl.dll
2007-09-06 17:07 <DIR> d-------- C:\WINDOWS\Asus_A_Series_ScreenSaver dir
2007-09-06 17:04 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-09-06 17:04 <DIR> d-------- C:\Program Files\ATI Technologies
2007-09-06 17:00 <DIR> d-------- C:\Program Files\Symantec
2007-09-06 17:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-09-06 12:15 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-09-06 12:06 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-09-06 09:31 8,704 --a------ C:\WINDOWS\system32\dllcache\batt.dll
2007-09-06 09:31 22,016 --a------ C:\WINDOWS\system32\dllcache\agt0408.dll
2007-09-06 09:31 19,968 --a------ C:\WINDOWS\system32\dllcache\agt040e.dll
2007-09-06 09:31 19,456 --a------ C:\WINDOWS\system32\dllcache\agt041f.dll
2007-09-06 09:31 19,456 --a------ C:\WINDOWS\system32\dllcache\agt0419.dll
2007-09-06 09:31 19,456 --a------ C:\WINDOWS\system32\dllcache\agt0415.dll
2007-09-06 09:31 19,456 --a------ C:\WINDOWS\system32\dllcache\agt0405.dll
2007-09-06 07:49 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-09-06 07:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-09-06 07:00 9,216 --a------ C:\WINDOWS\system32\avgwlntf.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-06 17:00 --------- d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-09-06 16:59 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-06 16:56 --------- d-------- C:\Program Files\Wireless Console 2
2007-09-06 16:56 --------- d-------- C:\Program Files\Synaptics
2007-09-06 16:54 --------- d-------- C:\Program Files\Asus
2007-09-06 16:52 --------- d-------- C:\Program Files\Realtek
2007-09-06 16:48 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-06 16:48 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-09-06 16:46 --------- d-------- C:\Program Files\Intel
2007-09-06 16:45 --------- d-------- C:\Documents and Settings\All Users\Application Data\SBSI
2007-09-06 16:38 --------- d-------- C:\Program Files\microsoft frontpage
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
.
Click to expand...
Had to shorten it a bit due to restrictions of the forum...Hopefully didn't cut out the important parts.

Sorry for the delayed reply but i thought the problem was solved. I've run the combofix on my friends usb's twice and each time it fixed the problem but then it came back again, i think. This is the log report from a combofix that i ran on my ipod, which i ran again a couple of days ago with the same log. Im guessing the FILE:: at the top means that it had found infected files...
Can you tell me why it keeps coming back?
 
Didn't think the second part had any significance. It's too hard to paste the rest of the log here, i have to split it up to like 4-5 parts because the forum won't let me paste it all grr.
 
You must log in or register to reply here.
Back
Top