Mourning the loss of our friend, WhitPhil.
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
 
General Security
Tag Cloud
access audio black screen blue screen boot bsod connection crash dell desktop driver drivers dvd email error excel firefox hard drive hardware hijackthis internet keyboard laptop malware monitor motherboard network networking outlook problem processor recovery registry cleaner router safe mode slow sound spyware tdlwsp.dll trojan vba video virus vista vundo windows windows 7 windows vista windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > General Security >
Solved: system restore? will it work

Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

Page 3 of 5 12 3 45
 
Thread Tools
cybertech's Avatar
Computer Specs
Moderator with 68,253 posts.
  
Join Date: Apr 2002
Location: Washington State
02-Nov-2009, 12:25 PM #31
Forgive me if this question has already be asked...Is this a paid for version of AVG?
Register for free to hide this ad!
jssch's Avatar
Senior Member with 324 posts.
  
Join Date: Nov 2000
Location: James Island, SC
02-Nov-2009, 12:42 PM #32
No, I am installing the free version. I downloaded and ran the one from the link Flavallee sent me in the previous post. EDIT Additional info:

I got to the spot that gave me 3 options add/repair/uninstall. I hit repair and it finally finished the first run wizard. Under the overview, AVG says that the Anti-virus is active, however, it says the resident shield component is not. Windows security is saying that the AVG Anti-virus is not on. The update went through. Where do I go from here? Is the resident shield not being active an issue? or can I move on to the next step Flavallee wants me to do?
__________________
There's always hope.....
Last edited by jssch : 02-Nov-2009 12:55 PM.
cybertech's Avatar
Computer Specs
Moderator with 68,253 posts.
  
Join Date: Apr 2002
Location: Washington State
02-Nov-2009, 01:12 PM #33
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

Code:
RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

Registry::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=-
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=-

Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe

This will start ComboFix again. It may ask to reboot. Post the contents of c:\Combofix.txt in your next reply together with a new HijackThis log.
__________________
Microsoft MVP/Windows - Consumer Security
jssch's Avatar
Senior Member with 324 posts.
  
Join Date: Nov 2000
Location: James Island, SC
02-Nov-2009, 01:43 PM #34
Forgive me now, but what is the best way to disable the AVG I have before running the Combofix? I can't right click and disable.... Do I uninstall?
cybertech's Avatar
Computer Specs
Moderator with 68,253 posts.
  
Join Date: Apr 2002
Location: Washington State
02-Nov-2009, 03:00 PM #35
Yes I would uninstall since the installation is not working anyway.

You may also want to try Avast after you have run ComboFix.
flavallee's Avatar
Computer Specs
Trusted Advisor with 23,522 posts.
  
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
02-Nov-2009, 04:32 PM #36
Quote:
Originally Posted by cybertech View Post
Forgive me if this question has already be asked...Is this a paid for version of AVG?
Cybertech:

The O23 log entry says AVG Free8, so I assumed it was the free version, and why I provided the link for the free version of 9.

----------------------------------------------------------------

jssch:

If you can't get AVG to uninstall properly, you might want to download and run AVG Remover(32-bit).

---------------------------------------------------------------
jssch's Avatar
Senior Member with 324 posts.
  
Join Date: Nov 2000
Location: James Island, SC
02-Nov-2009, 04:46 PM #37
AVG working properly after computer restart. I just had the thought that I had not restarted the computer, so, did a restart and AVG is now working properly. Should I still run the CFscript from your previous post or would you want me run a HJT log first?
cybertech's Avatar
Computer Specs
Moderator with 68,253 posts.
  
Join Date: Apr 2002
Location: Washington State
03-Nov-2009, 12:12 PM #38
CFscript please.
jssch's Avatar
Senior Member with 324 posts.
  
Join Date: Nov 2000
Location: James Island, SC
03-Nov-2009, 01:32 PM #39
Now that AVG is running, how do I disable it temporarily so that it doesnt interfere with Combofix?
cybertech's Avatar
Computer Specs
Moderator with 68,253 posts.
  
Join Date: Apr 2002
Location: Washington State
03-Nov-2009, 01:37 PM #40
Open the AVG 8 Control Center, by right clicking on the AVG 8 icon on task bar.
  • Click on Tools.
  • Select Advanced.
  • In the left hand pane, scroll down to "Resident Shield".
  • In the main pane, deselect the option to "Enable Resident Shield."
  • To re-enable AVG 8, please select "Enable Resident Shield" again.


Some people for what ever reason do not have success with that so they uninstall AVG.

__________________
Microsoft MVP/Windows - Consumer Security
jssch's Avatar
Senior Member with 324 posts.
  
Join Date: Nov 2000
Location: James Island, SC
03-Nov-2009, 02:49 PM #41
Ok, Combofix started to run then said update available so I updated. It then said it was restarting Combofix. Have been hung on the "Attempting to create a new system restore point" for about 1 hour now. Suggestions? Assuming I need to close the window. Do I drag the CFScript.txt file back into Combofix again or do I need to do something else. Hung for about 2 hours now.
__________________
There's always hope.....
Last edited by jssch : 03-Nov-2009 03:43 PM.
cybertech's Avatar
Computer Specs
Moderator with 68,253 posts.
  
Join Date: Apr 2002
Location: Washington State
03-Nov-2009, 04:05 PM #42
Stop the process. Delete your current version of ComboFix. Download it again and try the script again.
jssch's Avatar
Senior Member with 324 posts.
  
Join Date: Nov 2000
Location: James Island, SC
04-Nov-2009, 06:57 AM #43
Combofix Log:

ComboFix 09-11-03.01 - Mitchell 11/03/2009 16:14.4.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.483 [GMT -5:00]
Running from: c:\documents and settings\Mitchell\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mitchell\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-10-03 to 2009-11-03 )))))))))))))))))))))))))))))))
.

2009-11-02 15:31 . 2009-11-02 15:31 -------- d-----w- C:\AVGTemp
2009-10-30 23:03 . 2009-11-02 12:39 -------- d-----w- C:\$AVG
2009-10-30 23:03 . 2009-10-30 23:03 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-30 23:02 . 2009-11-02 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-10-30 23:02 . 2009-11-02 12:27 -------- d-----w- c:\windows\SxsCaPendDel
2009-10-28 17:28 . 2009-10-28 17:28 -------- d-----w- c:\documents and settings\Mitchell\Application Data\Malwarebytes
2009-10-28 17:28 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-28 17:28 . 2009-10-28 17:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-28 17:28 . 2009-10-28 17:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-28 17:28 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-28 12:15 . 2009-10-28 12:15 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-10-28 12:15 . 2009-10-28 12:15 -------- d-----w- c:\program files\NETGEAR
2009-10-28 12:15 . 2007-12-26 15:47 272128 ----a-w- c:\windows\system32\drivers\wg111v2.sys
2009-10-28 12:15 . 2007-12-25 16:24 344064 ----a-w- c:\windows\system32\SCMLib.dll
2009-10-28 12:15 . 2007-12-18 20:46 266240 ----a-w- c:\windows\system32\WG1v2lib.dll
2009-10-28 12:15 . 2007-04-27 11:00 1069056 ----a-w- c:\windows\system32\libeay32.dll
2009-10-28 12:15 . 2006-07-27 19:26 36864 ----a-w- c:\windows\system32\RtlGina2.dll
2009-10-28 12:15 . 2005-07-20 09:53 966765 ----a-w- c:\windows\system32\acAuth.dll
2009-10-28 12:15 . 2005-01-25 19:30 143360 ----a-w- c:\windows\system32\IpLib.dll
2009-10-28 12:15 . 2009-10-28 12:15 -------- d-----w- c:\documents and settings\Mitchell\Application Data\InstallShield
2009-10-27 12:16 . 2009-10-27 12:16 -------- d-----w- c:\program files\Trend Micro
2009-10-23 18:51 . 2009-10-23 18:51 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-10-23 18:51 . 2009-10-23 18:51 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-15 13:51 . 2009-10-15 13:51 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-03 12:01 . 2007-10-05 19:33 -------- d-----w- c:\program files\LogMeIn
2009-10-30 23:03 . 2009-01-14 23:12 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-30 23:03 . 2009-01-14 23:12 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-30 23:03 . 2009-01-14 23:12 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-30 23:02 . 2009-01-14 23:12 -------- d-----w- c:\program files\AVG
2009-10-30 18:31 . 2004-07-30 20:21 -------- d-----w- c:\program files\Java
2009-10-30 15:54 . 2009-05-19 21:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-30 15:54 . 2009-05-19 21:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-28 12:15 . 2004-07-30 20:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-20 15:20 . 2009-10-20 15:20 17594 ----a-w- c:\documents and settings\Mitchell\Application Data\wanehebis.dat
2009-10-13 17:30 . 2006-09-13 13:05 -------- d-----w- c:\documents and settings\Mitchell\Application Data\AdobeUM
2009-10-13 12:41 . 2007-08-08 15:45 -------- d-----w- c:\program files\Access 97 Runtime
2009-10-02 20:17 . 2009-09-02 17:46 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-10-02 12:14 . 2007-10-05 19:33 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-10-02 12:14 . 2007-10-05 19:33 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-10-02 12:14 . 2007-10-05 19:33 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-09-28 18:45 . 2008-09-02 14:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-14 20:06 . 2004-07-30 20:28 98472 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-11 14:18 . 2004-03-19 22:40 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 12:00 . 2007-05-25 20:22 11552 ----a-w- c:\windows\system32\lmimirr2.dll
2009-09-09 12:00 . 2007-05-25 20:22 25248 ----a-w- c:\windows\system32\lmimirr.dll
2009-09-04 21:03 . 2004-03-30 01:48 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-02 17:46 . 2009-09-02 17:46 0 ----a-w- c:\windows\nsreg.dat
2009-08-29 08:08 . 2006-06-23 15:33 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-03-19 22:43 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-07 00:24 . 2007-08-09 11:34 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2007-08-09 11:34 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2007-08-09 11:34 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2007-04-17 02:45 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2004-03-19 22:45 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2004-03-19 22:34 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2007-08-09 11:34 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2004-03-19 22:45 1929952 ----a-w- c:\windows\system32\wuaueng.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-02-10 118784]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2004-05-28 323584]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2004-04-15 270336]
"AdobeVersionCue"="c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2004-03-25 1732608]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048]
"PSDiagnosticM"="c:\program files\Linksys Wireless-G Print Server\PSDiagnosticM.exe" [2007-02-27 315392]
"mmtask"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe" [2006-01-17 53248]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-07-21 98304]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-10-30 2010904]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2009-10-28 1261568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-30 23:03 12464 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-02 12:14 87352 ----a-w- c:\windows\SYSTEM32\LMIinit.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\Linksys Wireless-G Print Server\\PSDiagnosticM.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [1/14/2009 6:12 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [10/30/2009 6:03 PM 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [10/30/2009 6:02 PM 285392]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [4/17/2007 2:00 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\SYSTEM32\DRIVERS\LMIRfsDriver.sys [10/5/2007 2:33 PM 47640]
R3 lknuhst;Linksys Network USB Host Controller;c:\windows\SYSTEM32\DRIVERS\lknuhst.sys [4/30/2008 11:37 AM 11136]
R3 LKNUHUB;Linksys Network USB Root Hub;c:\windows\SYSTEM32\DRIVERS\lknuhub.sys [4/30/2008 11:37 AM 37248]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\SYSTEM32\DRIVERS\wg111v2.sys [10/28/2009 7:15 AM 272128]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.jics.org/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {4EF5B7A8-C522-4373-A8E7-561515415A95} = 208.67.222.222,208.67.220.220
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-03 16:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x ?e???x???x???????????????????x???X???????x???x???????????x???8???????x???x? ?????????? ???????????0????????????????D?w????????????7??w????x???x??????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(892)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\MPRUI.dll

- - - - - - - > 'explorer.exe'(3680)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-11-03 16:37
ComboFix-quarantined-files.txt 2009-11-03 21:37

Pre-Run: 121,369,501,696 bytes free
Post-Run: 122,121,183,232 bytes free

----------
HijackThis Log:
-----
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:53:06 AM, on 11/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\mysql\bin\mysqld-max-nt.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jics.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [PSDiagnosticM] "C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EF5B7A8-C522-4373-A8E7-561515415A95}: Domain = jics.org
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EF5B7A8-C522-4373-A8E7-561515415A95}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{4EF5B7A8-C522-4373-A8E7-561515415A95}: Domain = jics.org
O17 - HKLM\System\CS1\Services\Tcpip\..\{4EF5B7A8-C522-4373-A8E7-561515415A95}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS3\Services\Tcpip\..\{4EF5B7A8-C522-4373-A8E7-561515415A95}: Domain = jics.org
O17 - HKLM\System\CS3\Services\Tcpip\..\{4EF5B7A8-C522-4373-A8E7-561515415A95}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-max-nt.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

--
End of file - 7897 bytes
__________________
There's always hope.....
cybertech's Avatar
Computer Specs
Moderator with 68,253 posts.
  
Join Date: Apr 2002
Location: Washington State
04-Nov-2009, 02:28 PM #44
How is it running now? Any problems?
jssch's Avatar
Senior Member with 324 posts.
  
Join Date: Nov 2000
Location: James Island, SC
04-Nov-2009, 02:35 PM #45
None that I can see! From reading some of the other posts, do you suggest I download and run the SUPERanti-spyware as well? And then I guess Flavallee can help me trim my start-up load now too.....
Reply Bookmark and Share
Page 3 of 5 12 3 45

Smart Search

Find your solution!


« Previous Thread | General Security | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.

Thread Tools


Twitter Twitter! | Podcast | Mobile | Advertise
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -5. The time now is 04:15 PM.
Copyright © 1996 - 2009 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2009, Jelsoft Enterprises Ltd.
 Powered by Cermak Technologies, Inc.