Thread: Help: C:\Windows\Avguard.exe
View Single Post
Old 11-17-2008, 07:10 PM   #2 (permalink)
Alvine
Registered User
 
Join Date: Nov 2008
Posts: 10
OS: XP MediaCtrEd v2002 sp3


Re: Help: C:\Windows\Avguard.exe
I apologize for the bump, but I forgot to include the DDS log and necessary attachments.

Here's the DDS log:

DDS (Version 1.0) - NTFSx86
Run by Admin at 19:49:46.32 on Mon 11/17/2008
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.907 [GMT -6:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\SONY\sHotKey\sHotKey.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
"C:\WINDOWS\system32\svchost.exe" 40706
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\avguard.exe
C:\Documents and Settings\Admin\Desktop\dds.scr

============== Psuedo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - c:\windows\mpcodecplg.dll
TB: {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [sHotKey] "c:\program files\sony\shotkey\sHotKey.exe"
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [URLLSTCK.exe] c:\program files\norton internet security\UrlLstCk.exe
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [nwiz] nwiz.exe /install
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\CalibAdobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

============= SERVICES / DRIVERS ===============

R0 pxark;pxark;c:\windows\system32\drivers\pxark.sys
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys
R2 CSIScanner;CSIScanner;"c:\program files\prevxcsi\prevxcsi.exe" /service
R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\common files\sony shared\vaio entertainment\vzcdb\VzFw.exe
R2 wowsystemcode;Remote TCP/IP;c:\windows\system32\svchost.exe -k netsvcs
S2 RPCH;Remote Procedure Call (HPM);c:\program files\netmeeting\nmwb.exe
S2 RPCHE;Remote Procedure Call (RPCE);c:\program files\netmeeting\Winlog.exe
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\common files\sony shared\vaio entertainment\vcsw\VCSW.exe -RunBySCM

=============== Created Last 30 ================

2008-11-17 19:41 250 a------- c:\windows\gmer.ini
2008-11-17 17:41 <DIR> --d----- c:\program files\Trend Micro
2008-11-16 23:09 100,864 a------- c:\windows\avguard.exe
2008-11-16 22:20 26,680 a------- c:\windows\system32\drivers\pxark.sys
2008-11-16 22:20 <DIR> --d----- c:\program files\PrevxCSI
2008-11-16 22:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PrevxCSI
2008-11-16 18:24 1,060,864 a------- c:\windows\system32\MFC71.dll
2008-11-16 18:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SecTaskMan
2008-11-16 16:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-11-16 16:14 410,976 a------- c:\windows\system32\deploytk.dll
2008-11-16 15:55 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-11-12 20:19 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 20:19 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2008-11-10 20:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2008-11-06 22:58 34 a------- c:\windows\1.ini
2008-11-06 22:50 237,568 a------- c:\windows\system32\wowformf344_716.dll
2008-11-06 22:50 20 a------- c:\windows\syscheck
2008-10-23 20:15 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll

==================== Find3M ====================

2008-11-16 23:08 <DIR> --d----- c:\program files\common files\Symantec Shared
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-15 18:35 <DIR> --d----- c:\program files\Sony
2008-10-15 00:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Blizzard
2008-10-05 22:51 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-10-05 22:33 <DIR> --d----- c:\docume~1\admin\applic~1\Sony Corporation
2008-10-05 22:29 <DIR> --d----- c:\docume~1\admin\applic~1\Drag'n Drop CD+DVD
2008-09-15 06:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-09 19:14 1,307,648 -------- c:\windows\system32\msxml6.dll
2008-09-04 11:15 1,106,944 a------- c:\windows\system32\msxml3.dll
2008-08-26 01:24 826,368 a------- c:\windows\system32\wininet.dll
2008-08-04 23:51 <DIR> --d----- c:\docume~1\admin\applic~1\SoundSpectrum
2008-02-18 16:51 <DIR> --d----- c:\docume~1\admin\applic~1\Move Networks
2007-12-17 19:32 <DIR> --d----- c:\docume~1\admin\applic~1\SystemRequirementsLab
2007-12-10 01:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{E0FD8DB4-0B1B-427B-B11A-E920A60A344E}
2007-12-10 01:11 <DIR> --d----- c:\docume~1\admin\applic~1\Seven Zip
2007-11-22 00:54 <DIR> --d----- c:\docume~1\admin\applic~1\Intuit
2007-11-22 00:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intuit
2007-11-18 02:32 <DIR> --d----- c:\docume~1\admin\applic~1\Netscape
2007-11-17 19:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sony Corporation
2007-11-17 18:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\VAIO Media Platform
2004-04-01 16:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2004-04-01 15:58 <DIR> --d----- c:\docume~1\admin\applic~1\Symantec
2008-06-30 18:51 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008063020080701\index.dat

============= FINISH: 19:50:09.37 ===============
Attached Files
File Type: txt Gmer.txt (24.1 KB, 1 views)
File Type: txt Attach.txt (13.3 KB, 2 views)
Alvine is offline