Ok here are the logs...
Just a side question is there any specific removal software for avg which i should use or just uninstall it regularly?
This is the combofix log I'm running xp sp3
ComboFix 09-02-12.03 - arrealty707 2009-02-14 19:29:06.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1945 [GMT -5:00]
Running from: g:\removal guide programs\ComboFix.exe
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated)
FW: Trend Micro Personal Firewall *enabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\FTPx.dll
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\MabryObj.dll
c:\windows\system32\o4Patch.exe
c:\windows\system32\packet.dll
c:\windows\system32\Process.exe
c:\windows\system32\pthreadVC.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\wpcap.dll
c:\windows\system32\WS2Fix.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2009-01-15 to 2009-02-15 )))))))))))))))))))))))))))))))
.
2009-02-13 15:47 . 2009-02-13 15:48 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-13 15:47 . 2009-02-13 15:47 <DIR> d-------- c:\documents and settings\arrealty707\Application Data\Malwarebytes
2009-02-13 15:47 . 2009-02-13 15:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-13 15:47 . 2009-02-11 10:19 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2009-02-13 15:47 . 2009-02-11 10:19 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-02-13 15:28 . 2009-02-13 15:28 <DIR> d-------- C:\VundoFix Backups
2009-02-12 21:07 . 2009-02-12 21:07 <DIR> d-------- c:\program files\CCleaner
2009-02-12 21:03 . 2009-02-12 21:03 <DIR> d-------- c:\program files\CleanUp!
2009-02-12 20:59 . 2009-02-12 20:59 <DIR> d-------- c:\program files\MSConfig CleanUp
2009-02-06 11:32 . 2009-02-06 11:32 <DIR> d-------- c:\windows\SYSTEM32\XPSViewer
2009-02-06 11:32 . 2009-02-06 11:32 <DIR> d-------- c:\program files\Reference Assemblies
2009-02-06 11:32 . 2009-02-06 11:32 <DIR> d-------- c:\program files\MSBuild
2009-02-06 11:31 . 2009-02-06 11:31 <DIR> d-------- C:\d6c2eb631f48139c7eb9ef8bf33430
2009-02-06 11:31 . 2008-07-06 07:06 1,676,288 --------- c:\windows\SYSTEM32\xpssvcs.dll
2009-02-06 11:31 . 2008-07-06 07:06 1,676,288 --------- c:\windows\SYSTEM32\DLLCACHE\xpssvcs.dll
2009-02-06 11:31 . 2008-07-06 05:50 597,504 --------- c:\windows\SYSTEM32\DLLCACHE\printfilterpipelinesvc.exe
2009-02-06 11:31 . 2008-07-06 07:06 575,488 --------- c:\windows\SYSTEM32\xpsshhdr.dll
2009-02-06 11:31 . 2008-07-06 07:06 575,488 --------- c:\windows\SYSTEM32\DLLCACHE\xpsshhdr.dll
2009-02-06 11:31 . 2008-07-06 07:06 117,760 --------- c:\windows\SYSTEM32\prntvpt.dll
2009-02-06 11:31 . 2008-07-06 07:06 89,088 --------- c:\windows\SYSTEM32\DLLCACHE\filterpipelineprintproc.dll
2009-01-16 11:42 . 2009-01-16 11:42 <DIR> d-------- c:\program files\Illustrate
2009-01-16 11:42 . 2009-01-16 11:42 <DIR> d-------- c:\documents and settings\arrealty707\Application Data\AccurateRip
2009-01-16 11:42 . 2009-01-16 11:42 5,068,152 --a------ c:\windows\SYSTEM32\SpoonUninstall.exe
2009-01-15 22:17 . 2009-01-15 22:17 <DIR> d-------- c:\program files\Photodex Presenter
2009-01-15 22:17 . 2009-01-15 22:17 <DIR> d-------- c:\documents and settings\arrealty707\Application Data\Netscape
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-13 19:37 --------- d-----w c:\program files\Google
2009-02-13 02:21 --------- d-----w c:\program files\Trend Micro
2009-02-13 02:00 --------- d-----w c:\documents and settings\arrealty707\Application Data\DNA
2009-02-13 01:54 --------- d-----w c:\program files\DNA
2009-02-13 00:32 --------- d-----w c:\program files\Simple Remote
2009-02-13 00:26 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-13 00:26 --------- d-----w c:\program files\Dell
2009-02-06 16:23 --------- d-----w c:\documents and settings\arrealty707\Application Data\PowerHouse
2009-02-06 16:13 --------- d-----w c:\program files\ArcSoft
2009-02-06 13:57 --------- d-----w c:\documents and settings\arrealty707\Application Data\uTorrent
2009-01-30 19:03 --------- d-----w c:\documents and settings\arrealty707\Application Data\Apple Computer
2008-12-28 17:19 --------- d-----w c:\program files\USB Disk Win98 Driver
2008-12-28 15:57 --------- d-----w c:\program files\Java
2007-03-20 01:07 630,784 -c--a-w c:\documents and settings\arrealty707\GoToAssist_chat2way__317_en.exe
2006-04-06 00:46 557,056 -c--a-w c:\documents and settings\arrealty707\chatlnk.exe
2003-10-08 06:00 557,056 ----a-w c:\documents and settings\arrealty707\GoToAssist_phone__317_en.exe
2008-09-07 04:02 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008090720080908\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"NVIEW"="nview.dll" [2003-07-28 c:\windows\SYSTEM32\nview.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-09-22 1398024]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 c:\windows\BCMSMMSG.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-15 113664]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sonic\\RecordNow!\\RecordNow.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\arrealty707\\Desktop\\Music\\utorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP
xpsp2res.dll,-22009
R1 EPPSCSIx;EPPSCSIx;c:\windows\SYSTEM32\DRIVERS\Eppscsi.sys [2004-08-31 47148]
R2 tmpreflt;tmpreflt;c:\windows\SYSTEM32\DRIVERS\tmpreflt.sys [2008-02-18 36368]
R3 JSWSCIMD;jswscimd Service;c:\windows\SYSTEM32\DRIVERS\jswscimd.sys [2008-02-12 57440]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\SYSTEM32\DRIVERS\TM_CFW.sys [2008-02-18 333328]
R3 WSIMD;wsimd Service;c:\windows\SYSTEM32\DRIVERS\wsimd.sys [2008-09-29 57408]
S1 FAMv4;FAMv4;c:\windows\system32\DRIVERS\FAMv4.sys --> c:\windows\system32\DRIVERS\FAMv4.sys [?]
S2 tmevtmgr;tmevtmgr;c:\windows\SYSTEM32\DRIVERS\tmevtmgr.sys [2008-10-28 52240]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\SYSTEM32\DNINDIS5.sys [2003-07-24 17149]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WNDA3100\jswpsapi.exe --> c:\program files\NETGEAR\WNDA3100\jswpsapi.exe [?]
S3 MSSQL$SIMPLEREMOTE;MSSQL$SIMPLEREMOTE;c:\program files\Microsoft SQL Server\MSSQL$SIMPLEREMOTE\Binn\sqlservr.exe -sSIMPLEREMOTE --> c:\program files\Microsoft SQL Server\MSSQL$SIMPLEREMOTE\Binn\sqlservr.exe -sSIMPLEREMOTE [?]
S3 SQLAgent$SIMPLEREMOTE;SQLAgent$SIMPLEREMOTE;c:\program files\Microsoft SQL Server\MSSQL$SIMPLEREMOTE\Binn\sqlagent.EXE -i SIMPLEREMOTE --> c:\program files\Microsoft SQL Server\MSSQL$SIMPLEREMOTE\Binn\sqlagent.EXE -i SIMPLEREMOTE [?]
S3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\Internet Security\TmPfw.exe [2008-10-28 488768]
S3 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2008-10-28 648456]
S3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WNDA31.sys --> c:\windows\system32\DRIVERS\WNDA31.sys [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11a03849-3484-11dc-ae9c-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e254c52a-0d85-11dc-ae90-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2003-11-25 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2008-04-13 19:12]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-02-14 19:35:07
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-587377079-1252688431-2116273909-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\SYSTEM32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\csifcsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\SYSTEM32\searchindexer.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\windows\SYSTEM32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-02-14 19:41:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-15 00:41:18
Pre-Run: 38,495,084,544 bytes free
Post-Run: 38,409,310,208 bytes free
187 --- E O F --- 2009-02-11 08:14:38