Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16

Thread: Suspected infection - wireless computers running slow

  1. 2010-03-29, 00:36 #11
    NeRoL
    NeRoL is offline
    Junior Member NeRoL's Avatar
    Join Date
    Dec 2008
    Location
    USA
    Posts
    19

    Default

    Well, I already tried talking to my ISP (hence what I said my last post about the ATT guy.) Anyways, I ran the DDS tool:


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by - at 17:31:08.62 on Sun 03/28/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.986 [GMT -5:00]

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\WINDOWS\System32\svchost.exe -k Akamai
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\ASUS\EPU\EPU.exe
    C:\WINDOWS\DAODx.exe
    C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Workrave\lib\workrave.exe
    C:\Program Files\Trillian\trillian.exe
    C:\Program Files\Xfire\Xfire.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\program files\Steam\steam.exe
    C:\Program Files\Winamp\winamp.exe
    C:\PROGRAM FILES\PROCESS EXPLORER\PROCEXP.EXE
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Loren\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.yahoo.com/
    uWindow Title = Internet Exploder
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    uRun: [Steam] "c:\program files\steam\steam.exe" -silent
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Workrave] c:\program files\workrave\lib\workrave.exe
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
    mRun: [UpdReg] c:\windows\UpdReg.EXE
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Six Engine] "c:\program files\asus\epu\EPU.exe" -r
    mRun: [RunDAOD] c:\windows\DAODx.exe
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
    mRun: [Logitech Utility] Logi_MwX.Exe
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [CTSysVol] c:\program files\creative\sb live! 24-bit\surround mixer\CTSysVol.exe /r
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
    mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
    mRun: [D-Link AirPlus G DWL-G510] c:\program files\d-link\airplus g dwl-g510\AirGCFG.exe
    mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
    StartupFolder: c:\docume~1\loren\startm~1\programs\startup\trillian.lnk - c:\program files\trillian\trillian.exe
    StartupFolder: c:\docume~1\loren\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
    uPolicies-explorer: EditLevel = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: aol.com\free
    Trusted Zone: microsoft.com\www.update
    Trusted Zone: xfire.com\www
    DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261270828156
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: avgrsstarter - avgrsstx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll
    IFEO: taskmgr.exe - "c:\program files\process explorer\PROCEXP.EXE"
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\loren\applic~1\mozilla\firefox\profiles\aomrmk9j.default\
    FF - prefs.js: network.proxy.type - 4
    FF - component: c:\documents and settings\loren\application data\mozilla\firefox\profiles\aomrmk9j.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\loren\application data\mozilla\firefox\profiles\aomrmk9j.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCore.dll
    FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
    FF - plugin: c:\documents and settings\loren\application data\move networks\plugins\npqmp071701000008.dll
    FF - plugin: c:\documents and settings\loren\application data\mozilla\firefox\profiles\aomrmk9j.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll
    FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-19 216200]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-12-19 29512]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-19 242696]
    R1 HekkoVirtualCD;Hekko Virtual CD Driver;c:\windows\system32\drivers\hvcd.sys [2009-12-21 13184]
    R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-12-19 486280]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2006-2-28 14336]
    R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-12 916760]
    R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-12 308064]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2009-12-20 93320]
    R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
    R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2009-12-19 547744]
    S3 AtiDCM;AtiDCM;\??\c:\documents and settings\loren\local settings\temp\atidcmxx.sys --> c:\documents and settings\loren\local settings\temp\atidcmxx.sys [?]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-3-31 47128]
    S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

    =============== Created Last 30 ================

    2010-03-25 01:01:18 3284 ----a-w- c:\windows\system32\ANIWZCS{B95DC4F9-5809-45E8-B74F-A404FC63B167}
    2010-03-24 04:54:35 0 d-----w- c:\program files\common files\DivX Shared
    2010-03-24 04:53:27 0 d-----w- c:\program files\DivX
    2010-03-24 04:48:45 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX
    2010-03-23 02:41:56 819200 ----a-w- c:\windows\system32\xvidcore.dll
    2010-03-23 02:41:56 77824 ----a-w- c:\windows\system32\xvid.ax
    2010-03-23 02:41:56 180224 ----a-w- c:\windows\system32\xvidvfw.dll
    2010-03-23 02:41:56 0 d-----w- c:\program files\Xvid
    2010-03-20 21:28:32 0 d-----w- c:\program files\LucasArts
    2010-03-19 00:29:20 6 ----a-w- c:\windows\system32\ANIWZCSUSERNAME{B95DC4F9-5809-45E8-B74F-A404FC63B167}
    2010-03-19 00:29:09 667648 ----a-w- c:\windows\system32\ANIWZCS2.dll
    2010-03-19 00:29:09 49152 ----a-w- c:\windows\system32\JJAKEn.dll
    2010-03-19 00:29:09 49152 ----a-w- c:\windows\system32\AQCKGen.dll
    2010-03-19 00:29:09 45115 ----a-w- c:\windows\system32\ANICtl.dll
    2010-03-19 00:29:09 249856 ----a-w- c:\windows\system32\wnicapi.dll
    2010-03-19 00:29:09 225280 ----a-w- c:\windows\system32\WlanApp.dll
    2010-03-19 00:29:09 204800 ----a-w- c:\windows\system32\aIPH.dll
    2010-03-19 00:29:09 1327189 ----a-w- c:\windows\system32\odSupp_M.dll
    2010-03-19 00:28:55 48128 ----a-w- c:\windows\system32\ANIO64.sys
    2010-03-19 00:28:55 36864 ----a-w- c:\windows\system32\ANIOApi.dll
    2010-03-19 00:28:55 28195 ----a-w- c:\windows\system32\ANIO.sys
    2010-03-19 00:28:55 16997 ----a-w- c:\windows\system32\ANIO.VXD
    2010-03-19 00:28:55 11904 ----a-w- c:\windows\system32\anio4.sys
    2010-03-19 00:28:54 0 d-----w- c:\program files\ANI
    2010-03-19 00:28:40 0 d-----w- c:\program files\D-Link
    2010-03-18 21:21:02 0 d-----w- c:\windows\ie8updates
    2010-03-18 21:19:15 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2010-03-18 21:19:15 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2010-03-18 21:19:15 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2010-03-18 21:19:15 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2010-03-18 21:19:14 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2010-03-18 21:19:13 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
    2010-03-18 20:07:21 3284 ----a-w- c:\windows\system32\ANIWZCS{2D7701FD-8969-492B-B41A-344443BE517A}
    2010-03-18 19:39:12 0 d-sh--w- c:\documents and settings\loren\IECompatCache
    2010-03-18 19:38:29 0 d-sh--w- c:\documents and settings\loren\PrivacIE
    2010-03-18 19:32:31 0 d-sh--w- c:\documents and settings\loren\IETldCache
    2010-03-18 19:27:03 0 dc-h--w- c:\windows\ie8
    2010-03-17 21:44:35 634 ----a-w- c:\windows\entpack.ini
    2010-03-15 20:36:31 0 d-----w- c:\docume~1\loren\applic~1\Malwarebytes
    2010-03-15 20:36:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-03-15 20:36:26 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-03-15 20:36:26 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-03-15 20:36:26 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-03-14 04:35:15 218 ----a-w- c:\documents and settings\loren\.recently-used.xbel
    2010-03-12 22:06:03 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-03-12 00:26:39 0 d-----w- c:\docume~1\loren\applic~1\Ubisoft
    2010-03-11 05:00:45 38160 ----a-w- c:\windows\system32\LMRTREND.dll
    2010-03-11 05:00:44 140800 ----a-w- c:\windows\system32\tm20dec.ax
    2010-03-11 05:00:43 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
    2010-03-11 05:00:40 63488 ----a-w- c:\windows\system32\unam4ie.exe
    2010-03-11 05:00:36 5672 ----a-w- c:\windows\system32\quartz.vxd
    2010-03-11 05:00:36 11776 ----a-w- c:\windows\system32\mciqtz.drv
    2010-03-11 05:00:36 10240 ----a-w- c:\windows\system32\vidx16.dll
    2010-03-11 05:00:35 194320 ----a-w- c:\windows\system32\qcut.dll
    2010-03-11 05:00:33 4608 ----a-w- c:\windows\system32\w95inf32.dll
    2010-03-11 05:00:33 2272 ----a-w- c:\windows\system32\w95inf16.dll
    2010-03-10 00:34:12 0 d-----w- c:\program files\Install Creator
    2010-03-08 17:59:18 94208 ----a-w- c:\windows\system32\dpl100.dll
    2010-03-06 21:49:25 0 d-----w- c:\program files\Microsoft Chart Controls
    2010-03-06 21:48:25 0 d-----w- c:\program files\UDK
    2010-03-06 20:25:23 221184 ----a-w- c:\windows\system32\wmpns.dll
    2010-03-06 20:25:17 0 d-----w- c:\program files\Windows Media Connect 2
    2010-03-06 16:32:49 77749234 ----a-w- c:\windows\system32\SG-thief.scr
    2010-03-06 16:12:44 0 d-----w- c:\docume~1\loren\applic~1\Axialis
    2010-03-06 16:12:39 0 d-----w- c:\program files\Axialis
    2010-03-05 00:11:22 41872 ----a-w- c:\windows\system32\xfcodec.dll
    2010-03-04 04:29:11 7680 --sha-w- c:\windows\Thumbs.db
    2010-03-02 18:16:04 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
    2010-03-02 05:39:45 0 d-----w- c:\program files\SystemRequirementsLab
    2010-02-28 23:43:17 0 d-----w- c:\docume~1\loren\applic~1\Workrave
    2010-02-28 23:43:07 0 d-----w- c:\program files\Workrave

    ==================== Find3M ====================

    2010-03-19 02:21:05 41 ----a-w- c:\documents and settings\loren\jagex_runescape_preferences.dat
    2010-03-19 02:11:12 69 ----a-w- c:\documents and settings\loren\jagex_runescape_preferences2.dat
    2010-03-12 22:06:04 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-03-12 22:05:42 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-02-21 18:55:06 278016 ----a-w- c:\windows\THIEFSAVER.SCR
    2010-02-19 19:27:36 720384 ----a-w- c:\windows\system32\DivX.dll
    2010-02-19 19:27:16 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
    2010-02-19 19:27:16 856064 ----a-w- c:\windows\system32\divx_xx07.dll
    2010-02-19 19:27:16 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
    2010-02-19 19:27:16 843776 ----a-w- c:\windows\system32\divx_xx16.dll
    2010-02-19 19:27:16 839680 ----a-w- c:\windows\system32\divx_xx11.dll
    2010-02-08 02:07:38 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
    2010-02-07 16:41:10 86016 ----a-w- c:\windows\system32\frapsvid.dll
    2010-01-11 17:27:55 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
    2010-01-08 22:18:43 22328 ----a-w- c:\docume~1\loren\applic~1\PnkBstrK.sys
    2010-01-08 22:18:02 2337865 ----a-w- c:\windows\system32\pbsvc.exe

    ============= FINISH: 17:32:27.25 ===============
  2. 2010-03-29, 02:59 #12
    shelf life
    shelf life is offline
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    ok thanks for the info. dont see much of anything there as far as malware goes.
    Why dont you as a experiment shut down the zone alarm service following these directions. If things are not any better after the reboot with ZA disabled then reenable it by checking its box in the msconfig utility and reboot. It will start up at every reboot again.
    How Can I Reduce My Risk?
  3. 2010-03-30, 01:37 #13
    NeRoL
    NeRoL is offline
    Junior Member NeRoL's Avatar
    Join Date
    Dec 2008
    Location
    USA
    Posts
    19

    Default

    You don't see anything? That's a relief. Good to know.

    Well, unfortunately windows will not allow me to disable zonealarm, so the only thing I can do is uninstall it.
  4. 2010-03-31, 02:25 #14
    shelf life
    shelf life is offline
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    Windows wont let you disable it? So what happens when you try to disable it using the icon?
    Did you try unchecking it in msconfig? That will keep it from auto starting when you boot up.
    How Can I Reduce My Risk?
  5. 2010-04-06, 17:08 #15
    NeRoL
    NeRoL is offline
    Junior Member NeRoL's Avatar
    Join Date
    Dec 2008
    Location
    USA
    Posts
    19

    Default Case Closed!

    Oh my gosh I'm sorry... I was actually able to fix it, but forgot about the thread until just now checking my email account and saw that you replied.
    Turns out it was an incompatibility problem between ZoneAlarm and
    AVG 9.0. :/
    ZoneAlarm issued a beta version to correct this problem, and I am using it right now. Internet is back to normal. However, I appreciate your help and if you hadn't suggested disabling zonealarm I wouldn't have discovered this issue! I don't know why it never occured to me that it was a firewall issue.

    In any case, regarding disabling zonealarm: I was unable to disable it, unchecking it in msconfig didn't work because it re-enabled itself after closing msconfig. (I know because I went back and it was checked again. Not only that, but the first time I unchecked it I rebooted hoping zonealarm would be disabled, but it was not!)
  6. 2010-04-06, 23:24 #16
    shelf life
    shelf life is offline
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    ok. good you have it all settled then. Dont know why you are unable to disable the ZA service. If all is good: some tips for reducing your risk, even though this wasnt a malware issue I will post it anyway.

    10 Tips for Reducing/Preventing Your Risk To Malware:

    Simply knowing what constitutes a safe action on a computer and what may not will help you tremendously.

    1) It is essential to keep your OS,(Windows) browser (IE, FireFox) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update frequently or use the auto-update feature. Staying updated is also necessary for web based applications like Java, Adobe Flash/Reader, QuickTime etc. Check there version status here.

    2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and your then prompted to install software to remedy this. See also the signs that you may have malware on your computer.

    3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.

    4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem.

    5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.

    6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website?

    7) Set up and use limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts can help prevent *malware from installing and lessen its potential impact.*

    8) Install and understand the *limitations* of a software firewall.

    9) A tool for automatically hardening and securing Internet Explorer 8.0. Requires site registration for downloading. Changes some of the default settings of IE 8.0, Read the FAQ's.

    10) Warez, cracks etc are very popular for carrying all kinds of malware payloads. Using them will cause you all kinds of problems. If you download/install files via p2p networks, then you are also much more likely to encounter malicious code in a downloaded file. Do you really trust the source of the file? Do you really need another malware source?

    A longer version in link below.

    Happy Safe Surfing.
    How Can I Reduce My Risk?
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules