Help please (TVshack.net)

Cams

Cams

New Member
Please read, trying to post hijackthis and also update malwarebytes with no internet.

So my wife and I were watching our latest addiction on netflix when we reached the end of the season and Netflix doesnt have the next season. I had used this tvshack.net once before without incident so I thought I would give it a shot. We were 10 mins or so into the episode and this antivirus scan thing pops out of nowhere and starts scanning. The "X" does nothing as well as right clicking the icon in the taskbar. Also whatever this thing was it would not let me run the task manager. I hard rebooted and shut the program off via msconfig. Ran spybot and found fraud.sysguard and fraud.windowsprotectionsuite as well as right media i think. Got rid of those ran AVG and all is well right? Wrong my internet wont work now. I used my other comp to get malwarebytes and hijackthis and they are doing their thing now. However I cannot update malwarebytes due to no new connection. Can I update by transferring a file from my other pc? BTW malwarebytes has found 8 problems so far (way to go spybot and avg).
 
Last edited:
Don't worry about updating malwarebytes for right now. It might find the offending file that is stopping your internet connection from working. Just post the logs from malwarebytes and hijackthis.
 
I will as soon as they are done. I am just worried that the offending program changed something I will have to find and change back.
 
Sorry guys I couldnt get the text not to wrap. It is turned off in notepad but did it anyway. Oh well, here you go.

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/12/2010 7:23:57 AM
mbam-log-2010-01-12 (07-23-45).txt

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 161858
Time elapsed: 58 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{85e0b171-04fa-11d1-b7da-00a0c90348a7} (Adware.SmartShopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f02fabcb-92dd-475a-98af-14217bd50746} (Adware.Gamevance) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{85e0b171-04fa-11d1-b7da-00a0c90348a7} (Adware.SmartShopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{f02fabcb-92dd-475a-98af-14217bd50746} (Adware.Gamevance) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{85e0b171-04fa-11d1-b7da-00a0c90348a7} (Adware.SmartShopper) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Rogue.Installer) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\UpMedia (Adware.SmartShopper) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\setup.exe (Rogue.Installer) -> No action taken.

==================================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:29:21 AM, on 1/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ATITool\ATITool.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ATITool.lnk = C:\Program Files\ATITool\ATITool.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: dlbcserv.lnk.disabled
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6807 bytes
 
Last edited:
Please rerun hijackthis and place a check next to these entries.

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: dlbcserv.lnk.disabled

And then click on fix checked at the bottom.

You are running an older version of Acrobat reader, I highly recommend uninstalling it and then going here to download and install the latest version.

http://get.adobe.com/reader/?promoid=BUIGO

Just make sure you uncheck the Mcafee security scan before downloading.

How is the system running now?
 
BTW HJT had three errors during the first scan but I could not report them due to no internet. Do I need the new adobe right now to cause I have no internet?
 
Last edited:
OK so I checked those boxes and hit the fix button. The computer is running the same as before (it was running fine before with the exception of no internet). So I still have to find the reason for no net connection. All the lights on my modem and router are going like they should (makes sense since the three other pc's in this house have internet). My computer thinks that it is connected (LAN connected 100 mbps status connected) However I just get the internet explorer cannot display this webpage would you like to diagnose the problem. The troubleshooting program says to check firewall settings for port 80 (HTTP) but I cant seem to find the right thing.
 
Then perform the following procedure.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running

Use a usb flash drive to transfer the file to the computers desktop and run it from there.
 
Combofix is running but as it was starting it said that my pc doesnt have security console so it cant fix any problems it finds. This is sweet. Any ideas gentlemen?
 
Johnb I am typing this post from the cured computer. Thanks alot. Here are the results...

ComboFix 10-01-11.04 - Rob 01/12/2010 9:36.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.628 [GMT -5:00]
Running from: E:\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\LOG13.tmp
C:\LOG18.tmp
C:\LOG31.tmp
C:\LOG36.tmp
C:\LOG3B.tmp
C:\LOG41.tmp
c:\windows\$NtUninstallKB922582$
c:\windows\$NtUninstallKB922582$\fltlib.dll
c:\windows\$NtUninstallKB922582$\fltmc.exe
c:\windows\$NtUninstallKB922582$\fltmgr.sys
c:\windows\$NtUninstallKB922582$\spuninst\spuninst.exe
c:\windows\$NtUninstallKB922582$\spuninst\spuninst.inf
c:\windows\$NtUninstallKB922582$\spuninst\spuninst.txt
c:\windows\$NtUninstallKB922582$\spuninst\updspapi.dll
c:\windows\system32\bszip.dll
c:\windows\system32\drivers\fad.sys
E:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-12-12 to 2010-01-12 )))))))))))))))))))))))))))))))
.

2010-01-12 12:27 . 2010-01-12 12:27 -------- d-----w- c:\program files\Trend Micro
2010-01-12 02:57 . 2010-01-12 02:57 -------- d-----w- c:\documents and settings\Rob\Application Data\Malwarebytes
2010-01-12 02:57 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-12 02:57 . 2010-01-12 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-12 02:57 . 2010-01-12 12:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-12 02:57 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-12 00:58 . 2010-01-12 00:53 50688 ----a-w- c:\documents and settings\Rob\ATF-Cleaner.exe
2010-01-11 23:32 . 2010-01-12 00:06 -------- d-----w- c:\documents and settings\Rob\Local Settings\Application Data\vlfovr
2010-01-11 13:03 . 2010-01-11 13:03 -------- d-----w- c:\documents and settings\Rob\Application Data\ieSpell
2010-01-11 13:03 . 2010-01-11 13:03 -------- d-----w- c:\program files\ieSpell
2010-01-11 13:02 . 2010-01-11 13:03 2058849 ----a-w- c:\program files\ieSpellSetup251106.exe
2010-01-11 00:54 . 2010-01-12 14:27 -------- d-----w- c:\program files\DivX
2010-01-09 20:39 . 2009-12-16 21:16 3776280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-01-09 20:39 . 2009-12-16 21:16 4043032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-01-09 20:39 . 2009-12-16 21:16 2033432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-01-09 20:39 . 2009-12-16 21:16 3967256 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-01-09 20:39 . 2009-12-16 21:16 2352920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgresf.dll
2010-01-09 20:39 . 2009-12-16 21:16 916248 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2009-12-21 04:19 . 2009-12-21 04:19 -------- d-----w- c:\windows\system32\XPSViewer
2009-12-21 04:19 . 2009-12-21 04:19 -------- d-----w- c:\program files\MSBuild
2009-12-21 04:19 . 2009-12-21 04:19 -------- d-----w- c:\program files\Reference Assemblies
2009-12-21 04:18 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-12-21 04:18 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-12-21 04:18 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-12-21 04:18 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-12-21 04:18 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-12-21 04:18 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-12-21 04:18 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-12-21 04:18 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-12-21 04:18 . 2009-12-21 04:19 -------- d-----w- C:\41ffc265d2fa9979e187
2009-12-20 18:10 . 2009-12-20 18:10 -------- d-----w- c:\documents and settings\Rob\Local Settings\Application Data\realtech_VR
2009-12-20 16:11 . 2009-12-20 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\realtech VR
2009-12-20 14:52 . 2009-12-20 14:53 23510720 ----a-w- c:\program files\dotnetfx.exe
2009-12-20 14:51 . 2009-12-20 18:11 -------- d-----w- c:\program files\realtech VR
2009-12-20 14:50 . 2009-12-20 14:50 1446797 ----a-w- c:\program files\glview315.exe
2009-12-17 18:19 . 2009-12-17 18:20 1015348 ----a-w- c:\program files\p95v2511.zip
2009-12-17 18:09 . 2009-12-17 18:09 -------- d-----w- c:\documents and settings\Rob\Local Settings\Application Data\Help
2009-12-17 18:07 . 2009-12-17 18:07 61895 ----a-w- c:\program files\super_pi_mod-1.5.zip
2009-12-17 01:53 . 2009-12-17 01:54 1956528 ----a-w- c:\program files\install_flash_player_ax.exe
2009-12-16 21:16 . 2009-12-16 21:29 -------- d-----w- C:\$AVG
2009-12-16 21:16 . 2010-01-12 13:54 -------- d-----w- c:\windows\system32\drivers\Avg
2009-12-16 21:16 . 2009-12-16 21:16 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-16 21:16 . 2009-12-16 21:16 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-16 21:16 . 2009-12-16 21:16 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-16 21:16 . 2009-12-16 21:16 -------- d-----w- c:\program files\AVG
2009-12-16 21:16 . 2009-12-16 21:16 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-25 02:24 . 2009-12-07 17:39 -------- d---a-w- c:\program files\Guru3D.com
2010-01-10 00:20 . 2005-08-26 18:11 47824 -c--a-w- c:\documents and settings\Rob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-07 18:04 . 2006-12-08 20:53 56 -csh--r- c:\windows\system32\7861C787A2.sys
2010-01-07 18:04 . 2006-12-08 20:53 1786 -csha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-05 13:42 . 2009-11-22 14:27 -------- d-----w- c:\documents and settings\Rob\Application Data\vlc
2009-12-19 14:16 . 2007-02-01 04:25 -------- d-----w- c:\documents and settings\Rob\Application Data\AdobeUM
2009-12-17 01:38 . 2009-10-04 01:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-12-17 01:34 . 2005-08-09 23:16 -------- d-----w- c:\program files\MUSICMATCH
2009-12-16 05:03 . 2006-03-21 20:47 -------- d-----w- c:\program files\Sierra On-Line
2009-12-09 14:24 . 2009-12-09 14:24 1935266 ----a-w- c:\program files\pod25ins.exe
2009-12-09 13:44 . 2009-12-09 13:44 2079170 ----a-w- c:\program files\win_ver3_full.exe
2009-12-08 00:02 . 2009-12-08 00:02 -------- d-----w- c:\program files\oZone3D
2009-12-08 00:02 . 2009-12-08 00:01 1783527 ----a-w- c:\program files\FurMark_v1.6.0.exe
2009-12-07 17:41 . 2009-12-07 17:41 -------- d-----w- c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2009-12-07 17:39 . 2009-12-07 17:39 2841613 ----a-w- c:\program files\RivaTuner224c-[Guru3D.com].exe
2009-12-07 17:33 . 2009-12-07 17:31 -------- d-----w- c:\program files\ATITool
2009-12-07 17:31 . 2009-12-07 17:30 1359106 ----a-w- c:\program files\ATITool_0.26.exe
2009-12-05 02:26 . 2009-10-18 00:00 127325 ----a-w- c:\documents and settings\Rob\Application Data\Move Networks\uninstall.exe
2009-12-05 02:26 . 2008-11-01 22:22 -------- d-----w- c:\documents and settings\Rob\Application Data\Move Networks
2009-12-05 02:26 . 2009-08-13 19:21 4187512 ----a-w- c:\documents and settings\Rob\Application Data\Move Networks\plugins\npqmp071505000011.dll
2009-12-05 02:26 . 2009-12-05 02:26 1408800 ----a-w- c:\documents and settings\Rob\Application Data\Move Networks\MoveMediaPlayerWin_071505000011.exe
2009-12-04 23:25 . 2009-12-04 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-12-04 23:24 . 2009-12-04 23:24 -------- d-----w- c:\program files\NVIDIA Corporation
2009-12-04 22:24 . 2009-12-04 22:24 92899864 ----a-w- c:\program files\195.62_desktop_winxp_32bit_english_whql.exe
2009-12-03 01:40 . 2009-12-03 01:40 2502808 ----a-w- c:\program files\cpuz_152_setup.exe
2009-12-03 01:39 . 2009-12-03 01:39 460112 ----a-w- c:\program files\GPU-Z.0.3.8.exe
2009-12-02 21:39 . 2009-12-02 21:39 -------- d-----w- c:\program files\Common Files\Canon
2009-11-22 14:26 . 2009-11-22 14:26 -------- d-----w- c:\program files\VideoLAN
2009-11-22 14:24 . 2009-11-22 14:24 18030130 ----a-w- c:\program files\vlc-1.0.3-win32.exe
2009-11-21 08:46 . 2009-11-21 08:46 86016 ----a-w- c:\windows\system32\frapsvid.dll
2009-11-21 02:34 . 2009-12-04 22:26 69632 ----a-w- c:\windows\system32\OpenCL.dll
2009-11-21 02:34 . 2009-12-04 22:26 4038656 ----a-w- c:\windows\system32\nvcuda.dll
2009-11-21 02:34 . 2009-12-04 22:26 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2009-11-21 02:34 . 2009-12-04 22:26 1989224 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-11-21 02:34 . 2009-12-04 22:26 13602816 ----a-w- c:\windows\system32\nvoglnt.dll
2009-11-21 02:34 . 2009-12-04 22:26 182888 ----a-w- c:\windows\system32\nvcodins.dll
2009-11-21 02:34 . 2009-12-04 22:26 182888 ----a-w- c:\windows\system32\nvcod.dll
2009-11-21 02:34 . 2009-12-04 22:26 11374592 ----a-w- c:\windows\system32\nvcompiler.dll
2009-11-21 02:34 . 2009-12-04 22:26 1056768 ----a-w- c:\windows\system32\nvapi.dll
2009-11-21 02:34 . 2009-12-04 22:26 2293286 ----a-w- c:\windows\system32\nvdata.bin
2009-11-21 02:34 . 2004-08-04 05:56 6282752 ----a-w- c:\windows\system32\nv4_disp.dll
2009-11-21 02:34 . 2004-08-04 03:29 10235968 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-11-21 01:32 . 2009-11-21 01:32 278120 ----a-w- c:\windows\system32\nvmccs.dll
2009-11-21 01:32 . 2009-11-21 01:32 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2009-11-21 01:32 . 2009-11-21 01:32 145000 ----a-w- c:\windows\system32\nvcolor.exe
2009-11-21 01:32 . 2009-11-21 01:32 12669544 ----a-w- c:\windows\system32\nvcpl.dll
2009-11-21 01:32 . 2009-11-21 01:32 110184 ----a-w- c:\windows\system32\nvmctray.dll
2009-11-21 01:32 . 2009-11-21 01:32 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-11-20 15:59 . 2009-11-20 15:59 3004832 ----a-w- c:\program files\BitTorrent-6.3.exe
2009-11-17 08:03 . 2009-09-17 01:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-17 08:02 . 2009-09-17 01:42 -------- d-----w- c:\program files\Microsoft Works
2009-10-29 23:26 . 2009-10-29 23:25 4938616 ----a-w- c:\program files\Silverlight.exe
2009-10-29 07:45 . 2004-08-04 10:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 10:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 10:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 10:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-18 00:00 . 2009-06-16 06:35 4183416 ----a-w- c:\documents and settings\Rob\Application Data\Move Networks\plugins\npqmp071503000010.dll
2009-10-18 00:00 . 2009-10-18 00:00 1686272 -c--a-w- c:\documents and settings\Rob\Application Data\Move Networks\MoveMediaPlayerWin_071503000010.exe
2009-09-17 20:49 . 2009-09-17 20:49 55792 ----a-w- c:\program files\SetGoogleSearch.exe
2009-09-17 01:22 . 2009-09-17 01:22 366048 ----a-w- c:\program files\X12-30351-DLM.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-23 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-23 126976]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-21 110184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-21 12669544]

c:\documents and settings\Rob\Start Menu\Programs\Startup\
ATITool.lnk - c:\program files\ATITool\ATITool.exe [2006-12-8 3035136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-16 21:16 12464 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk.disabled
backup=c:\windows\pss\QuickBooks Update Agent.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Rob^Start Menu^Programs^Startup^V CAST Music Monitor.lnk.disabled]
path=c:\documents and settings\Rob\Start Menu\Programs\Startup\V CAST Music Monitor.lnk.disabled
backup=c:\windows\pss\V CAST Music Monitor.lnk.disabledStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-01-09 20:39 2033432 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-04-13 09:48 36975 -c--a-w- c:\program files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"iPod Service"=3 (0x3)
"helpsvc"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"Spooler"=2 (0x2)
"avg9wd"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" /startup
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AtariBanner"="c:\program files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" /0
"MCAgentExe"=c:\progra~1\mcafee.com\agent\mcagent.exe
"MCUpdateExe"=c:\progra~1\mcafee.com\agent\mcupdate.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"mmtask"=c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe
"RealTray"=c:\program files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
"VSOCheckTask"="c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
"VirusScan Online"=c:\progra~1\mcafee.com\vso\mcvsshld.exe
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe"
"DMXLauncher"=c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [12/16/2009 4:16 PM 333192]
S4 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/16/2009 4:16 PM 285392]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-nwiz - nwiz.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-12 09:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-01-12 09:46:09
ComboFix-quarantined-files.txt 2010-01-12 14:45

Pre-Run: 60,020,576,256 bytes free
Post-Run: 60,004,106,240 bytes free

- - End Of File - - AB03F8FC69C80F07713650453C6165AB

Edit: How do I keep this from hapening again? I run AVG and Spybot. Do I just add malwarebytes and atf cleaner as well as superantispyware or something else?
 
Last edited:
Can you post a fresh hijackthis log please? As far as stopping crap from getting on your computer... Stay away from file sharing programs, know where to surf and where not to surf the web. Some people say to install spywareguard and spywareblaster from javacool, but I don't believe that works as i've seen systems with it installed and still become infected. I can only recommend to scan your system frequently with your malware and virus scanners. Supposedly using a different browser than Internet Explorer will stop so many infections in.
 
Thats just it, I only frequent this site and some other forums as well as youtube and the rest is big companies like Best Buy or Lowes. I deleted my lime wire ages ago and used bit torrent once and hated it. Oh well thanks again for your help. I guess I should be thankful I made it this long without incident.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:33 PM, on 1/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATITool\ATITool.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {0ED403E8-470A-4a8a-85A4-D7688CFE39A3} - (no file)
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: (no name) - {F02FABCB-92DD-475A-98AF-14217BD50746} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - Startup: ATITool.lnk = C:\Program Files\ATITool\ATITool.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6322 bytes
 
Rerun hijackthis and place a check next to these entries.

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {0ED403E8-470A-4a8a-85A4-D7688CFE39A3} - (no file)
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - (no file)
O2 - BHO: (no name) - {F02FABCB-92DD-475A-98AF-14217BD50746} - (no file)

Then click on fix checked at the bottom.

According to your 04 processess you have no active virus program starting up when you boot the computer. But I do notice in the running processes that avg is listed. Can you check your msconfig utility and make sure you haven't unchecked avg process from starting up.
 
I did uncheck it cause I only use it for scans. But reading your post makes me feel like that was a stupid thing to do. I just didnt like it bothering me all the time.

I am running malwarebytes again since I was able to update now that I have net access. When it is done I will check those and fix the avg thing. Then I will post another HJT as I assume that is the next step.

You should get paid for this if you dont. I am glad this happened to my retired dell rig that I use as my media center for TV, movies, music, and web in the livingroom on the TV.
 
Last edited:
You have to have an active virus program or you will be asking for big problems. And AVG should not be bothering you at all unless you come across an infection.
 
Ok AVG is running again and I fixed the BHO's. New log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:54:05 PM, on 1/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATITool\ATITool.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ATITool.lnk = C:\Program Files\ATITool\ATITool.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6297 bytes
 
Yes it is. So I should use the HJT from above for comparison if something seems fishy in the future then? Hopefully that doesnt happen though. Thanks again for your help.
 
You must log in or register to reply here.
Back
Top