Shane
-
Posts
22 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Shane
-
-
New log posted below. System is running pretty fast, not quite as fast as it was when new, but certainly faster than the last few weeks.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:38:49 PM, on 12/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATK Hotkey\MsgTranAgt.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Synaptics\SynTP\SynAsus.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\My Documents\Malware Backup stuff\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe"
O4 - HKLM\..\Run: [MsgTranAgt] "C:\Program Files\ATK Hotkey\MsgTranAgt.exe"
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: APSHook.dll,avgrsstx.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
--
End of file - 7733 bytes
-
ComboFix 08-12-02.02 - Owner 2008-12-04 17:32:02.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2557 [GMT -5:00]
Running from: c:\documents and settings\Owner\My Documents\Malware Backup stuff\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\cfscript.txt.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\IE4 Error Log.txt
.
((((((((((((((((((((((((( Files Created from 2008-11-04 to 2008-12-04 )))))))))))))))))))))))))))))))
.
2008-12-04 10:33 . 2008-09-25 06:22 3,634,688 --a------ c:\windows\system32\drivers\NETw5x32.sys
2008-12-04 10:33 . 2008-06-20 09:33 2,756,608 --a------ c:\windows\system32\NETw5r32.dll
2008-12-04 10:33 . 2008-06-20 09:32 663,552 --a------ c:\windows\system32\NETw5c32.dll
2008-12-03 20:24 . 2008-12-03 20:24 250 --a------ c:\windows\gmer.ini
2008-12-02 20:08 . 2008-12-02 20:08 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Grisoft
2008-12-02 20:04 . 2008-12-02 21:40 <DIR> d-------- c:\documents and settings\Administrator
2008-12-02 18:19 . 2008-12-03 09:51 <DIR> d-------- c:\documents and settings\Owner\Application Data\U3
2008-11-25 17:07 . 2008-11-25 17:07 <DIR> d-------- c:\documents and settings\Owner\Application Data\Roxio
2008-11-25 17:07 . 2008-11-25 17:07 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Roxio
2008-11-25 17:04 . 2008-12-02 17:06 256 --a------ c:\windows\system32\pool.bin
2008-11-25 17:03 . 2008-11-25 17:03 <DIR> d-------- c:\documents and settings\Owner\Application Data\Research In Motion
2008-11-25 16:59 . 2008-11-25 16:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sonic
2008-11-25 16:59 . 2008-11-25 16:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield
2008-11-25 16:58 . 2008-11-25 16:58 <DIR> d-------- c:\program files\Roxio
2008-11-25 16:58 . 2008-11-25 16:58 <DIR> d-------- c:\program files\Common Files\Sonic Shared
2008-11-25 16:58 . 2008-11-25 16:58 <DIR> d-------- c:\program files\Common Files\Roxio Shared
2008-11-25 16:58 . 2008-11-25 16:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Roxio
2008-11-25 16:55 . 2007-01-18 10:24 26,496 -ra------ c:\windows\system32\drivers\RimSerial.sys
2008-11-25 16:54 . 2008-11-25 16:54 <DIR> d-------- c:\program files\Common Files\Research In Motion
2008-11-25 16:53 . 2008-11-25 16:53 <DIR> d-------- c:\program files\Research In Motion
2008-11-25 16:48 . 2008-11-25 16:49 18,468,336 --a------ c:\program files\RhapsodyVcast.EXE
2008-11-18 19:53 . 2008-11-18 19:54 <DIR> d-------- c:\program files\BitPim
2008-11-18 17:30 . 2008-11-18 17:30 <DIR> d-------- c:\program files\LG Electronics
2008-11-14 13:30 . 2008-11-25 16:55 <DIR> d-------- C:\temp
2008-11-11 17:40 . 2008-11-11 17:40 <DIR> d-------- c:\documents and settings\Owner\Application Data\Toshiba
2008-11-11 17:37 . 2008-11-11 17:43 98 --a------ c:\windows\WirelessFTP.INI
2008-11-11 17:33 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 17:33 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-04 22:26 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-04 18:26 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-03 01:02 --------- d-----w c:\documents and settings\Owner\Application Data\BitTorrent
2008-12-02 22:12 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-02 22:12 --------- d-----w c:\program files\Electronic Arts
2008-12-02 19:29 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-11-28 17:19 --------- d-----w c:\documents and settings\Owner\Application Data\LimeWire
2008-11-25 21:58 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-14 18:12 --------- d-----w c:\program files\THQ
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
.
((((((((((((((((((((((((((((( snapshot@2008-12-03_10.04.24.98 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-04 01:24:02 884,736 ----a-w c:\windows\gmer.dll
+ 2008-04-18 02:13:02 811,008 ----a-w c:\windows\gmer.exe
+ 2008-12-04 01:24:02 85,969 ----a-w c:\windows\system32\drivers\gmer.sys
+ 2008-06-20 14:32:32 663,552 -c--a-w c:\windows\system32\DRVSTORE\netw5x32_74BACD4A361CF37186F7E967730975606AB2E1F8\NETw5c32.dll
+ 2008-06-20 14:33:34 2,756,608 -c--a-w c:\windows\system32\DRVSTORE\netw5x32_74BACD4A361CF37186F7E967730975606AB2E1F8\NETw5r32.dll
+ 2008-09-25 11:22:02 3,634,688 -c--a-w c:\windows\system32\DRVSTORE\netw5x32_74BACD4A361CF37186F7E967730975606AB2E1F8\NETw5x32.sys
+ 2007-02-12 16:40:44 557,056 -c--a-w c:\windows\system32\DRVSTORE\w29n51_AEF466EE116FDF742A02BFF75E6143DB4A91003C\Netw2c32.dll
+ 2007-02-12 16:41:44 2,732,032 -c--a-w c:\windows\system32\DRVSTORE\w29n51_AEF466EE116FDF742A02BFF75E6143DB4A91003C\Netw2r32.dll
+ 2008-01-09 10:20:28 2,212,352 -c--a-w c:\windows\system32\DRVSTORE\w29n51_AEF466EE116FDF742A02BFF75E6143DB4A91003C\w29n50.sys
+ 2008-01-09 10:19:16 2,216,064 -c--a-w c:\windows\system32\DRVSTORE\w29n51_AEF466EE116FDF742A02BFF75E6143DB4A91003C\w29n51.sys
- 2008-11-14 18:12:30 62,746 ----a-w c:\windows\system32\perfc009.dat
+ 2008-12-04 18:20:07 60,514 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-14 18:12:30 401,632 ----a-w c:\windows\system32\perfh009.dat
+ 2008-12-04 18:20:07 395,346 ----a-w c:\windows\system32\perfh009.dat
+ 2008-06-20 14:32:32 663,552 ----a-w c:\windows\system32\ReinstallBackups\0023\DriverFiles\NETw5c32.dll
+ 2008-06-20 14:33:34 2,756,608 ----a-w c:\windows\system32\ReinstallBackups\0023\DriverFiles\NETw5r32.dll
+ 2008-09-25 11:22:02 3,634,688 ----a-w c:\windows\system32\ReinstallBackups\0023\DriverFiles\NETw5x32.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Secure Disks]
@="{666C7836-A9B6-4AB4-94ED-DC238C81E925}"
[HKEY_CLASSES_ROOT\CLSID\{666C7836-A9B6-4AB4-94ED-DC238C81E925}]
2006-10-26 11:35 391168 -ra------ c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"ATKHOTKEY"="c:\program files\ATK Hotkey\Hcontrol.exe" [2007-11-28 229376]
"MsgTranAgt"="c:\program files\ATK Hotkey\MsgTranAgt.exe" [2007-11-04 106496]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-17 7737344]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-21 36864]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-16 1029416]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 86016]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 17920]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-06-19 91432]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-25 185896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-09-19 615696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-21 13508608]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 c:\windows\RTHDCPL.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll,avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
"SMSERIAL"=c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SDUpdate.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"=
"c:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-16 97928]
R1 ItSDisk;ItSDisk;c:\windows\system32\Drivers\ItSDisk.sys [2006-05-16 23496]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\CyberLink\PowerDVD8\000.fcl [2008-02-01 16:24:04 41456]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2006-02-28 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2006-02-28 14336]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-04 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-05-16 76040]
R3 NETw5x32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\DRIVERS\NETw5x32.sys [2008-12-04 3634688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c9d0b04-b5c0-11dd-9712-001f3b4d9d19}]
\Shell\AutoRun\command - F:\USBAutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f19cca68-c0c6-11dd-972d-001f3b4d9d19}]
\Shell\AutoRun\command - F:\LaunchU3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2008-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-04 17:35:59
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(556)
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItMsg.dll
- - - - - - - > 'lsass.exe'(612)
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ASWLNPkg.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ItMsg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
c:\program files\Synaptics\SynTP\SynAsus.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\WDC.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\scardsvr.exe
.
**************************************************************************
.
Completion time: 2008-12-04 17:39:33 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-12-04 22:39:30
ComboFix2.txt 2008-12-03 17:31:27
ComboFix3.txt 2008-12-03 15:04:43
Pre-Run: 178,175,483,904 bytes free
Post-Run: 178,213,232,640 bytes free
216 --- E O F --- 2008-11-13 19:10:28
-
Log info from script:
c:\qoobox\quarantine\c\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll.vir -> c:\program files\ASUS Security Center\ASUS Security
-
Looks like my protocols, etc were messed up. Downloaded and ran winsockxpfix and it seemed to get everything back in order. AVG and Spybot updated. Ran a scan and found no additional bugs. Other websites etc worked fine, other programs able to get online etc.
ASUS folder uploaded per your request. I never use the thing, it came with my laptop and I never took the time to get it set up.
Kaspersky Scanner log did not find anything, no report to save.
-
I am now able to connect to the internet. If you need anything else before giving my poor PC a clean bill of health let me know.
-
Uninstalling the device did not seem to work. I have reinstalled and allowed windows to detect, also tried updating drivers etc. All I get is an "Acquiring Network Address" from the card...never connects, just sits there.
Doesn't seem like the card wants to talk to anything. Is there anything I can post to help you find the problem?
-
PLease advise status, still pulling Trojan virus and still unable to connect to the internet on main pc.
-
on reboot, AVG just found a Trojan. Not sure if this is anything you didn't expect, just thought it might be handy to know. Path is below
C:\ System Volume Info\_restore{0887183D-FDEF-4FEE-A552-62C0B1FA5BE6}-\RP149\A0054699.sys
C:\ System Volume Info\_restore{0887183D-FDEF-4FEE-A552-62C0B1FA5BE6}-\RP149\A00547000.dll
-
I do use Daemon tools occasionally, but have not in quite a while. Here is the gmer log. Please note I am still unable to connect to the internet on my main PC, still updating this thread from my spare. using flash drive to transport programs, logs, etc.
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-03 20:32:31
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.14 ----
SSDT spda.sys ZwCreateKey [0xBA6A80E0]
SSDT spda.sys ZwEnumerateKey [0xBA6C6CA2]
SSDT spda.sys ZwEnumerateValueKey [0xBA6C7030]
SSDT spda.sys ZwOpenKey [0xBA6A80C0]
SSDT spda.sys ZwQueryKey [0xBA6C7108]
SSDT spda.sys ZwQueryValueKey [0xBA6C6F88]
SSDT spda.sys ZwSetValueKey [0xBA6C719A]
INT 0x62 ? 8AF4DBF8
INT 0x73 ? 8A316BF8
INT 0x74 ? 8A316BF8
INT 0x83 ? 8AEDDBF8
INT 0x83 ? 8A316BF8
INT 0x94 ? 8A316BF8
INT 0xA4 ? 8AEDABF8
INT 0xB4 ? 8A316BF8
---- Kernel code sections - GMER 1.0.14 ----
? spda.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B8A658AC 5 Bytes JMP 8A3161D8
.text ajl2aq0a.SYS B791F384 1 Byte [ 20 ]
.text ajl2aq0a.SYS B791F386 35 Bytes [ 00, 68, 00, 00, 00, 00, 00, ... ]
.text ajl2aq0a.SYS B791F3AA 24 Bytes [ 00, 00, 20, 00, 00, E0, 00, ... ]
.text ajl2aq0a.SYS B791F3C4 3 Bytes [ 00, 00, 00 ]
.text ajl2aq0a.SYS B791F3C9 1 Byte [ 00 ]
.text ...
---- Kernel IAT/EAT - GMER 1.0.14 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [bA6A9040] spda.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [bA6A913C] spda.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [bA6A90BE] spda.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [bA6A97FC] spda.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [bA6A96D2] spda.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [bA6B9048] spda.sys
IAT \SystemRoot\System32\Drivers\ajl2aq0a.SYS[HAL.dll!KfAcquireSpinLock] 000000AD
IAT \SystemRoot\System32\Drivers\ajl2aq0a.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4
IAT \SystemRoot\System32\Drivers\ajl2aq0a.SYS[HAL.dll!KeGetCurrentIrql] 000000A2
IAT \SystemRoot\System32\Drivers\ajl2aq0a.SYS[HAL.dll!KfRaiseIrql] 000000AF
IAT \SystemRoot\System32\Drivers\ajl2aq0a.SYS[HAL.dll!KfLowerIrql] 0000009C
IAT \SystemRoot\System32\Drivers\ajl2aq0a.SYS[HAL.dll!HalGetInterruptVector] 000000A4
IAT \SystemRoot\System32\Drivers\ajl2aq0a.SYS[HAL.dll!HalTranslateBusAddress] 00000072
IAT \SystemRoot\System32\Drivers\ajl2aq0a.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0
IAT \SystemRoot\System32\Drivers\ajl2aq0a.SYS[HAL.dll!KfReleaseSpinLock] 000000B7
IAT \SystemRoot\System32\Drivers\ajl2aq0a.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD
IAT \SystemRoot\System32\Drivers\ajl2aq0a.SYS[HAL.dll!READ_PORT_USHORT] 00000093
IAT \SystemRoot\System32\Drivers\ajl2aq0a.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026
IAT \SystemRoot\System32\Drivers\ajl2aq0a.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036
IAT \SystemRoot\System32\Drivers\ajl2aq0a.SYS[WMILIB.SYS!WmiSystemControl] 000000F7
IAT \SystemRoot\System32\Drivers\ajl2aq0a.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC
---- Devices - GMER 1.0.14 ----
Device \FileSystem\Ntfs \Ntfs 8AF4B1F8
Device \FileSystem\Fastfat \FatCdrom 86E361F8
Device \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-0 8A3AC4D8
Device \Driver\usbuhci \Device\USBPDO-1 8A3AC4D8
Device \Driver\usbehci \Device\USBPDO-2 8A3001F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{750A8CF4-0896-4D5B-AAC6-28E612F9665C} 89E8A368
Device \Driver\usbuhci \Device\USBPDO-3 8A3AC4D8
Device \Driver\usbuhci \Device\USBPDO-4 8A3AC4D8
Device \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbehci \Device\USBPDO-5 8A3001F8
Device \Driver\usbuhci \Device\USBPDO-6 8A3AC4D8
Device \Driver\USBSTOR \Device\000000a3 89EAD500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8AEDB1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8AEDB1F8
Device \Driver\Cdrom \Device\CdRom0 8A1F31F8
Device \Driver\USBSTOR \Device\000000a4 89EAD500
Device \Driver\Cdrom \Device\CdRom1 8A1F31F8
Device \Driver\USBSTOR \Device\000000a5 89EAD500
Device \Driver\Cdrom \Device\CdRom5 8A1F31F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 89E8A368
Device \Driver\NetBT \Device\NetbiosSmb 89E8A368
Device \Driver\PCI_PNP1688 \Device\0000004c spda.sys
Device \Driver\sptd \Device\219560438 spda.sys
Device \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbuhci \Device\USBFDO-0 8A3AC4D8
Device \Driver\usbuhci \Device\USBFDO-1 8A3AC4D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A07E368
Device \Driver\Tcpip \Device\IPMULTICAST avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbehci \Device\USBFDO-2 8A3001F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A07E368
Device \Driver\usbuhci \Device\USBFDO-3 8A3AC4D8
Device \Driver\usbuhci \Device\USBFDO-4 8A3AC4D8
Device \Driver\Ftdisk \Device\FtControl 8AEDB1F8
Device \Driver\usbuhci \Device\USBFDO-5 8A3AC4D8
Device \Driver\usbehci \Device\USBFDO-6 8A3001F8
Device \Driver\ajl2aq0a \Device\Scsi\ajl2aq0a1 8A19A1F8
Device \Driver\JRAID \Device\Scsi\JRAID1 8AF4C1F8
Device \Driver\ajl2aq0a \Device\Scsi\ajl2aq0a1Port3Path0Target0Lun0 8A19A1F8
Device \FileSystem\Fastfat \Fat 86E361F8
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 89E8C500
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2C 0x60 0x1A 0x23 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x21 0x91 0x8C 0xC2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0F 0x2E 0x71 0x7A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2C 0x60 0x1A 0x23 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x21 0x91 0x8C 0xC2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x46 0xD2 0xF6 0x9E ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2C 0x60 0x1A 0x23 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x21 0x91 0x8C 0xC2 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0F 0x2E 0x71 0x7A ...
---- EOF - GMER 1.0.14 ----
-
DDS (Version 1.0) - NTFSx86
Run by Owner at 20:18:25.76 on Wed 12/03/2008
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2512 [GMT -5:00]
============== Running Processes ===============
C:\WINDOWS\System32\svchost.exe -k Cognizance
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Synaptics\SynTP\SynAsus.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\program files\asus security center\asus security protect manager\bin\ItIEAddIn.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
mRun: [ATKHOTKEY] "c:\program files\atk hotkey\Hcontrol.exe"
mRun: [MsgTranAgt] "c:\program files\atk hotkey\MsgTranAgt.exe"
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE
mRun: [ATKOSD2] "c:\program files\atkosd2\ATKOSD2.exe"
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Power_Gear] c:\program files\asus\power4 gear\BatteryLife.exe 1
mRun: [CognizanceTS] rundll32.exe c:\progra~1\asusse~1\asusse~1\bin\ASTSVCC.dll,RegisterModule
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [bDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [blackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [sMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: APSHook.dll,avgrsstx.dll
LSA: Notification Packages = scecli ASWLNPkg
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-16 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-16 26824]
R1 ItSDisk;ItSDisk;c:\windows\system32\drivers\ItSDisk.sys [2006-5-16 23496]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\cyberlink\powerdvd8\000.fcl [2008-2-1 41456]
R2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-7-7 611664]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2006-2-28 14336]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-4 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-4 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-16 76040]
S2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2006-2-28 14336]
=============== Created Last 30 ================
2008-12-03 09:51 161,792 a------- c:\windows\SWREG.exe
2008-12-03 09:51 98,816 a------- c:\windows\sed.exe
2008-11-25 17:04 256 a------- c:\windows\system32\pool.bin
2008-11-25 17:03 <DIR> --d----- c:\docume~1\owner\applic~1\Research In Motion
2008-11-25 16:58 <DIR> --d----- c:\program files\common files\Sonic Shared
2008-11-25 16:58 <DIR> --d----- c:\program files\Roxio
2008-11-25 16:55 26,496 a----r-- c:\windows\system32\drivers\RimSerial.sys
2008-11-25 16:54 <DIR> --d----- c:\program files\common files\Research In Motion
2008-11-25 16:53 <DIR> --d----- c:\program files\Research In Motion
2008-11-25 16:48 18,468,336 a------- c:\program files\RhapsodyVcast.EXE
2008-11-18 19:53 <DIR> --d----- c:\program files\BitPim
2008-11-18 17:30 <DIR> --d----- c:\program files\LG Electronics
2008-11-14 13:30 <DIR> --d----- C:\temp
2008-11-11 17:37 98 a------- c:\windows\WirelessFTP.INI
2008-11-11 17:33 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 17:33 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
==================== Find3M ====================
2008-12-02 20:02 <DIR> --d----- c:\docume~1\owner\applic~1\BitTorrent
2008-12-02 14:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2008-11-28 12:19 <DIR> --d----- c:\docume~1\owner\applic~1\LimeWire
2008-11-14 13:12 <DIR> --d----- c:\program files\THQ
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-15 07:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-14 08:31 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-09-09 20:14 1,307,648 -------- c:\windows\system32\msxml6.dll
2008-08-24 18:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trymedia
2008-07-15 10:10 <DIR> --d----- c:\docume~1\owner\applic~1\DNA
2008-07-10 11:00 <DIR> --d----- c:\docume~1\owner\applic~1\Turbine
2008-07-10 07:17 <DIR> --d----- c:\docume~1\owner\applic~1\GetRightToGo
2008-07-04 11:07 <DIR> --d----- c:\docume~1\owner\applic~1\Electronic Arts
2008-06-19 10:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\LightScribe
2008-06-19 10:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2008-06-19 10:15 <DIR> --d----- c:\docume~1\owner\applic~1\BSplayer
2008-06-19 10:12 <DIR> --d----- c:\docume~1\owner\applic~1\BSplayer Pro
2008-06-09 11:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Winamp Toolbar
2008-05-19 06:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-05-18 05:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\media center programs
2008-05-18 03:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Funcom
2008-05-17 14:14 <DIR> --d----- c:\docume~1\owner\applic~1\AVGTOOLBAR
2008-05-16 23:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Grisoft
2008-05-16 06:11 <DIR> --d-h--- c:\docume~1\alluse~1\applic~1\{0E8E33D8-193A-414A-A909-0F101A142D26}
2008-05-13 07:13 <DIR> --d----- c:\docume~1\owner\applic~1\TMP
============= FINISH: 20:18:43.23 ===============
-
Regedit Parameters and Qoobox file attached below. Hopefully that is what you need.
-
No problem. I'll wait for your instructions.
-
All files found. Uploaded to Quarantine files to the site requested above. thank you.
-
Now I'm unable to get online at all. yesterday I could at least get to a few sites that were already in my history. However I am now unable to go online and get AVG/Spybot updates, also I am unable to get online with either IE or Firefox. Doesn't look like I'm receiving packets when I check the status of my connection. I've done nothing since running Combo-Fix
-
I was able to shut down TeaTimer and run the .bat file you asked. Aftwards I reran Combo-Fix and am still unable to get online to update AVG etc. Also still unable to find System Recover Console on my main PC.
Below is the new log
ComboFix 08-12-02.02 - Owner 2008-12-03 12:24:47.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2591 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-11-03 to 2008-12-03 )))))))))))))))))))))))))))))))
.
2008-12-02 20:08 . 2008-12-02 20:08 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Grisoft
2008-12-02 20:04 . 2008-12-02 21:40 <DIR> d-------- c:\documents and settings\Administrator
2008-12-02 18:19 . 2008-12-03 09:51 <DIR> d-------- c:\documents and settings\Owner\Application Data\U3
2008-11-25 17:07 . 2008-11-25 17:07 <DIR> d-------- c:\documents and settings\Owner\Application Data\Roxio
2008-11-25 17:07 . 2008-11-25 17:07 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Roxio
2008-11-25 17:04 . 2008-12-02 17:06 256 --a------ c:\windows\system32\pool.bin
2008-11-25 17:03 . 2008-11-25 17:03 <DIR> d-------- c:\documents and settings\Owner\Application Data\Research In Motion
2008-11-25 16:59 . 2008-11-25 16:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sonic
2008-11-25 16:59 . 2008-11-25 16:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield
2008-11-25 16:58 . 2008-11-25 16:58 <DIR> d-------- c:\program files\Roxio
2008-11-25 16:58 . 2008-11-25 16:58 <DIR> d-------- c:\program files\Common Files\Sonic Shared
2008-11-25 16:58 . 2008-11-25 16:58 <DIR> d-------- c:\program files\Common Files\Roxio Shared
2008-11-25 16:58 . 2008-11-25 16:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Roxio
2008-11-25 16:55 . 2007-01-18 10:24 26,496 -ra------ c:\windows\system32\drivers\RimSerial.sys
2008-11-25 16:54 . 2008-11-25 16:54 <DIR> d-------- c:\program files\Common Files\Research In Motion
2008-11-25 16:53 . 2008-11-25 16:53 <DIR> d-------- c:\program files\Research In Motion
2008-11-25 16:48 . 2008-11-25 16:49 18,468,336 --a------ c:\program files\RhapsodyVcast.EXE
2008-11-18 19:53 . 2008-11-18 19:54 <DIR> d-------- c:\program files\BitPim
2008-11-18 17:30 . 2008-11-18 17:30 <DIR> d-------- c:\program files\LG Electronics
2008-11-14 13:30 . 2008-11-25 16:55 <DIR> d-------- C:\temp
2008-11-11 17:40 . 2008-11-11 17:40 <DIR> d-------- c:\documents and settings\Owner\Application Data\Toshiba
2008-11-11 17:37 . 2008-11-11 17:43 98 --a------ c:\windows\WirelessFTP.INI
2008-11-11 17:33 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 17:33 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-03 01:02 --------- d-----w c:\documents and settings\Owner\Application Data\BitTorrent
2008-12-02 22:12 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-02 22:12 --------- d-----w c:\program files\Electronic Arts
2008-12-02 19:29 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-11-28 17:19 --------- d-----w c:\documents and settings\Owner\Application Data\LimeWire
2008-11-25 21:58 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-14 18:12 --------- d-----w c:\program files\THQ
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Secure Disks]
@="{666C7836-A9B6-4AB4-94ED-DC238C81E925}"
[HKEY_CLASSES_ROOT\CLSID\{666C7836-A9B6-4AB4-94ED-DC238C81E925}]
2006-10-26 11:35 391168 -ra------ c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 451872]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"ATKHOTKEY"="c:\program files\ATK Hotkey\Hcontrol.exe" [2007-11-28 229376]
"MsgTranAgt"="c:\program files\ATK Hotkey\MsgTranAgt.exe" [2007-11-04 106496]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-17 7737344]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-21 36864]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-16 1029416]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 86016]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 17920]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-06-19 91432]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-25 185896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-09-19 615696]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-08-26 236016]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-21 630784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-21 13508608]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 c:\windows\RTHDCPL.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll,avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SDUpdate.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"=
"c:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-16 97928]
R1 ItSDisk;ItSDisk;c:\windows\system32\Drivers\ItSDisk.sys [2006-05-16 23496]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\CyberLink\PowerDVD8\000.fcl [2008-02-01 16:24:04 41456]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2006-02-28 14336]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-04 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-05-16 76040]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2006-02-28 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c9d0b04-b5c0-11dd-9712-001f3b4d9d19}]
\Shell\AutoRun\command - F:\USBAutoRun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2008-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\capxxhld.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.yahoo.com
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\Download Manager\npfpdlm.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npff_gdm.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npWebLaunch.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-03 12:28:11
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Synaptics\SynTP\SynAsus.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\WDC.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-12-03 12:31:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-03 17:31:22
ComboFix2.txt 2008-12-03 15:04:43
Pre-Run: 178,532,163,584 bytes free
Post-Run: 178,521,980,928 bytes free
185 --- E O F --- 2008-11-13 19:10:28
-
Still nothing on this report. Unable to go online and update AVG, Adaware, Spybot, or surf the web. Still updating this thread from my backup PC
-
New issue as well, now unable to connect to the internet at all. Spybot will now boot up, etc. however I cannot get any program to connect to the internet.
-
I was unable to open Spybot to reset the tea timer. I also was unable to get the program to reset my tea timer to do anything as well. I was able to close out my spybot and was planning on doing a reinstall afterwards if we are able to get my system clean.
Ran Combo-fix, my PC did not want to run it for several minutes, however after a resave, rename, rename in the flash drive and a prayer it took it. Below is the log.
Also, combo fix noted i did not have the Windows Recovery Console. I could not connect ot the internet to download that piece so it just skipped and continued with the scan.
Let me know if there is anything further you would like me to do.
ComboFix 08-12-02.02 - Owner 2008-12-03 9:56:28.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2660 [GMT -5:00]
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll
c:\windows\system32\av.dat
c:\windows\system32\av.exe
c:\windows\system32\drivers\TDSSmhct.sys
c:\windows\system32\getwn32.dll
c:\windows\system32\TDSShrsr.dll
c:\windows\system32\TDSSkkbi.log
c:\windows\system32\TDSSlxwp.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSorvd.dat
c:\windows\system32\TDSSotqh.dll
c:\windows\system32\TDSSrhyp.log
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSSsihc.dll
c:\windows\system32\TDSSxfum.dll
c:\windows\system32\wertyu.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS
((((((((((((((((((((((((( Files Created from 2008-11-03 to 2008-12-03 )))))))))))))))))))))))))))))))
.
2008-12-02 20:08 . 2008-12-02 20:08 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Grisoft
2008-12-02 20:04 . 2008-12-02 21:40 <DIR> d-------- c:\documents and settings\Administrator
2008-12-02 18:19 . 2008-12-03 09:51 <DIR> d-------- c:\documents and settings\Owner\Application Data\U3
2008-11-25 17:07 . 2008-11-25 17:07 <DIR> d-------- c:\documents and settings\Owner\Application Data\Roxio
2008-11-25 17:07 . 2008-11-25 17:07 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Roxio
2008-11-25 17:04 . 2008-12-02 17:06 256 --a------ c:\windows\system32\pool.bin
2008-11-25 17:03 . 2008-11-25 17:03 <DIR> d-------- c:\documents and settings\Owner\Application Data\Research In Motion
2008-11-25 16:59 . 2008-11-25 16:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sonic
2008-11-25 16:59 . 2008-11-25 16:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield
2008-11-25 16:58 . 2008-11-25 16:58 <DIR> d-------- c:\program files\Roxio
2008-11-25 16:58 . 2008-11-25 16:58 <DIR> d-------- c:\program files\Common Files\Sonic Shared
2008-11-25 16:58 . 2008-11-25 16:58 <DIR> d-------- c:\program files\Common Files\Roxio Shared
2008-11-25 16:58 . 2008-11-25 16:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Roxio
2008-11-25 16:55 . 2007-01-18 10:24 26,496 -ra------ c:\windows\system32\drivers\RimSerial.sys
2008-11-25 16:54 . 2008-11-25 16:54 <DIR> d-------- c:\program files\Common Files\Research In Motion
2008-11-25 16:53 . 2008-11-25 16:53 <DIR> d-------- c:\program files\Research In Motion
2008-11-25 16:48 . 2008-11-25 16:49 18,468,336 --a------ c:\program files\RhapsodyVcast.EXE
2008-11-18 19:53 . 2008-11-18 19:54 <DIR> d-------- c:\program files\BitPim
2008-11-18 17:30 . 2008-11-18 17:30 <DIR> d-------- c:\program files\LG Electronics
2008-11-14 13:30 . 2008-11-25 16:55 <DIR> d-------- C:\temp
2008-11-11 17:40 . 2008-11-11 17:40 <DIR> d-------- c:\documents and settings\Owner\Application Data\Toshiba
2008-11-11 17:37 . 2008-11-11 17:43 98 --a------ c:\windows\WirelessFTP.INI
2008-11-11 17:33 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 17:33 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-03 01:02 --------- d-----w c:\documents and settings\Owner\Application Data\BitTorrent
2008-12-02 22:12 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-02 22:12 --------- d-----w c:\program files\Electronic Arts
2008-12-02 19:29 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-11-28 17:19 --------- d-----w c:\documents and settings\Owner\Application Data\LimeWire
2008-11-25 21:58 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-14 18:12 --------- d-----w c:\program files\THQ
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Secure Disks]
@="{666C7836-A9B6-4AB4-94ED-DC238C81E925}"
[HKEY_CLASSES_ROOT\CLSID\{666C7836-A9B6-4AB4-94ED-DC238C81E925}]
2006-10-26 11:35 391168 -ra------ c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 451872]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"ATKHOTKEY"="c:\program files\ATK Hotkey\Hcontrol.exe" [2007-11-28 229376]
"MsgTranAgt"="c:\program files\ATK Hotkey\MsgTranAgt.exe" [2007-11-04 106496]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-17 7737344]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-21 36864]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-16 1029416]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 86016]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 17920]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-06-19 91432]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-25 185896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-09-19 615696]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-08-26 236016]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-21 630784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-21 13508608]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 c:\windows\RTHDCPL.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll,avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SDUpdate.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"=
"c:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-16 97928]
R1 ItSDisk;ItSDisk;c:\windows\system32\Drivers\ItSDisk.sys [2006-05-16 23496]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\CyberLink\PowerDVD8\000.fcl [2008-02-01 16:24:04 41456]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2006-02-28 14336]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-04 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-05-16 76040]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2006-02-28 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c9d0b04-b5c0-11dd-9712-001f3b4d9d19}]
\Shell\AutoRun\command - F:\USBAutoRun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2008-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-BitTorrent DNA - c:\program files\DNA\btdna.exe
HKLM-Run-!AVG Anti-Spyware - c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
Notify-OneCard - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\capxxhld.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.yahoo.com
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\Download Manager\npfpdlm.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npff_gdm.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npWebLaunch.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-03 10:00:56
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\COMRes.dll
c:\windows\system32\CLBCATQ.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Synaptics\SynTP\SynAsus.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\WDC.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-12-03 10:04:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-03 15:04:39
Pre-Run: 178,348,130,304 bytes free
Post-Run: 178,503,204,864 bytes free
214 --- E O F --- 2008-11-13 19:10:28
-
Good morning,
AVG/Spybot/Adaware will not update and I have a browser hack that always redirects me to google, then various add sites. I cannot type in any address in the bar, just either google or yahoo, and from there when I use the search engine I get add sites. I am working in this forum from my backup PC.
Here is the log you requested.
Service Pack 312 3 2008 08:45:26.375
Loaded driver \WINDOWS\system32\ntkrnlpa.exe
Loaded driver \WINDOWS\system32\hal.dll
Loaded driver \WINDOWS\system32\KDCOM.DLL
Loaded driver \WINDOWS\system32\BOOTVID.dll
Loaded driver sptd.sys
Loaded driver \WINDOWS\System32\Drivers\WMILIB.SYS
Loaded driver \WINDOWS\System32\Drivers\SCSIPORT.SYS
Loaded driver ACPI.sys
Loaded driver pci.sys
Loaded driver ohci1394.sys
Loaded driver \WINDOWS\system32\DRIVERS\1394BUS.SYS
Loaded driver isapnp.sys
Loaded driver compbatt.sys
Loaded driver \WINDOWS\system32\DRIVERS\BATTC.SYS
Loaded driver pciide.sys
Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Loaded driver MountMgr.sys
Loaded driver ftdisk.sys
Loaded driver PartMgr.sys
Loaded driver ACPIEC.sys
Loaded driver \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
Loaded driver VolSnap.sys
Loaded driver atapi.sys
Loaded driver iaStor.sys
Loaded driver jraid.sys
Loaded driver disk.sys
Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Loaded driver fltmgr.sys
Loaded driver sr.sys
Loaded driver PxHelp20.sys
Loaded driver KSecDD.sys
Loaded driver Ntfs.sys
Loaded driver NDIS.sys
Loaded driver Mup.sys
Loaded driver JGOGO.sys
Loaded driver \SystemRoot\system32\DRIVERS\intelppm.sys
Loaded driver \SystemRoot\system32\DRIVERS\nv4_mini.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\system32\DRIVERS\HDAudBus.sys
Loaded driver \SystemRoot\system32\DRIVERS\NETw4x32.sys
Loaded driver \SystemRoot\system32\DRIVERS\sdbus.sys
Loaded driver \SystemRoot\system32\DRIVERS\rimmptsk.sys
Loaded driver \SystemRoot\system32\DRIVERS\rimsptsk.sys
Loaded driver \SystemRoot\system32\DRIVERS\rixdptsk.sys
Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\Wdf01000.sys
Loaded driver \SystemRoot\system32\DRIVERS\SynTP.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys
Loaded driver \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
Loaded driver \SystemRoot\System32\Drivers\ahebdxlx.SYS
Loaded driver \SystemRoot\system32\DRIVERS\CmBatt.sys
Loaded driver \SystemRoot\system32\DRIVERS\ATKACPI.sys
Loaded driver \SystemRoot\System32\Drivers\tosrfcom.sys
Loaded driver \SystemRoot\system32\DRIVERS\audstub.sys
Loaded driver \SystemRoot\System32\Drivers\RootMdm.sys
Loaded driver \SystemRoot\System32\Drivers\Modem.SYS
Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys
Loaded driver \SystemRoot\system32\DRIVERS\psched.sys
Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys
Loaded driver \SystemRoot\system32\DRIVERS\RimSerial.sys
Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\system32\DRIVERS\update.sys
Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys
Loaded driver \SystemRoot\system32\DRIVERS\tosporte.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys
Loaded driver \SystemRoot\system32\drivers\RtkHDAud.sys
Loaded driver \SystemRoot\system32\DRIVERS\smserial.sys
Loaded driver \SystemRoot\system32\drivers\MODEMCSA.sys
Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Fdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Flpydisk.SYS
Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS
Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS
Did not load driver \SystemRoot\System32\Drivers\Changer.SYS
Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \systemroot\system32\drivers\TDSSmhct.sys
Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys
Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\System32\drivers\afd.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys
Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS
Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\System32\Drivers\ItSDisk.sys
Loaded driver \SystemRoot\System32\Drivers\Fips.SYS
Loaded driver \SystemRoot\System32\Drivers\avgmfx86.sys
Loaded driver \SystemRoot\system32\DRIVERS\ATSwpDrv.sys
Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbccgp.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouhid.sys
Loaded driver \SystemRoot\System32\Drivers\usbvideo.sys
Loaded driver \SystemRoot\System32\Drivers\avgldx86.sys
Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS
Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys
Did not load driver \SystemRoot\system32\DRIVERS\rdbss.sys
Did not load driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxdav.sys
Did not load driver \SystemRoot\System32\Drivers\Parport.SYS
Did not load driver \SystemRoot\System32\Drivers\Serial.SYS
Loaded driver \SystemRoot\system32\drivers\wdmaud.sys
Loaded driver \SystemRoot\system32\drivers\sysaudio.sys
Loaded driver \SystemRoot\system32\drivers\splitter.sys
Loaded driver \SystemRoot\system32\drivers\aec.sys
Loaded driver \SystemRoot\system32\drivers\swmidi.sys
Loaded driver \SystemRoot\System32\Drivers\avgtdix.sys
Loaded driver \SystemRoot\system32\drivers\DMusic.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\drmkaud.sys
Loaded driver \SystemRoot\system32\DRIVERS\srv.sys
Loaded driver \SystemRoot\system32\DRIVERS\USBSTOR.SYS
Loaded driver \SystemRoot\System32\Drivers\Fastfat.SYS
Loaded driver \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl
Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
-
Attached please find the Optional Scan report. Below is the DDS report. Also, I uninstalled AVG 7.5 per your request. Thank you for your assistance.
DDS (Version 1.0) - NTFSx86
Run by Owner at 7:58:25.48 on Wed 12/03/2008
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2544 [GMT -5:00]
============== Running Processes ===============
C:\WINDOWS\System32\svchost.exe -k Cognizance
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynAsus.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Application Data\U3\0AB1395171F2C9D6\LaunchPad.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\program files\asus security center\asus security protect manager\bin\ItIEAddIn.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [bitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
mRun: [ATKHOTKEY] "c:\program files\atk hotkey\Hcontrol.exe"
mRun: [MsgTranAgt] "c:\program files\atk hotkey\MsgTranAgt.exe"
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE
mRun: [ATKOSD2] "c:\program files\atkosd2\ATKOSD2.exe"
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Power_Gear] c:\program files\asus\power4 gear\BatteryLife.exe 1
mRun: [CognizanceTS] rundll32.exe c:\progra~1\asusse~1\asusse~1\bin\ASTSVCC.dll,RegisterModule
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [bDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [blackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [sMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: OneCard - c:\program files\asus security center\asus security protect manager\bin\ASWLNPkg.dll
AppInit_DLLs: APSHook.dll,avgrsstx.dll
LSA: Notification Packages = scecli ASWLNPkg
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-16 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-16 26824]
R1 ItSDisk;ItSDisk;c:\windows\system32\drivers\ItSDisk.sys [2006-5-16 23496]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\cyberlink\powerdvd8\000.fcl [2008-2-1 41456]
R2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-7-7 611664]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2006-2-28 14336]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2006-2-28 14336]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-4 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-4 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-16 76040]
R4 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;\??\c:\program files\grisoft\avg anti-spyware 7.5\guard.sys []
R4 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys []
=============== Created Last 30 ================
2008-12-01 13:35 0 a------- c:\windows\system32\wertyu.dll
2008-12-01 13:35 0 a------- c:\windows\system32\getwn32.dll
2008-12-01 13:35 0 a------- c:\windows\system32\av.exe
2008-12-01 13:30 89,614 a------- c:\windows\system32\av.dat
2008-11-25 17:04 256 a------- c:\windows\system32\pool.bin
2008-11-25 17:03 <DIR> --d----- c:\docume~1\owner\applic~1\Research In Motion
2008-11-25 16:58 <DIR> --d----- c:\program files\common files\Sonic Shared
2008-11-25 16:58 <DIR> --d----- c:\program files\Roxio
2008-11-25 16:55 26,496 a----r-- c:\windows\system32\drivers\RimSerial.sys
2008-11-25 16:54 <DIR> --d----- c:\program files\common files\Research In Motion
2008-11-25 16:53 <DIR> --d----- c:\program files\Research In Motion
2008-11-25 16:48 18,468,336 a------- c:\program files\RhapsodyVcast.EXE
2008-11-18 19:53 <DIR> --d----- c:\program files\BitPim
2008-11-18 17:30 <DIR> --d----- c:\program files\LG Electronics
2008-11-14 13:30 <DIR> --d----- C:\temp
2008-11-11 17:37 98 a------- c:\windows\WirelessFTP.INI
2008-11-11 17:33 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 17:33 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
==================== Find3M ====================
2008-12-02 20:02 <DIR> --d----- c:\docume~1\owner\applic~1\BitTorrent
2008-12-02 14:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2008-11-28 12:19 <DIR> --d----- c:\docume~1\owner\applic~1\LimeWire
2008-11-14 13:12 <DIR> --d----- c:\program files\THQ
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-15 07:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-14 08:31 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-09-09 20:14 1,307,648 -------- c:\windows\system32\msxml6.dll
2008-09-04 12:15 1,106,944 a------- c:\windows\system32\msxml3.dll
2008-08-24 18:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trymedia
2008-07-15 10:10 <DIR> --d----- c:\docume~1\owner\applic~1\DNA
2008-07-10 11:00 <DIR> --d----- c:\docume~1\owner\applic~1\Turbine
2008-07-10 07:17 <DIR> --d----- c:\docume~1\owner\applic~1\GetRightToGo
2008-07-04 11:07 <DIR> --d----- c:\docume~1\owner\applic~1\Electronic Arts
2008-06-19 10:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\LightScribe
2008-06-19 10:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2008-06-19 10:15 <DIR> --d----- c:\docume~1\owner\applic~1\BSplayer
2008-06-19 10:12 <DIR> --d----- c:\docume~1\owner\applic~1\BSplayer Pro
2008-06-09 11:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Winamp Toolbar
2008-05-19 06:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-05-18 05:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\media center programs
2008-05-18 03:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Funcom
2008-05-17 14:14 <DIR> --d----- c:\docume~1\owner\applic~1\AVGTOOLBAR
2008-05-16 23:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Grisoft
2008-05-16 06:11 <DIR> --d-h--- c:\docume~1\alluse~1\applic~1\{0E8E33D8-193A-414A-A909-0F101A142D26}
2008-05-13 07:13 <DIR> --d----- c:\docume~1\owner\applic~1\TMP
============= FINISH: 7:58:53.96 ===============
-
Good evening,
I recently discovered I have a browser hijack. Regular symptoms- unable to update AVG, Adaware, or Spybot. unable to visit those web pages, redirected to google or amazon add sites, etc.
I also am unable to install Malwarebytes from my flash drive. I am working in this thread from my backup computer so please forgive my slow response time, etc. I was able to get Hijack This installed. Below is my log. I have tried nothing more than running AVG 7.5 and 8.0, Spybot and Adaware. My virus defintions were up to date as of two weeks ago, but I am unable to update them at this time. Thank you for your assistance with this incredibly frustrating issue.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:01:03 PM, on 12/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynAsus.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe"
O4 - HKLM\..\Run: [MsgTranAgt] "C:\Program Files\ATK Hotkey\MsgTranAgt.exe"
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: APSHook.dll,avgrsstx.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
--
End of file - 8406 bytes
Browser Hijack this morning
in Resolved Malware Removal Logs
Posted
All actions taken that you requested. Everything deleted, uninstalled, uploaded, etc.
Thank you so much for your help with this. I would have been at a loss without this website.