Jump to content

Shane

Honorary Members
 View Profile  See their activity

  • Posts

    22

  • Joined

  • Last visited

 Content Type 

Everything posted by Shane

  1. Shane
    All actions taken that you requested. Everything deleted, uninstalled, uploaded, etc. Thank you so much for your help with this. I would have been at a loss without this website.
  2. Shane
    New log posted below. System is running pretty fast, not quite as fast as it was when new, but certainly faster than the last few weeks. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:38:49 PM, on 12/4/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATK Hotkey\Hcontrol.exe C:\Program Files\ATK Hotkey\MsgTranAgt.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ASUS\ATK Media\DMEDIA.EXE C:\Program Files\ATKOSD2\ATKOSD2.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe C:\Program Files\Synaptics\SynTP\SynAsus.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Cyberlink\Shared Files\brs.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\ATK Hotkey\ATKOSD.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\ATK Hotkey\WDC.exe C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Owner\My Documents\Malware Backup stuff\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe" O4 - HKLM\..\Run: [MsgTranAgt] "C:\Program Files\ATK Hotkey\MsgTranAgt.exe" O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe" O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: APSHook.dll,avgrsstx.dll O20 - Winlogon Notify: OneCard - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- End of file - 7733 bytes
  3. Shane
    ComboFix 08-12-02.02 - Owner 2008-12-04 17:32:02.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2557 [GMT -5:00] Running from: c:\documents and settings\Owner\My Documents\Malware Backup stuff\Combo-Fix.exe Command switches used :: c:\documents and settings\Owner\Desktop\cfscript.txt.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\IE4 Error Log.txt . ((((((((((((((((((((((((( Files Created from 2008-11-04 to 2008-12-04 ))))))))))))))))))))))))))))))) . 2008-12-04 10:33 . 2008-09-25 06:22 3,634,688 --a------ c:\windows\system32\drivers\NETw5x32.sys 2008-12-04 10:33 . 2008-06-20 09:33 2,756,608 --a------ c:\windows\system32\NETw5r32.dll 2008-12-04 10:33 . 2008-06-20 09:32 663,552 --a------ c:\windows\system32\NETw5c32.dll 2008-12-03 20:24 . 2008-12-03 20:24 250 --a------ c:\windows\gmer.ini 2008-12-02 20:08 . 2008-12-02 20:08 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Grisoft 2008-12-02 20:04 . 2008-12-02 21:40 <DIR> d-------- c:\documents and settings\Administrator 2008-12-02 18:19 . 2008-12-03 09:51 <DIR> d-------- c:\documents and settings\Owner\Application Data\U3 2008-11-25 17:07 . 2008-11-25 17:07 <DIR> d-------- c:\documents and settings\Owner\Application Data\Roxio 2008-11-25 17:07 . 2008-11-25 17:07 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Roxio 2008-11-25 17:04 . 2008-12-02 17:06 256 --a------ c:\windows\system32\pool.bin 2008-11-25 17:03 . 2008-11-25 17:03 <DIR> d-------- c:\documents and settings\Owner\Application Data\Research In Motion 2008-11-25 16:59 . 2008-11-25 16:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sonic 2008-11-25 16:59 . 2008-11-25 16:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield 2008-11-25 16:58 . 2008-11-25 16:58 <DIR> d-------- c:\program files\Roxio 2008-11-25 16:58 . 2008-11-25 16:58 <DIR> d-------- c:\program files\Common Files\Sonic Shared 2008-11-25 16:58 . 2008-11-25 16:58 <DIR> d-------- c:\program files\Common Files\Roxio Shared 2008-11-25 16:58 . 2008-11-25 16:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Roxio 2008-11-25 16:55 . 2007-01-18 10:24 26,496 -ra------ c:\windows\system32\drivers\RimSerial.sys 2008-11-25 16:54 . 2008-11-25 16:54 <DIR> d-------- c:\program files\Common Files\Research In Motion 2008-11-25 16:53 . 2008-11-25 16:53 <DIR> d-------- c:\program files\Research In Motion 2008-11-25 16:48 . 2008-11-25 16:49 18,468,336 --a------ c:\program files\RhapsodyVcast.EXE 2008-11-18 19:53 . 2008-11-18 19:54 <DIR> d-------- c:\program files\BitPim 2008-11-18 17:30 . 2008-11-18 17:30 <DIR> d-------- c:\program files\LG Electronics 2008-11-14 13:30 . 2008-11-25 16:55 <DIR> d-------- C:\temp 2008-11-11 17:40 . 2008-11-11 17:40 <DIR> d-------- c:\documents and settings\Owner\Application Data\Toshiba 2008-11-11 17:37 . 2008-11-11 17:43 98 --a------ c:\windows\WirelessFTP.INI 2008-11-11 17:33 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2008-11-11 17:33 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-04 22:26 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-12-04 18:26 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-12-03 01:02 --------- d-----w c:\documents and settings\Owner\Application Data\BitTorrent 2008-12-02 22:12 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-02 22:12 --------- d-----w c:\program files\Electronic Arts 2008-12-02 19:29 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2008-11-28 17:19 --------- d-----w c:\documents and settings\Owner\Application Data\LimeWire 2008-11-25 21:58 --------- d-----w c:\program files\Common Files\InstallShield 2008-11-14 18:12 --------- d-----w c:\program files\THQ 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys . ((((((((((((((((((((((((((((( snapshot@2008-12-03_10.04.24.98 ))))))))))))))))))))))))))))))))))))))))) . + 2008-12-04 01:24:02 884,736 ----a-w c:\windows\gmer.dll + 2008-04-18 02:13:02 811,008 ----a-w c:\windows\gmer.exe + 2008-12-04 01:24:02 85,969 ----a-w c:\windows\system32\drivers\gmer.sys + 2008-06-20 14:32:32 663,552 -c--a-w c:\windows\system32\DRVSTORE\netw5x32_74BACD4A361CF37186F7E967730975606AB2E1F8\NETw5c32.dll + 2008-06-20 14:33:34 2,756,608 -c--a-w c:\windows\system32\DRVSTORE\netw5x32_74BACD4A361CF37186F7E967730975606AB2E1F8\NETw5r32.dll + 2008-09-25 11:22:02 3,634,688 -c--a-w c:\windows\system32\DRVSTORE\netw5x32_74BACD4A361CF37186F7E967730975606AB2E1F8\NETw5x32.sys + 2007-02-12 16:40:44 557,056 -c--a-w c:\windows\system32\DRVSTORE\w29n51_AEF466EE116FDF742A02BFF75E6143DB4A91003C\Netw2c32.dll + 2007-02-12 16:41:44 2,732,032 -c--a-w c:\windows\system32\DRVSTORE\w29n51_AEF466EE116FDF742A02BFF75E6143DB4A91003C\Netw2r32.dll + 2008-01-09 10:20:28 2,212,352 -c--a-w c:\windows\system32\DRVSTORE\w29n51_AEF466EE116FDF742A02BFF75E6143DB4A91003C\w29n50.sys + 2008-01-09 10:19:16 2,216,064 -c--a-w c:\windows\system32\DRVSTORE\w29n51_AEF466EE116FDF742A02BFF75E6143DB4A91003C\w29n51.sys - 2008-11-14 18:12:30 62,746 ----a-w c:\windows\system32\perfc009.dat + 2008-12-04 18:20:07 60,514 ----a-w c:\windows\system32\perfc009.dat - 2008-11-14 18:12:30 401,632 ----a-w c:\windows\system32\perfh009.dat + 2008-12-04 18:20:07 395,346 ----a-w c:\windows\system32\perfh009.dat + 2008-06-20 14:32:32 663,552 ----a-w c:\windows\system32\ReinstallBackups\0023\DriverFiles\NETw5c32.dll + 2008-06-20 14:33:34 2,756,608 ----a-w c:\windows\system32\ReinstallBackups\0023\DriverFiles\NETw5r32.dll + 2008-09-25 11:22:02 3,634,688 ----a-w c:\windows\system32\ReinstallBackups\0023\DriverFiles\NETw5x32.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Secure Disks] @="{666C7836-A9B6-4AB4-94ED-DC238C81E925}" [HKEY_CLASSES_ROOT\CLSID\{666C7836-A9B6-4AB4-94ED-DC238C81E925}] 2006-10-26 11:35 391168 -ra------ c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "ATKHOTKEY"="c:\program files\ATK Hotkey\Hcontrol.exe" [2007-11-28 229376] "MsgTranAgt"="c:\program files\ATK Hotkey\MsgTranAgt.exe" [2007-11-04 106496] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440] "ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-17 7737344] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-21 36864] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-16 1029416] "Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 86016] "CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 17920] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240] "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472] "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-06-19 91432] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-25 185896] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-09-19 615696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-21 13508608] "RTHDCPL"="RTHDCPL.EXE" [2008-01-29 c:\windows\RTHDCPL.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=APSHook.dll,avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli ASWLNPkg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" "SMSERIAL"=c:\program files\Motorola\SMSERIAL\sm56hlpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"= "c:\\Program Files\\Spybot - Search & Destroy\\SDUpdate.exe"= "c:\\Program Files\\Warcraft III\\Warcraft III.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"= "c:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"= R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-16 97928] R1 ItSDisk;ItSDisk;c:\windows\system32\Drivers\ItSDisk.sys [2006-05-16 23496] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\CyberLink\PowerDVD8\000.fcl [2008-02-01 16:24:04 41456] R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2006-02-28 14336] R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2006-02-28 14336] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-04 875288] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 231704] R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-05-16 76040] R3 NETw5x32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\DRIVERS\NETw5x32.sys [2008-12-04 3634688] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASBroker ASChannel [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c9d0b04-b5c0-11dd-9712-001f3b4d9d19}] \Shell\AutoRun\command - F:\USBAutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f19cca68-c0c6-11dd-972d-001f3b4d9d19}] \Shell\AutoRun\command - F:\LaunchU3.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder 2008-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-04 17:35:59 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(556) c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItMsg.dll - - - - - - - > 'lsass.exe'(612) c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ASWLNPkg.dll c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ItMsg.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\program files\AVG\AVG8\avgrsx.exe c:\program files\AVG\AVG8\avgrsx.exe c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe c:\program files\Synaptics\SynTP\SynAsus.exe c:\program files\ATK Hotkey\ATKOSD.exe c:\program files\ATK Hotkey\WDC.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\scardsvr.exe . ************************************************************************** . Completion time: 2008-12-04 17:39:33 - machine was rebooted [Owner] ComboFix-quarantined-files.txt 2008-12-04 22:39:30 ComboFix2.txt 2008-12-03 17:31:27 ComboFix3.txt 2008-12-03 15:04:43 Pre-Run: 178,175,483,904 bytes free Post-Run: 178,213,232,640 bytes free 216 --- E O F --- 2008-11-13 19:10:28
  4. Shane
    Log info from script: c:\qoobox\quarantine\c\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll.vir -> c:\program files\ASUS Security Center\ASUS Security
  5. Shane
    Looks like my protocols, etc were messed up. Downloaded and ran winsockxpfix and it seemed to get everything back in order. AVG and Spybot updated. Ran a scan and found no additional bugs. Other websites etc worked fine, other programs able to get online etc. ASUS folder uploaded per your request. I never use the thing, it came with my laptop and I never took the time to get it set up. Kaspersky Scanner log did not find anything, no report to save.
  6. Shane
    I am now able to connect to the internet. If you need anything else before giving my poor PC a clean bill of health let me know.
  7. Shane
    Uninstalling the device did not seem to work. I have reinstalled and allowed windows to detect, also tried updating drivers etc. All I get is an "Acquiring Network Address" from the card...never connects, just sits there. Doesn't seem like the card wants to talk to anything. Is there anything I can post to help you find the problem?
  8. Shane
    PLease advise status, still pulling Trojan virus and still unable to connect to the internet on main pc.
  9. Shane
    on reboot, AVG just found a Trojan. Not sure if this is anything you didn't expect, just thought it might be handy to know. Path is below C:\ System Volume Info\_restore{0887183D-FDEF-4FEE-A552-62C0B1FA5BE6}-\RP149\A0054699.sys C:\ System Volume Info\_restore{0887183D-FDEF-4FEE-A552-62C0B1FA5BE6}-\RP149\A00547000.dll
  10. Shane
    I do use Daemon tools occasionally, but have not in quite a while. Here is the gmer log. Please note I am still unable to connect to the internet on my main PC, still updating this thread from my spare. using flash drive to transport programs, logs, etc. GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-12-03 20:32:31 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.14 ---- SSDT spda.sys ZwCreateKey [0xBA6A80E0] SSDT spda.sys ZwEnumerateKey [0xBA6C6CA2] SSDT spda.sys ZwEnumerateValueKey [0xBA6C7030] SSDT spda.sys ZwOpenKey [0xBA6A80C0] SSDT spda.sys ZwQueryKey [0xBA6C7108] SSDT spda.sys ZwQueryValueKey [0xBA6C6F88] SSDT spda.sys ZwSetValueKey [0xBA6C719A] INT 0x62 ? 8AF4DBF8 INT 0x73 ? 8A316BF8 INT 0x74 ? 8A316BF8 INT 0x83 ? 8AEDDBF8 INT 0x83 ? 8A316BF8 INT 0x94 ? 8A316BF8 INT 0xA4 ? 8AEDABF8 INT 0xB4 ? 8A316BF8 ---- Kernel code sections - GMER 1.0.14 ---- ? spda.sys The system cannot find the file specified. ! .text USBPORT.SYS!DllUnload B8A658AC 5 Bytes JMP 8A3161D8 .text ajl2aq0a.SYS B791F384 1 Byte [ 20 ] .text ajl2aq0a.SYS B791F386 35 Bytes [ 00, 68, 00, 00, 00, 00, 00, ... ] .text ajl2aq0a.SYS B791F3AA 24 Bytes [ 00, 00, 20, 00, 00, E0, 00, ... ] .text ajl2aq0a.SYS B791F3C4 3 Bytes [ 00, 00, 00 ] .text ajl2aq0a.SYS B791F3C9 1 Byte [ 00 ] .text ... ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [bA6A9040] spda.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [bA6A913C] spda.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [bA6A90BE] spda.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [bA6A97FC] spda.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [bA6A96D2] spda.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [bA6B9048] spda.sys IAT \SystemRoot\System32\Drivers\ajl2aq0a.SYS[HAL.dll!KfAcquireSpinLock] 000000AD IAT \SystemRoot\System32\Drivers\ajl2aq0a.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4 IAT \SystemRoot\System32\Drivers\ajl2aq0a.SYS[HAL.dll!KeGetCurrentIrql] 000000A2 IAT \SystemRoot\System32\Drivers\ajl2aq0a.SYS[HAL.dll!KfRaiseIrql] 000000AF IAT \SystemRoot\System32\Drivers\ajl2aq0a.SYS[HAL.dll!KfLowerIrql] 0000009C IAT \SystemRoot\System32\Drivers\ajl2aq0a.SYS[HAL.dll!HalGetInterruptVector] 000000A4 IAT \SystemRoot\System32\Drivers\ajl2aq0a.SYS[HAL.dll!HalTranslateBusAddress] 00000072 IAT \SystemRoot\System32\Drivers\ajl2aq0a.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0 IAT \SystemRoot\System32\Drivers\ajl2aq0a.SYS[HAL.dll!KfReleaseSpinLock] 000000B7 IAT \SystemRoot\System32\Drivers\ajl2aq0a.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD IAT \SystemRoot\System32\Drivers\ajl2aq0a.SYS[HAL.dll!READ_PORT_USHORT] 00000093 IAT \SystemRoot\System32\Drivers\ajl2aq0a.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026 IAT \SystemRoot\System32\Drivers\ajl2aq0a.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036 IAT \SystemRoot\System32\Drivers\ajl2aq0a.SYS[WMILIB.SYS!WmiSystemControl] 000000F7 IAT \SystemRoot\System32\Drivers\ajl2aq0a.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Ntfs \Ntfs 8AF4B1F8 Device \FileSystem\Fastfat \FatCdrom 86E361F8 Device \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) Device \Driver\usbuhci \Device\USBPDO-0 8A3AC4D8 Device \Driver\usbuhci \Device\USBPDO-1 8A3AC4D8 Device \Driver\usbehci \Device\USBPDO-2 8A3001F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{750A8CF4-0896-4D5B-AAC6-28E612F9665C} 89E8A368 Device \Driver\usbuhci \Device\USBPDO-3 8A3AC4D8 Device \Driver\usbuhci \Device\USBPDO-4 8A3AC4D8 Device \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbehci \Device\USBPDO-5 8A3001F8 Device \Driver\usbuhci \Device\USBPDO-6 8A3AC4D8 Device \Driver\USBSTOR \Device\000000a3 89EAD500 Device \Driver\Ftdisk \Device\HarddiskVolume1 8AEDB1F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 8AEDB1F8 Device \Driver\Cdrom \Device\CdRom0 8A1F31F8 Device \Driver\USBSTOR \Device\000000a4 89EAD500 Device \Driver\Cdrom \Device\CdRom1 8A1F31F8 Device \Driver\USBSTOR \Device\000000a5 89EAD500 Device \Driver\Cdrom \Device\CdRom5 8A1F31F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 89E8A368 Device \Driver\NetBT \Device\NetbiosSmb 89E8A368 Device \Driver\PCI_PNP1688 \Device\0000004c spda.sys Device \Driver\sptd \Device\219560438 spda.sys Device \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-0 8A3AC4D8 Device \Driver\usbuhci \Device\USBFDO-1 8A3AC4D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A07E368 Device \Driver\Tcpip \Device\IPMULTICAST avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbehci \Device\USBFDO-2 8A3001F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A07E368 Device \Driver\usbuhci \Device\USBFDO-3 8A3AC4D8 Device \Driver\usbuhci \Device\USBFDO-4 8A3AC4D8 Device \Driver\Ftdisk \Device\FtControl 8AEDB1F8 Device \Driver\usbuhci \Device\USBFDO-5 8A3AC4D8 Device \Driver\usbehci \Device\USBFDO-6 8A3001F8 Device \Driver\ajl2aq0a \Device\Scsi\ajl2aq0a1 8A19A1F8 Device \Driver\JRAID \Device\Scsi\JRAID1 8AF4C1F8 Device \Driver\ajl2aq0a \Device\Scsi\ajl2aq0a1Port3Path0Target0Lun0 8A19A1F8 Device \FileSystem\Fastfat \Fat 86E361F8 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs 89E8C500 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2C 0x60 0x1A 0x23 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x21 0x91 0x8C 0xC2 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0F 0x2E 0x71 0x7A ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2C 0x60 0x1A 0x23 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x21 0x91 0x8C 0xC2 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x46 0xD2 0xF6 0x9E ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2C 0x60 0x1A 0x23 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x21 0x91 0x8C 0xC2 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0F 0x2E 0x71 0x7A ... ---- EOF - GMER 1.0.14 ----
  11. Shane
    DDS (Version 1.0) - NTFSx86 Run by Owner at 20:18:25.76 on Wed 12/03/2008 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2512 [GMT -5:00] ============== Running Processes =============== C:\WINDOWS\System32\svchost.exe -k Cognizance C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\ATK Hotkey\Hcontrol.exe C:\Program Files\ATK Hotkey\MsgTranAgt.exe C:\Program Files\ASUS\ATK Media\DMEDIA.EXE C:\Program Files\ATKOSD2\ATKOSD2.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Synaptics\SynTP\SynAsus.exe C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe C:\Program Files\Cyberlink\Shared Files\brs.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\ATK Hotkey\ATKOSD.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\ATK Hotkey\WDC.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\Owner\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL BHO: {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\program files\asus security center\asus security protect manager\bin\ItIEAddIn.dll TB: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL TB: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork mRun: [ATKHOTKEY] "c:\program files\atk hotkey\Hcontrol.exe" mRun: [MsgTranAgt] "c:\program files\atk hotkey\MsgTranAgt.exe" mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE mRun: [ATKOSD2] "c:\program files\atkosd2\ATKOSD2.exe" mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [Power_Gear] c:\program files\asus\power4 gear\BatteryLife.exe 1 mRun: [CognizanceTS] rundll32.exe c:\progra~1\asusse~1\asusse~1\bin\ASTSVCC.dll,RegisterModule mRun: [RTHDCPL] RTHDCPL.EXE mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe" mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe" mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe" mRun: [bDRegion] c:\program files\cyberlink\shared files\brs.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [blackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe" mRun: [sMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll AppInit_DLLs: APSHook.dll,avgrsstx.dll LSA: Notification Packages = scecli ASWLNPkg ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-16 97928] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-16 26824] R1 ItSDisk;ItSDisk;c:\windows\system32\drivers\ItSDisk.sys [2006-5-16 23496] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\cyberlink\powerdvd8\000.fcl [2008-2-1 41456] R2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-7-7 611664] R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2006-2-28 14336] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-4 875288] R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-4 231704] R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-16 76040] S2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2006-2-28 14336] =============== Created Last 30 ================ 2008-12-03 09:51 161,792 a------- c:\windows\SWREG.exe 2008-12-03 09:51 98,816 a------- c:\windows\sed.exe 2008-11-25 17:04 256 a------- c:\windows\system32\pool.bin 2008-11-25 17:03 <DIR> --d----- c:\docume~1\owner\applic~1\Research In Motion 2008-11-25 16:58 <DIR> --d----- c:\program files\common files\Sonic Shared 2008-11-25 16:58 <DIR> --d----- c:\program files\Roxio 2008-11-25 16:55 26,496 a----r-- c:\windows\system32\drivers\RimSerial.sys 2008-11-25 16:54 <DIR> --d----- c:\program files\common files\Research In Motion 2008-11-25 16:53 <DIR> --d----- c:\program files\Research In Motion 2008-11-25 16:48 18,468,336 a------- c:\program files\RhapsodyVcast.EXE 2008-11-18 19:53 <DIR> --d----- c:\program files\BitPim 2008-11-18 17:30 <DIR> --d----- c:\program files\LG Electronics 2008-11-14 13:30 <DIR> --d----- C:\temp 2008-11-11 17:37 98 a------- c:\windows\WirelessFTP.INI 2008-11-11 17:33 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys 2008-11-11 17:33 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll ==================== Find3M ==================== 2008-12-02 20:02 <DIR> --d----- c:\docume~1\owner\applic~1\BitTorrent 2008-12-02 14:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8 2008-11-28 12:19 <DIR> --d----- c:\docume~1\owner\applic~1\LimeWire 2008-11-14 13:12 <DIR> --d----- c:\program files\THQ 2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll 2008-09-15 07:12 1,846,400 a------- c:\windows\system32\win32k.sys 2008-09-14 08:31 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2008-09-09 20:14 1,307,648 -------- c:\windows\system32\msxml6.dll 2008-08-24 18:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trymedia 2008-07-15 10:10 <DIR> --d----- c:\docume~1\owner\applic~1\DNA 2008-07-10 11:00 <DIR> --d----- c:\docume~1\owner\applic~1\Turbine 2008-07-10 07:17 <DIR> --d----- c:\docume~1\owner\applic~1\GetRightToGo 2008-07-04 11:07 <DIR> --d----- c:\docume~1\owner\applic~1\Electronic Arts 2008-06-19 10:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\LightScribe 2008-06-19 10:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero 2008-06-19 10:15 <DIR> --d----- c:\docume~1\owner\applic~1\BSplayer 2008-06-19 10:12 <DIR> --d----- c:\docume~1\owner\applic~1\BSplayer Pro 2008-06-09 11:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Winamp Toolbar 2008-05-19 06:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2008-05-18 05:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\media center programs 2008-05-18 03:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Funcom 2008-05-17 14:14 <DIR> --d----- c:\docume~1\owner\applic~1\AVGTOOLBAR 2008-05-16 23:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Grisoft 2008-05-16 06:11 <DIR> --d-h--- c:\docume~1\alluse~1\applic~1\{0E8E33D8-193A-414A-A909-0F101A142D26} 2008-05-13 07:13 <DIR> --d----- c:\docume~1\owner\applic~1\TMP ============= FINISH: 20:18:43.23 =============== Attach2.txt Attach2.txt
  12. Shane
    Regedit Parameters and Qoobox file attached below. Hopefully that is what you need. Registry_backups.zip Parameters.zip Registry_backups.zip Parameters.zip
  13. Shane
    No problem. I'll wait for your instructions.
  14. Shane
    All files found. Uploaded to Quarantine files to the site requested above. thank you.
  15. Shane
    Now I'm unable to get online at all. yesterday I could at least get to a few sites that were already in my history. However I am now unable to go online and get AVG/Spybot updates, also I am unable to get online with either IE or Firefox. Doesn't look like I'm receiving packets when I check the status of my connection. I've done nothing since running Combo-Fix
  16. Shane
    I was able to shut down TeaTimer and run the .bat file you asked. Aftwards I reran Combo-Fix and am still unable to get online to update AVG etc. Also still unable to find System Recover Console on my main PC. Below is the new log ComboFix 08-12-02.02 - Owner 2008-12-03 12:24:47.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2591 [GMT -5:00] Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-11-03 to 2008-12-03 ))))))))))))))))))))))))))))))) . 2008-12-02 20:08 . 2008-12-02 20:08 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Grisoft 2008-12-02 20:04 . 2008-12-02 21:40 <DIR> d-------- c:\documents and settings\Administrator 2008-12-02 18:19 . 2008-12-03 09:51 <DIR> d-------- c:\documents and settings\Owner\Application Data\U3 2008-11-25 17:07 . 2008-11-25 17:07 <DIR> d-------- c:\documents and settings\Owner\Application Data\Roxio 2008-11-25 17:07 . 2008-11-25 17:07 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Roxio 2008-11-25 17:04 . 2008-12-02 17:06 256 --a------ c:\windows\system32\pool.bin 2008-11-25 17:03 . 2008-11-25 17:03 <DIR> d-------- c:\documents and settings\Owner\Application Data\Research In Motion 2008-11-25 16:59 . 2008-11-25 16:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sonic 2008-11-25 16:59 . 2008-11-25 16:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield 2008-11-25 16:58 . 2008-11-25 16:58 <DIR> d-------- c:\program files\Roxio 2008-11-25 16:58 . 2008-11-25 16:58 <DIR> d-------- c:\program files\Common Files\Sonic Shared 2008-11-25 16:58 . 2008-11-25 16:58 <DIR> d-------- c:\program files\Common Files\Roxio Shared 2008-11-25 16:58 . 2008-11-25 16:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Roxio 2008-11-25 16:55 . 2007-01-18 10:24 26,496 -ra------ c:\windows\system32\drivers\RimSerial.sys 2008-11-25 16:54 . 2008-11-25 16:54 <DIR> d-------- c:\program files\Common Files\Research In Motion 2008-11-25 16:53 . 2008-11-25 16:53 <DIR> d-------- c:\program files\Research In Motion 2008-11-25 16:48 . 2008-11-25 16:49 18,468,336 --a------ c:\program files\RhapsodyVcast.EXE 2008-11-18 19:53 . 2008-11-18 19:54 <DIR> d-------- c:\program files\BitPim 2008-11-18 17:30 . 2008-11-18 17:30 <DIR> d-------- c:\program files\LG Electronics 2008-11-14 13:30 . 2008-11-25 16:55 <DIR> d-------- C:\temp 2008-11-11 17:40 . 2008-11-11 17:40 <DIR> d-------- c:\documents and settings\Owner\Application Data\Toshiba 2008-11-11 17:37 . 2008-11-11 17:43 98 --a------ c:\windows\WirelessFTP.INI 2008-11-11 17:33 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2008-11-11 17:33 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-03 01:02 --------- d-----w c:\documents and settings\Owner\Application Data\BitTorrent 2008-12-02 22:12 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-02 22:12 --------- d-----w c:\program files\Electronic Arts 2008-12-02 19:29 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2008-11-28 17:19 --------- d-----w c:\documents and settings\Owner\Application Data\LimeWire 2008-11-25 21:58 --------- d-----w c:\program files\Common Files\InstallShield 2008-11-14 18:12 --------- d-----w c:\program files\THQ 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Secure Disks] @="{666C7836-A9B6-4AB4-94ED-DC238C81E925}" [HKEY_CLASSES_ROOT\CLSID\{666C7836-A9B6-4AB4-94ED-DC238C81E925}] 2006-10-26 11:35 391168 -ra------ c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 451872] "igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "ATKHOTKEY"="c:\program files\ATK Hotkey\Hcontrol.exe" [2007-11-28 229376] "MsgTranAgt"="c:\program files\ATK Hotkey\MsgTranAgt.exe" [2007-11-04 106496] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440] "ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-17 7737344] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-21 36864] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-16 1029416] "Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 86016] "CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 17920] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240] "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472] "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-06-19 91432] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-25 185896] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576] "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-09-19 615696] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-08-26 236016] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-21 630784] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-21 13508608] "RTHDCPL"="RTHDCPL.EXE" [2008-01-29 c:\windows\RTHDCPL.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=APSHook.dll,avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli ASWLNPkg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"= "c:\\Program Files\\Spybot - Search & Destroy\\SDUpdate.exe"= "c:\\Program Files\\Warcraft III\\Warcraft III.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"= "c:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"= R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-16 97928] R1 ItSDisk;ItSDisk;c:\windows\system32\Drivers\ItSDisk.sys [2006-05-16 23496] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\CyberLink\PowerDVD8\000.fcl [2008-02-01 16:24:04 41456] R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2006-02-28 14336] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-04 875288] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 231704] R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-05-16 76040] S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2006-02-28 14336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASBroker ASChannel [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c9d0b04-b5c0-11dd-9712-001f3b4d9d19}] \Shell\AutoRun\command - F:\USBAutoRun.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder 2008-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . . ------- Supplementary Scan ------- . FireFox -: Profile - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\capxxhld.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - www.yahoo.com FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll FF -: plugin - c:\program files\Download Manager\npfpdlm.dll FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npff_gdm.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npWebLaunch.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-03 12:28:11 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl" . ------------------------ Other Running Processes ------------------------ . c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\program files\Synaptics\SynTP\SynAsus.exe c:\program files\ATK Hotkey\ATKOSD.exe c:\program files\ATK Hotkey\WDC.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe c:\program files\AVG\AVG8\avgrsx.exe c:\program files\AVG\AVG8\avgrsx.exe . ************************************************************************** . Completion time: 2008-12-03 12:31:25 - machine was rebooted ComboFix-quarantined-files.txt 2008-12-03 17:31:22 ComboFix2.txt 2008-12-03 15:04:43 Pre-Run: 178,532,163,584 bytes free Post-Run: 178,521,980,928 bytes free 185 --- E O F --- 2008-11-13 19:10:28
  17. Shane
    Still nothing on this report. Unable to go online and update AVG, Adaware, Spybot, or surf the web. Still updating this thread from my backup PC
  18. Shane
    New issue as well, now unable to connect to the internet at all. Spybot will now boot up, etc. however I cannot get any program to connect to the internet.
  19. Shane
    I was unable to open Spybot to reset the tea timer. I also was unable to get the program to reset my tea timer to do anything as well. I was able to close out my spybot and was planning on doing a reinstall afterwards if we are able to get my system clean. Ran Combo-fix, my PC did not want to run it for several minutes, however after a resave, rename, rename in the flash drive and a prayer it took it. Below is the log. Also, combo fix noted i did not have the Windows Recovery Console. I could not connect ot the internet to download that piece so it just skipped and continued with the scan. Let me know if there is anything further you would like me to do. ComboFix 08-12-02.02 - Owner 2008-12-03 9:56:28.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2660 [GMT -5:00] WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll c:\windows\system32\av.dat c:\windows\system32\av.exe c:\windows\system32\drivers\TDSSmhct.sys c:\windows\system32\getwn32.dll c:\windows\system32\TDSShrsr.dll c:\windows\system32\TDSSkkbi.log c:\windows\system32\TDSSlxwp.dll c:\windows\system32\TDSSnmxh.log c:\windows\system32\TDSSorvd.dat c:\windows\system32\TDSSotqh.dll c:\windows\system32\TDSSrhyp.log c:\windows\system32\TDSSriqp.dll c:\windows\system32\TDSSsihc.dll c:\windows\system32\TDSSxfum.dll c:\windows\system32\wertyu.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_TDSSSERV.SYS -------\Legacy_TDSSSERV.SYS ((((((((((((((((((((((((( Files Created from 2008-11-03 to 2008-12-03 ))))))))))))))))))))))))))))))) . 2008-12-02 20:08 . 2008-12-02 20:08 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Grisoft 2008-12-02 20:04 . 2008-12-02 21:40 <DIR> d-------- c:\documents and settings\Administrator 2008-12-02 18:19 . 2008-12-03 09:51 <DIR> d-------- c:\documents and settings\Owner\Application Data\U3 2008-11-25 17:07 . 2008-11-25 17:07 <DIR> d-------- c:\documents and settings\Owner\Application Data\Roxio 2008-11-25 17:07 . 2008-11-25 17:07 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Roxio 2008-11-25 17:04 . 2008-12-02 17:06 256 --a------ c:\windows\system32\pool.bin 2008-11-25 17:03 . 2008-11-25 17:03 <DIR> d-------- c:\documents and settings\Owner\Application Data\Research In Motion 2008-11-25 16:59 . 2008-11-25 16:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sonic 2008-11-25 16:59 . 2008-11-25 16:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield 2008-11-25 16:58 . 2008-11-25 16:58 <DIR> d-------- c:\program files\Roxio 2008-11-25 16:58 . 2008-11-25 16:58 <DIR> d-------- c:\program files\Common Files\Sonic Shared 2008-11-25 16:58 . 2008-11-25 16:58 <DIR> d-------- c:\program files\Common Files\Roxio Shared 2008-11-25 16:58 . 2008-11-25 16:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Roxio 2008-11-25 16:55 . 2007-01-18 10:24 26,496 -ra------ c:\windows\system32\drivers\RimSerial.sys 2008-11-25 16:54 . 2008-11-25 16:54 <DIR> d-------- c:\program files\Common Files\Research In Motion 2008-11-25 16:53 . 2008-11-25 16:53 <DIR> d-------- c:\program files\Research In Motion 2008-11-25 16:48 . 2008-11-25 16:49 18,468,336 --a------ c:\program files\RhapsodyVcast.EXE 2008-11-18 19:53 . 2008-11-18 19:54 <DIR> d-------- c:\program files\BitPim 2008-11-18 17:30 . 2008-11-18 17:30 <DIR> d-------- c:\program files\LG Electronics 2008-11-14 13:30 . 2008-11-25 16:55 <DIR> d-------- C:\temp 2008-11-11 17:40 . 2008-11-11 17:40 <DIR> d-------- c:\documents and settings\Owner\Application Data\Toshiba 2008-11-11 17:37 . 2008-11-11 17:43 98 --a------ c:\windows\WirelessFTP.INI 2008-11-11 17:33 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2008-11-11 17:33 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-03 01:02 --------- d-----w c:\documents and settings\Owner\Application Data\BitTorrent 2008-12-02 22:12 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-02 22:12 --------- d-----w c:\program files\Electronic Arts 2008-12-02 19:29 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2008-11-28 17:19 --------- d-----w c:\documents and settings\Owner\Application Data\LimeWire 2008-11-25 21:58 --------- d-----w c:\program files\Common Files\InstallShield 2008-11-14 18:12 --------- d-----w c:\program files\THQ 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Secure Disks] @="{666C7836-A9B6-4AB4-94ED-DC238C81E925}" [HKEY_CLASSES_ROOT\CLSID\{666C7836-A9B6-4AB4-94ED-DC238C81E925}] 2006-10-26 11:35 391168 -ra------ c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 451872] "igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "ATKHOTKEY"="c:\program files\ATK Hotkey\Hcontrol.exe" [2007-11-28 229376] "MsgTranAgt"="c:\program files\ATK Hotkey\MsgTranAgt.exe" [2007-11-04 106496] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440] "ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-17 7737344] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-21 36864] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-16 1029416] "Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 86016] "CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 17920] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240] "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472] "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-06-19 91432] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-25 185896] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576] "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-09-19 615696] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-08-26 236016] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-21 630784] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-21 13508608] "RTHDCPL"="RTHDCPL.EXE" [2008-01-29 c:\windows\RTHDCPL.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=APSHook.dll,avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli ASWLNPkg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"= "c:\\Program Files\\Spybot - Search & Destroy\\SDUpdate.exe"= "c:\\Program Files\\Warcraft III\\Warcraft III.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"= "c:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"= R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-16 97928] R1 ItSDisk;ItSDisk;c:\windows\system32\Drivers\ItSDisk.sys [2006-05-16 23496] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\CyberLink\PowerDVD8\000.fcl [2008-02-01 16:24:04 41456] R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2006-02-28 14336] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-04 875288] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 231704] R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-05-16 76040] S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2006-02-28 14336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASBroker ASChannel [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c9d0b04-b5c0-11dd-9712-001f3b4d9d19}] \Shell\AutoRun\command - F:\USBAutoRun.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder 2008-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . - - - - ORPHANS REMOVED - - - - HKCU-Run-BitTorrent DNA - c:\program files\DNA\btdna.exe HKLM-Run-!AVG Anti-Spyware - c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe Notify-OneCard - (no file) . ------- Supplementary Scan ------- . FireFox -: Profile - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\capxxhld.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - www.yahoo.com FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll FF -: plugin - c:\program files\Download Manager\npfpdlm.dll FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npff_gdm.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npWebLaunch.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-03 10:00:56 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(752) c:\windows\system32\COMRes.dll c:\windows\system32\CLBCATQ.DLL . ------------------------ Other Running Processes ------------------------ . c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\program files\Synaptics\SynTP\SynAsus.exe c:\program files\ATK Hotkey\ATKOSD.exe c:\program files\ATK Hotkey\WDC.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe c:\program files\AVG\AVG8\avgrsx.exe c:\program files\AVG\AVG8\avgrsx.exe . ************************************************************************** . Completion time: 2008-12-03 10:04:41 - machine was rebooted ComboFix-quarantined-files.txt 2008-12-03 15:04:39 Pre-Run: 178,348,130,304 bytes free Post-Run: 178,503,204,864 bytes free 214 --- E O F --- 2008-11-13 19:10:28
  20. Shane
    Good morning, AVG/Spybot/Adaware will not update and I have a browser hack that always redirects me to google, then various add sites. I cannot type in any address in the bar, just either google or yahoo, and from there when I use the search engine I get add sites. I am working in this forum from my backup PC. Here is the log you requested. Service Pack 312 3 2008 08:45:26.375 Loaded driver \WINDOWS\system32\ntkrnlpa.exe Loaded driver \WINDOWS\system32\hal.dll Loaded driver \WINDOWS\system32\KDCOM.DLL Loaded driver \WINDOWS\system32\BOOTVID.dll Loaded driver sptd.sys Loaded driver \WINDOWS\System32\Drivers\WMILIB.SYS Loaded driver \WINDOWS\System32\Drivers\SCSIPORT.SYS Loaded driver ACPI.sys Loaded driver pci.sys Loaded driver ohci1394.sys Loaded driver \WINDOWS\system32\DRIVERS\1394BUS.SYS Loaded driver isapnp.sys Loaded driver compbatt.sys Loaded driver \WINDOWS\system32\DRIVERS\BATTC.SYS Loaded driver pciide.sys Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS Loaded driver MountMgr.sys Loaded driver ftdisk.sys Loaded driver PartMgr.sys Loaded driver ACPIEC.sys Loaded driver \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS Loaded driver VolSnap.sys Loaded driver atapi.sys Loaded driver iaStor.sys Loaded driver jraid.sys Loaded driver disk.sys Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS Loaded driver fltmgr.sys Loaded driver sr.sys Loaded driver PxHelp20.sys Loaded driver KSecDD.sys Loaded driver Ntfs.sys Loaded driver NDIS.sys Loaded driver Mup.sys Loaded driver JGOGO.sys Loaded driver \SystemRoot\system32\DRIVERS\intelppm.sys Loaded driver \SystemRoot\system32\DRIVERS\nv4_mini.sys Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys Loaded driver \SystemRoot\system32\DRIVERS\HDAudBus.sys Loaded driver \SystemRoot\system32\DRIVERS\NETw4x32.sys Loaded driver \SystemRoot\system32\DRIVERS\sdbus.sys Loaded driver \SystemRoot\system32\DRIVERS\rimmptsk.sys Loaded driver \SystemRoot\system32\DRIVERS\rimsptsk.sys Loaded driver \SystemRoot\system32\DRIVERS\rixdptsk.sys Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys Loaded driver \SystemRoot\system32\DRIVERS\Wdf01000.sys Loaded driver \SystemRoot\system32\DRIVERS\SynTP.sys Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys Loaded driver \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys Loaded driver \SystemRoot\System32\Drivers\ahebdxlx.SYS Loaded driver \SystemRoot\system32\DRIVERS\CmBatt.sys Loaded driver \SystemRoot\system32\DRIVERS\ATKACPI.sys Loaded driver \SystemRoot\System32\Drivers\tosrfcom.sys Loaded driver \SystemRoot\system32\DRIVERS\audstub.sys Loaded driver \SystemRoot\System32\Drivers\RootMdm.sys Loaded driver \SystemRoot\System32\Drivers\Modem.SYS Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys Loaded driver \SystemRoot\system32\DRIVERS\psched.sys Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys Loaded driver \SystemRoot\system32\DRIVERS\RimSerial.sys Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys Loaded driver \SystemRoot\system32\DRIVERS\update.sys Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys Loaded driver \SystemRoot\system32\DRIVERS\tosporte.sys Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys Loaded driver \SystemRoot\system32\drivers\RtkHDAud.sys Loaded driver \SystemRoot\system32\DRIVERS\smserial.sys Loaded driver \SystemRoot\system32\drivers\MODEMCSA.sys Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS Did not load driver \SystemRoot\System32\Drivers\Fdc.SYS Did not load driver \SystemRoot\System32\Drivers\Flpydisk.SYS Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS Did not load driver \SystemRoot\System32\Drivers\Changer.SYS Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS Loaded driver \SystemRoot\System32\Drivers\Null.SYS Loaded driver \SystemRoot\System32\Drivers\Beep.SYS Loaded driver \SystemRoot\System32\drivers\vga.sys Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS Loaded driver \systemroot\system32\drivers\TDSSmhct.sys Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys Loaded driver \SystemRoot\System32\drivers\afd.sys Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\System32\Drivers\ItSDisk.sys Loaded driver \SystemRoot\System32\Drivers\Fips.SYS Loaded driver \SystemRoot\System32\Drivers\avgmfx86.sys Loaded driver \SystemRoot\system32\DRIVERS\ATSwpDrv.sys Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys Loaded driver \SystemRoot\system32\DRIVERS\usbccgp.sys Loaded driver \SystemRoot\system32\DRIVERS\mouhid.sys Loaded driver \SystemRoot\System32\Drivers\usbvideo.sys Loaded driver \SystemRoot\System32\Drivers\avgldx86.sys Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys Did not load driver \SystemRoot\system32\DRIVERS\rdbss.sys Did not load driver \SystemRoot\system32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\system32\DRIVERS\mrxdav.sys Did not load driver \SystemRoot\System32\Drivers\Parport.SYS Did not load driver \SystemRoot\System32\Drivers\Serial.SYS Loaded driver \SystemRoot\system32\drivers\wdmaud.sys Loaded driver \SystemRoot\system32\drivers\sysaudio.sys Loaded driver \SystemRoot\system32\drivers\splitter.sys Loaded driver \SystemRoot\system32\drivers\aec.sys Loaded driver \SystemRoot\system32\drivers\swmidi.sys Loaded driver \SystemRoot\System32\Drivers\avgtdix.sys Loaded driver \SystemRoot\system32\drivers\DMusic.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\drivers\drmkaud.sys Loaded driver \SystemRoot\system32\DRIVERS\srv.sys Loaded driver \SystemRoot\system32\DRIVERS\USBSTOR.SYS Loaded driver \SystemRoot\System32\Drivers\Fastfat.SYS Loaded driver \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys
  21. Shane
    Attached please find the Optional Scan report. Below is the DDS report. Also, I uninstalled AVG 7.5 per your request. Thank you for your assistance. DDS (Version 1.0) - NTFSx86 Run by Owner at 7:58:25.48 on Wed 12/03/2008 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2544 [GMT -5:00] ============== Running Processes =============== C:\WINDOWS\System32\svchost.exe -k Cognizance C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATK Hotkey\Hcontrol.exe C:\Program Files\ATK Hotkey\MsgTranAgt.exe C:\Program Files\ASUS\ATK Media\DMEDIA.EXE C:\Program Files\ATKOSD2\ATKOSD2.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Synaptics\SynTP\SynAsus.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe C:\Program Files\Cyberlink\Shared Files\brs.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\ATK Hotkey\ATKOSD.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\ATK Hotkey\WDC.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Owner\Application Data\U3\0AB1395171F2C9D6\LaunchPad.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\Owner\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL BHO: {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\program files\asus security center\asus security protect manager\bin\ItIEAddIn.dll TB: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL TB: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [bitTorrent DNA] "c:\program files\dna\btdna.exe" uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork mRun: [ATKHOTKEY] "c:\program files\atk hotkey\Hcontrol.exe" mRun: [MsgTranAgt] "c:\program files\atk hotkey\MsgTranAgt.exe" mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE mRun: [ATKOSD2] "c:\program files\atkosd2\ATKOSD2.exe" mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [Power_Gear] c:\program files\asus\power4 gear\BatteryLife.exe 1 mRun: [CognizanceTS] rundll32.exe c:\progra~1\asusse~1\asusse~1\bin\ASTSVCC.dll,RegisterModule mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe" mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe" mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe" mRun: [bDRegion] c:\program files\cyberlink\shared files\brs.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [blackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background mRun: [<NO NAME>] mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe" mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u mRun: [sMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: OneCard - c:\program files\asus security center\asus security protect manager\bin\ASWLNPkg.dll AppInit_DLLs: APSHook.dll,avgrsstx.dll LSA: Notification Packages = scecli ASWLNPkg ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-16 97928] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-16 26824] R1 ItSDisk;ItSDisk;c:\windows\system32\drivers\ItSDisk.sys [2006-5-16 23496] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\cyberlink\powerdvd8\000.fcl [2008-2-1 41456] R2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-7-7 611664] R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2006-2-28 14336] R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2006-2-28 14336] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-4 875288] R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-4 231704] R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-16 76040] R4 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;\??\c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [] R4 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [] =============== Created Last 30 ================ 2008-12-01 13:35 0 a------- c:\windows\system32\wertyu.dll 2008-12-01 13:35 0 a------- c:\windows\system32\getwn32.dll 2008-12-01 13:35 0 a------- c:\windows\system32\av.exe 2008-12-01 13:30 89,614 a------- c:\windows\system32\av.dat 2008-11-25 17:04 256 a------- c:\windows\system32\pool.bin 2008-11-25 17:03 <DIR> --d----- c:\docume~1\owner\applic~1\Research In Motion 2008-11-25 16:58 <DIR> --d----- c:\program files\common files\Sonic Shared 2008-11-25 16:58 <DIR> --d----- c:\program files\Roxio 2008-11-25 16:55 26,496 a----r-- c:\windows\system32\drivers\RimSerial.sys 2008-11-25 16:54 <DIR> --d----- c:\program files\common files\Research In Motion 2008-11-25 16:53 <DIR> --d----- c:\program files\Research In Motion 2008-11-25 16:48 18,468,336 a------- c:\program files\RhapsodyVcast.EXE 2008-11-18 19:53 <DIR> --d----- c:\program files\BitPim 2008-11-18 17:30 <DIR> --d----- c:\program files\LG Electronics 2008-11-14 13:30 <DIR> --d----- C:\temp 2008-11-11 17:37 98 a------- c:\windows\WirelessFTP.INI 2008-11-11 17:33 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys 2008-11-11 17:33 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll ==================== Find3M ==================== 2008-12-02 20:02 <DIR> --d----- c:\docume~1\owner\applic~1\BitTorrent 2008-12-02 14:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8 2008-11-28 12:19 <DIR> --d----- c:\docume~1\owner\applic~1\LimeWire 2008-11-14 13:12 <DIR> --d----- c:\program files\THQ 2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll 2008-09-15 07:12 1,846,400 a------- c:\windows\system32\win32k.sys 2008-09-14 08:31 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2008-09-09 20:14 1,307,648 -------- c:\windows\system32\msxml6.dll 2008-09-04 12:15 1,106,944 a------- c:\windows\system32\msxml3.dll 2008-08-24 18:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trymedia 2008-07-15 10:10 <DIR> --d----- c:\docume~1\owner\applic~1\DNA 2008-07-10 11:00 <DIR> --d----- c:\docume~1\owner\applic~1\Turbine 2008-07-10 07:17 <DIR> --d----- c:\docume~1\owner\applic~1\GetRightToGo 2008-07-04 11:07 <DIR> --d----- c:\docume~1\owner\applic~1\Electronic Arts 2008-06-19 10:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\LightScribe 2008-06-19 10:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero 2008-06-19 10:15 <DIR> --d----- c:\docume~1\owner\applic~1\BSplayer 2008-06-19 10:12 <DIR> --d----- c:\docume~1\owner\applic~1\BSplayer Pro 2008-06-09 11:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Winamp Toolbar 2008-05-19 06:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2008-05-18 05:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\media center programs 2008-05-18 03:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Funcom 2008-05-17 14:14 <DIR> --d----- c:\docume~1\owner\applic~1\AVGTOOLBAR 2008-05-16 23:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Grisoft 2008-05-16 06:11 <DIR> --d-h--- c:\docume~1\alluse~1\applic~1\{0E8E33D8-193A-414A-A909-0F101A142D26} 2008-05-13 07:13 <DIR> --d----- c:\docume~1\owner\applic~1\TMP ============= FINISH: 7:58:53.96 =============== Attach.txt DDS.txt Attach.txt DDS.txt
  22. Shane
    Good evening, I recently discovered I have a browser hijack. Regular symptoms- unable to update AVG, Adaware, or Spybot. unable to visit those web pages, redirected to google or amazon add sites, etc. I also am unable to install Malwarebytes from my flash drive. I am working in this thread from my backup computer so please forgive my slow response time, etc. I was able to get Hijack This installed. Below is my log. I have tried nothing more than running AVG 7.5 and 8.0, Spybot and Adaware. My virus defintions were up to date as of two weeks ago, but I am unable to update them at this time. Thank you for your assistance with this incredibly frustrating issue. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:01:03 PM, on 12/2/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATK Hotkey\Hcontrol.exe C:\Program Files\ATK Hotkey\MsgTranAgt.exe C:\Program Files\ASUS\ATK Media\DMEDIA.EXE C:\Program Files\ATKOSD2\ATKOSD2.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynAsus.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe C:\Program Files\Cyberlink\Shared Files\brs.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe C:\Program Files\ATK Hotkey\ATKOSD.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\ATK Hotkey\WDC.exe C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe C:\WINDOWS\system32\svchost.exe C:\Documents and Settings\Owner\Desktop\HiJackThis.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe" O4 - HKLM\..\Run: [MsgTranAgt] "C:\Program Files\ATK Hotkey\MsgTranAgt.exe" O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe" O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: APSHook.dll,avgrsstx.dll O20 - Winlogon Notify: OneCard - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- End of file - 8406 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.