Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

access violation - AVGTOO~1.dll [Solved]

Started by amylynn4 , Mar 28 2009 07:24 PM

  • This topic is locked This topic is locked

#16
andrewuk
Posted 29 March 2009 - 10:29 AM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
give the system restore a shot first.



if that fails, download onto a cd the following:

Please download Malwarebytes' Anti-Malware from Here or Here

Download OTListIt

Download the OTMoveIt3 by OldTimer.

Download combofix


once you transfer from CD to your machine destop, run the malwarebytes and OTListIT and post the logs.

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk
  • 0

Advertisements

#17
amylynn4
Posted 29 March 2009 - 04:40 PM

amylynn4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I was unable to do a system restore. I copied the programs from another computer onto a CD, but Malwarebytes will not run. OTListIt starts the scan, but freezes within 10 seconds of the scan. I also copied OTMoveIt3 and Combofix onto the CD, but have not tried those programs yet.
  • 0

#18
amylynn4
Posted 29 March 2009 - 04:51 PM

amylynn4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Got OTListIt2 to run up until Scanning Application Event Log, error message popped up stating 'Access violation at address 77175973 in module 'ntdll.dll' Read of address 0000001E.
  • 0

#19
amylynn4
Posted 30 March 2009 - 09:21 AM

amylynn4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
ComboFix 09-03-29.02 - Jim & Amy 2009-03-30 3:53:03.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1015.318 [GMT -5:00]
Running from: c:\tools-av\7850\7850.exe
.
Error: Cfolders.dat
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\Internet Explorer\msimg32.dll
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\x64
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MyWebSearchService



((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-30 )))))))))))))))))))))))))))))))
.

2009-03-29 19:15 . 2009-03-29 19:19 <DIR> d-------- C:\4676
2009-03-29 19:07 . 2009-03-29 19:08 <DIR> d-------- C:\3341
2009-03-29 19:06 . 2009-03-30 03:51 <DIR> d-------- C:\Tools-AV
2009-03-28 23:12 . 2009-03-28 23:12 <DIR> d-------- c:\windows\System32\Adobe
2009-03-28 22:16 . 2009-03-28 22:16 <DIR> d-------- c:\program files\MyWebSearch
2009-03-28 22:16 . 2009-03-28 22:56 <DIR> d-------- c:\program files\FunWebProducts
2009-03-28 20:48 . 2008-06-19 20:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-03-28 20:48 . 2008-06-19 20:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-03-28 20:48 . 2008-06-19 20:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-03-28 20:48 . 2008-06-19 20:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-03-28 20:48 . 2008-06-19 20:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-03-28 20:48 . 2008-06-19 20:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-03-28 20:48 . 2008-06-19 20:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-03-28 20:48 . 2008-06-19 20:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-03-28 19:28 . 2009-03-28 19:28 <DIR> d-------- c:\users\Jim & Amy\AppData\Roaming\aAvgApi
2009-03-28 19:02 . 2008-07-27 13:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-03-28 19:02 . 2008-07-27 13:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-03-28 19:02 . 2008-07-27 13:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-03-28 19:02 . 2008-07-27 13:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-03-28 19:02 . 2008-07-27 13:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-03-27 17:09 . 2009-03-27 17:09 <DIR> d-------- c:\program files\Real
2009-03-25 19:51 . 2009-03-25 19:58 <DIR> d-------- c:\program files\Windows Live Safety Center
2009-03-23 11:15 . 2009-03-23 11:15 <DIR> d-------- c:\users\Jim & Amy\AppData\Roaming\Amazon
2009-03-23 11:05 . 2009-03-23 11:05 <DIR> d-------- c:\program files\Amazon
2009-03-19 21:42 . 2009-03-19 21:42 <DIR> d-------- c:\program files\iPod
2009-03-19 21:42 . 2008-04-17 12:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2009-03-19 21:42 . 2009-01-15 12:19 23,848 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2009-03-19 21:41 . 2009-03-19 21:42 <DIR> d-------- c:\users\All Users\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-19 21:41 . 2009-03-19 21:42 <DIR> d-------- c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-19 21:18 . 2009-03-19 21:18 <DIR> d-------- c:\program files\Bonjour
2009-03-19 12:25 . 2009-03-19 12:25 <DIR> d-------- c:\users\Jim & Amy\AppData\Roaming\eMusic
2009-03-19 12:25 . 2009-03-19 12:25 <DIR> d-------- c:\program files\eMusic
2009-03-19 12:25 . 2009-03-19 12:25 <DIR> d-------- c:\program files\Conduit
2009-03-19 12:23 . 2009-03-19 12:23 <DIR> d-------- c:\program files\eMusic Download Manager
2009-03-17 07:01 . 2009-03-26 07:41 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-14 18:36 . 2009-03-14 18:36 <DIR> d-------- c:\users\All Users\Downloaded Installations
2009-03-14 18:36 . 2009-03-14 18:36 <DIR> d-------- c:\programdata\Downloaded Installations
2009-03-14 18:35 . 2009-03-28 09:03 <DIR> d-------- c:\windows\System32\drivers\Avg
2009-03-14 18:35 . 2009-03-14 18:35 325,640 --a------ c:\windows\System32\drivers\avgldx86.sys
2009-03-14 18:35 . 2009-03-26 09:10 108,552 --a------ c:\windows\System32\drivers\avgtdix.sys
2009-03-14 18:35 . 2009-03-14 18:35 12,552 --a------ c:\windows\System32\drivers\avgrkx86.sys
2009-03-14 18:35 . 2009-03-14 18:35 10,520 --a------ c:\windows\System32\avgrsstx.dll
2009-03-14 18:33 . 2009-03-14 18:33 <DIR> d-------- c:\users\All Users\avg8
2009-03-14 18:33 . 2009-03-14 18:33 <DIR> d-------- c:\programdata\avg8
2009-03-14 18:33 . 2009-03-14 18:33 <DIR> d-------- c:\program files\AVG
2009-03-14 18:33 . 2009-03-14 18:33 23,832 --a------ c:\windows\System32\drivers\avgfwd6x.sys
2009-03-11 13:10 . 2008-12-15 22:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 13:10 . 2009-02-08 22:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-11 13:10 . 2008-11-26 23:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-11 13:10 . 2008-12-16 00:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 13:10 . 2008-12-16 00:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 13:10 . 2008-12-16 00:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-05 23:59 . 2009-03-05 23:59 1,900,544 --a------ c:\windows\System32\usbaaplrc.dll
2009-03-05 23:59 . 2009-03-05 23:59 36,864 --a------ c:\windows\System32\drivers\usbaapl.sys
2009-02-15 22:36 . 2008-12-04 23:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-15 22:36 . 2008-12-04 23:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-15 22:36 . 2008-12-04 23:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-15 22:36 . 2008-12-04 23:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-15 22:36 . 2008-12-04 23:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-13 23:22 . 2009-02-13 23:22 <DIR> d-------- c:\users\Jim & Amy\AppData\Roaming\Home Sweet Home 2
2009-02-13 05:07 . 2009-02-13 05:55 <DIR> d-------- c:\users\Jim & Amy\AppData\Roaming\iWin_JanesRealty
2009-02-11 00:22 . 2009-01-14 22:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 00:22 . 2009-01-15 01:11 827,392 --a------ c:\windows\System32\wininet.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-29 15:43 --------- d-----w c:\program files\CONEXANT
2009-03-29 00:10 --------- d-----w c:\program files\Java
2009-03-20 02:42 --------- d-----w c:\program files\iTunes
2009-03-20 02:42 --------- d-----w c:\program files\Common Files\Apple
2009-03-12 18:20 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-12 18:19 --------- d-----w c:\program files\Windows Mail
2009-03-10 21:44 --------- d-----w c:\programdata\Symantec
2009-02-14 04:48 --------- d---a-w c:\programdata\TEMP
2009-02-14 04:21 --------- d-----w c:\program files\iWin.com
2009-02-05 14:01 --------- d-----w c:\programdata\CanonIJPLM
2009-02-03 05:29 --------- d-----w c:\program files\EA GAMES
2009-01-28 00:23 --------- d-----w c:\users\Jim & Amy\AppData\Roaming\Apple Computer
2009-01-28 00:22 --------- d-----w c:\programdata\Apple Computer
2009-01-28 00:20 --------- d-----w c:\program files\QuickTime
2009-01-28 00:17 --------- d-----w c:\program files\Apple Software Update
2009-01-28 00:16 --------- d-----w c:\programdata\Apple
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9ee802e8-c931-47ab-b570-aa8f791598ca}"= "c:\program files\eMusic\tbeMu1.dll" [2009-03-19 1883672]

[HKEY_CLASSES_ROOT\clsid\{9ee802e8-c931-47ab-b570-aa8f791598ca}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9ee802e8-c931-47ab-b570-aa8f791598ca}]
2009-03-19 12:25 1883672 --a------ c:\program files\eMusic\tbeMu1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9ee802e8-c931-47ab-b570-aa8f791598ca}"= "c:\program files\eMusic\tbeMu1.dll" [2009-03-19 1883672]

[HKEY_CLASSES_ROOT\clsid\{9ee802e8-c931-47ab-b570-aa8f791598ca}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{9EE802E8-C931-47AB-B570-AA8F791598CA}"= "c:\program files\eMusic\tbeMu1.dll" [2009-03-19 1883672]

[HKEY_CLASSES_ROOT\clsid\{9ee802e8-c931-47ab-b570-aa8f791598ca}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-20 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-20 202240]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-20 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-13 29744]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2007-03-07 189440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-14 1932568]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"MyWebSearch Plugin"="c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL" [2009-03-28 53352]
"My Web Search Bar Search Scope Monitor"="c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" [2009-03-28 24688]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-23 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2008-01-18 40072]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2008-03-14 2342912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{86367820-44C7-4283-9935-2F5A4B486E35}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{98A297AB-DD68-4787-9FC9-7114907DC7BE}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BFFAD669-7660-45DE-A40C-1D38AE0E296D}"= UDP:c:\program files\iWin Games\iWinGames.exe:iWin Games application.
"{499F8F0A-653C-4952-9E78-D4B980993612}"= TCP:c:\program files\iWin Games\iWinGames.exe:iWin Games application.
"{51167223-CA62-482E-B251-EC309DC89581}"= UDP:c:\program files\iWin Games\WebUpdater.exe:iWin Games updater.
"{4540F48F-787C-4BC3-8E40-64D4DFF18B7B}"= TCP:c:\program files\iWin Games\WebUpdater.exe:iWin Games updater.
"{067D966D-0395-4CA8-A062-57D7A8DB08E7}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{DA8C36E1-0E0F-46C6-965C-13792FC29AD4}"= c:\program files\AVG\AVG8\avgdiag.exe:avgdiag.exe
"{3912EBED-5DD2-44B0-9994-A33963F1B363}"= c:\program files\AVG\AVG8\avgdiagex.exe:avgdiagex.exe
"{A6C3624B-42A0-4C2F-9F68-B2B233820F2B}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{82C5A30E-D1D8-4EAB-BC69-088545713EEB}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{A672882D-5A53-4D02-9DE7-095A2FB8283F}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{F8324F2C-91E0-49F6-9C98-07954AF74CD9}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{13886B5E-6F50-4EA1-8054-480770A55424}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7963E0EE-D7C4-4474-883F-1D075A091057}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{56B37B53-344E-479A-AC3E-5E58611EB18D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [2009-03-14 12552]
R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [2009-03-14 23832]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2009-03-14 325640]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-03-14 108552]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [2008-12-17 78104]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-14 908056]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-14 298264]
S2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe --> c:\progra~1\AVG\AVG8\avgfws8.exe [?]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-12-22 33752]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-03-14 29744]
S3 MAUSBFT;Service for M-Audio Fast Track USB (WDM);c:\windows\System32\drivers\mausbft.sys [2009-01-21 119808]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [2006-11-02 2589184]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=WM&Br=EM&Loc=ENG_US&Sys=DTP&M=W3653
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - http://edits.mywebse...?p=ZJxdm128YYUS
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-30 04:02:35
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\M-Audio\Fast Track USB\MAUSBFTInst.exe
c:\program files\Canon\IJPLM\ijplmsvc.exe
c:\windows\System32\drivers\XAudio.exe
c:\windows\System32\WUDFHost.exe
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\windows\ehome\ehmsas.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2009-03-30 4:07:29 - machine was rebooted [Jim & Amy]
ComboFix-quarantined-files.txt 2009-03-30 09:07:24

Pre-Run: 189,891,543,040 bytes free
Post-Run: 189,807,251,456 bytes free

269 --- E O F --- 2009-03-29 15:45:22
  • 0

#20
amylynn4
Posted 30 March 2009 - 09:39 AM

amylynn4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
no luck with downloads, will not let me download hijackthis. copying those files onto a cd from another computer worked, so i could give that a try again
  • 0

#21
andrewuk
Posted 30 March 2009 - 02:33 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
ok, i can see some malware, but nothing that would prevent downloads.

so, we will remove the malware i can see and also completely remove the AVG - it is a long shot, but the AVG could be conflicting here.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\System32\drivers\avgldx86.sys
c:\windows\System32\drivers\avgtdix.sys
c:\windows\System32\drivers\avgrkx86.sys
c:\windows\System32\avgrsstx.dll
c:\windows\System32\drivers\avgfwd6x.sys

Folder::
c:\program files\MyWebSearch
c:\program files\FunWebProducts
c:\users\Jim & Amy\AppData\Roaming\aAvgApi
c:\windows\System32\drivers\Avg
c:\users\All Users\avg8
c:\programdata\avg8
c:\program files\AVG
c:\program files\Common Files\Symantec Shared
c:\programdata\Symantec

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=-
"MyWebSearch Plugin"=-
"My Web Search Bar Search Scope Monitor"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{067D966D-0395-4CA8-A062-57D7A8DB08E7}"=-
"{DA8C36E1-0E0F-46C6-965C-13792FC29AD4}"=-
"{3912EBED-5DD2-44B0-9994-A33963F1B363}"=-
"{A6C3624B-42A0-4C2F-9F68-B2B233820F2B}"=-
"{82C5A30E-D1D8-4EAB-BC69-088545713EEB}"=-
"{A672882D-5A53-4D02-9DE7-095A2FB8283F}"=-

Driver::
AvgRkx86
Avgfwfd
AvgLdx86
AvgTdiX
avg8emc
avg8wd
avgfws8

DirLook::
c:\users\All Users\Downloaded Installations
c:\programdata\Downloaded Installations
c:\users\Jim & Amy\AppData\Roaming\Home Sweet Home 2


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


remember: you will have no anti-virus program on your machine, so minimise your time online. we can get a new antivirus program on shortly.

let me know how it goes.

andrewuk
  • 0

#22
amylynn4
Posted 30 March 2009 - 04:42 PM

amylynn4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Ran Combo-fix and created a log, but I cannot get an internet connection back onto the computer.
  • 0

#23
andrewuk
Posted 30 March 2009 - 05:12 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
see the instructions http://www.bleepingc...ombofix#restore to restore your internet connection:

firstly, reboot your computer.

if that does not work then . . . . (sorry, all images are on that page, but the instructions are copied out below):

1. Click on the Start button.
2. Click on the Settings menu option.
3. Click on the Control Panel option.
4. When the Control Panel opens, double-click on the Network Connections icon. If your Control Panel is set to Category View, then double-click on Network and Internet Connections and then click on Network Connections at the bottom.
5. You will now see a list of available network connections. Locate the connection for your Wireless or Lan adapter and right-click on it.
6. You will now see a menu similar to the image below. Simply click on the Repair menu option.
7. Let the repair process perform its tasks and when it has finished, your Internet connection should be working again.

Alternatively, if your network icon also appears on the Windows taskbar, then you can repair it by right-clicking on the icon and selecting Repair as shown below.

andrewuk
  • 0

#24
amylynn4
Posted 30 March 2009 - 05:39 PM

amylynn4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
ComboFix 09-03-29.02 - Jim & Amy 2009-03-30 17:23:18.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1015.304 [GMT -5:00]
Running from: E:\Combo-Fix.exe
Command switches used :: c:\users\Jim & Amy\Desktop\CFScript.txt
* Created a new restore point
.
Error: Cfolders.dat

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AVG
c:\program files\AVG\AVG8\aAvgApi.exe
c:\program files\AVG\AVG8\avg.snu
c:\program files\AVG\AVG8\avg404.txt
c:\program files\AVG\AVG8\avg7api.dll
c:\program files\AVG\AVG8\avg8us.chm
c:\program files\AVG\AVG8\avg8us.lng
c:\program files\AVG\AVG8\avgabout.dll
c:\program files\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgameh.dll
c:\program files\AVG\AVG8\avgamnot.dll
c:\program files\AVG\AVG8\avgapix.dll
c:\program files\AVG\AVG8\avgar8us.chm
c:\program files\AVG\AVG8\avgas8us.chm
c:\program files\AVG\AVG8\avgaspmx.dll
c:\program files\AVG\AVG8\avgatend.stp
c:\program files\AVG\AVG8\avgatupd.stp
c:\program files\AVG\AVG8\avgbat.bav
c:\program files\AVG\AVG8\avgcclix.dll
c:\program files\AVG\AVG8\avgcfgex.exe
c:\program files\AVG\AVG8\avgclitx.dll
c:\program files\AVG\AVG8\avgcmgr.exe
c:\program files\AVG\AVG8\avgcrlpx.dll
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\AVG\AVG8\avgdg8us.chm
c:\program files\AVG\AVG8\avgdiag.dll
c:\program files\AVG\AVG8\avgdiag.exe
c:\program files\AVG\AVG8\avgdiagex.exe
c:\program files\AVG\AVG8\avgdumpx.exe
c:\program files\AVG\AVG8\avgemc.exe
c:\program files\AVG\AVG8\avgfrw.exe
c:\program files\AVG\AVG8\avgfw8fd.ini
c:\program files\AVG\AVG8\avgfw8us.chm
c:\program files\AVG\AVG8\avgfwui.dll
c:\program files\AVG\AVG8\avgfwwiz.dll
c:\program files\AVG\AVG8\avgfwwiz.exe
c:\program files\AVG\AVG8\avginet.dll
c:\program files\AVG\AVG8\avgiproxy.exe
c:\program files\AVG\AVG8\avglngx.dll
c:\program files\AVG\AVG8\avgmail.dll
c:\program files\AVG\AVG8\avgmvflx.dll
c:\program files\AVG\AVG8\avgmwdef_us.mht
c:\program files\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgoff2k.dll
c:\program files\AVG\AVG8\avgpp.dll
c:\program files\AVG\AVG8\avgresf.dll
c:\program files\AVG\AVG8\avgrktx.dll
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgscanx.dll
c:\program files\AVG\AVG8\avgscanx.exe
c:\program files\AVG\AVG8\avgsched.dll
c:\program files\AVG\AVG8\avgse.dll
c:\program files\AVG\AVG8\avgspmui.dll
c:\program files\AVG\AVG8\avgsrmax.exe
c:\program files\AVG\AVG8\avgsrmx.dll
c:\program files\AVG\AVG8\avgssie.dll
c:\program files\AVG\AVG8\avgst8us.chm
c:\program files\AVG\AVG8\avgstrmx.exe
c:\program files\AVG\AVG8\avgsystx.exe
c:\program files\AVG\AVG8\avgtbapi.dll
c:\program files\AVG\AVG8\avgtbas.tbp
c:\program files\AVG\AVG8\avgtoolbar.dll
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\AVG\AVG8\avgui.exe
c:\program files\AVG\AVG8\avguiadv.dll
c:\program files\AVG\AVG8\avguires.dll
c:\program files\AVG\AVG8\avgupd.dll
c:\program files\AVG\AVG8\avgupd.exe
c:\program files\AVG\AVG8\avgvvx.dll
c:\program files\AVG\AVG8\avgwdsvc.exe
c:\program files\AVG\AVG8\avgwdwsc.dll
c:\program files\AVG\AVG8\avgwebui.dll
c:\program files\AVG\AVG8\avgwsc.exe
c:\program files\AVG\AVG8\avgxpl.dll
c:\program files\AVG\AVG8\cf.dat
c:\program files\AVG\AVG8\contacts_us.html
c:\program files\AVG\AVG8\dbghelp.dll
c:\program files\AVG\AVG8\dfncfg.dat
c:\program files\AVG\AVG8\Drivers\avgfwd6\avgfwd6a.sys
c:\program files\AVG\AVG8\Drivers\avgfwd6\avgfwd6x.sys
c:\program files\AVG\AVG8\Drivers\avgfwd6\avgfwfd6.cat
c:\program files\AVG\AVG8\Drivers\avgfwd6\avgfwfd6.inf
c:\program files\AVG\AVG8\fixcfg.exe
c:\program files\AVG\AVG8\Icons\background_middle_gray.gif
c:\program files\AVG\AVG8\Icons\background_middle_green.gif
c:\program files\AVG\AVG8\Icons\background_middle_orange.gif
c:\program files\AVG\AVG8\Icons\background_middle_red.gif
c:\program files\AVG\AVG8\Icons\background_middle_yellow.gif
c:\program files\AVG\AVG8\Icons\background_top_gray.gif
c:\program files\AVG\AVG8\Icons\background_top_green.gif
c:\program files\AVG\AVG8\Icons\background_top_orange.gif
c:\program files\AVG\AVG8\Icons\background_top_red.gif
c:\program files\AVG\AVG8\Icons\background_top_yellow.gif
c:\program files\AVG\AVG8\Icons\block-doc.gif
c:\program files\AVG\AVG8\Icons\blocked.gif
c:\program files\AVG\AVG8\Icons\border_bottom_gray.gif
c:\program files\AVG\AVG8\Icons\border_bottom_green.gif
c:\program files\AVG\AVG8\Icons\border_bottom_orange.gif
c:\program files\AVG\AVG8\Icons\border_bottom_red.gif
c:\program files\AVG\AVG8\Icons\border_bottom_yellow.gif
c:\program files\AVG\AVG8\Icons\border_top_gray.gif
c:\program files\AVG\AVG8\Icons\border_top_green.gif
c:\program files\AVG\AVG8\Icons\border_top_orange.gif
c:\program files\AVG\AVG8\Icons\border_top_red.gif
c:\program files\AVG\AVG8\Icons\border_top_yellow.gif
c:\program files\AVG\AVG8\Icons\box_bottom_red.gif
c:\program files\AVG\AVG8\Icons\box_top_red.gif
c:\program files\AVG\AVG8\Icons\caution.gif
c:\program files\AVG\AVG8\Icons\click_here_gray.gif
c:\program files\AVG\AVG8\Icons\click_here_green.gif
c:\program files\AVG\AVG8\Icons\click_here_orange.gif
c:\program files\AVG\AVG8\Icons\click_here_red.gif
c:\program files\AVG\AVG8\Icons\click_here_yellow.gif
c:\program files\AVG\AVG8\Icons\clock.gif
c:\program files\AVG\AVG8\Icons\close.gif
c:\program files\AVG\AVG8\Icons\icons_blocked.gif
c:\program files\AVG\AVG8\Icons\icons_caution.gif
c:\program files\AVG\AVG8\Icons\icons_close.gif
c:\program files\AVG\AVG8\Icons\icons_safe.gif
c:\program files\AVG\AVG8\Icons\icons_unknown.gif
c:\program files\AVG\AVG8\Icons\icons_warning.gif
c:\program files\AVG\AVG8\Icons\LS_Logo_Results.gif
c:\program files\AVG\AVG8\Icons\safe.gif
c:\program files\AVG\AVG8\Icons\unknown.gif
c:\program files\AVG\AVG8\Icons\warning.gif
c:\program files\AVG\AVG8\imsdk32.dll
c:\program files\AVG\AVG8\libsasl.dll
c:\program files\AVG\AVG8\license_us.txt
c:\program files\AVG\AVG8\ph.dat
c:\program files\AVG\AVG8\saslcrammd5.dll
c:\program files\AVG\AVG8\sasldigestmd5.dll
c:\program files\AVG\AVG8\sasllogin.dll
c:\program files\AVG\AVG8\saslplain.dll
c:\program files\AVG\AVG8\sb.dat
c:\program files\AVG\AVG8\sb.dat.xcd
c:\program files\AVG\AVG8\sb2.dat
c:\program files\AVG\AVG8\sc.dat
c:\program files\AVG\AVG8\sc.dat.xcd
c:\program files\AVG\AVG8\setupus.lns
c:\program files\AVG\AVG8\ToolbarIEcache\avglinks.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\avglogo.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\avgstatus.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\avgstatus_error.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\avgtoolbartb0502.cfg
c:\program files\AVG\AVG8\ToolbarIEcache\brandlogo.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\p_yahoo.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\safesearch.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\safesearch_off.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\safesearch_on.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\safesurf.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\safesurf_off.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\safesurf_on.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\slider.bmp
c:\program files\AVG\AVG8\winspamcatcher.dll
c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\programdata\avg8
c:\programdata\avg8\Antispam\productid
c:\programdata\avg8\Antispam\rkd
c:\programdata\avg8\Antispam\sc1.bin
c:\programdata\avg8\Antispam\sc1.bin.full.2009.03.26.05.22.59
c:\programdata\avg8\Antispam\sc1.bin.full.2009.03.26.05.22.59.lkr1
c:\programdata\avg8\Antispam\sc1.bin.tmp
c:\programdata\avg8\Antispam\sc14.bin.full.2006.06.27.17.01.01
c:\programdata\avg8\Antispam\sc18.bin.full.2008.12.11.02.26.00
c:\programdata\avg8\Antispam\sc18.bin.full.2008.12.11.02.26.00.lkr1
c:\programdata\avg8\Antispam\sc18.bin.tmp1
c:\programdata\avg8\Antispam\sc18.bin.tmp2
c:\programdata\avg8\Antispam\sc2.bin
c:\programdata\avg8\Antispam\sc2.bin.full.2005.02.11.04.44.13
c:\programdata\avg8\Antispam\sc2.bin.full.2005.02.11.04.44.13.lkr1
c:\programdata\avg8\Antispam\sc5.bin.full.2007.01.28.16.09.00
c:\programdata\avg8\Antispam\sc5.bin.full.2007.01.28.16.09.00.lkr1
c:\programdata\avg8\Antispam\sc6.bin.full.2007.02.13.01.23.26
c:\programdata\avg8\Antispam\scdns.bin
c:\programdata\avg8\Antispam\scoffset.bin.incr
c:\programdata\avg8\Antispam\spamcatcher.conf
c:\programdata\avg8\AvgAm\avgam.lck
c:\programdata\avg8\Cfg\krnl.cfg
c:\programdata\avg8\Cfg\mail.cfg
c:\programdata\avg8\Cfg\malrep.cfg
c:\programdata\avg8\Cfg\scan.cfg
c:\programdata\avg8\Cfg\sched.cfg
c:\programdata\avg8\Cfg\setup.cfg
c:\programdata\avg8\Cfg\update.cfg
c:\programdata\avg8\Cfg\updatecomps.cfg.old
c:\programdata\avg8\Cfg\user.cfg
c:\programdata\avg8\CfgAll\changecfgreg.cfg
c:\programdata\avg8\CfgAll\fw.cfg
c:\programdata\avg8\CfgAll\updateall.cfg
c:\programdata\avg8\emc\Log\emc.log
c:\programdata\avg8\Log\amlog.cfg
c:\programdata\avg8\Log\avgam.log
c:\programdata\avg8\Log\avgam.log.lock
c:\programdata\avg8\Log\avgcore.log
c:\programdata\avg8\Log\avgcore.log.1
c:\programdata\avg8\Log\avgcore.log.10
c:\programdata\avg8\Log\avgcore.log.2
c:\programdata\avg8\Log\avgcore.log.3
c:\programdata\avg8\Log\avgcore.log.4
c:\programdata\avg8\Log\avgcore.log.5
c:\programdata\avg8\Log\avgcore.log.6
c:\programdata\avg8\Log\avgcore.log.7
c:\programdata\avg8\Log\avgcore.log.8
c:\programdata\avg8\Log\avgcore.log.9
c:\programdata\avg8\Log\avgcore.log.lock
c:\programdata\avg8\Log\avgfrw.log
c:\programdata\avg8\Log\avgfrw.log.lock
c:\programdata\avg8\Log\avgfw8u.log
c:\programdata\avg8\Log\avgfw8u.log.1
c:\programdata\avg8\Log\avgfw8u.log.2
c:\programdata\avg8\Log\avgfw8u.log.3
c:\programdata\avg8\Log\avgfw8u.log.4
c:\programdata\avg8\Log\avgfw8u.log.lock
c:\programdata\avg8\Log\avgldr.log
c:\programdata\avg8\Log\avgldr.log.lock
c:\programdata\avg8\Log\avglng.log
c:\programdata\avg8\Log\avglng.log.lock
c:\programdata\avg8\Log\avgns.log
c:\programdata\avg8\Log\avgns.log.1
c:\programdata\avg8\Log\avgns.log.lock
c:\programdata\avg8\Log\avgrs.log
c:\programdata\avg8\Log\avgrs.log.1
c:\programdata\avg8\Log\avgrs.log.2
c:\programdata\avg8\Log\avgrs.log.lock
c:\programdata\avg8\Log\avgscan.log
c:\programdata\avg8\Log\avgscan.log.lock
c:\programdata\avg8\Log\avgsched.log
c:\programdata\avg8\Log\avgsched.log.1
c:\programdata\avg8\Log\avgsched.log.2
c:\programdata\avg8\Log\avgsched.log.3
c:\programdata\avg8\Log\avgsched.log.4
c:\programdata\avg8\Log\avgsched.log.5
c:\programdata\avg8\Log\avgsched.log.lock
c:\programdata\avg8\Log\avgsrm.log
c:\programdata\avg8\Log\avgsrm.log.lock
c:\programdata\avg8\Log\avgui.log
c:\programdata\avg8\Log\avgui.log.lock
c:\programdata\avg8\Log\avguilog.cfg
c:\programdata\avg8\Log\avgupd.log
c:\programdata\avg8\Log\avgupd.log.lock
c:\programdata\avg8\Log\avgwd.log
c:\programdata\avg8\Log\avgwd.log.1
c:\programdata\avg8\Log\avgwd.log.lock
c:\programdata\avg8\Log\avgwdsvc.log
c:\programdata\avg8\Log\avgwdsvc.log.lock
c:\programdata\avg8\Log\cfgexlog.cfg
c:\programdata\avg8\Log\cfglog.cfg
c:\programdata\avg8\Log\commonpriv.log
c:\programdata\avg8\Log\commonpriv.log.lock
c:\programdata\avg8\Log\commonpub.log
c:\programdata\avg8\Log\commonpub.log.lock
c:\programdata\avg8\Log\corelog.cfg
c:\programdata\avg8\Log\fixcfg.log
c:\programdata\avg8\Log\fixcfg.log.lock
c:\programdata\avg8\Log\history.xml
c:\programdata\avg8\Log\ldrlog.cfg
c:\programdata\avg8\Log\lnglog.cfg
c:\programdata\avg8\Log\nslog.cfg
c:\programdata\avg8\Log\privlog.cfg
c:\programdata\avg8\Log\publog.cfg
c:\programdata\avg8\Log\rslog.cfg
c:\programdata\avg8\Log\scanlog.cfg
c:\programdata\avg8\Log\schedlog.cfg
c:\programdata\avg8\Log\srmlog.cfg
c:\programdata\avg8\Log\systoolslog.cfg
c:\programdata\avg8\Log\updlog.cfg
c:\programdata\avg8\Log\vaultlog.cfg
c:\programdata\avg8\Log\wdlog.cfg
c:\programdata\avg8\Log\wdsvclog.cfg
c:\programdata\avg8\scanlogs\I_00000005.log
c:\programdata\avg8\scanlogs\I_00000006.log
c:\programdata\avg8\scanlogs\I_00000007.log
c:\programdata\avg8\scanlogs\I_00000008.log
c:\programdata\avg8\scanlogs\I_00000009.log
c:\programdata\avg8\scanlogs\I_00000010.log
c:\programdata\avg8\scanlogs\I_00000011.log
c:\programdata\avg8\scanlogs\I_00000012.log
c:\programdata\avg8\scanlogs\srm.idx
c:\programdata\avg8\update\backup\avginet.dll
c:\programdata\avg8\update\backup\avgiproxy.exe
c:\programdata\avg8\update\backup\avgtdix.sys
c:\programdata\avg8\update\backup\avgupd.dll
c:\programdata\avg8\update\backup\avgupd.exe
c:\programdata\avg8\update\backup\incavi.avm
c:\programdata\avg8\update\backup\sb.dat
c:\programdata\avg8\update\backup\sb2.dat
c:\programdata\avg8\update\backup\sc.dat
c:\programdata\avg8\update\download\avginfoavi.ctf
c:\programdata\avg8\update\download\avginfowin.ctf
c:\programdata\avg8\update\download\u7avi1448u1435sc.bin
c:\programdata\avg8\update\download\u7avi1450u1435dv.bin
c:\programdata\avg8\update\download\u7avi1451u1435q4.bin
c:\programdata\avg8\update\download\u7avi1452u1435fs.bin
c:\programdata\avg8\update\download\u7avi1453u1435pt.bin
c:\programdata\avg8\update\download\u7avi1454u1435k.bin
c:\programdata\avg8\update\download\u7avi1464u1435q8.bin
c:\programdata\avg8\update\download\u7avi1465u1435w9.bin
c:\programdata\avg8\update\download\u7avi1466u1435y9.bin
c:\programdata\avg8\update\download\u7iavi2001u1971y2.bin
c:\programdata\avg8\update\download\u7iavi2003u2001dv.bin
c:\programdata\avg8\update\download\u7iavi2004u200365.bin
c:\programdata\avg8\update\download\u7iavi2006u2004au.bin
c:\programdata\avg8\update\download\u7iavi2007u2006ft.bin
c:\programdata\avg8\update\download\u7iavi2008u2007pu.bin
c:\programdata\avg8\update\download\u7iavi2009u2008el.bin
c:\programdata\avg8\update\download\u7iavi2010u2009k.bin
c:\programdata\avg8\update\download\u7iavi2011u2010i9.bin
c:\programdata\avg8\update\download\u7iavi2024u2004b0.bin
c:\programdata\avg8\update\download\u7iavi2025u2024w9.bin
c:\programdata\avg8\update\download\u7iavi2026u2025eq.bin
c:\programdata\avg8\update\download\u7iavi2027u2026ya.bin
c:\programdata\avg8\update\download\u7iavi2028u2027iv.bin
c:\programdata\avg8\update\download\w8core281r2737d.bin
c:\programdata\avg8\update\download\w8fw284r26862.bin
c:\programdata\avg8\update\download\w8hlpus277r2737o.bin
c:\programdata\avg8\update\download\w8krnl284r27662.bin
c:\programdata\avg8\update\download\w8setup2807a.bin
c:\programdata\avg8\update\download\w8tdix284r26662.bin
c:\programdata\avg8\update\download\w8upd283r276us.bin
c:\programdata\avg8\update\download\x8xplsb_45d432a.bin
c:\programdata\avg8\update\download\x8xplsb2_553k.bin
c:\programdata\avg8\update\download\x8xplsb2_56es.bin
c:\programdata\avg8\update\download\x8xplsb2_60a1.bin
c:\programdata\avg8\update\download\x8xplsc_68d65mb.bin
c:\programdata\avg8\update\download\x8xplsc_69d68ol.bin
c:\programdata\avg8\update\prepare\incavi.avm
c:\programdata\avg8\update\prepare\sb.dat.prepare
c:\programdata\avg8\update\prepare\sc.dat.prepare
c:\programdata\Symantec
c:\programdata\Symantec\LiveUpdate\Settings.LiveUpdate
c:\users\All Users\avg8\Antispam\productid
c:\users\All Users\avg8\Antispam\rkd
c:\users\All Users\avg8\Antispam\sc1.bin
c:\users\All Users\avg8\Antispam\sc1.bin.full.2009.03.26.05.22.59
c:\users\All Users\avg8\Antispam\sc1.bin.full.2009.03.26.05.22.59.lkr1
c:\users\All Users\avg8\Antispam\sc1.bin.tmp
c:\users\All Users\avg8\Antispam\sc14.bin.full.2006.06.27.17.01.01
c:\users\All Users\avg8\Antispam\sc18.bin.full.2008.12.11.02.26.00
c:\users\All Users\avg8\Antispam\sc18.bin.full.2008.12.11.02.26.00.lkr1
c:\users\All Users\avg8\Antispam\sc18.bin.tmp1
c:\users\All Users\avg8\Antispam\sc18.bin.tmp2
c:\users\All Users\avg8\Antispam\sc2.bin
c:\users\All Users\avg8\Antispam\sc2.bin.full.2005.02.11.04.44.13
c:\users\All Users\avg8\Antispam\sc2.bin.full.2005.02.11.04.44.13.lkr1
c:\users\All Users\avg8\Antispam\sc5.bin.full.2007.01.28.16.09.00
c:\users\All Users\avg8\Antispam\sc5.bin.full.2007.01.28.16.09.00.lkr1
c:\users\All Users\avg8\Antispam\sc6.bin.full.2007.02.13.01.23.26
c:\users\All Users\avg8\Antispam\scdns.bin
c:\users\All Users\avg8\Antispam\scoffset.bin.incr
c:\users\All Users\avg8\Antispam\spamcatcher.conf
c:\users\All Users\avg8\AvgAm\avgam.lck
c:\users\All Users\avg8\Cfg\krnl.cfg
c:\users\All Users\avg8\Cfg\mail.cfg
c:\users\All Users\avg8\Cfg\malrep.cfg
c:\users\All Users\avg8\Cfg\scan.cfg
c:\users\All Users\avg8\Cfg\sched.cfg
c:\users\All Users\avg8\Cfg\setup.cfg
c:\users\All Users\avg8\Cfg\update.cfg
c:\users\All Users\avg8\Cfg\updatecomps.cfg.old
c:\users\All Users\avg8\Cfg\user.cfg
c:\users\All Users\avg8\CfgAll\changecfgreg.cfg
c:\users\All Users\avg8\CfgAll\fw.cfg
c:\users\All Users\avg8\CfgAll\updateall.cfg
c:\users\All Users\avg8\emc\Log\emc.log
c:\users\All Users\avg8\Log\amlog.cfg
c:\users\All Users\avg8\Log\avgam.log
c:\users\All Users\avg8\Log\avgam.log.lock
c:\users\All Users\avg8\Log\avgcore.log
c:\users\All Users\avg8\Log\avgcore.log.1
c:\users\All Users\avg8\Log\avgcore.log.10
c:\users\All Users\avg8\Log\avgcore.log.2
c:\users\All Users\avg8\Log\avgcore.log.3
c:\users\All Users\avg8\Log\avgcore.log.4
c:\users\All Users\avg8\Log\avgcore.log.5
c:\users\All Users\avg8\Log\avgcore.log.6
c:\users\All Users\avg8\Log\avgcore.log.7
c:\users\All Users\avg8\Log\avgcore.log.8
c:\users\All Users\avg8\Log\avgcore.log.9
c:\users\All Users\avg8\Log\avgcore.log.lock
c:\users\All Users\avg8\Log\avgfrw.log
c:\users\All Users\avg8\Log\avgfrw.log.lock
c:\users\All Users\avg8\Log\avgfw8u.log
c:\users\All Users\avg8\Log\avgfw8u.log.1
c:\users\All Users\avg8\Log\avgfw8u.log.2
c:\users\All Users\avg8\Log\avgfw8u.log.3
c:\users\All Users\avg8\Log\avgfw8u.log.4
c:\users\All Users\avg8\Log\avgfw8u.log.lock
c:\users\All Users\avg8\Log\avgldr.log
c:\users\All Users\avg8\Log\avgldr.log.lock
c:\users\All Users\avg8\Log\avglng.log
c:\users\All Users\avg8\Log\avglng.log.lock
c:\users\All Users\avg8\Log\avgns.log
c:\users\All Users\avg8\Log\avgns.log.1
c:\users\All Users\avg8\Log\avgns.log.lock
c:\users\All Users\avg8\Log\avgrs.log
c:\users\All Users\avg8\Log\avgrs.log.1
c:\users\All Users\avg8\Log\avgrs.log.2
c:\users\All Users\avg8\Log\avgrs.log.lock
c:\users\All Users\avg8\Log\avgscan.log
c:\users\All Users\avg8\Log\avgscan.log.lock
c:\users\All Users\avg8\Log\avgsched.log
c:\users\All Users\avg8\Log\avgsched.log.1
c:\users\All Users\avg8\Log\avgsched.log.2
c:\users\All Users\avg8\Log\avgsched.log.3
c:\users\All Users\avg8\Log\avgsched.log.4
c:\users\All Users\avg8\Log\avgsched.log.5
c:\users\All Users\avg8\Log\avgsched.log.lock
c:\users\All Users\avg8\Log\avgsrm.log
c:\users\All Users\avg8\Log\avgsrm.log.lock
c:\users\All Users\avg8\Log\avgui.log
c:\users\All Users\avg8\Log\avgui.log.lock
c:\users\All Users\avg8\Log\avguilog.cfg
c:\users\All Users\avg8\Log\avgupd.log
c:\users\All Users\avg8\Log\avgupd.log.lock
c:\users\All Users\avg8\Log\avgwd.log
c:\users\All Users\avg8\Log\avgwd.log.1
c:\users\All Users\avg8\Log\avgwd.log.lock
c:\users\All Users\avg8\Log\avgwdsvc.log
c:\users\All Users\avg8\Log\avgwdsvc.log.lock
c:\users\All Users\avg8\Log\cfgexlog.cfg
c:\users\All Users\avg8\Log\cfglog.cfg
c:\users\All Users\avg8\Log\commonpriv.log
c:\users\All Users\avg8\Log\commonpriv.log.lock
c:\users\All Users\avg8\Log\commonpub.log
c:\users\All Users\avg8\Log\commonpub.log.lock
c:\users\All Users\avg8\Log\corelog.cfg
c:\users\All Users\avg8\Log\fixcfg.log
c:\users\All Users\avg8\Log\fixcfg.log.lock
c:\users\All Users\avg8\Log\history.xml
c:\users\All Users\avg8\Log\ldrlog.cfg
c:\users\All Users\avg8\Log\lnglog.cfg
c:\users\All Users\avg8\Log\nslog.cfg
c:\users\All Users\avg8\Log\privlog.cfg
c:\users\All Users\avg8\Log\publog.cfg
c:\users\All Users\avg8\Log\rslog.cfg
c:\users\All Users\avg8\Log\scanlog.cfg
c:\users\All Users\avg8\Log\schedlog.cfg
c:\users\All Users\avg8\Log\srmlog.cfg
c:\users\All Users\avg8\Log\systoolslog.cfg
c:\users\All Users\avg8\Log\updlog.cfg
c:\users\All Users\avg8\Log\vaultlog.cfg
c:\users\All Users\avg8\Log\wdlog.cfg
c:\users\All Users\avg8\Log\wdsvclog.cfg
c:\users\All Users\avg8\scanlogs\I_00000005.log
c:\users\All Users\avg8\scanlogs\I_00000006.log
c:\users\All Users\avg8\scanlogs\I_00000007.log
c:\users\All Users\avg8\scanlogs\I_00000008.log
c:\users\All Users\avg8\scanlogs\I_00000009.log
c:\users\All Users\avg8\scanlogs\I_00000010.log
c:\users\All Users\avg8\scanlogs\I_00000011.log
c:\users\All Users\avg8\scanlogs\I_00000012.log
c:\users\All Users\avg8\scanlogs\srm.idx
c:\users\All Users\avg8\update\backup\avginet.dll
c:\users\All Users\avg8\update\backup\avgiproxy.exe
c:\users\All Users\avg8\update\backup\avgtdix.sys
c:\users\All Users\avg8\update\backup\avgupd.dll
c:\users\All Users\avg8\update\backup\avgupd.exe
c:\users\All Users\avg8\update\backup\incavi.avm
c:\users\All Users\avg8\update\backup\sb.dat
c:\users\All Users\avg8\update\backup\sb2.dat
c:\users\All Users\avg8\update\backup\sc.dat
c:\users\All Users\avg8\update\download\avginfoavi.ctf
c:\users\All Users\avg8\update\download\avginfowin.ctf
c:\users\All Users\avg8\update\download\u7avi1448u1435sc.bin
c:\users\All Users\avg8\update\download\u7avi1450u1435dv.bin
c:\users\All Users\avg8\update\download\u7avi1451u1435q4.bin
c:\users\All Users\avg8\update\download\u7avi1452u1435fs.bin
c:\users\All Users\avg8\update\download\u7avi1453u1435pt.bin
c:\users\All Users\avg8\update\download\u7avi1454u1435k.bin
c:\users\All Users\avg8\update\download\u7avi1464u1435q8.bin
c:\users\All Users\avg8\update\download\u7avi1465u1435w9.bin
c:\users\All Users\avg8\update\download\u7avi1466u1435y9.bin
c:\users\All Users\avg8\update\download\u7iavi2001u1971y2.bin
c:\users\All Users\avg8\update\download\u7iavi2003u2001dv.bin
c:\users\All Users\avg8\update\download\u7iavi2004u200365.bin
c:\users\All Users\avg8\update\download\u7iavi2006u2004au.bin
c:\users\All Users\avg8\update\download\u7iavi2007u2006ft.bin
c:\users\All Users\avg8\update\download\u7iavi2008u2007pu.bin
c:\users\All Users\avg8\update\download\u7iavi2009u2008el.bin
c:\users\All Users\avg8\update\download\u7iavi2010u2009k.bin
c:\users\All Users\avg8\update\download\u7iavi2011u2010i9.bin
c:\users\All Users\avg8\update\download\u7iavi2024u2004b0.bin
c:\users\All Users\avg8\update\download\u7iavi2025u2024w9.bin
c:\users\All Users\avg8\update\download\u7iavi2026u2025eq.bin
c:\users\All Users\avg8\update\download\u7iavi2027u2026ya.bin
c:\users\All Users\avg8\update\download\u7iavi2028u2027iv.bin
c:\users\All Users\avg8\update\download\w8core281r2737d.bin
c:\users\All Users\avg8\update\download\w8fw284r26862.bin
c:\users\All Users\avg8\update\download\w8hlpus277r2737o.bin
c:\users\All Users\avg8\update\download\w8krnl284r27662.bin
c:\users\All Users\avg8\update\download\w8setup2807a.bin
c:\users\All Users\avg8\update\download\w8tdix284r26662.bin
c:\users\All Users\avg8\update\download\w8upd283r276us.bin
c:\users\All Users\avg8\update\download\x8xplsb_45d432a.bin
c:\users\All Users\avg8\update\download\x8xplsb2_553k.bin
c:\users\All Users\avg8\update\download\x8xplsb2_56es.bin
c:\users\All Users\avg8\update\download\x8xplsb2_60a1.bin
c:\users\All Users\avg8\update\download\x8xplsc_68d65mb.bin
c:\users\All Users\avg8\update\download\x8xplsc_69d68ol.bin
c:\users\All Users\avg8\update\prepare\incavi.avm
c:\users\All Users\avg8\update\prepare\sb.dat.prepare
c:\users\All Users\avg8\update\prepare\sc.dat.prepare
c:\users\Jim & Amy\AppData\Roaming\aAvgApi
c:\users\Jim & Amy\AppData\Roaming\aAvgApi\avgapi.log
c:\windows\System32\drivers\Avg
c:\windows\System32\drivers\Avg\avi7.avg
c:\windows\System32\drivers\Avg\incavi.avm
c:\windows\System32\drivers\Avg\microavi.avg
c:\windows\System32\drivers\Avg\miniavi.avg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AVGFWFD
-------\Legacy_AVGLDX86
-------\Legacy_AVGRKX86
-------\Legacy_AVGTDIX
-------\Service_avg8emc
-------\Service_avg8wd
-------\Service_Avgfwfd
-------\Service_avgfws8
-------\Service_AvgLdx86
-------\Service_AvgRkx86
-------\Service_AvgTdiX


((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-30 )))))))))))))))))))))))))))))))
.

2009-03-29 19:15 . 2009-03-29 19:19 <DIR> d-------- C:\4676
2009-03-29 19:07 . 2009-03-29 19:08 <DIR> d-------- C:\3341
2009-03-29 19:06 . 2009-03-30 17:19 <DIR> d-------- C:\Tools-AV
2009-03-28 23:12 . 2009-03-28 23:12 <DIR> d-------- c:\windows\System32\Adobe
2009-03-28 20:48 . 2008-06-19 20:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-03-28 20:48 . 2008-06-19 20:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-03-28 20:48 . 2008-06-19 20:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-03-28 20:48 . 2008-06-19 20:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-03-28 20:48 . 2008-06-19 20:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-03-28 20:48 . 2008-06-19 20:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-03-28 20:48 . 2008-06-19 20:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-03-28 20:48 . 2008-06-19 20:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-03-28 19:02 . 2008-07-27 13:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-03-28 19:02 . 2008-07-27 13:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-03-28 19:02 . 2008-07-27 13:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-03-28 19:02 . 2008-07-27 13:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-03-28 19:02 . 2008-07-27 13:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-03-27 17:09 . 2009-03-27 17:09 <DIR> d-------- c:\program files\Real
2009-03-25 19:51 . 2009-03-25 19:58 <DIR> d-------- c:\program files\Windows Live Safety Center
2009-03-23 11:15 . 2009-03-23 11:15 <DIR> d-------- c:\users\Jim & Amy\AppData\Roaming\Amazon
2009-03-23 11:05 . 2009-03-23 11:05 <DIR> d-------- c:\program files\Amazon
2009-03-19 21:42 . 2009-03-19 21:42 <DIR> d-------- c:\program files\iPod
2009-03-19 21:42 . 2008-04-17 12:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2009-03-19 21:42 . 2009-01-15 12:19 23,848 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2009-03-19 21:41 . 2009-03-19 21:42 <DIR> d-------- c:\users\All Users\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-19 21:41 . 2009-03-19 21:42 <DIR> d-------- c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-19 21:18 . 2009-03-19 21:18 <DIR> d-------- c:\program files\Bonjour
2009-03-19 12:25 . 2009-03-19 12:25 <DIR> d-------- c:\users\Jim & Amy\AppData\Roaming\eMusic
2009-03-19 12:25 . 2009-03-19 12:25 <DIR> d-------- c:\program files\eMusic
2009-03-19 12:25 . 2009-03-19 12:25 <DIR> d-------- c:\program files\Conduit
2009-03-19 12:23 . 2009-03-19 12:23 <DIR> d-------- c:\program files\eMusic Download Manager
2009-03-17 07:01 . 2009-03-26 07:41 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-14 18:36 . 2009-03-14 18:36 <DIR> d-------- c:\users\All Users\Downloaded Installations
2009-03-14 18:36 . 2009-03-14 18:36 <DIR> d-------- c:\programdata\Downloaded Installations
2009-03-14 18:35 . 2009-03-14 18:35 325,640 --a------ c:\windows\System32\drivers\avgldx86.sys
2009-03-14 18:35 . 2009-03-26 09:10 108,552 --a------ c:\windows\System32\drivers\avgtdix.sys
2009-03-14 18:35 . 2009-03-14 18:35 12,552 --a------ c:\windows\System32\drivers\avgrkx86.sys
2009-03-14 18:35 . 2009-03-14 18:35 10,520 --a------ c:\windows\System32\avgrsstx.dll
2009-03-14 18:33 . 2009-03-14 18:33 23,832 --a------ c:\windows\System32\drivers\avgfwd6x.sys
2009-03-11 13:10 . 2008-12-15 22:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 13:10 . 2009-02-08 22:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-11 13:10 . 2008-11-26 23:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-11 13:10 . 2008-12-16 00:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 13:10 . 2008-12-16 00:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 13:10 . 2008-12-16 00:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-05 23:59 . 2009-03-05 23:59 1,900,544 --a------ c:\windows\System32\usbaaplrc.dll
2009-03-05 23:59 . 2009-03-05 23:59 36,864 --a------ c:\windows\System32\drivers\usbaapl.sys
2009-02-15 22:36 . 2008-12-04 23:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-15 22:36 . 2008-12-04 23:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-15 22:36 . 2008-12-04 23:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-15 22:36 . 2008-12-04 23:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-15 22:36 . 2008-12-04 23:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-13 23:22 . 2009-02-13 23:22 <DIR> d-------- c:\users\Jim & Amy\AppData\Roaming\Home Sweet Home 2
2009-02-13 05:07 . 2009-02-13 05:55 <DIR> d-------- c:\users\Jim & Amy\AppData\Roaming\iWin_JanesRealty
2009-02-11 00:22 . 2009-01-14 22:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 00:22 . 2009-01-15 01:11 827,392 --a------ c:\windows\System32\wininet.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-29 15:43 --------- d-----w c:\program files\CONEXANT
2009-03-29 00:10 --------- d-----w c:\program files\Java
2009-03-20 02:42 --------- d-----w c:\program files\iTunes
2009-03-20 02:42 --------- d-----w c:\program files\Common Files\Apple
2009-03-12 18:19 --------- d-----w c:\program files\Windows Mail
2009-02-14 04:48 --------- d---a-w c:\programdata\TEMP
2009-02-14 04:21 --------- d-----w c:\program files\iWin.com
2009-02-05 14:01 --------- d-----w c:\programdata\CanonIJPLM
2009-02-03 05:29 --------- d-----w c:\program files\EA GAMES
2009-01-28 00:23 --------- d-----w c:\users\Jim & Amy\AppData\Roaming\Apple Computer
2009-01-28 00:22 --------- d-----w c:\programdata\Apple Computer
2009-01-28 00:20 --------- d-----w c:\program files\QuickTime
2009-01-28 00:17 --------- d-----w c:\program files\Apple Software Update
2009-01-28 00:16 --------- d-----w c:\programdata\Apple
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\programdata\Downloaded Installations ----

2009-03-14 18:36 7775232 --a------ c:\programdata\Downloaded Installations\{49AD8D2A-1643-458B-9EE7-7C091FDE10A5}\AVG_IDS_setup.msi

---- Directory of c:\users\All Users\Downloaded Installations ----

2009-03-14 18:36 7775232 --a------ c:\users\All Users\Downloaded Installations\{49AD8D2A-1643-458B-9EE7-7C091FDE10A5}\AVG_IDS_setup.msi

---- Directory of c:\users\Jim & Amy\AppData\Roaming\Home Sweet Home 2 ----

2009-02-13 23:47 477 --a------ c:\users\Jim & Amy\AppData\Roaming\Home Sweet Home 2\profile_0.dat
2009-02-13 23:46 10056 --a------ c:\users\Jim & Amy\AppData\Roaming\Home Sweet Home 2\amy0\layouts.dat
2009-02-13 23:41 422 --a------ c:\users\Jim & Amy\AppData\Roaming\Home Sweet Home 2\amy0\my_portfolio_scrapbook.dat


((((((((((((((((((((((((((((( SnapShot@2009-03-30_ 4.06.08.67 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-29 22:31:52 51,200 ----a-w c:\windows\inf\infpub.dat
+ 2009-03-30 16:56:57 51,200 ----a-w c:\windows\inf\infpub.dat
- 2009-03-29 22:31:52 86,016 ----a-w c:\windows\inf\infstrng.dat
+ 2009-03-30 16:56:56 86,016 ----a-w c:\windows\inf\infstrng.dat
- 2009-03-30 09:02:27 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-03-30 22:29:05 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2009-03-30 09:02:26 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-03-30 22:29:08 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2009-03-30 08:56:57 101,144 ----a-w c:\windows\System32\perfc009.dat
+ 2009-03-30 09:07:54 101,144 ----a-w c:\windows\System32\perfc009.dat
- 2009-03-30 08:56:57 595,446 ----a-w c:\windows\System32\perfh009.dat
+ 2009-03-30 09:07:54 595,446 ----a-w c:\windows\System32\perfh009.dat
- 2009-03-30 08:51:24 5,900 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4043121322-1403154492-1806109776-1000_UserData.bin
+ 2009-03-30 09:03:58 6,028 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4043121322-1403154492-1806109776-1000_UserData.bin
- 2009-03-30 08:51:24 75,292 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-30 09:03:58 75,380 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-03-29 22:17:51 266,862 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-03-30 22:12:16 268,324 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9ee802e8-c931-47ab-b570-aa8f791598ca}"= "c:\program files\eMusic\tbeMu1.dll" [2009-03-19 1883672]

[HKEY_CLASSES_ROOT\clsid\{9ee802e8-c931-47ab-b570-aa8f791598ca}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9ee802e8-c931-47ab-b570-aa8f791598ca}]
2009-03-19 12:25 1883672 --a------ c:\program files\eMusic\tbeMu1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9ee802e8-c931-47ab-b570-aa8f791598ca}"= "c:\program files\eMusic\tbeMu1.dll" [2009-03-19 1883672]

[HKEY_CLASSES_ROOT\clsid\{9ee802e8-c931-47ab-b570-aa8f791598ca}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{9EE802E8-C931-47AB-B570-AA8F791598CA}"= "c:\program files\eMusic\tbeMu1.dll" [2009-03-19 1883672]

[HKEY_CLASSES_ROOT\clsid\{9ee802e8-c931-47ab-b570-aa8f791598ca}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-20 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-20 202240]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-20 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-13 29744]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2007-03-07 189440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-23 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2008-01-18 40072]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2008-03-14 2342912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{86367820-44C7-4283-9935-2F5A4B486E35}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{98A297AB-DD68-4787-9FC9-7114907DC7BE}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BFFAD669-7660-45DE-A40C-1D38AE0E296D}"= UDP:c:\program files\iWin Games\iWinGames.exe:iWin Games application.
"{499F8F0A-653C-4952-9E78-D4B980993612}"= TCP:c:\program files\iWin Games\iWinGames.exe:iWin Games application.
"{51167223-CA62-482E-B251-EC309DC89581}"= UDP:c:\program files\iWin Games\WebUpdater.exe:iWin Games updater.
"{4540F48F-787C-4BC3-8E40-64D4DFF18B7B}"= TCP:c:\program files\iWin Games\WebUpdater.exe:iWin Games updater.
"{F8324F2C-91E0-49F6-9C98-07954AF74CD9}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{13886B5E-6F50-4EA1-8054-480770A55424}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7963E0EE-D7C4-4474-883F-1D075A091057}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{56B37B53-344E-479A-AC3E-5E58611EB18D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [2008-12-17 78104]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-12-22 33752]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-03-14 29744]
S3 MAUSBFT;Service for M-Audio Fast Track USB (WDM);c:\windows\System32\drivers\mausbft.sys [2009-01-21 119808]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [2006-11-02 2589184]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=WM&Br=EM&Loc=ENG_US&Sys=DTP&M=W3653
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - http://edits.mywebse...?p=ZJxdm128YYUS
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-30 17:29:18
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\M-Audio\Fast Track USB\MAUSBFTInst.exe
c:\program files\Canon\IJPLM\ijplmsvc.exe
c:\windows\System32\drivers\XAudio.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2009-03-30 17:33:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-30 22:33:17
ComboFix2.txt 2009-03-30 09:07:29

Pre-Run: 189,905,440,768 bytes free
Post-Run: 190,088,081,408 bytes free

819 --- E O F --- 2009-03-30 20:25:38
  • 0

#25
amylynn4
Posted 30 March 2009 - 05:43 PM

amylynn4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Alright, now I can finally download programs onto my computer!!! :) I just downloaded Malwarebytes.
  • 0

Advertisements

#26
andrewuk
Posted 30 March 2009 - 05:47 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
now we are in business, before we go onto the scans, lets clear out some final parts of AVG:

Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
explorer.exe

:Files
c:\users\All Users\Downloaded Installations
c:\programdata\Downloaded Installations
c:\windows\System32\drivers\avgldx86.sys
c:\windows\System32\drivers\avgtdix.sys
c:\windows\System32\drivers\avgrkx86.sys
c:\windows\System32\avgrsstx.dll
c:\windows\System32\drivers\avgfwd6x.sys
C:\$AVG8.VAULT$

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
  • 0

#27
amylynn4
Posted 30 March 2009 - 05:54 PM

amylynn4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
c:\users\All Users\Downloaded Installations\{49AD8D2A-1643-458B-9EE7-7C091FDE10A5} moved successfully.
c:\users\All Users\Downloaded Installations moved successfully.
File/Folder c:\programdata\Downloaded Installations not found.
c:\windows\System32\drivers\avgldx86.sys moved successfully.
c:\windows\System32\drivers\avgtdix.sys moved successfully.
c:\windows\System32\drivers\avgrkx86.sys moved successfully.
DllUnregisterServer procedure not found in c:\windows\System32\avgrsstx.dll
c:\windows\System32\avgrsstx.dll NOT unregistered.
c:\windows\System32\avgrsstx.dll moved successfully.
c:\windows\System32\drivers\avgfwd6x.sys moved successfully.
C:\$AVG8.VAULT$ moved successfully.
========== COMMANDS ==========
File delete failed. C:\Users\JIM&AM~1\AppData\Local\Temp\~DF4EE3.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\TMP0000004E6D84EEB52B2B1A4C scheduled to be deleted on reboot.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03302009_185032

Files moved on Reboot...
C:\Users\JIM&AM~1\AppData\Local\Temp\~DF4EE3.tmp moved successfully.
File C:\Windows\temp\TMP0000004E6D84EEB52B2B1A4C not found!
  • 0

#28
andrewuk
Posted 30 March 2009 - 06:02 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
in this post we will do some general scans to clear out the remnants and ensure nothing else sneaked onto your machine.

the scans will likely take 4 hours, quite possibly much longer. so just let them run.

remember, you are still unprotected with no antivirus program - we will put on one once we have run these scans. so keep your online browsing to a minimum.


====STEP 1====
Please download ATF Cleaner by Atribune.

Caution: This program is for Windows 2000, XP and Vista only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.



====STEP 2====
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


====STEP 3====
Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
====STEP 4====
Please do an online scan with Kaspersky WebScanner (this will identify any issues, we will clear them in the following post)

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 12.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u11-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u11-windows-i586-p.exe and select "Run as an Administrator.")
In your next reply could i see:
1. the malwarebytes log
2. the superantispyware log
3. the kaspersky log

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk
  • 0

#29
amylynn4
Posted 30 March 2009 - 08:00 PM

amylynn4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I'll post the logs as the scans finish










Malwarebytes' Anti-Malware 1.35
Database version: 1922
Windows 6.0.6001 Service Pack 1

3/30/2009 8:54:36 PM
mbam-log-2009-03-30 (20-54-36).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 267574
Time elapsed: 1 hour(s), 44 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 91
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 25

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\msimg32.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\System32\f3PSSavr.scr.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
  • 0

#30
amylynn4
Posted 30 March 2009 - 08:58 PM

amylynn4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I just ran the SUPERAntiSpyware and went to open up the internet browser and got prompted with internet explorer security to allow 'igfxsrvc Module' in C:\Windows\System\32\igfxsrve.exe

Now should I allow or deny opening the web content? I'm unsure if it is from SUPERAntiSpyware.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP