ghostunit12
2009-04-24, 19:06
(sorry I am not english)
Hello, here is my problem : when I formated my computer half a year ago, I couldn't download anything from microsoft anymore. My browser was unable to show the confirmation pages when I was about to begin the downloads. Also, google started redirecting me to wierd pages,etc. It took a second click to actually get to the right page. Windows updates also redirected me to what I think is a false google page. I ran spybot, avg, active scan, microsoft malicious software removal, etc, and it removed some viruses and spywares but I still have the same problems. I tried 3 diffrent browsers : Internet explorer, Firefox and Google Chrome. I am now using google chrome but I can't access google anymore, it can't open the page. I can access yahoo.ca but when I do a search and click on something, it can't open the page. I have been trying to find a fix for a while. I also have troobles updating AVG and other programs related to security and systems.
Thank you for your time.
Here is my hijackthis log :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33:13, on 2009-04-24
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Michel Mercier\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Anti-keylogger\akl_svc.exe
C:\Program Files\Anti-keylogger\Anti-keylogger.exe
C:\Documents and Settings\Michel Mercier\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Michel Mercier\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Michel Mercier\Mes documents\Downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.savewealth.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O14 - IERESET.INF: START_PAGE_URL=http://www.savewealth.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229995184609
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Anti-keylogger Service (akl_svc) - Unknown owner - C:\Program Files\Anti-keylogger\akl_svc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
--
End of file - 3227 bytes
If it can save some time here is my DDS report (DDS and ATTACH at the bottom).
DDS (Ver_09-03-16.01) - NTFSx86
Run by Michel Mercier at 12:10:28,12 on 2009-04-24
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.1024.432 [GMT -4:00]
AV: AVG Anti-Virus *On-access scanning enabled* (Outdated)
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Michel Mercier\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Anti-keylogger\akl_svc.exe
C:\Program Files\Anti-keylogger\Anti-keylogger.exe
C:\Documents and Settings\Michel Mercier\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Michel Mercier\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Michel Mercier\Mes documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.ca/
mDefault_Page_URL = hxxp://www.savewealth.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229995184609
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: Antiwpa - antiwpa.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: avgrsstx.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\michel~1\applic~1\mozilla\firefox\profiles\pzsweid6.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\michel mercier\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
============= SERVICES / DRIVERS ===============
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-4-24 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-24 98440]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-24 26824]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-24 90632]
R1 krnl_akl;Anti-keylogger Kernel Service;c:\windows\system32\drivers\krnl_akl.sys [2009-4-21 360960]
R2 akl_svc;Anti-keylogger Service;c:\program files\anti-keylogger\akl_svc.exe [2009-4-21 59904]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-24 231704]
=============== Created Last 30 ================
2009-04-24 11:21 <DIR> --d----- c:\program files\Infine
2009-04-24 10:54 <DIR> --d----- c:\program files\Anti-keylogger
2009-04-24 10:30 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-04-24 10:29 <DIR> --d----- c:\program files\Panda Security
2009-04-24 10:17 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-04-24 10:17 90,632 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-24 10:17 12,936 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-04-24 10:17 98,440 a------- c:\windows\system32\drivers\avgldx86.sys
2009-04-24 10:16 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-04-24 10:16 <DIR> --d----- c:\program files\AVG
2009-04-24 10:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-04-24 10:14 <DIR> --d----- c:\program files\Torrent
2009-04-24 10:05 <DIR> --d----- c:\windows\system32\appmgmt
2009-04-24 09:22 <DIR> --d----- c:\windows\Applian FLV Player
2009-04-21 19:49 360,960 a------- c:\windows\system32\drivers\krnl_akl.sys
2009-04-10 08:03 <DIR> --d----- c:\program files\THQ
2009-03-30 21:07 14 a------- c:\windows\system32\SysInfo.dll
2009-03-30 21:07 363,520 ac------ c:\windows\system32\dllcache\psisdecd.dll
2009-03-30 21:07 56,832 ac------ c:\windows\system32\dllcache\msdvbnp.ax
2009-03-30 21:07 33,280 ac------ c:\windows\system32\dllcache\psisrndr.ax
2009-03-30 21:07 363,520 a------- c:\windows\system32\psisdecd.dll
2009-03-30 21:07 56,832 a------- c:\windows\system32\msdvbnp.ax
2009-03-30 21:07 33,280 a------- c:\windows\system32\psisrndr.ax
==================== Find3M ====================
2009-04-06 18:34 429,032 a------- c:\windows\system32\perfh00C.dat
2009-04-06 18:34 55,620 a------- c:\windows\system32\perfc00C.dat
============= FINISH: 12:10:59,31 ===============
DDS (Ver_09-03-16.01)
Microsoft Windows XP Professionnel
Boot Device: \Device\HarddiskVolume1
Install Date: 07/05/2005 11:24:05
System Uptime: 24/04/2009 09:41:11 (3 hours ago)
Motherboard: ASUSTeK Computer INC. | | A7V333-X
Processor: AMD Athlon(TM) XP 2000+ | SOCKET A | 1666/133mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 78 GiB total, 30,55 GiB free.
D: is FIXED (NTFS) - 108 GiB total, 66,62 GiB free.
E: is CDROM (UDF)
F: is CDROM ()
G: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: ASUSTeK/Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_80A81043&REV_01\3&61AAA01&0&48
Manufacturer: Broadcom
Name: ASUSTeK/Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_80A81043&REV_01\3&61AAA01&0&48
Service: bcm4sbxp
==== System Restore Points ===================
RP12: 24/01/2009 10:01:30 - Point de vérification système
RP13: 25/01/2009 12:05:38 - Point de vérification système
RP14: 26/01/2009 12:52:45 - Point de vérification système
RP15: 27/01/2009 13:52:45 - Point de vérification système
RP16: 10/02/2009 23:29:35 - Point de vérification système
RP17: 11/02/2009 07:28:02 - DirectX est installé
RP18: 30/03/2009 21:15:27 - Point de vérification système
RP19: 31/03/2009 22:29:08 - Point de vérification système
RP20: 01/04/2009 23:14:47 - Point de vérification système
RP21: 03/04/2009 00:14:47 - Point de vérification système
RP22: 04/04/2009 01:14:47 - Point de vérification système
RP23: 05/04/2009 03:14:47 - Point de vérification système
RP24: 14/04/2009 20:25:17 - Point de vérification système
RP25: 15/04/2009 20:45:06 - Point de vérification système
RP26: 16/04/2009 21:45:05 - Point de vérification système
RP27: 17/04/2009 22:45:05 - Point de vérification système
RP28: 18/04/2009 23:45:05 - Point de vérification système
RP29: 20/04/2009 00:45:05 - Point de vérification système
RP30: 21/04/2009 01:56:38 - Point de vérification système
RP31: 22/04/2009 02:45:03 - Point de vérification système
RP32: 23/04/2009 03:45:03 - Point de vérification système
RP33: 24/04/2009 04:45:02 - Point de vérification système
RP34: 24/04/2009 09:28:57 - Supprimé Titan Quest Immortal Throne
RP35: 24/04/2009 09:29:33 - Supprimé Titan Quest
==== Installed Programs ======================
AAC Decoder
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1 - Français
Anti-keylogger
Applian FLV Player
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AutoUpdate
AVG 8.0
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
EVE-ONLINE (remove only)
Free YouTube to Mp3 Converter version 3.1
Google Chrome
H.264 Decoder
Infine Windows Repair version 1.0.0.91
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (French) 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office Outlook MUI (French) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Publisher MUI (French) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Software Update for Web Folders (French) 12
Microsoft Visual C++ 2005 Redistributable
MKV Splitter
Mozilla Firefox (3.0.5)
Panda ActiveScan 2.0
Skins
Spybot - Search & Destroy
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
Version d'évaluation de Microsoft Office Professional 2007
Vuze
WebFldrs XP
Winamp
Windows Genuine Advantage Validation Tool (KB892130)
Windows XP Service Pack*3
WinRAR archiver
World of Warcraft
==== Event Viewer Messages From Past Week ========
24/04/2009 11:55:29, information: Windows File Protection [64002] - Tentative de remplacement du fichier système protégé c:\windows\system32\drivers\wdmaud.sys. Ce fichier a été restauré en utilisant sa version d'origine afin de maintenir la stabilité du système. La version du fichier système est 5.1.2600.5512.
24/04/2009 11:53:11, information: Windows File Protection [64002] - Tentative de remplacement du fichier système protégé c:\windows\system32\drivers\wdmaud.sys. Ce fichier a été restauré en utilisant sa version d'origine afin de maintenir la stabilité du système. La version du fichier système est 5.1.2600.5512.
24/04/2009 11:52:42, information: Windows File Protection [64002] - Tentative de remplacement du fichier système protégé c:\windows\system32\drivers\wdmaud.sys. Ce fichier a été restauré en utilisant sa version d'origine afin de maintenir la stabilité du système. La version du fichier système est 5.1.2600.5512.
24/04/2009 11:51:42, information: Windows File Protection [64002] - Tentative de remplacement du fichier système protégé wdmaud.sys. Ce fichier a été restauré en utilisant sa version d'origine afin de maintenir la stabilité du système. La version du fichier système est 5.1.2600.5512.
==== End Of File ===========================
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
Hello, here is my problem : when I formated my computer half a year ago, I couldn't download anything from microsoft anymore. My browser was unable to show the confirmation pages when I was about to begin the downloads. Also, google started redirecting me to wierd pages,etc. It took a second click to actually get to the right page. Windows updates also redirected me to what I think is a false google page. I ran spybot, avg, active scan, microsoft malicious software removal, etc, and it removed some viruses and spywares but I still have the same problems. I tried 3 diffrent browsers : Internet explorer, Firefox and Google Chrome. I am now using google chrome but I can't access google anymore, it can't open the page. I can access yahoo.ca but when I do a search and click on something, it can't open the page. I have been trying to find a fix for a while. I also have troobles updating AVG and other programs related to security and systems.
Thank you for your time.
Here is my hijackthis log :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33:13, on 2009-04-24
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Michel Mercier\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Anti-keylogger\akl_svc.exe
C:\Program Files\Anti-keylogger\Anti-keylogger.exe
C:\Documents and Settings\Michel Mercier\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Michel Mercier\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Michel Mercier\Mes documents\Downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.savewealth.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O14 - IERESET.INF: START_PAGE_URL=http://www.savewealth.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229995184609
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Anti-keylogger Service (akl_svc) - Unknown owner - C:\Program Files\Anti-keylogger\akl_svc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
--
End of file - 3227 bytes
If it can save some time here is my DDS report (DDS and ATTACH at the bottom).
DDS (Ver_09-03-16.01) - NTFSx86
Run by Michel Mercier at 12:10:28,12 on 2009-04-24
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.1024.432 [GMT -4:00]
AV: AVG Anti-Virus *On-access scanning enabled* (Outdated)
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Michel Mercier\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Anti-keylogger\akl_svc.exe
C:\Program Files\Anti-keylogger\Anti-keylogger.exe
C:\Documents and Settings\Michel Mercier\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Michel Mercier\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Michel Mercier\Mes documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.ca/
mDefault_Page_URL = hxxp://www.savewealth.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229995184609
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: Antiwpa - antiwpa.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: avgrsstx.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\michel~1\applic~1\mozilla\firefox\profiles\pzsweid6.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\michel mercier\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
============= SERVICES / DRIVERS ===============
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-4-24 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-24 98440]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-24 26824]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-24 90632]
R1 krnl_akl;Anti-keylogger Kernel Service;c:\windows\system32\drivers\krnl_akl.sys [2009-4-21 360960]
R2 akl_svc;Anti-keylogger Service;c:\program files\anti-keylogger\akl_svc.exe [2009-4-21 59904]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-24 231704]
=============== Created Last 30 ================
2009-04-24 11:21 <DIR> --d----- c:\program files\Infine
2009-04-24 10:54 <DIR> --d----- c:\program files\Anti-keylogger
2009-04-24 10:30 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-04-24 10:29 <DIR> --d----- c:\program files\Panda Security
2009-04-24 10:17 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-04-24 10:17 90,632 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-24 10:17 12,936 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-04-24 10:17 98,440 a------- c:\windows\system32\drivers\avgldx86.sys
2009-04-24 10:16 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-04-24 10:16 <DIR> --d----- c:\program files\AVG
2009-04-24 10:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-04-24 10:14 <DIR> --d----- c:\program files\Torrent
2009-04-24 10:05 <DIR> --d----- c:\windows\system32\appmgmt
2009-04-24 09:22 <DIR> --d----- c:\windows\Applian FLV Player
2009-04-21 19:49 360,960 a------- c:\windows\system32\drivers\krnl_akl.sys
2009-04-10 08:03 <DIR> --d----- c:\program files\THQ
2009-03-30 21:07 14 a------- c:\windows\system32\SysInfo.dll
2009-03-30 21:07 363,520 ac------ c:\windows\system32\dllcache\psisdecd.dll
2009-03-30 21:07 56,832 ac------ c:\windows\system32\dllcache\msdvbnp.ax
2009-03-30 21:07 33,280 ac------ c:\windows\system32\dllcache\psisrndr.ax
2009-03-30 21:07 363,520 a------- c:\windows\system32\psisdecd.dll
2009-03-30 21:07 56,832 a------- c:\windows\system32\msdvbnp.ax
2009-03-30 21:07 33,280 a------- c:\windows\system32\psisrndr.ax
==================== Find3M ====================
2009-04-06 18:34 429,032 a------- c:\windows\system32\perfh00C.dat
2009-04-06 18:34 55,620 a------- c:\windows\system32\perfc00C.dat
============= FINISH: 12:10:59,31 ===============
DDS (Ver_09-03-16.01)
Microsoft Windows XP Professionnel
Boot Device: \Device\HarddiskVolume1
Install Date: 07/05/2005 11:24:05
System Uptime: 24/04/2009 09:41:11 (3 hours ago)
Motherboard: ASUSTeK Computer INC. | | A7V333-X
Processor: AMD Athlon(TM) XP 2000+ | SOCKET A | 1666/133mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 78 GiB total, 30,55 GiB free.
D: is FIXED (NTFS) - 108 GiB total, 66,62 GiB free.
E: is CDROM (UDF)
F: is CDROM ()
G: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: ASUSTeK/Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_80A81043&REV_01\3&61AAA01&0&48
Manufacturer: Broadcom
Name: ASUSTeK/Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_80A81043&REV_01\3&61AAA01&0&48
Service: bcm4sbxp
==== System Restore Points ===================
RP12: 24/01/2009 10:01:30 - Point de vérification système
RP13: 25/01/2009 12:05:38 - Point de vérification système
RP14: 26/01/2009 12:52:45 - Point de vérification système
RP15: 27/01/2009 13:52:45 - Point de vérification système
RP16: 10/02/2009 23:29:35 - Point de vérification système
RP17: 11/02/2009 07:28:02 - DirectX est installé
RP18: 30/03/2009 21:15:27 - Point de vérification système
RP19: 31/03/2009 22:29:08 - Point de vérification système
RP20: 01/04/2009 23:14:47 - Point de vérification système
RP21: 03/04/2009 00:14:47 - Point de vérification système
RP22: 04/04/2009 01:14:47 - Point de vérification système
RP23: 05/04/2009 03:14:47 - Point de vérification système
RP24: 14/04/2009 20:25:17 - Point de vérification système
RP25: 15/04/2009 20:45:06 - Point de vérification système
RP26: 16/04/2009 21:45:05 - Point de vérification système
RP27: 17/04/2009 22:45:05 - Point de vérification système
RP28: 18/04/2009 23:45:05 - Point de vérification système
RP29: 20/04/2009 00:45:05 - Point de vérification système
RP30: 21/04/2009 01:56:38 - Point de vérification système
RP31: 22/04/2009 02:45:03 - Point de vérification système
RP32: 23/04/2009 03:45:03 - Point de vérification système
RP33: 24/04/2009 04:45:02 - Point de vérification système
RP34: 24/04/2009 09:28:57 - Supprimé Titan Quest Immortal Throne
RP35: 24/04/2009 09:29:33 - Supprimé Titan Quest
==== Installed Programs ======================
AAC Decoder
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1 - Français
Anti-keylogger
Applian FLV Player
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AutoUpdate
AVG 8.0
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
EVE-ONLINE (remove only)
Free YouTube to Mp3 Converter version 3.1
Google Chrome
H.264 Decoder
Infine Windows Repair version 1.0.0.91
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (French) 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office Outlook MUI (French) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Publisher MUI (French) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Software Update for Web Folders (French) 12
Microsoft Visual C++ 2005 Redistributable
MKV Splitter
Mozilla Firefox (3.0.5)
Panda ActiveScan 2.0
Skins
Spybot - Search & Destroy
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
Version d'évaluation de Microsoft Office Professional 2007
Vuze
WebFldrs XP
Winamp
Windows Genuine Advantage Validation Tool (KB892130)
Windows XP Service Pack*3
WinRAR archiver
World of Warcraft
==== Event Viewer Messages From Past Week ========
24/04/2009 11:55:29, information: Windows File Protection [64002] - Tentative de remplacement du fichier système protégé c:\windows\system32\drivers\wdmaud.sys. Ce fichier a été restauré en utilisant sa version d'origine afin de maintenir la stabilité du système. La version du fichier système est 5.1.2600.5512.
24/04/2009 11:53:11, information: Windows File Protection [64002] - Tentative de remplacement du fichier système protégé c:\windows\system32\drivers\wdmaud.sys. Ce fichier a été restauré en utilisant sa version d'origine afin de maintenir la stabilité du système. La version du fichier système est 5.1.2600.5512.
24/04/2009 11:52:42, information: Windows File Protection [64002] - Tentative de remplacement du fichier système protégé c:\windows\system32\drivers\wdmaud.sys. Ce fichier a été restauré en utilisant sa version d'origine afin de maintenir la stabilité du système. La version du fichier système est 5.1.2600.5512.
24/04/2009 11:51:42, information: Windows File Protection [64002] - Tentative de remplacement du fichier système protégé wdmaud.sys. Ce fichier a été restauré en utilisant sa version d'origine afin de maintenir la stabilité du système. La version du fichier système est 5.1.2600.5512.
==== End Of File ===========================
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)