PDA

View Full Version : Suspected infection - wireless computers running slow



NeRoL
2010-03-17, 22:01
Okay, so I called my ISP and they didn't seem to know what was wrong with my connection. The guy I talked to on the phone suggested changing the frequency channel for the wireless on our 2wire modem. (Which really hasn't helped the situation.) Now, my father and I have been having problems with our internet connection : Slow to load pages, pages don't appear to load completely - sometimes have to refresh more than once to get a webpage to load; email taking forever to connect to server, requires retry) We both use wireless cards, and before a few days ago, the internet worked fine. So here are a few possible explanations:

1.) The modem is going bad in terms of wireless (which is weird because the computer that is directly connected via ethernet runs fine.) NOTE: I recently tried my laptop and it appears to have no trouble with internet connection, so this seems unlikely now.

2.) Both our wireless cards are going bad. (not very likely)

3.) A virus or spyware/malware, whatever it is, is causing the internet to have the connection problems that it has been having.

Now, I realize this may be the wrong forums to ask for help, but I thought that this hijack-this log (hence spybot forums) may or may not help the situation because spybot search and destroy, as well as avg free antivirus have been unable to find any problems. Which has led me to believe that it is possible there is something that is not being detected. I wanted to try running Trend Micro Housecall through my browser, but it does not seem to work properly, failing to install the files (stops at 48% on setup executable.)

Hijack-this Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:40:58 PM, on 3/17/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Xfire\xfiremusic.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ASUS\EPU\EPU.exe
C:\WINDOWS\DAODx.exe
C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Workrave\lib\workrave.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Loren\My Documents\misc\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Exploder
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Xfire Music] "C:\Program Files\Xfire\xfiremusic.exe"
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\EPU\EPU.exe" -r
O4 - HKLM\..\Run: [RunDAOD] C:\WINDOWS\DAODx.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [D-Link AirPlus G DWL-G510] C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Workrave] C:\Program Files\Workrave\lib\workrave.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.xfire.com
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261270828156
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D7701FD-8969-492B-B41A-344443BE517A}: NameServer = 68.94.156.1,68.94.157.1
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10353 bytes

shelf life
2010-03-21, 19:48
hi NeRoL

Your log is a few days old. If you still need help simply reply to my post.

NeRoL
2010-03-22, 01:06
yes. Will you require a new log?

shelf life
2010-03-22, 03:46
that log is ok. for a malware check we will use malwarebytes. silly question, have you rebooted your modem, router and computer recently?

you use your ISP's DNS servers:
68.94.156.1,68.94.157.1
maybe they are not reliable?

Please download Malwarebytes (http://www.malwarebytes.org/mbam.php) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.

NeRoL
2010-03-23, 06:32
I already have malware bytes - i've used it before, and i decided to get it again for this very reason. I already did a scan before, and found nothing serious, but I went ahead and updated it today and did a full scan as you instructed.

The contents of said log are as follows:

Malwarebytes' Anti-Malware 1.44
Database version: 3902
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

3/22/2010 11:29:13 PM
mbam-log-2010-03-22 (23-29-13).txt

Scan type: Full Scan (C:\|)
Objects scanned: 443178
Time elapsed: 1 hour(s), 27 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

------- End of log -------

shelf life
2010-03-24, 03:05
ok. Having MBAM come up clean is a good sign. I assume you have rebooted your computer, modem and router recently? This 'slowness' is only with the wireless connections.

One thing is to make sure you either have Windows managing the wireless connection or the adapter, but not both. All cards come with software that will manage the connection.
You might look in the services panel and see if Windows Wireless Zero config is stopped.

to get there go to start>run and type in services.msc and click ok or enter.
Under the name column look for Wireless Zero Config and check its status as being started or stopped.

NeRoL
2010-03-24, 04:43
The service is started, but I did recently try using the wireless card's software, and it made no difference. Yes, the router has been restarted at some point, and the computer I run has been rebooted multiple times. (my computer is shut off everytime I go to bed, just about.)

Again, strange thing is that both desktops with wireless are having trouble connecting to websites, but my laptop (also with wireless) doesn't seem to have a problem. :confused:

shelf life
2010-03-25, 00:48
If you use the adapters software to manage the connection then you would want to turn the Windows service off. This isnt always apparent to some people so I ask; you are joining your access point and not another one in the area that would be farther away? Have you considered a hard reset of the router? Its really just a "try different things' solution. The vendors website can provide the details. Any settings you made would have to be put back in. It sets the router back to its factory settings.

NeRoL
2010-03-25, 03:07
Well, my software does not work if zero config is turned on, so I'd have to turn it off anyway. I'm not sure what you mean by a hard reset, but I did try something that the ATT guy told me to do - I restarted the modem using the homeportal website (i've got a 2wire home portal modem) to refresh the home network as I noticed some weird ip allocations that didn't actually exist. (That is, they were not made by my household, we only have four computers with internet, one being the ethernet connection.) Actually I see what you mean after re-reading your post. You're saying to set the router back to factory defaults. I don't know how to do that, but I do know that we're still using the 172.XXX.XXX.XXX IP for the modem rather than the 196.xxx.xxx.xxx or whatever it is. (the one that most people have it seems.)

shelf life
2010-03-28, 15:11
There would be a way to reset it either on the body itself or maybe from within the web interface. 2Wire is only sold via ISP's so your ISP should support it and be helping you troubleshoot the problems with the wireless connection.
They may have information on your ISP's web site or you might get it via phone etc. Any settings you put in or changed would have to be put in again after the reset. Why dont you post a DDS log:

Please download DDS (http://download.bleepingcomputer.com/sUBs/dds.scr) and save it to your desktop.
Double click dds.scr to run the tool. When done, DDS.txt will open.
Save both reports to your desktop.
Please Copy/paste both logs in your reply.

I know you have scanned for malware but are you having any signs (http://www.virusvault.us/signs.html)of malware?

NeRoL
2010-03-29, 01:36
Well, I already tried talking to my ISP (hence what I said my last post about the ATT guy.) Anyways, I ran the DDS tool:


DDS (Ver_10-03-17.01) - NTFSx86
Run by - at 17:31:08.62 on Sun 03/28/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.986 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ASUS\EPU\EPU.exe
C:\WINDOWS\DAODx.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Workrave\lib\workrave.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\program files\Steam\steam.exe
C:\Program Files\Winamp\winamp.exe
C:\PROGRAM FILES\PROCESS EXPLORER\PROCEXP.EXE
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Loren\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uWindow Title = Internet Exploder
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Workrave] c:\program files\workrave\lib\workrave.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Six Engine] "c:\program files\asus\epu\EPU.exe" -r
mRun: [RunDAOD] c:\windows\DAODx.exe
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [CTSysVol] c:\program files\creative\sb live! 24-bit\surround mixer\CTSysVol.exe /r
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [D-Link AirPlus G DWL-G510] c:\program files\d-link\airplus g dwl-g510\AirGCFG.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
StartupFolder: c:\docume~1\loren\startm~1\programs\startup\trillian.lnk - c:\program files\trillian\trillian.exe
StartupFolder: c:\docume~1\loren\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
uPolicies-explorer: EditLevel = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: aol.com\free
Trusted Zone: microsoft.com\www.update
Trusted Zone: xfire.com\www
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261270828156
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll
IFEO: taskmgr.exe - "c:\program files\process explorer\PROCEXP.EXE"
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\loren\applic~1\mozilla\firefox\profiles\aomrmk9j.default\
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\loren\application data\mozilla\firefox\profiles\aomrmk9j.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\loren\application data\mozilla\firefox\profiles\aomrmk9j.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCore.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\loren\application data\move networks\plugins\npqmp071701000008.dll
FF - plugin: c:\documents and settings\loren\application data\mozilla\firefox\profiles\aomrmk9j.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-19 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-12-19 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-19 242696]
R1 HekkoVirtualCD;Hekko Virtual CD Driver;c:\windows\system32\drivers\hvcd.sys [2009-12-21 13184]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-12-19 486280]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2006-2-28 14336]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-12 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-12 308064]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2009-12-20 93320]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2009-12-19 547744]
S3 AtiDCM;AtiDCM;\??\c:\documents and settings\loren\local settings\temp\atidcmxx.sys --> c:\documents and settings\loren\local settings\temp\atidcmxx.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-3-31 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

=============== Created Last 30 ================

2010-03-25 01:01:18 3284 ----a-w- c:\windows\system32\ANIWZCS{B95DC4F9-5809-45E8-B74F-A404FC63B167}
2010-03-24 04:54:35 0 d-----w- c:\program files\common files\DivX Shared
2010-03-24 04:53:27 0 d-----w- c:\program files\DivX
2010-03-24 04:48:45 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX
2010-03-23 02:41:56 819200 ----a-w- c:\windows\system32\xvidcore.dll
2010-03-23 02:41:56 77824 ----a-w- c:\windows\system32\xvid.ax
2010-03-23 02:41:56 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-03-23 02:41:56 0 d-----w- c:\program files\Xvid
2010-03-20 21:28:32 0 d-----w- c:\program files\LucasArts
2010-03-19 00:29:20 6 ----a-w- c:\windows\system32\ANIWZCSUSERNAME{B95DC4F9-5809-45E8-B74F-A404FC63B167}
2010-03-19 00:29:09 667648 ----a-w- c:\windows\system32\ANIWZCS2.dll
2010-03-19 00:29:09 49152 ----a-w- c:\windows\system32\JJAKEn.dll
2010-03-19 00:29:09 49152 ----a-w- c:\windows\system32\AQCKGen.dll
2010-03-19 00:29:09 45115 ----a-w- c:\windows\system32\ANICtl.dll
2010-03-19 00:29:09 249856 ----a-w- c:\windows\system32\wnicapi.dll
2010-03-19 00:29:09 225280 ----a-w- c:\windows\system32\WlanApp.dll
2010-03-19 00:29:09 204800 ----a-w- c:\windows\system32\aIPH.dll
2010-03-19 00:29:09 1327189 ----a-w- c:\windows\system32\odSupp_M.dll
2010-03-19 00:28:55 48128 ----a-w- c:\windows\system32\ANIO64.sys
2010-03-19 00:28:55 36864 ----a-w- c:\windows\system32\ANIOApi.dll
2010-03-19 00:28:55 28195 ----a-w- c:\windows\system32\ANIO.sys
2010-03-19 00:28:55 16997 ----a-w- c:\windows\system32\ANIO.VXD
2010-03-19 00:28:55 11904 ----a-w- c:\windows\system32\anio4.sys
2010-03-19 00:28:54 0 d-----w- c:\program files\ANI
2010-03-19 00:28:40 0 d-----w- c:\program files\D-Link
2010-03-18 21:21:02 0 d-----w- c:\windows\ie8updates
2010-03-18 21:19:15 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-03-18 21:19:15 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-03-18 21:19:15 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-03-18 21:19:15 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-03-18 21:19:14 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-03-18 21:19:13 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-03-18 20:07:21 3284 ----a-w- c:\windows\system32\ANIWZCS{2D7701FD-8969-492B-B41A-344443BE517A}
2010-03-18 19:39:12 0 d-sh--w- c:\documents and settings\loren\IECompatCache
2010-03-18 19:38:29 0 d-sh--w- c:\documents and settings\loren\PrivacIE
2010-03-18 19:32:31 0 d-sh--w- c:\documents and settings\loren\IETldCache
2010-03-18 19:27:03 0 dc-h--w- c:\windows\ie8
2010-03-17 21:44:35 634 ----a-w- c:\windows\entpack.ini
2010-03-15 20:36:31 0 d-----w- c:\docume~1\loren\applic~1\Malwarebytes
2010-03-15 20:36:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-15 20:36:26 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-15 20:36:26 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-15 20:36:26 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-14 04:35:15 218 ----a-w- c:\documents and settings\loren\.recently-used.xbel
2010-03-12 22:06:03 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-12 00:26:39 0 d-----w- c:\docume~1\loren\applic~1\Ubisoft
2010-03-11 05:00:45 38160 ----a-w- c:\windows\system32\LMRTREND.dll
2010-03-11 05:00:44 140800 ----a-w- c:\windows\system32\tm20dec.ax
2010-03-11 05:00:43 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
2010-03-11 05:00:40 63488 ----a-w- c:\windows\system32\unam4ie.exe
2010-03-11 05:00:36 5672 ----a-w- c:\windows\system32\quartz.vxd
2010-03-11 05:00:36 11776 ----a-w- c:\windows\system32\mciqtz.drv
2010-03-11 05:00:36 10240 ----a-w- c:\windows\system32\vidx16.dll
2010-03-11 05:00:35 194320 ----a-w- c:\windows\system32\qcut.dll
2010-03-11 05:00:33 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-03-11 05:00:33 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-03-10 00:34:12 0 d-----w- c:\program files\Install Creator
2010-03-08 17:59:18 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-06 21:49:25 0 d-----w- c:\program files\Microsoft Chart Controls
2010-03-06 21:48:25 0 d-----w- c:\program files\UDK
2010-03-06 20:25:23 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-03-06 20:25:17 0 d-----w- c:\program files\Windows Media Connect 2
2010-03-06 16:32:49 77749234 ----a-w- c:\windows\system32\SG-thief.scr
2010-03-06 16:12:44 0 d-----w- c:\docume~1\loren\applic~1\Axialis
2010-03-06 16:12:39 0 d-----w- c:\program files\Axialis
2010-03-05 00:11:22 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-03-04 04:29:11 7680 --sha-w- c:\windows\Thumbs.db
2010-03-02 18:16:04 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-03-02 05:39:45 0 d-----w- c:\program files\SystemRequirementsLab
2010-02-28 23:43:17 0 d-----w- c:\docume~1\loren\applic~1\Workrave
2010-02-28 23:43:07 0 d-----w- c:\program files\Workrave

==================== Find3M ====================

2010-03-19 02:21:05 41 ----a-w- c:\documents and settings\loren\jagex_runescape_preferences.dat
2010-03-19 02:11:12 69 ----a-w- c:\documents and settings\loren\jagex_runescape_preferences2.dat
2010-03-12 22:06:04 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-12 22:05:42 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-21 18:55:06 278016 ----a-w- c:\windows\THIEFSAVER.SCR
2010-02-19 19:27:36 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27:16 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27:16 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27:16 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27:16 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27:16 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-08 02:07:38 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-07 16:41:10 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-01-11 17:27:55 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-01-08 22:18:43 22328 ----a-w- c:\docume~1\loren\applic~1\PnkBstrK.sys
2010-01-08 22:18:02 2337865 ----a-w- c:\windows\system32\pbsvc.exe

============= FINISH: 17:32:27.25 ===============

shelf life
2010-03-29, 03:59
ok thanks for the info. dont see much of anything there as far as malware goes.
Why dont you as a experiment shut down the zone alarm service following these directions. (http://www.ehow.com/how_5089600_disable-zone-alarm.html) If things are not any better after the reboot with ZA disabled then reenable it by checking its box in the msconfig utility and reboot. It will start up at every reboot again.

NeRoL
2010-03-30, 02:37
You don't see anything? That's a relief. Good to know.

Well, unfortunately windows will not allow me to disable zonealarm, so the only thing I can do is uninstall it.

shelf life
2010-03-31, 03:25
Windows wont let you disable it? So what happens when you try to disable it using the icon?
Did you try unchecking it in msconfig? That will keep it from auto starting when you boot up.

NeRoL
2010-04-06, 18:08
Oh my gosh I'm sorry... I was actually able to fix it, but forgot about the thread until just now checking my email account and saw that you replied.
Turns out it was an incompatibility problem between ZoneAlarm and
AVG 9.0. :/
ZoneAlarm issued a beta version to correct this problem, and I am using it right now. Internet is back to normal. However, I appreciate your help and if you hadn't suggested disabling zonealarm I wouldn't have discovered this issue! I don't know why it never occured to me that it was a firewall issue.

In any case, regarding disabling zonealarm: I was unable to disable it, unchecking it in msconfig didn't work because it re-enabled itself after closing msconfig. (I know because I went back and it was checked again. Not only that, but the first time I unchecked it I rebooted hoping zonealarm would be disabled, but it was not!)

shelf life
2010-04-07, 00:24
ok. good you have it all settled then. Dont know why you are unable to disable the ZA service. If all is good: some tips for reducing your risk, even though this wasnt a malware issue I will post it anyway.

10 Tips for Reducing/Preventing Your Risk To Malware:

Simply knowing what constitutes a safe action on a computer and what may not will help you tremendously.

1) It is essential to keep your OS (http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us),(Windows) browser (IE, FireFox) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update frequently or use the auto-update feature. Staying updated is also necessary for web based applications like Java, Adobe Flash/Reader, QuickTime etc. Check there version status here. (http://secunia.com/vulnerability_scanning/online/)

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and your then prompted to install software to remedy this. See also the signs (http://www.virusvault.us/signs.html)that you may have malware on your computer.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.

4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem.

5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website?

7) Set up and use limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts (http://www.microsoft.com/protect/computer/advanced/useraccount.mspx) can help prevent *malware from installing and lessen its potential impact.*

8) Install and understand the *limitations* of a software firewall.

9) A tool (http://nsslabs.com/general/ie8-hardening-tool.html)for automatically hardening and securing Internet Explorer 8.0. Requires site registration for downloading. Changes some of the default settings of IE 8.0, Read the FAQ's.

10) Warez, cracks etc are very popular for carrying all kinds of malware payloads. Using them will cause you all kinds of problems. If you download/install files via p2p (http://www.virusvault.us/p2p.html) networks, then you are also much more likely to encounter malicious code in a downloaded file. Do you really trust the source of the file? Do you really need another malware source?

A longer version in link below.

Happy Safe Surfing.