Jump to content

tqh

Honorary Members
 View Profile  See their activity

  • Posts

    156

  • Joined

  • Last visited

 Content Type 

Everything posted by tqh

  1. tqh
    Sorry, what is CA? Thanks.
  2. tqh
    Thanks for getting back so quickly. I ran into some problems this time. I evidently did not have the recovery console installed. I did not read the part about ComboFix terminating the internet connection and so I did that before running CF. When I was prompted to install the Console by CF, I tried to reestablish my internet connection manually. This did not work. I went ahead and clicked yes thinking I could get out of CF and start over, but I received a message stating that the installation failed and that the scan would proceed. Additionally, I chose to disable AVAST until reboot, so I don't know if this created a problem. Everything seems to be working fine, but it looks like Google may have changed its appearance once again. It looks the same on my laptop, so I'm thinking maybe it's okay. It still looks like AVG is on the computer. Any ideas how to get rid of it so it doesn't show up anywhere? Here is the CF log: ComboFix 11-08-03.02 - poi 08/03/2011 10:32:45.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.619 [GMT -5:00] Running from: c:\documents and settings\poi\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Je\WINDOWS c:\documents and settings\poi\Desktop\Setup.exe C:\Launch Internet Explorer Browser.lnk c:\program files\messenger\msmsgsin.exe c:\windows\Install c:\windows\Install\F5D7050v3.exe c:\windows\Install\motherboard_driver_audio_realtek_whql(2).exe c:\windows\Install\motherboard_driver_chipset_nvidia_k8_xp.exe c:\windows\Install\motherboard_driver_lan_realtek_81xx_xp64_format.exe c:\windows\Install\RTLanSetup_v621_050620\data1.cab c:\windows\Install\RTLanSetup_v621_050620\data1.hdr c:\windows\Install\RTLanSetup_v621_050620\data2.cab c:\windows\Install\RTLanSetup_v621_050620\ikernel.ex_ c:\windows\Install\RTLanSetup_v621_050620\layout.bin c:\windows\Install\RTLanSetup_v621_050620\Setup.exe c:\windows\Install\RTLanSetup_v621_050620\Setup.ini c:\windows\Install\RTLanSetup_v621_050620\setup.inx c:\windows\Install\RTLanSetup_v621_050620\setup.iss c:\windows\Install\RTLanSetup_v621_050620\SETUP.TXT c:\windows\Install\RTLanSetup_v621_050620\uninicon.ini c:\windows\Install\RTLanSetup_v621_050620\Win2000\netrtoem.cat c:\windows\Install\RTLanSetup_v621_050620\Win2000\NetrtOEM.inf c:\windows\Install\RTLanSetup_v621_050620\Win2000\Rtlnic.sys c:\windows\Install\RTLanSetup_v621_050620\Win98\Netrtl4.inf c:\windows\Install\RTLanSetup_v621_050620\Win98\Rtlnic4.sys c:\windows\Install\RTLanSetup_v621_050620\Win98SE\Netrtlx.inf c:\windows\Install\RTLanSetup_v621_050620\Win98SE\Rtlnic.sys c:\windows\Install\RTLanSetup_v621_050620\WinMe\Netrtlx.inf c:\windows\Install\RTLanSetup_v621_050620\WinMe\Rtlnic.sys c:\windows\Install\RTLanSetup_v621_050620\WinX64\NetrtOEM.cat c:\windows\Install\RTLanSetup_v621_050620\WinX64\NetrtOEM.inf c:\windows\Install\RTLanSetup_v621_050620\WinX64\Rtlnic64.sys c:\windows\Install\RTLanSetup_v621_050620\WinX64\Rtlnicxp.sys c:\windows\Install\RTLanSetup_v621_050620\WinXP\NetrtOEM.cat c:\windows\Install\RTLanSetup_v621_050620\WinXP\NetrtOEM.inf c:\windows\Install\RTLanSetup_v621_050620\WinXP\Rtlnic64.sys c:\windows\Install\RTLanSetup_v621_050620\WinXP\Rtlnicxp.sys c:\windows\Install\xp\data1.cab c:\windows\Install\xp\data1.hdr c:\windows\Install\xp\data2.cab c:\windows\Install\xp\Ethernet\jedih2rx.bin c:\windows\Install\xp\Ethernet\jedireg.pat c:\windows\Install\xp\Ethernet\nvenet.cat c:\windows\Install\xp\Ethernet\nvenet.nvu c:\windows\Install\xp\Ethernet\nvenet.sys c:\windows\Install\xp\Ethernet\nvenetxp.inf c:\windows\Install\xp\Ethernet\nvuenet.exe c:\windows\Install\xp\Ethernet\ramsed.bin c:\windows\Install\xp\GART\nv_agp.cat c:\windows\Install\xp\GART\nv_agp.inf c:\windows\Install\xp\GART\nv_agp.sys c:\windows\Install\xp\GART\nvgart.nvu c:\windows\Install\xp\GART\nvugart.exe c:\windows\Install\xp\IDE\WinXP\idecoi.dll c:\windows\Install\xp\IDE\WinXP\INSTALL.EXE c:\windows\Install\xp\IDE\WinXP\nvatabus.inf c:\windows\Install\xp\IDE\WinXP\NvAtaBus.sys c:\windows\Install\xp\IDE\WinXP\nvide.nvu c:\windows\Install\xp\IDE\WinXP\nvuide.exe c:\windows\Install\xp\ikernel.ex_ c:\windows\Install\xp\key.ini c:\windows\Install\xp\layout.bin c:\windows\Install\xp\NVide.exe c:\windows\Install\xp\setup.bmp c:\windows\Install\xp\Setup.exe c:\windows\Install\xp\Setup.ini c:\windows\Install\xp\setup.inx c:\windows\Install\xp\setup.iss c:\windows\Install\xp\setup_org.iss c:\windows\Install\xp\Setup16.bmp c:\windows\Install\xp\SMBus\nvsmb.nvu c:\windows\Install\xp\SMBus\nvsmbus.inf c:\windows\Install\xp\SMBus\nvusmb.exe c:\windows\Install\XPHack\sp1aexpress_usa.exe c:\windows\Install\XPHack\Windows_XP_CD_Key_and_Product_ID_Changer.exe c:\windows\Install\XPHack\xpsp1_en_x86.AVB . . ((((((((((((((((((((((((( Files Created from 2011-07-03 to 2011-08-03 ))))))))))))))))))))))))))))))) . . 2011-07-16 06:11 . 2011-07-16 06:11 -------- d-sh--w- c:\documents and settings\poi\IECompatCache 2011-07-16 04:53 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-07-16 04:53 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-07-16 04:53 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-07-16 04:53 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-07-16 04:53 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-07-16 04:53 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-07-16 04:53 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-07-16 04:53 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-07-16 04:52 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr 2011-07-16 04:52 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-07-16 04:52 . 2011-07-16 04:52 -------- d-----w- c:\program files\AVAST Software 2011-07-16 04:52 . 2011-07-16 04:52 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2011-07-16 04:51 . 2011-07-16 04:51 56167608 ----a-w- C:\setup_av_free.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-07 00:52 . 2010-05-26 19:27 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-07 00:52 . 2010-05-26 19:27 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-30 10:05 . 2008-06-23 02:30 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll 2011-06-30 01:54 . 2011-06-30 01:57 11523592 ----a-w- C:\SUPERAntiSpyware.exe 2011-06-18 06:54 . 2011-06-18 06:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-30 07:26 . 2011-04-05 05:02 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "nwiz"="nwiz.exe" [2008-10-07 1630208] "NvMediaCenter"="NvMCTray.dll" [2008-10-07 86016] "RTHDCPL"="RTHDCPL.EXE" [2009-06-25 17887232] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT&inst=NzctNjc2NDAyOTk1LUJBKzEtWEwrMS1UMi1GUDkrNi1CQVI5RysxLVRCOSsyLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLUxJQys3Ny1GTDEwKzEtU1AxKzEtVFVHKzMtU1AxUzIrMS1TVUQrMS1TMUkrMS1TVTMrMS1ERFQrMA∏=55&ver=10.0.1390" [?] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-9-11 113664] BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2010-5-26 81997] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Quake 3 Arena\\quake3.exe"= . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/15/2011 11:53 PM 441176] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/15/2011 11:53 PM 309848] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/15/2011 11:53 PM 19544] R2 HPFECP13;HPFECP13;c:\windows\system32\drivers\HPFecp13.sys [9/25/1998 3:55 AM 52800] S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS --> c:\windows\system32\drivers\FNETURPX.SYS [?] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/27/2010 3:11 AM 1684736] S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS --> c:\windows\system32\drivers\FNETTBOH.SYS [?] S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [5/26/2010 2:23 PM 44032] S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [1/3/2001 12:53 AM 19677] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/15/2008 6:05 PM 716272] . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\poi\Application Data\Mozilla\Firefox\Profiles\wxaz6z55.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cbcce4f&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q= . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) SafeBoot-AVG Anti-Spyware Driver SafeBoot-AVG Anti-Spyware Guard . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-03 10:44 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(564) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(1980) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe c:\windows\RTHDCPL.EXE c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\windows\system32\wscntfy.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe . ************************************************************************** . Completion time: 2011-08-03 10:48:05 - machine was rebooted ComboFix-quarantined-files.txt 2011-08-03 15:48 . Pre-Run: 1,325,789,184 bytes free Post-Run: 2,305,802,240 bytes free . Current=1 Default=1 Failed=0 LastKnownGood=2 Sets=1,2,4,5 - - End Of File - - 3278BC9B091B733CF59C08F5B977CC9D
  3. tqh
    General Forum, I couldn't decide where to post this inquiry. I received a reply from someone trying to help me and then replied to their post on the Hijack This forum. I then thought it would be okay if I added something shortly afterwards. It seems it would be better to edit my previous post so the "replies" number stays straight. Is this an option/good idea? Can I delete the added post? Thanks in advance.
  4. tqh
    The problem with my laptop goes back a few weeks now. An AVG scan produced something called SHeur3.COHQ and was identified in multiple files. When I tried to heal I received an error message that stated the files were too big to heal. Malwarebytes did not detect anything. After a few days that included a few updates, AVG no longer detected it (I ran the scans in SAFE and Normal Mode). I had asked a friend that works in network security for help before the last update. He gave me a disc (ultimateboot) that included SUPERAntiSpyware. This detected something called Malware.Trace and could not get rid of it. After I rebooted it would return but could only be detected when I used the disc. I then went to the desktop and I received a notice from AVG that I was recently protected from several threats. Sometime later I installed AVAST and did a boot scan. AVAST found the following trojans: Java:Agent-AP, Java:Agent-AQ, and two instances of Java:Agent-AO. It also found a corrupted file called vasclient.exe [CAB archive is corrupted]. vasclient was also the problem in the AVG results mentioned above. I have since uninstalled vworkspace client, but I think there are some files left over. I cannot access the folder where the corrupted file exists. I don't understand why I can't access files (e.g., via search, etc.) in Windows 7. It is in my Temporary Internet Files folder. Any idea? I uninstalled AVG. I have Malwarebytes, Super Anti-Spyware, and Ad-aware (Live protection turned off). Thanks so much in advance for any help. If I have violated any rules, all apologies. I had to manually restart after running DeFogger, so I have included the log. I'm not sure, but I may have had a problem with GMER. Only the following were able to be checked: Services, Registry, Files, C:\, and ADS. Is this normal? defogger_disable by jpshortstuff (23.02.10.1) Log created at 20:08 on 02/08/2011 (iop) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7360 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 8/2/2011 7:55:28 PM mbam-log-2011-08-02 (19-55-28).txt Scan type: Quick scan Objects scanned: 201418 Time elapsed: 2 minute(s), 49 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) . DDS (Ver_2011-06-23.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by iop at 20:14:46 on 2011-08-02 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3935.2660 [GMT -5:00] . AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116} AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe C:\Windows\system32\pnusbvirtualhubwssrv.exe C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\SysWOW64\DllHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Sony\VAIO Care\VAIOCareService.exe C:\Windows\system32\taskeng.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Sony\VAIO Power Management\SPMService.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files (x86)\DDNi\Oasis\Delay.exe C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe C:\Program Files\Apoint\Apvfb.exe C:\Program Files\Apoint\Apntex.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\WUDFHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files\Sony\VAIO Care\VCsystray.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT uURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: {dbc80044-a445-435b-bc74-9c25c1c588a9} - Java Plug-In 2 SSV Helper TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe mRun: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNjE0MDg2MzM2LUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1GMTBNKzUtUUlYMSs0LVgyMDEwKzItRjEwTTEwRCsxLUxJQys3Ny1GTDEwKzEtU1AxKzEtU1VEKzEtUzFJKzEtU1UzKzEtVFVHKzMtRERUKzA"&"prod=90"&"ver=10.0.1390 StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VAIOME~1.LNK - C:\Program Files (x86)\DDNi\Oasis\Delay.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll/2000 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll Trusted Zone: tamu.edu\voal TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{1B4C9337-1350-489A-8601-C7E07B94A658} : DhcpNameServer = 208.180.42.100 208.180.42.68 TCP: Interfaces\{75AF77AA-0AAC-44FE-B6A7-C34C198998B7} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{75AF77AA-0AAC-44FE-B6A7-C34C198998B7}\2456C6B696E6F5560336231683 : DhcpNameServer = 172.16.0.1 TCP: Interfaces\{75AF77AA-0AAC-44FE-B6A7-C34C198998B7}\24572776562702B496E676 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{75AF77AA-0AAC-44FE-B6A7-C34C198998B7}\64C6F69746D277962756C6563737 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{75AF77AA-0AAC-44FE-B6A7-C34C198998B7}\65562796A7F6E602D496649623230303023323032402355636572756 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{75AF77AA-0AAC-44FE-B6A7-C34C198998B7}\841677275656 : DhcpNameServer = 192.168.2.1 Notify: VESWinlogon - VESWinlogon.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - Java Plug-In 2 SSV Helper TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll mRun-x64: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup mRun-x64: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun-x64: [(Default)] mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNjE0MDg2MzM2LUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1GMTBNKzUtUUlYMSs0LVgyMDEwKzItRjEwTTEwRCsxLUxJQys3Ny1GTDEwKzEtU1AxKzEtU1VEKzEtUzFJKzEtU1UzKzEtVFVHKzMtRERUKzA"&"prod=90"&"ver=10.0.1390 IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\iop\AppData\Roaming\Mozilla\Firefox\Profiles\6oc1p2vb.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cbb85fe&v=6.103.018.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q= FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\iop\AppData\Roaming\Move Networks\plugins\npqmp071502000008.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?] R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?] R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-7-15 42184] R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-6-24 46080] R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224] R2 pnpnptool;Quest RDP PnP Driver;\??\C:\Windows\system32\Drivers\pnpnptool.sys --> C:\Windows\system32\Drivers\pnpnptool.sys [?] R2 pnusbvirtualhubwssrv;Quest USB Hub Client Service;C:\Windows\system32\pnusbvirtualhubwssrv.exe --> C:\Windows\system32\pnusbvirtualhubwssrv.exe [?] R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2007-4-17 11032] R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-11-25 189984] R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-11-25 104960] R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?] R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys --> C:\Windows\system32\drivers\SFEP.sys [?] R3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-11-25 571248] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-8-31 362992] S2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-9-14 642416] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-6-20 2151640] S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] S3 MSSQL$DDNI;SQL Server (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2009-3-30 43010392] S3 pnusbd;Quest RDP USB Driver;\??\C:\Windows\system32\Drivers\pnusbd.sys --> C:\Windows\system32\Drivers\pnusbd.sys [?] S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-8-31 313840] S3 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2009-11-25 167424] S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-11-25 120104] S3 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-11-25 70952] S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-11-25 427304] S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-11-25 75048] S3 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-11-25 91432] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-11-25 480624] S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-11-25 361840] S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-11-25 110960] S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2009-11-25 1223024] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-5-26 366640] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 47128] S4 SQLAgent$DDNI;SQL Server Agent (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936] . =============== Created Last 30 ================ . 2011-07-20 14:32:02 362496 ----a-w- C:\Windows\System32\wow64win.dll 2011-07-20 14:32:01 338944 ----a-w- C:\Windows\System32\conhost.exe 2011-07-20 14:32:01 214528 ----a-w- C:\Windows\System32\winsrv.dll 2011-07-20 14:31:58 243200 ----a-w- C:\Windows\System32\wow64.dll 2011-07-20 14:31:57 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2011-07-20 14:31:56 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2011-07-20 14:31:55 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2011-07-20 14:31:54 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2011-07-20 14:31:54 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2011-07-20 14:31:54 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2011-07-20 14:31:51 2048 ----a-w- C:\Windows\SysWow64\user.exe 2011-07-16 04:34:57 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2011-07-16 04:34:54 64856 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2011-07-16 04:34:33 40112 ----a-w- C:\Windows\avastSS.scr 2011-07-11 23:32:36 -------- d-----w- C:\Users\iop\AppData\Local\Sunbelt Software 2011-07-11 08:32:43 -------- d-----w- C:\ProgramData\AVAST Software 2011-07-11 08:32:43 -------- d-----w- C:\Program Files\AVAST Software 2011-07-11 08:29:20 -------- d-----w- C:\Users\iop\AppData\Roaming\SUPERAntiSpyware.com 2011-07-11 08:29:20 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2011-07-11 08:29:02 -------- d-----w- C:\ProgramData\!SASCORE 2011-07-11 08:29:00 -------- d-----w- C:\Program Files\SUPERAntiSpyware 2011-07-11 08:21:42 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys 2011-07-11 08:19:09 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys 2011-07-11 08:19:07 -------- d-----w- C:\Program Files (x86)\Lavasoft 2011-07-11 08:07:46 11564744 ----a-w- C:\SUPERAntiSpyware.exe 2011-07-11 08:06:39 56167608 ----a-w- C:\setup_av_free.exe 2011-07-11 08:03:52 10145792 ----a-w- C:\Ad-Aware90Install.msi 2011-07-11 06:25:17 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll 2011-07-11 06:25:17 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll 2011-07-11 06:17:38 976896 ----a-w- C:\Windows\System32\inetcomm.dll 2011-07-11 06:17:37 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll 2011-07-11 01:00:27 1336192 ----a-w- C:\SAS_ThreatCheck.exe . ==================== Find3M ==================== . 2011-07-07 00:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-07-07 00:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys 2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll 2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll 2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll 2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll 2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll 2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe 2011-05-13 16:40:04 647 ----a-w- C:\Windows\wininit.tmp 2011-05-07 02:05:14 175616 ----a-w- C:\Windows\System32\msclmd.dll 2011-05-07 02:05:14 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll . ============= FINISH: 20:18:46.64 =============== ark.zip Attach.zip
  5. tqh
    Your post did not instruct me to post the GooredFix log. Here it is if you need it. GooredFix by jpshortstuff (03.07.10.1) Log created at 13:55 on 02/08/2011 (poi) Firefox version 5.0 (en-US) ========== GooredScan ========== (none) ========== GooredLog ========== C:\Program Files\Mozilla Firefox\extensions\ {972ce4c6-7e08-4474-a285-3208198ce6fd} [20:46 11/03/2010] C:\Documents and Settings\poi\Application Data\Mozilla\Firefox\Profiles\wxaz6z55.default\extensions\ (none) [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [20:41 31/05/2010] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [04:52 16/07/2011] -=E.O.F=-
  6. tqh
    Thanks LDTate for all your help. Do you prefer replies without your post embedded like this? Please let me know what you prefer. Slower than usual. My main concern is with my laptop and using removable storage devices back and forth between this computer (desktop) and my laptop. I plan on posting another topic for my laptop. Is this okay? There definitely seems to be something wrong with the laptop. I opened Internet Explorer and it went to iGoogle and each time I tried to close the window, two more would open. AVAST also indicated that there is a corrupted file that is associated with a virtual workspace client I used a while back. Is there a way to ensure my flash/external hard drives are clean? I read in another topic (http://forums.malwarebytes.org/index.php?showtopic=82113&st=0&p=418580&hl=sheur3&fromsearch=1entry418580) that there is some danger with USB devices. If you are wondering why I was looking at this particular topic it is because AVG detected SHeur.COHQ on my laptop but would not get rid of it due to the size of the files that were infected. Later, it would not even detect it. Sorry to keep going on about the laptop. I was just trying to take care of the desktop first because it seemed to be in better shape. One other thing... do these scans need to be run for each user? No one else uses the computer, but I do have more than one user account on here. Thanks again!
  7. tqh
    I have reason to believe that my computer is okay, but it still acts strangely at times. I would like to see if there is anything fishy going on so I would appreciate your help. Before I installed AVAST, AVG found two rootkits and stated that they could not be removed. This happened twice and then did not happen again. After installing AVAST and uninstalling AVG an AVAST boot scan found two Trojans, Java:ByteVerify-B and JS:Redirector in the "RECYCLER" folder. I'm not sure where these were located, but I'm not going to worry about it at this point. I put them in the virus chest. Should they be deleted? If I am not mistaken your instructions require me to post the MBAM log within the post along with the first DDS log. They are posted below the main text. The ark and attach files are supposed to be zipped and attached. I hope that I did this correctly. Thanks in advance. Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7329 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 7/30/2011 3:52:37 PM mbam-log-2011-07-30 (15-52-37).txt Scan type: Quick scan Objects scanned: 191009 Time elapsed: 5 minute(s), 13 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by poi at 17:06:23 on 2011-07-30 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.642 [GMT -5:00] . AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\system32\Ati2evxx.exe svchost.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\USB TV\EM28XX\BDARemote.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\wuauclt.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com uWindow Title = Microsoft Internet Explorer uURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit mRun: [RTHDCPL] RTHDCPL.EXE mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT"&"inst=NzctNjc2NDAyOTk1LUJBKzEtWEwrMS1UMi1GUDkrNi1CQVI5RysxLVRCOSsyLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLUxJQys3Ny1GTDEwKzEtU1AxKzEtVFVHKzMtU1AxUzIrMS1TVUQrMS1TMUkrMS1TVTMrMS1ERFQrMA"&"prod=55"&"ver=10.0.1390 StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bdarem~1.lnk - c:\program files\usb tv\em28xx\BDARemote.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1269795619093 DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{A9B57C27-3A8D-4410-BF03-21FBC3F1992C} : DhcpNameServer = 192.168.1.1 Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: AtiExtEvent - Ati2evxx.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL LSA: Notification Packages = :\windows\system32\srr Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\poi\application data\mozilla\firefox\profiles\wxaz6z55.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cbcce4f&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q= FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-15 441176] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-7-15 309848] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-7-15 19544] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-7-15 42184] R2 HPFECP13;HPFECP13;c:\windows\system32\drivers\HPFecp13.sys [1998-9-25 52800] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2010-5-26 44032] S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\fneturpx.sys --> c:\windows\system32\drivers\FNETURPX.SYS [?] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-5-27 1684736] S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\fnettboh.sys --> c:\windows\system32\drivers\FNETTBOH.SYS [?] S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [2001-1-3 19677] . =============== Created Last 30 ================ . 2011-07-16 06:11:14 -------- d-sh--w- c:\documents and settings\poi\IECompatCache 2011-07-16 04:53:31 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-07-16 04:52:53 40112 ----a-w- c:\windows\avastSS.scr 2011-07-16 04:52:38 -------- d-----w- c:\program files\AVAST Software 2011-07-16 04:52:38 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software 2011-07-16 04:51:02 56167608 ----a-w- C:\setup_av_free.exe . ==================== Find3M ==================== . 2011-07-07 00:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-07 00:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-30 10:05:08 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll 2011-06-30 01:54:40 11523592 ----a-w- C:\SUPERAntiSpyware.exe 2011-06-18 06:54:30 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . ============= FINISH: 17:09:20.34 =============== attach.zip ark.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.