also, the file path would be: c:\windows\System32\igfxsrvc.exe (note the spelling, it is system32 and not system\32)
if either of these are different, then let me know and dont allow it - but looking at your logs it appears it is ok to allow it.
access violation - AVGTOO~1.dll [Solved]
Started by
amylynn4
, Mar 28 2009 07:24 PM
-
This topic is locked
#31
Posted 31 March 2009 - 10:37 AM
andrewuk
-
- Malware Removal
-
- 5,297 posts
Trusted Helper
also, the file path would be: c:\windows\System32\igfxsrvc.exe (note the spelling, it is system32 and not system\32)
if either of these are different, then let me know and dont allow it - but looking at your logs it appears it is ok to allow it.
#32
Posted 31 March 2009 - 11:37 AM
amylynn4
- Topic Starter
-
- Member
-
- 24 posts
Member
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 03/30/2009 at 09:42 PM
Application Version : 4.26.1000
Core Rules Database Version : 3821
Trace Rules Database Version: 1775
Scan type : Complete Scan
Total Scan Time : 00:28:06
Memory items scanned : 566
Memory threats detected : 0
Registry items scanned : 6492
Registry threats detected : 0
File items scanned : 28703
File threats detected : 31
Adware.Tracking Cookie
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&[email protected][1].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&[email protected][2].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&_amy@insightexpressai[2].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&_amy@trafficmp[1].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&_amy@revsci[2].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&_amy@247realmedia[1].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&_amy@atdmt[2].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&_amy@mywebsearch[2].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&_amy@adrevolver[1].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&[email protected][1].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&_amy@tribalfusion[1].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&_amy@advertising[1].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&_amy@zedo[1].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&[email protected][1].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&_amy@media6degrees[1].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&[email protected][1].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&_amy@kontera[2].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&[email protected][1].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&[email protected][2].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&_amy@serving-sys[2].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&[email protected][1].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&_amy@questionmarket[2].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&[email protected][1].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&[email protected][1].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&_amy@doubleclick[1].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&[email protected][2].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&_amy@specificmedia[2].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&_amy@specificclick[1].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&_amy@interclick[2].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&[email protected][1].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&_amy@mediaplex[1].txt
http://www.superantispyware.com
Generated 03/30/2009 at 09:42 PM
Application Version : 4.26.1000
Core Rules Database Version : 3821
Trace Rules Database Version: 1775
Scan type : Complete Scan
Total Scan Time : 00:28:06
Memory items scanned : 566
Memory threats detected : 0
Registry items scanned : 6492
Registry threats detected : 0
File items scanned : 28703
File threats detected : 31
Adware.Tracking Cookie
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&[email protected][1].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&[email protected][2].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&_amy@insightexpressai[2].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&_amy@trafficmp[1].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&_amy@revsci[2].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&_amy@247realmedia[1].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&_amy@atdmt[2].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&_amy@mywebsearch[2].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&_amy@adrevolver[1].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&[email protected][1].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&_amy@tribalfusion[1].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&_amy@advertising[1].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&_amy@zedo[1].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&[email protected][1].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&_amy@media6degrees[1].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&[email protected][1].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&_amy@kontera[2].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&[email protected][1].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&[email protected][2].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&_amy@serving-sys[2].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&[email protected][1].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&_amy@questionmarket[2].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&[email protected][1].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&[email protected][1].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&_amy@doubleclick[1].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&[email protected][2].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&_amy@specificmedia[2].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&_amy@specificclick[1].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&_amy@interclick[2].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&[email protected][1].txt
C:\Users\Jim & Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_&_amy@mediaplex[1].txt
#33
Posted 31 March 2009 - 02:06 PM
amylynn4
- Topic Starter
-
- Member
-
- 24 posts
Member
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, March 31, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, March 31, 2009 18:57:04
Records in database: 1990025
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan statistics:
Files scanned: 195342
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 02:01:09
File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
The selected area was scanned.
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, March 31, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, March 31, 2009 18:57:04
Records in database: 1990025
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan statistics:
Files scanned: 195342
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 02:01:09
File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
The selected area was scanned.
#34
Posted 31 March 2009 - 02:18 PM
andrewuk
-
- Malware Removal
-
- 5,297 posts
Trusted Helper
your logs look good now. the kaspersky scan only found an item that is already safely quarantined and the malwarebytes cleared out some adware traces.
how is your machine running now?
and lets get one last set of logs down before we wrap this up.
andrewuk
how is your machine running now?
and lets get one last set of logs down before we wrap this up.
- Download random's system information tool (RSIT) by random/random from here.
- It is important that is saved to your desktop.
- Double click on RSIT.exe to run RSIT.
- Click Continue at the disclaimer screen.
- Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
andrewuk
#35
Posted 31 March 2009 - 02:32 PM
amylynn4
- Topic Starter
-
- Member
-
- 24 posts
Member
Logfile of random's system information tool 1.06 (written by random/random)
Run by Jim & Amy at 2009-03-31 15:23:09
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 183 GB (62%) free of 294 GB
Total RAM: 1015 MB (47% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:23:20 PM, on 3/31/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\System32\M-AudioTaskBarIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\BigFix\bigfix.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jim & Amy\Desktop\RSIT.exe
C:\Program Files\trend micro\Jim & Amy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...DTP&M=W3653
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: eMusic Toolbar - {9ee802e8-c931-47ab-b570-aa8f791598ca} - C:\Program Files\eMusic\tbeMu1.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: eMusic Toolbar - {9ee802e8-c931-47ab-b570-aa8f791598ca} - C:\Program Files\eMusic\tbeMu1.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: eMusic Toolbar - {9ee802e8-c931-47ab-b570-aa8f791598ca} - C:\Program Files\eMusic\tbeMu1.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onec...s/wlscctrl2.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: M-Audio Fast Track Installer (FastTrackInstallerService) - Avid Technology, Inc. - C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 7778 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ee802e8-c931-47ab-b570-aa8f791598ca}]
eMusic Toolbar - C:\Program Files\eMusic\tbeMu1.dll [2009-03-19 1883672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-20 251504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-12-20 657904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2008-12-20 522224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - c:\windows\system32\BAE.dll [2006-02-01 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-20 251504]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []
{9ee802e8-c931-47ab-b570-aa8f791598ca} - eMusic Toolbar - C:\Program Files\eMusic\tbeMu1.dll [2009-03-19 1883672]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-04-23 4435968]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-13 29744]
"Zune Launcher"=c:\Program Files\Zune\ZuneLauncher.exe [2008-11-10 157312]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-10-25 652624]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-09-13 1603152]
"M-Audio Taskbar Icon"=C:\Windows\System32\M-AudioTaskBarIcon.exe [2007-03-07 189440]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-03-12 342312]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2008-01-18 40072]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-03-23 1830128]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 1 months======
2009-03-31 15:23:09 ----D---- C:\rsit
2009-03-31 15:23:09 ----D---- C:\Program Files\trend micro
2009-03-30 21:09:25 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2009-03-30 21:06:14 ----D---- C:\Users\Jim & Amy\AppData\Roaming\SUPERAntiSpyware.com
2009-03-30 21:06:14 ----D---- C:\Program Files\SUPERAntiSpyware
2009-03-30 21:04:53 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-03-30 18:50:32 ----D---- C:\_OTMoveIt
2009-03-30 18:44:09 ----D---- C:\Users\Jim & Amy\AppData\Roaming\Malwarebytes
2009-03-30 18:44:04 ----D---- C:\ProgramData\Malwarebytes
2009-03-30 18:44:04 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-30 17:33:22 ----A---- C:\ComboFix.txt
2009-03-30 17:27:15 ----D---- C:\Windows\temp
2009-03-29 19:15:00 ----D---- C:\4676
2009-03-29 19:07:59 ----D---- C:\3341
2009-03-29 19:06:15 ----D---- C:\Tools-AV
2009-03-29 17:30:36 ----A---- C:\Windows\zip.exe
2009-03-29 17:30:36 ----A---- C:\Windows\VFIND.exe
2009-03-29 17:30:36 ----A---- C:\Windows\SWXCACLS.exe
2009-03-29 17:30:36 ----A---- C:\Windows\SWSC.exe
2009-03-29 17:30:36 ----A---- C:\Windows\SWREG.exe
2009-03-29 17:30:36 ----A---- C:\Windows\sed.exe
2009-03-29 17:30:36 ----A---- C:\Windows\NIRCMD.exe
2009-03-29 17:30:36 ----A---- C:\Windows\grep.exe
2009-03-29 17:30:36 ----A---- C:\Windows\fdsv.exe
2009-03-29 17:30:30 ----D---- C:\Windows\ERDNT
2009-03-29 17:30:21 ----D---- C:\Qoobox
2009-03-28 23:12:18 ----D---- C:\Windows\system32\Adobe
2009-03-28 20:48:15 ----A---- C:\Windows\system32\infocardapi.dll
2009-03-28 20:48:14 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-03-28 20:48:12 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-03-28 20:48:12 ----A---- C:\Windows\system32\icardres.dll
2009-03-28 20:48:12 ----A---- C:\Windows\system32\icardagt.exe
2009-03-28 20:48:10 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-03-28 20:48:03 ----A---- C:\Windows\system32\PresentationHost.exe
2009-03-28 19:10:21 ----A---- C:\Windows\system32\javaws.exe
2009-03-28 19:10:21 ----A---- C:\Windows\system32\javaw.exe
2009-03-28 19:10:21 ----A---- C:\Windows\system32\java.exe
2009-03-28 19:02:33 ----A---- C:\Windows\system32\dfshim.dll
2009-03-28 19:02:30 ----A---- C:\Windows\system32\mscoree.dll
2009-03-28 19:02:29 ----A---- C:\Windows\system32\netfxperf.dll
2009-03-28 19:02:14 ----A---- C:\Windows\system32\mscorier.dll
2009-03-28 19:02:07 ----A---- C:\Windows\system32\mscories.dll
2009-03-27 17:09:45 ----D---- C:\Program Files\Real
2009-03-27 17:08:35 ----D---- C:\Users\Jim & Amy\AppData\Roaming\Real
2009-03-25 19:51:47 ----D---- C:\Program Files\Windows Live Safety Center
2009-03-23 11:15:18 ----D---- C:\Users\Jim & Amy\AppData\Roaming\Amazon
2009-03-23 11:05:39 ----D---- C:\Program Files\Amazon
2009-03-19 21:42:48 ----A---- C:\Windows\system32\GEARAspi.dll
2009-03-19 21:42:18 ----D---- C:\Program Files\iPod
2009-03-19 21:41:11 ----D---- C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-19 21:18:47 ----D---- C:\Program Files\Bonjour
2009-03-19 12:25:29 ----D---- C:\Users\Jim & Amy\AppData\Roaming\Mozilla
2009-03-19 12:25:28 ----D---- C:\Users\Jim & Amy\AppData\Roaming\eMusic
2009-03-19 12:25:15 ----D---- C:\Program Files\Conduit
2009-03-19 12:25:13 ----D---- C:\Program Files\eMusic
2009-03-19 12:23:35 ----D---- C:\Program Files\eMusic Download Manager
2009-03-11 13:10:20 ----A---- C:\Windows\system32\wmp.dll
2009-03-11 13:10:19 ----A---- C:\Windows\system32\spwmp.dll
2009-03-11 13:10:18 ----A---- C:\Windows\system32\wmploc.DLL
2009-03-11 13:10:18 ----A---- C:\Windows\system32\dxmasf.dll
2009-03-11 13:10:15 ----A---- C:\Windows\system32\schannel.dll
2009-03-05 23:59:00 ----A---- C:\Windows\system32\usbaaplrc.dll
======List of files/folders modified in the last 1 months======
2009-03-31 15:23:21 ----D---- C:\Windows\Prefetch
2009-03-31 15:23:09 ----RD---- C:\Program Files
2009-03-30 21:50:35 ----HD---- C:\Windows\inf
2009-03-30 21:50:35 ----D---- C:\Windows\System32
2009-03-30 21:50:35 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-03-30 21:25:36 ----SHD---- C:\System Volume Information
2009-03-30 21:09:25 ----HD---- C:\ProgramData
2009-03-30 21:06:22 ----SHD---- C:\Windows\Installer
2009-03-30 21:04:53 ----D---- C:\Program Files\Common Files
2009-03-30 20:55:56 ----D---- C:\Windows\system32\drivers
2009-03-30 18:30:49 ----SD---- C:\Users\Jim & Amy\AppData\Roaming\Microsoft
2009-03-30 17:42:23 ----D---- C:\Windows\system32\catroot2
2009-03-30 17:33:24 ----D---- C:\Windows\system32\en-US
2009-03-30 17:33:23 ----D---- C:\Windows
2009-03-30 17:29:24 ----A---- C:\Windows\system.ini
2009-03-30 17:27:34 ----D---- C:\Windows\system32\config
2009-03-30 17:26:22 ----D---- C:\Windows\AppPatch
2009-03-30 04:02:03 ----D---- C:\Windows\Minidump
2009-03-30 03:56:42 ----SHD---- C:\Boot
2009-03-29 22:21:22 ----D---- C:\Windows\system32\LogFiles
2009-03-29 19:15:57 ----D---- C:\Program Files\Internet Explorer
2009-03-29 12:06:38 ----D---- C:\Windows\Microsoft.NET
2009-03-29 12:06:31 ----RSD---- C:\Windows\assembly
2009-03-29 10:44:42 ----D---- C:\Windows\system32\catroot
2009-03-29 10:43:49 ----D---- C:\Program Files\CONEXANT
2009-03-29 10:37:18 ----D---- C:\Windows\winsxs
2009-03-28 23:15:29 ----D---- C:\Windows\system32\Macromed
2009-03-28 23:13:23 ----D---- C:\Windows\rescache
2009-03-28 23:12:19 ----SD---- C:\Windows\Downloaded Program Files
2009-03-28 20:54:43 ----D---- C:\Windows\system32\XPSViewer
2009-03-28 20:54:43 ----D---- C:\Windows\system32\wbem
2009-03-28 19:14:13 ----D---- C:\Windows\Debug
2009-03-28 19:10:04 ----D---- C:\Program Files\Java
2009-03-19 21:42:47 ----DC---- C:\Windows\system32\DRVSTORE
2009-03-19 21:42:41 ----D---- C:\Program Files\iTunes
2009-03-19 21:42:17 ----D---- C:\Program Files\Common Files\Apple
2009-03-12 13:19:02 ----D---- C:\Program Files\Windows Media Player
2009-03-12 13:19:02 ----D---- C:\Program Files\Windows Mail
2009-03-09 05:19:08 ----A---- C:\Windows\system32\deploytk.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-03-14 27656]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-06-29 8704]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-01-15 23848]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-20 984064]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2007-06-20 267264]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-04-23 1769952]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2008-07-22 51200]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-20 660480]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S3 catchme;catchme; \??\C:\Combo-Fix\catchme.sys []
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
S3 MAUSBFT;Service for M-Audio Fast Track USB (WDM); C:\Windows\system32\DRIVERS\mausbft.sys [2007-03-07 119808]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista; C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-03-05 36864]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-20 73088]
S3 WinUSB;WinUSB; C:\Windows\system32\DRIVERS\WinUSB.sys [2008-01-20 31616]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-20 88576]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-20 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 FastTrackInstallerService;M-Audio Fast Track Installer; C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe [2007-03-07 81920]
R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528]
R2 iWinTrusted;iWinTrusted; C:\Program Files\iWin Games\iWinTrusted.exe [2008-12-17 78104]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-06-29 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-03-12 656168]
S3 GameConsoleService;GameConsoleService; C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe [2007-08-29 181800]
S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 33752]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-13 29744]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-20 137200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2008-11-10 5117568]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\Windows\system32\ZuneWlanCfgSvc.exe [2008-11-10 243840]
-----------------EOF-----------------
Run by Jim & Amy at 2009-03-31 15:23:09
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 183 GB (62%) free of 294 GB
Total RAM: 1015 MB (47% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:23:20 PM, on 3/31/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\System32\M-AudioTaskBarIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\BigFix\bigfix.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jim & Amy\Desktop\RSIT.exe
C:\Program Files\trend micro\Jim & Amy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...DTP&M=W3653
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: eMusic Toolbar - {9ee802e8-c931-47ab-b570-aa8f791598ca} - C:\Program Files\eMusic\tbeMu1.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: eMusic Toolbar - {9ee802e8-c931-47ab-b570-aa8f791598ca} - C:\Program Files\eMusic\tbeMu1.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: eMusic Toolbar - {9ee802e8-c931-47ab-b570-aa8f791598ca} - C:\Program Files\eMusic\tbeMu1.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onec...s/wlscctrl2.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: M-Audio Fast Track Installer (FastTrackInstallerService) - Avid Technology, Inc. - C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 7778 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ee802e8-c931-47ab-b570-aa8f791598ca}]
eMusic Toolbar - C:\Program Files\eMusic\tbeMu1.dll [2009-03-19 1883672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-20 251504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-12-20 657904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2008-12-20 522224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - c:\windows\system32\BAE.dll [2006-02-01 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-20 251504]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []
{9ee802e8-c931-47ab-b570-aa8f791598ca} - eMusic Toolbar - C:\Program Files\eMusic\tbeMu1.dll [2009-03-19 1883672]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-04-23 4435968]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-13 29744]
"Zune Launcher"=c:\Program Files\Zune\ZuneLauncher.exe [2008-11-10 157312]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-10-25 652624]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-09-13 1603152]
"M-Audio Taskbar Icon"=C:\Windows\System32\M-AudioTaskBarIcon.exe [2007-03-07 189440]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-03-12 342312]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2008-01-18 40072]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-03-23 1830128]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 1 months======
2009-03-31 15:23:09 ----D---- C:\rsit
2009-03-31 15:23:09 ----D---- C:\Program Files\trend micro
2009-03-30 21:09:25 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2009-03-30 21:06:14 ----D---- C:\Users\Jim & Amy\AppData\Roaming\SUPERAntiSpyware.com
2009-03-30 21:06:14 ----D---- C:\Program Files\SUPERAntiSpyware
2009-03-30 21:04:53 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-03-30 18:50:32 ----D---- C:\_OTMoveIt
2009-03-30 18:44:09 ----D---- C:\Users\Jim & Amy\AppData\Roaming\Malwarebytes
2009-03-30 18:44:04 ----D---- C:\ProgramData\Malwarebytes
2009-03-30 18:44:04 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-30 17:33:22 ----A---- C:\ComboFix.txt
2009-03-30 17:27:15 ----D---- C:\Windows\temp
2009-03-29 19:15:00 ----D---- C:\4676
2009-03-29 19:07:59 ----D---- C:\3341
2009-03-29 19:06:15 ----D---- C:\Tools-AV
2009-03-29 17:30:36 ----A---- C:\Windows\zip.exe
2009-03-29 17:30:36 ----A---- C:\Windows\VFIND.exe
2009-03-29 17:30:36 ----A---- C:\Windows\SWXCACLS.exe
2009-03-29 17:30:36 ----A---- C:\Windows\SWSC.exe
2009-03-29 17:30:36 ----A---- C:\Windows\SWREG.exe
2009-03-29 17:30:36 ----A---- C:\Windows\sed.exe
2009-03-29 17:30:36 ----A---- C:\Windows\NIRCMD.exe
2009-03-29 17:30:36 ----A---- C:\Windows\grep.exe
2009-03-29 17:30:36 ----A---- C:\Windows\fdsv.exe
2009-03-29 17:30:30 ----D---- C:\Windows\ERDNT
2009-03-29 17:30:21 ----D---- C:\Qoobox
2009-03-28 23:12:18 ----D---- C:\Windows\system32\Adobe
2009-03-28 20:48:15 ----A---- C:\Windows\system32\infocardapi.dll
2009-03-28 20:48:14 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-03-28 20:48:12 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-03-28 20:48:12 ----A---- C:\Windows\system32\icardres.dll
2009-03-28 20:48:12 ----A---- C:\Windows\system32\icardagt.exe
2009-03-28 20:48:10 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-03-28 20:48:03 ----A---- C:\Windows\system32\PresentationHost.exe
2009-03-28 19:10:21 ----A---- C:\Windows\system32\javaws.exe
2009-03-28 19:10:21 ----A---- C:\Windows\system32\javaw.exe
2009-03-28 19:10:21 ----A---- C:\Windows\system32\java.exe
2009-03-28 19:02:33 ----A---- C:\Windows\system32\dfshim.dll
2009-03-28 19:02:30 ----A---- C:\Windows\system32\mscoree.dll
2009-03-28 19:02:29 ----A---- C:\Windows\system32\netfxperf.dll
2009-03-28 19:02:14 ----A---- C:\Windows\system32\mscorier.dll
2009-03-28 19:02:07 ----A---- C:\Windows\system32\mscories.dll
2009-03-27 17:09:45 ----D---- C:\Program Files\Real
2009-03-27 17:08:35 ----D---- C:\Users\Jim & Amy\AppData\Roaming\Real
2009-03-25 19:51:47 ----D---- C:\Program Files\Windows Live Safety Center
2009-03-23 11:15:18 ----D---- C:\Users\Jim & Amy\AppData\Roaming\Amazon
2009-03-23 11:05:39 ----D---- C:\Program Files\Amazon
2009-03-19 21:42:48 ----A---- C:\Windows\system32\GEARAspi.dll
2009-03-19 21:42:18 ----D---- C:\Program Files\iPod
2009-03-19 21:41:11 ----D---- C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-19 21:18:47 ----D---- C:\Program Files\Bonjour
2009-03-19 12:25:29 ----D---- C:\Users\Jim & Amy\AppData\Roaming\Mozilla
2009-03-19 12:25:28 ----D---- C:\Users\Jim & Amy\AppData\Roaming\eMusic
2009-03-19 12:25:15 ----D---- C:\Program Files\Conduit
2009-03-19 12:25:13 ----D---- C:\Program Files\eMusic
2009-03-19 12:23:35 ----D---- C:\Program Files\eMusic Download Manager
2009-03-11 13:10:20 ----A---- C:\Windows\system32\wmp.dll
2009-03-11 13:10:19 ----A---- C:\Windows\system32\spwmp.dll
2009-03-11 13:10:18 ----A---- C:\Windows\system32\wmploc.DLL
2009-03-11 13:10:18 ----A---- C:\Windows\system32\dxmasf.dll
2009-03-11 13:10:15 ----A---- C:\Windows\system32\schannel.dll
2009-03-05 23:59:00 ----A---- C:\Windows\system32\usbaaplrc.dll
======List of files/folders modified in the last 1 months======
2009-03-31 15:23:21 ----D---- C:\Windows\Prefetch
2009-03-31 15:23:09 ----RD---- C:\Program Files
2009-03-30 21:50:35 ----HD---- C:\Windows\inf
2009-03-30 21:50:35 ----D---- C:\Windows\System32
2009-03-30 21:50:35 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-03-30 21:25:36 ----SHD---- C:\System Volume Information
2009-03-30 21:09:25 ----HD---- C:\ProgramData
2009-03-30 21:06:22 ----SHD---- C:\Windows\Installer
2009-03-30 21:04:53 ----D---- C:\Program Files\Common Files
2009-03-30 20:55:56 ----D---- C:\Windows\system32\drivers
2009-03-30 18:30:49 ----SD---- C:\Users\Jim & Amy\AppData\Roaming\Microsoft
2009-03-30 17:42:23 ----D---- C:\Windows\system32\catroot2
2009-03-30 17:33:24 ----D---- C:\Windows\system32\en-US
2009-03-30 17:33:23 ----D---- C:\Windows
2009-03-30 17:29:24 ----A---- C:\Windows\system.ini
2009-03-30 17:27:34 ----D---- C:\Windows\system32\config
2009-03-30 17:26:22 ----D---- C:\Windows\AppPatch
2009-03-30 04:02:03 ----D---- C:\Windows\Minidump
2009-03-30 03:56:42 ----SHD---- C:\Boot
2009-03-29 22:21:22 ----D---- C:\Windows\system32\LogFiles
2009-03-29 19:15:57 ----D---- C:\Program Files\Internet Explorer
2009-03-29 12:06:38 ----D---- C:\Windows\Microsoft.NET
2009-03-29 12:06:31 ----RSD---- C:\Windows\assembly
2009-03-29 10:44:42 ----D---- C:\Windows\system32\catroot
2009-03-29 10:43:49 ----D---- C:\Program Files\CONEXANT
2009-03-29 10:37:18 ----D---- C:\Windows\winsxs
2009-03-28 23:15:29 ----D---- C:\Windows\system32\Macromed
2009-03-28 23:13:23 ----D---- C:\Windows\rescache
2009-03-28 23:12:19 ----SD---- C:\Windows\Downloaded Program Files
2009-03-28 20:54:43 ----D---- C:\Windows\system32\XPSViewer
2009-03-28 20:54:43 ----D---- C:\Windows\system32\wbem
2009-03-28 19:14:13 ----D---- C:\Windows\Debug
2009-03-28 19:10:04 ----D---- C:\Program Files\Java
2009-03-19 21:42:47 ----DC---- C:\Windows\system32\DRVSTORE
2009-03-19 21:42:41 ----D---- C:\Program Files\iTunes
2009-03-19 21:42:17 ----D---- C:\Program Files\Common Files\Apple
2009-03-12 13:19:02 ----D---- C:\Program Files\Windows Media Player
2009-03-12 13:19:02 ----D---- C:\Program Files\Windows Mail
2009-03-09 05:19:08 ----A---- C:\Windows\system32\deploytk.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-03-14 27656]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-06-29 8704]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-01-15 23848]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-20 984064]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2007-06-20 267264]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-04-23 1769952]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2008-07-22 51200]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-20 660480]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S3 catchme;catchme; \??\C:\Combo-Fix\catchme.sys []
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
S3 MAUSBFT;Service for M-Audio Fast Track USB (WDM); C:\Windows\system32\DRIVERS\mausbft.sys [2007-03-07 119808]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista; C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-03-05 36864]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-20 73088]
S3 WinUSB;WinUSB; C:\Windows\system32\DRIVERS\WinUSB.sys [2008-01-20 31616]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-20 88576]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-20 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 FastTrackInstallerService;M-Audio Fast Track Installer; C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe [2007-03-07 81920]
R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528]
R2 iWinTrusted;iWinTrusted; C:\Program Files\iWin Games\iWinTrusted.exe [2008-12-17 78104]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-06-29 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-03-12 656168]
S3 GameConsoleService;GameConsoleService; C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe [2007-08-29 181800]
S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 33752]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-13 29744]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-20 137200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2008-11-10 5117568]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\Windows\system32\ZuneWlanCfgSvc.exe [2008-11-10 243840]
-----------------EOF-----------------
#36
Posted 31 March 2009 - 02:47 PM
andrewuk
-
- Malware Removal
-
- 5,297 posts
Trusted Helper
the logs look good.
how is your machine running now?
andrewuk
how is your machine running now?
andrewuk
#37
Posted 31 March 2009 - 02:50 PM
amylynn4
- Topic Starter
-
- Member
-
- 24 posts
Member
The computer is running great!! It seems to be working faster than when I first got it 
Everything is running so fast
Everything is running so fast
#38
Posted 31 March 2009 - 02:59 PM
andrewuk
-
- Malware Removal
-
- 5,297 posts
Trusted Helper
Hello amylynn4
congratulations, your logs are clean and another fix is in the can
in this post we will clear away the fix tools (this is so that should you ever be re-infected, you will download updated versions and it will also remove the quarantined Malware from your computer), reset your restore points (there will be infections lurking in there) and i will leave you with some ideas on how to enhance the protection of your machine against future infection.
====STEP 1====
Follow these steps to uninstall Combofix, the tools used in the removal of malware and to flush your system restore points
====STEP 2====
Please download the OTCleanIt by OldTimer.
====STEP 3====
Resetting your restore points (which is about turning system restore off, rebooting, and then turning it back on again).
1. Open System by clicking the Start button, clicking Control Panel, clicking System and Maintenance, and then clicking System.
2. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
3. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK.
reboot
1. Open System by clicking the Start button, clicking Control Panel, clicking System and Maintenance, and then clicking System.
2. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
3. To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK.
How to Turn On and Turn Off System Restore in Vista
http://windowshelp.m...6fb3f01033.mspx
====IDEAS TO SPEED UP YOUR MACHINE====
this page http://users.telenet...owcomputer.html gives some good ideas on how to improve the efficiency of your machine and has one or two useful links to help you further.
====AND FINALLY====
The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
best wishes
andrewuk
congratulations, your logs are clean and another fix is in the can
in this post we will clear away the fix tools (this is so that should you ever be re-infected, you will download updated versions and it will also remove the quarantined Malware from your computer), reset your restore points (there will be infections lurking in there) and i will leave you with some ideas on how to enhance the protection of your machine against future infection.
====STEP 1====
Follow these steps to uninstall Combofix, the tools used in the removal of malware and to flush your system restore points
- Click START then RUN
- Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
====STEP 2====
Please download the OTCleanIt by OldTimer.
- Save it to your desktop.
- Please double-click OTCleanIT.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
- Click on the CleanUp! button to begin the Cleanup process and remove these components, including this application.
- You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
====STEP 3====
Resetting your restore points (which is about turning system restore off, rebooting, and then turning it back on again).
1. Open System by clicking the Start button, clicking Control Panel, clicking System and Maintenance, and then clicking System.
2. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
3. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK.
reboot
1. Open System by clicking the Start button, clicking Control Panel, clicking System and Maintenance, and then clicking System.
2. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
3. To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK.
How to Turn On and Turn Off System Restore in Vista
http://windowshelp.m...6fb3f01033.mspx
====IDEAS TO SPEED UP YOUR MACHINE====
this page http://users.telenet...owcomputer.html gives some good ideas on how to improve the efficiency of your machine and has one or two useful links to help you further.
====AND FINALLY====
The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
- MBAM - Malware Bytes Anti Malware is an excellent tool for anyone's antimalware arsenal. This program should be updated and run often.
- SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
- SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
- IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
- ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
- Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
- Comodo Firewall - The use of a firewall is a personal preference, but its certainly a good idea. Comodo is free and light. Remember, never install more than 1 firewall.
- Digsby or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
- Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
- FireFox - Alternate web browser. Open source and quick, Firefox is usually the first thing I install on a new system.
- NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.
best wishes
andrewuk
#39
Posted 31 March 2009 - 03:18 PM
amylynn4
- Topic Starter
-
- Member
-
- 24 posts
Member
Thank you SOOOO much for your help with fixing my computer!
#40
Posted 01 April 2009 - 12:50 AM
andrewuk
-
- Malware Removal
-
- 5,297 posts
Trusted Helper
before you wrap up, you need to get an antivirus program on your machine.
given AVG gave some issues, i would try Avira which is free and you can download from here.
everytime you run it or boot up your machine it will pop-up with a window that invites you to upgrade to the paid version. just ignore that, it is normal.
andrewuk
given AVG gave some issues, i would try Avira which is free and you can download from here.
everytime you run it or boot up your machine it will pop-up with a window that invites you to upgrade to the paid version. just ignore that, it is normal.
andrewuk
#41
Posted 01 April 2009 - 02:30 AM
amylynn4
- Topic Starter
-
- Member
-
- 24 posts
Member
Doesn't COMODO work as an antivirus? I downloaded that from your last post. Should I try Avira then, and disable the antivirus option of COMODO?
#42
Posted 01 April 2009 - 03:40 AM
andrewuk
-
- Malware Removal
-
- 5,297 posts
Trusted Helper
you are correct, comodo does have an antivirus part. therefore, assuming you downloaded the comodo antivirus as well as the firewall then there is no need to download avira.
i missed that part of my last post
andrewuk
i missed that part of my last post
andrewuk
#43
Posted 04 April 2009 - 09:59 AM
andrewuk
-
- Malware Removal
-
- 5,297 posts
Trusted Helper
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. 
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
