Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slooow Boot & Shutdown


  • Please log in to reply
11 replies to this topic

#1 AndrewGS

AndrewGS

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Location:Houston, TX, USA
  • Local time:09:05 PM

Posted 09 June 2009 - 09:42 PM

My notebook has become extremely slow to boot and shutdown, my Taskbar icons don't always show up as I've set them to and Firefox turns into a resource hog after an hour or so. I've tried killing off excess startup processes, defragging, and I'm using Advanced Vista Optimizer and Advanced System care in addition to AVG and SUPERAntiSpyware.

Any ideas?

DDS (Ver_09-05-14.01) - NTFSx86
Run by Andrew at 21:21:36.83 on Tue 06/09/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1991 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Systweak\Advanced Vista Optimizer 2009\AVODefragService32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\WindowsMobile\wmdc.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Systweak\Advanced Vista Optimizer 2009\AVO.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Andrew\Desktop\dds.scr

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: PimpFish Basic Toolbar Opcode Handler: {29c88e20-4234-41b9-a9db-982958c95fb1} - c:\program files\pimpfish\PimpFish.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: FloatBar Class: {75b1a646-cdce-4c06-b52f-84f4463b4fc8} - c:\program files\pimpfish\FloatBar.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: PimpFish Basic: {d593de91-7b41-45c2-830e-e9a99ab142aa} - c:\program files\pimpfish\PimpFish.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [AVO Ram Optimizer] c:\program files\systweak\advanced vista optimizer 2009\AVO.exe -s
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\users\andrew\appdata\roaming\micros~1\windows\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Winamp Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Append to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: PimpFish Basic - Grab movies on this page - c:\program files\pimpfish\GRABPAGEMOVIES.HTM
IE: PimpFish Basic - Grab pictures on this page - c:\program files\pimpfish\GRABPAGEPICS.HTM
IE: PimpFish Basic - Grab pictures this page links to - c:\program files\pimpfish\GRABPAGELINKS.HTM
IE: PimpFish Basic - Grab Target File - c:\program files\pimpfish\GRABLINK.HTM
IE: PimpFish Basic - Grab This Picture - c:\program files\pimpfish\GRABPIC.HTM
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\andrew\appdata\roaming\mozilla\firefox\profiles\p7ed524s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/defaulta.aspx
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: c:\users\andrew\appdata\roaming\mozilla\firefox\profiles\p7ed524s.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-23 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-23 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-2-17 9968]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-4-23 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-23 298776]
R2 AVO2009 Defrag;AVO2009 Defrag;c:\program files\systweak\advanced vista optimizer 2009\AVODefragService32.exe [2009-5-19 398056]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-4-23 24652]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-6-6 84832]

=============== Created Last 30 ================

2009-06-06 02:04 84,832 a------- c:\windows\system32\drivers\ASPI32.SYS
2009-06-06 02:04 45,056 a------- c:\windows\system32\WNASPI32.DLL
2009-06-06 02:04 <DIR> --d----- c:\program files\Free DVD Ripper
2009-06-06 01:49 <DIR> --d----- c:\programdata\Temp
2009-06-05 16:55 <DIR> --d----- c:\program files\iPod
2009-06-05 16:54 <DIR> --d----- c:\program files\iTunes
2009-06-03 11:49 <DIR> --d----- C:\AdobeTemp
2009-06-01 07:35 <DIR> --d----- c:\programdata\SmartSound Software Inc
2009-06-01 07:35 <DIR> --d----- c:\program files\SmartSound Software
2009-06-01 07:35 <DIR> --d----- c:\progra~2\SmartSound Software Inc
2009-06-01 07:11 <DIR> --d----- c:\program files\Windows Installer Clean Up
2009-06-01 07:11 <DIR> --d----- c:\program files\MSECACHE
2009-05-31 21:53 <DIR> --d----- c:\programdata\Minnetonka Audio Software
2009-05-31 21:53 <DIR> --d----- c:\progra~2\Minnetonka Audio Software
2009-05-31 21:08 <DIR> --d----- c:\windows\system32\eu-ES
2009-05-31 21:08 <DIR> --d----- c:\windows\system32\ca-ES
2009-05-31 21:08 <DIR> --d----- c:\windows\system32\vi-VN
2009-05-31 20:53 <DIR> --d----- c:\windows\system32\EventProviders
2009-05-31 20:51 1,362,944 a------- c:\windows\system32\wbem\cimwin32.dll
2009-05-31 20:50 449,024 a------- c:\windows\system32\termsrv.dll
2009-05-31 20:49 200,704 a------- c:\windows\system32\input.dll
2009-05-30 11:59 <DIR> --d----- c:\programdata\RapidSolution
2009-05-30 11:59 <DIR> --d----- c:\program files\RapidSolution
2009-05-30 11:59 <DIR> --d----- c:\progra~2\RapidSolution
2009-05-26 17:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-05-26 17:18 57,344 a------- c:\windows\system32\QuickTime.qts
2009-05-19 01:43 <DIR> --d----- c:\program files\IObit
2009-05-19 00:50 <DIR> --d----- c:\program files\Systweak
2009-05-19 00:46 <DIR> --d----- c:\users\andrew\appdata\roaming\Systweak
2009-05-18 23:51 <DIR> --d----- c:\users\andrew\appdata\roaming\IObit
2009-05-18 22:08 <DIR> --d----- c:\users\andrew\appdata\roaming\SUPERAntiSpyware.com
2009-05-18 22:07 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-05-17 00:39 <DIR> --d----- c:\programdata\Sony Online Entertainment
2009-05-17 00:39 <DIR> --d----- c:\progra~2\Sony Online Entertainment
2009-05-17 00:38 <DIR> --d----- c:\program files\Wheel Of Fortune 2
2009-05-16 02:28 45,392 a----r-- c:\windows\system32\AdobePDF.dll
2009-05-16 02:28 22,872 a----r-- c:\windows\system32\AdobePDFUI.dll
2009-05-16 01:43 <DIR> --d----- c:\programdata\FLEXnet
2009-05-16 01:36 <DIR> --d----- c:\programdata\ALM
2009-05-16 01:36 <DIR> --d----- c:\progra~2\ALM
2009-05-16 01:06 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-05-13 04:11 <DIR> --d----- c:\programdata\Zabersoft
2009-05-13 04:11 <DIR> --d----- c:\progra~2\Zabersoft
2009-05-13 04:11 <DIR> --d----- c:\program files\PimpFish
2009-05-13 04:07 <DIR> --d----- c:\programdata\Keronsoft
2009-05-13 04:07 <DIR> --d----- c:\progra~2\Keronsoft
2009-05-13 03:35 <DIR> --d----- c:\programdata\Kavatec
2009-05-13 03:35 <DIR> --d----- c:\progra~2\Kavatec
2009-05-13 03:27 <DIR> --d----- c:\program files\Mihov Picture Downloader
2009-05-11 23:17 <DIR> --d----- C:\Image
2009-05-11 23:17 <DIR> --d----- c:\program files\Internet Image Hunter
2009-05-11 22:53 <DIR> --d----- C:\My Web Sites
2009-05-11 09:35 410,984 a------- c:\windows\system32\deploytk.dll

==================== Find3M ====================

2009-06-09 02:00 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-09 02:00 51,200 a------- c:\windows\inf\infpub.dat
2009-06-07 19:48 55,302 a------- c:\programdata\nvModes.dat
2009-06-07 19:48 55,302 a------- c:\progra~2\nvModes.dat
2009-06-05 16:50 86,016 a------- c:\windows\inf\infstor.dat
2009-05-31 21:07 665,600 a------- c:\windows\inf\drvindex.dat
2009-05-16 02:35 73,312 a------- c:\windows\system32\drivers\adfs.sys
2009-05-09 09:48 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2009-05-09 09:43 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2009-05-02 09:47 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-02 09:47 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-02 09:47 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-28 19:52 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-04-28 12:30 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-24 01:46 174 a--sh--- c:\program files\desktop.ini
2009-04-24 01:22 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-04-24 01:22 82,432 a------- c:\windows\system32\axaltocm.dll
2009-04-23 22:48 272,896 a------- c:\windows\system32\polstore.dll
2009-04-23 22:48 61,440 a------- c:\windows\system32\winipsec.dll
2009-04-23 22:37 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-04-23 22:35 2,048 a------- c:\windows\system32\msxml3r.dll
2009-04-23 22:13 4,981,248 a------- c:\windows\system32\NlsLexicons0013.dll
2009-04-23 22:12 6,346,240 a------- c:\windows\system32\NlsLexicons001d.dll
2009-04-23 22:11 3,104,768 a------- c:\windows\system32\NlsData004c.dll
2009-04-23 22:06 6,656 a------- c:\windows\system32\kbd106n.dll
2009-04-23 22:03 9,728 a------- c:\windows\system32\lsass.exe
2009-04-23 22:02 37,888 a------- c:\windows\system32\printcom.dll
2009-04-23 22:01 14,848 a------- c:\windows\system32\wshrm.dll
2009-04-23 21:50 41,984 a------- c:\windows\system32\netfxperf.dll
2009-04-23 21:42 84,480 a------- c:\windows\system32\INETRES.dll
2009-04-23 21:40 2,048 a------- c:\windows\system32\msxml6r.dll
2009-04-23 21:10 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-04-23 21:10 83,456 a------- c:\windows\system32\wudriver.dll
2009-04-23 21:10 162,064 a------- c:\windows\system32\wuwebv.dll
2009-04-23 21:10 31,232 a------- c:\windows\system32\wuapp.exe
2009-04-23 21:04 27,430 a------- c:\users\andrew\appdata\roaming\nvModes.dat
2009-04-23 20:17 0 a--shr-- c:\windows\system32\drivers\103C_HP_cNB_Pavilion dv6700 Notebook PC_Y5335KV_0U_QCNF8063MRF_E459053-003_4A_I30D2_SQuanta_V79.28_F.45_T080116_WV3-0_L409_M3070_J250_7Intel_86FB_92.20_#071125_N10EC8136;80864222_(GP238AV)_XMOBILE_CN10_Z_2Rev 1.MRK
2009-04-11 01:33 986,600 a------- c:\windows\system32\winload.exe
2009-04-11 01:33 926,184 a------- c:\windows\system32\winresume.exe
2009-04-11 01:33 292,840 a------- c:\windows\system32\drivers\volmgrx.sys
2009-04-11 01:33 897,000 a------- c:\windows\system32\drivers\tcpip.sys
2009-04-11 01:33 614,376 a------- c:\windows\system32\ci.dll
2009-04-11 01:28 342,528 a------- c:\windows\system32\zipfldr.dll
2009-04-11 01:27 627,200 a------- c:\windows\system32\sethc.exe
2009-04-11 01:22 7,168 a------- c:\windows\system32\f3ahvoas.dll
2009-04-11 01:21 37,376 a------- c:\windows\system32\cdd.dll
2009-04-11 00:42 93,696 a------- c:\windows\system32\drivers\bridge.sys
2009-04-11 00:03 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-04-11 00:03 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-04-10 23:57 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-04-10 23:54 2,048 a------- c:\windows\system32\mferror.dll
2009-04-10 23:51 180,736 a------- c:\windows\system32\drivers\rdpwd.sys
2009-04-10 23:47 273,920 a------- c:\windows\system32\drivers\afd.sys
2009-04-10 23:46 69,120 a------- c:\windows\system32\drivers\rassstp.sys
2009-04-10 23:46 121,344 a------- c:\windows\system32\drivers\ndiswan.sys
2009-04-10 23:46 41,472 a------- c:\windows\system32\drivers\raspppoe.sys
2009-04-10 23:46 15,872 a------- c:\windows\system32\drivers\usb8023x.sys
2009-04-10 23:46 15,872 a------- c:\windows\system32\drivers\usb8023.sys
2009-04-10 23:46 33,280 a------- c:\windows\system32\drivers\RNDISMP.sys
2009-04-10 23:46 33,280 a------- c:\windows\system32\drivers\rndismpx.sys
2009-04-10 23:46 30,720 a------- c:\windows\system32\drivers\tcpipreg.sys
2009-04-10 23:45 72,192 a------- c:\windows\system32\drivers\tdx.sys
2009-04-10 23:45 72,192 a------- c:\windows\system32\drivers\pacer.sys
2009-04-10 23:45 185,856 a------- c:\windows\system32\drivers\netbt.sys
2009-04-10 23:45 401,408 a------- c:\windows\system32\drivers\http.sys
2009-04-10 23:45 113,664 a------- c:\windows\system32\drivers\rmcast.sys
2009-04-10 23:45 66,560 a------- c:\windows\system32\drivers\smb.sys
2009-04-10 23:43 148,480 a------- c:\windows\system32\drivers\nwifi.sys
2009-04-10 23:43 196,096 a------- c:\windows\system32\drivers\usbhub.sys
2009-04-10 23:43 62,208 a------- c:\windows\system32\drivers\ohci1394.sys
2009-04-10 23:42 226,304 a------- c:\windows\system32\drivers\usbport.sys
2009-04-10 23:42 25,856 a------- c:\windows\system32\drivers\USBCAMD2.sys
2009-04-10 23:42 25,856 a------- c:\windows\system32\drivers\USBCAMD.sys
2009-04-10 23:42 39,936 a------- c:\windows\system32\drivers\usbehci.sys
2009-04-10 23:42 167,936 a------- c:\windows\system32\drivers\portcls.sys
2009-04-10 23:42 39,424 a------- c:\windows\system32\drivers\hidclass.sys
2009-04-10 23:42 12,800 a------- c:\windows\system32\drivers\hidusb.sys
2009-04-10 23:42 52,992 a------- c:\windows\system32\drivers\stream.sys
2009-04-10 23:42 561,152 a------- c:\windows\system32\drivers\hdaudbus.sys
2009-04-10 23:39 16,384 a------- c:\windows\system32\iscsilog.dll
2009-04-10 23:39 67,072 a------- c:\windows\system32\drivers\cdrom.sys
2009-04-10 23:39 11,776 a------- c:\windows\system32\drivers\sffp_sd.sys
2009-04-10 23:39 19,456 a------- c:\windows\system32\drivers\Diskdump.sys
2009-04-10 23:38 149,504 a------- c:\windows\system32\drivers\ks.sys
2009-04-10 23:38 17,408 a------- c:\windows\system32\drivers\kbdhid.sys
2009-04-10 23:27 2,560 a------- c:\windows\system32\msimsg.dll
2009-04-10 23:24 2,034,688 a------- c:\windows\system32\win32k.sys
2009-04-10 23:23 626,176 a------- c:\windows\system32\drivers\dxgkrnl.sys
2009-04-10 23:23 289,792 a------- c:\windows\system32\atmfd.dll
2009-04-10 23:23 76,288 a------- c:\windows\system32\drivers\dxg.sys
2009-04-10 23:22 33,280 a------- c:\windows\system32\drivers\watchdog.sys
2009-04-10 23:19 89,088 a------- c:\windows\system32\drivers\sdbus.sys
2009-04-10 23:15 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-04-10 23:15 144,896 a------- c:\windows\system32\drivers\srv2.sys
2009-04-10 23:15 98,816 a------- c:\windows\system32\drivers\srvnet.sys
2009-04-10 23:14 114,688 a------- c:\windows\system32\drivers\mrxdav.sys
2009-04-10 23:14 212,992 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-04-10 23:14 225,280 a------- c:\windows\system32\drivers\rdbss.sys
2009-04-10 23:14 79,360 a------- c:\windows\system32\drivers\mrxsmb20.sys
2009-04-10 23:14:28 A------- 105,984 c:\windows\system32\drivers\mrxsmb.sys

============= FINISH: 21:23:16.85 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 19 June 2009 - 10:11 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

#3 AndrewGS

AndrewGS
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Location:Houston, TX, USA

Posted 21 June 2009 - 08:34 PM

Updated Log

DDS (Ver_09-05-14.01) - NTFSx86
Run by Andrew at 20:30:55.15 on Sun 06/21/2009
Internet Explorer: 8.0.6001.18783 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1842 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Systweak\Advanced Vista Optimizer 2009\AVODefragService32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\WindowsMobile\wmdc.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Systweak\Advanced Vista Optimizer 2009\AVO.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Andrew\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: PimpFish Basic Toolbar Opcode Handler: {29c88e20-4234-41b9-a9db-982958c95fb1} - c:\program files\pimpfish\PimpFish.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: FloatBar Class: {75b1a646-cdce-4c06-b52f-84f4463b4fc8} - c:\program files\pimpfish\FloatBar.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: PimpFish Basic: {d593de91-7b41-45c2-830e-e9a99ab142aa} - c:\program files\pimpfish\PimpFish.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [AVO Ram Optimizer] c:\program files\systweak\advanced vista optimizer 2009\AVO.exe -s
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRunOnce: [0D3B7AA18BD1] c:\users\andrew\appdata\local\temp\ICRv2.exe /21F035714116
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\users\andrew\appdata\roaming\micros~1\windows\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Winamp Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Append to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: PimpFish Basic - Grab movies on this page - c:\program files\pimpfish\GRABPAGEMOVIES.HTM
IE: PimpFish Basic - Grab pictures on this page - c:\program files\pimpfish\GRABPAGEPICS.HTM
IE: PimpFish Basic - Grab pictures this page links to - c:\program files\pimpfish\GRABPAGELINKS.HTM
IE: PimpFish Basic - Grab Target File - c:\program files\pimpfish\GRABLINK.HTM
IE: PimpFish Basic - Grab This Picture - c:\program files\pimpfish\GRABPIC.HTM
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\andrew\appdata\roaming\mozilla\firefox\profiles\p7ed524s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/defaulta.aspx
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: c:\users\andrew\appdata\roaming\mozilla\firefox\profiles\p7ed524s.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-23 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-23 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-2-17 9968]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-4-23 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-23 298776]
R2 AVO2009 Defrag;AVO2009 Defrag;c:\program files\systweak\advanced vista optimizer 2009\AVODefragService32.exe [2009-5-19 398056]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-4-23 24652]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-6-6 84832]

=============== Created Last 30 ================

2009-06-20 03:57 <DIR> --d----- c:\program files\Vodei
2009-06-18 10:48 <DIR> --d----- c:\program files\PurgeIE
2009-06-18 02:02 <DIR> --d----- c:\program files\MIKSOFT
2009-06-18 01:56 <DIR> --d----- c:\users\andrew\appdata\roaming\OxelonMC
2009-06-18 01:56 <DIR> --d----- c:\program files\OxelonMedia
2009-06-18 01:49 344,064 a------- c:\windows\system32\msvcr70.dll
2009-06-18 01:49 <DIR> --d----- c:\program files\common files\DVDVideoSoft
2009-06-17 08:43 <DIR> --d----- c:\users\andrew\appdata\roaming\FahMon
2009-06-17 08:43 <DIR> --d----- c:\program files\FahMon
2009-06-17 08:41 <DIR> --d----- c:\users\andrew\appdata\roaming\Folding@home-x86
2009-06-17 08:41 <DIR> --d----- c:\program files\Folding@home
2009-06-12 21:42 22,872 a----r-- c:\windows\system32\AdobePDFUI.dll
2009-06-10 10:04 2,034,688 a------- c:\windows\system32\win32k.sys
2009-06-10 10:04 623,616 a------- c:\windows\system32\localspl.dll
2009-06-06 02:04 84,832 a------- c:\windows\system32\drivers\ASPI32.SYS
2009-06-06 02:04 45,056 a------- c:\windows\system32\WNASPI32.DLL
2009-06-06 02:04 <DIR> --d----- c:\program files\Free DVD Ripper
2009-06-06 01:49 <DIR> --d----- c:\programdata\Temp
2009-06-05 16:55 <DIR> --d----- c:\program files\iPod
2009-06-05 16:54 <DIR> --d----- c:\program files\iTunes
2009-06-03 11:49 <DIR> --d----- C:\AdobeTemp
2009-06-01 07:35 <DIR> --d----- c:\programdata\SmartSound Software Inc
2009-06-01 07:35 <DIR> --d----- c:\program files\SmartSound Software
2009-06-01 07:35 <DIR> --d----- c:\progra~2\SmartSound Software Inc
2009-06-01 07:11 <DIR> --d----- c:\program files\Windows Installer Clean Up
2009-06-01 07:11 <DIR> --d----- c:\program files\MSECACHE
2009-05-31 21:53 <DIR> --d----- c:\programdata\Minnetonka Audio Software
2009-05-31 21:53 <DIR> --d----- c:\progra~2\Minnetonka Audio Software
2009-05-31 21:08 <DIR> --d----- c:\windows\system32\eu-ES
2009-05-31 21:08 <DIR> --d----- c:\windows\system32\ca-ES
2009-05-31 21:08 <DIR> --d----- c:\windows\system32\vi-VN
2009-05-31 20:53 <DIR> --d----- c:\windows\system32\EventProviders
2009-05-31 20:51 1,362,944 a------- c:\windows\system32\wbem\cimwin32.dll
2009-05-31 20:50 449,024 a------- c:\windows\system32\termsrv.dll
2009-05-31 20:49 200,704 a------- c:\windows\system32\input.dll
2009-05-30 11:59 <DIR> --d----- c:\programdata\RapidSolution
2009-05-30 11:59 <DIR> --d----- c:\program files\RapidSolution
2009-05-30 11:59 <DIR> --d----- c:\progra~2\RapidSolution
2009-05-29 13:36 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-05-29 13:36 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-05-26 17:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-05-26 17:18 57,344 a------- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2009-06-19 03:28 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-19 03:28 51,200 a------- c:\windows\inf\infpub.dat
2009-06-18 09:05 86,016 a------- c:\windows\inf\infstor.dat
2009-06-18 01:49 55,302 a------- c:\programdata\nvModes.dat
2009-06-18 01:49 55,302 a------- c:\progra~2\nvModes.dat
2009-05-31 21:07 665,600 a------- c:\windows\inf\drvindex.dat
2009-05-16 02:35 73,312 a------- c:\windows\system32\drivers\adfs.sys
2009-05-11 09:35 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-09 09:48 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2009-05-09 09:43 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2009-05-09 00:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 00:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-05-05 12:15 1,095,808 a------- c:\windows\system32\drivers\smserial.sys
2009-05-02 09:47 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-02 09:47 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-02 09:47 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-28 19:52 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-04-28 12:30 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-24 01:46 174 a--sh--- c:\program files\desktop.ini
2009-04-24 01:22 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-04-24 01:22 82,432 a------- c:\windows\system32\axaltocm.dll
2009-04-23 22:48 272,896 a------- c:\windows\system32\polstore.dll
2009-04-23 22:48 61,440 a------- c:\windows\system32\winipsec.dll
2009-04-23 22:37 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-04-23 22:35 2,048 a------- c:\windows\system32\msxml3r.dll
2009-04-23 22:13 4,981,248 a------- c:\windows\system32\NlsLexicons0013.dll
2009-04-23 22:12 6,346,240 a------- c:\windows\system32\NlsLexicons001d.dll
2009-04-23 22:11 3,104,768 a------- c:\windows\system32\NlsData004c.dll
2009-04-23 22:06 6,656 a------- c:\windows\system32\kbd106n.dll
2009-04-23 22:03 9,728 a------- c:\windows\system32\lsass.exe
2009-04-23 22:02 37,888 a------- c:\windows\system32\printcom.dll
2009-04-23 22:01 14,848 a------- c:\windows\system32\wshrm.dll
2009-04-23 21:50 41,984 a------- c:\windows\system32\netfxperf.dll
2009-04-23 21:42 84,480 a------- c:\windows\system32\INETRES.dll
2009-04-23 21:40 2,048 a------- c:\windows\system32\msxml6r.dll
2009-04-23 21:10 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-04-23 21:10 83,456 a------- c:\windows\system32\wudriver.dll
2009-04-23 21:10 162,064 a------- c:\windows\system32\wuwebv.dll
2009-04-23 21:10 31,232 a------- c:\windows\system32\wuapp.exe
2009-04-23 21:04 27,430 a------- c:\users\andrew\appdata\roaming\nvModes.dat
2009-04-23 20:17 0 a--shr-- c:\windows\system32\drivers\103C_HP_cNB_Pavilion dv6700 Notebook PC_Y5335KV_0U_QCNF8063MRF_E459053-003_4A_I30D2_SQuanta_V79.28_F.45_T080116_WV3-0_L409_M3070_J250_7Intel_86FB_92.20_#071125_N10EC8136;80864222_(GP238AV)_XMOBILE_CN10_Z_2Rev 1.MRK
2009-04-23 07:15 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-11 01:33 986,600 a------- c:\windows\system32\winload.exe
2009-04-11 01:33 926,184 a------- c:\windows\system32\winresume.exe
2009-04-11 01:33 614,376 a------- c:\windows\system32\ci.dll
2009-04-11 01:32 50,664 a------- c:\windows\system32\PSHED.DLL
2009-04-11 01:32 3,601,896 a------- c:\windows\system32\ntkrnlpa.exe
2009-04-11 01:32 3,549,672 a------- c:\windows\system32\ntoskrnl.exe
2009-04-11 01:32 438,744 a------- c:\windows\system32\mcupdate_GenuineIntel.dll
2009-04-11 01:32 245,736 a------- c:\windows\system32\clfs.sys
2009-04-11 01:32 177,128 a------- c:\windows\system32\halmacpi.dll
2009-04-11 01:32 140,776 a------- c:\windows\system32\halacpi.dll
2009-04-11 01:32 17,896 a------- c:\windows\system32\kd1394.dll
2009-04-11 01:32 19,944 a------- c:\windows\system32\kdusb.dll
2009-04-11 01:32 17,384 a------- c:\windows\system32\kdcom.dll
2009-04-11 01:27 627,200 a------- c:\windows\system32\sethc.exe
2009-04-11 01:22 7,168 a------- c:\windows\system32\f3ahvoas.dll
2009-04-11 01:21 37,376 a------- c:\windows\system32\cdd.dll
2009-04-11 00:03 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-04-11 00:03 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-04-10 23:57 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-04-10 23:54 2,048 a------- c:\windows\system32\mferror.dll
2009-04-10 23:39 16,384 a------- c:\windows\system32\iscsilog.dll
2009-04-10 23:27 2,560 a------- c:\windows\system32\msimsg.dll
2009-04-10 23:23 289,792 a------- c:\windows\system32\atmfd.dll
2009-04-10 23:12 617,984 a------- c:\windows\system32\adtschema.dll
2009-04-10 20:59 107,612 a------- c:\windows\system32\StructuredQuerySchema.bin
2009-04-02 15:21 84,480 a------- c:\windows\system32\ff_vfw.dll
2009-03-29 23:42 278,848 a------- c:\windows\system32\mscoree.dll
2009-03-29 23:42 155,456 a------- c:\windows\system32\mscorier.dll
2009-03-29 23:42 93,512 a------- c:\windows\system32\dfshim.dll
2009-03-29 23:42 80,720 a------- c:\windows\system32\mscories.dll
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 20:32:16.89 ===============

Attached Files



#4 screen317

screen317

  • Malware Response Team
  • 236 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:09:05 PM

Posted 22 June 2009 - 08:43 PM

Hello AndrewGS and welcome to BleepingComputer.


Please register (it's free, don't worry) with PCPitStop and run the full tests here. When the tests are complete, a results page will pop up. Copy and paste the URL of the Results screen and post it here for me.

-screen317

#5 AndrewGS

AndrewGS
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Location:Houston, TX, USA
  • Local time:07:05 PM

Posted 26 June 2009 - 12:49 AM

Hello AndrewGS and welcome to BleepingComputer.


Please register (it's free, don't worry) with PCPitStop and run the full tests here. When the tests are complete, a results page will pop up. Copy and paste the URL of the Results screen and post it here for me.

-screen317


http://www.pcpitstop.com/betapit/sec.asp?conid=22308992

Edited by AndrewGS, 26 June 2009 - 12:55 AM.


#6 screen317

screen317

  • Malware Response Team
  • 236 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:09:05 PM

Posted 27 June 2009 - 08:52 PM

Hi AndrewGS,

PCPitStop didn't detect much amiss.


I do see many programs loading up at startup (many unnecessary).


Before we tackle those, we'll use ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

#7 AndrewGS

AndrewGS
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Location:Houston, TX, USA
  • Local time:07:05 PM

Posted 01 July 2009 - 01:31 AM

I'd like to run ComboFix, but I can't seem to shut down or uninstall AVG. ComboFix gives me a warning that I shouldn't run it with AVG running.

Thanks for the help thus far!

#8 screen317

screen317

  • Malware Response Team
  • 236 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:09:05 PM

Posted 01 July 2009 - 06:23 PM

Hi Andrew,

I'd like to run ComboFix, but I can't seem to shut down or uninstall AVG. ComboFix gives me a warning that I shouldn't run it with AVG running.

Thanks for the help thus far!

Okay, we will have ComboFix shut down AVG. :thumbup2:

Delete your copy of ComboFix.

Download the latest version from here. Save it to your Desktop but do NOT run it yet.

Navigate to Start --> Run, and enter the following command:

"%userprofile%\desktop\ComboFix.exe" /killall

ComboFix should run fine now..

-screen317

#9 AndrewGS

AndrewGS
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Location:Houston, TX, USA
  • Local time:07:05 PM

Posted 02 July 2009 - 02:14 AM

The ComboFix log:

ComboFix 09-06-29.07 - Andrew 07/02/2009 1:53.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1944 [GMT -5:00]
Running from: c:\users\Andrew\Desktop\ComboFix.exe
Command switches used :: /killall
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Andrew\AppData\Local\Temp\rad4E081.tmp\bin\Gadget.Interop.dll
c:\users\Andrew\AppData\Local\Temp\rad933EF.tmp\bin\x86\sharpwrapi_Win32.dll
c:\windows\system32\KBL.LOG
D:\Desktop.ini
F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-06-02 to 2009-07-02 )))))))))))))))))))))))))))))))
.

2009-07-02 06:58 . 2009-07-02 07:04 -------- d-----w- c:\users\Andrew\AppData\Local\temp
2009-07-01 06:09 . 2009-07-01 06:09 -------- d-----w- c:\users\Andrew\AppData\Roaming\WinPatrol
2009-07-01 06:09 . 2007-11-26 04:52 74 ----a-w- c:\users\Andrew\AppData\Roaming\WinPatrol\Autoexec.bat
2009-07-01 06:09 . 2006-09-18 21:43 10 ----a-w- c:\users\Andrew\AppData\Roaming\WinPatrol\Config.sys
2009-06-23 14:43 . 2009-06-23 14:43 -------- d-----w- c:\users\Andrew\AppData\Local\AVG Security Toolbar
2009-06-23 14:42 . 2009-06-23 14:40 832144 ----a-w- c:\programdata\avg8\update\backup\AVGToolbarInstall.exe
2009-06-23 14:42 . 2009-06-23 14:42 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-06-20 08:57 . 2009-06-20 08:57 -------- d-----w- c:\program files\Vodei
2009-06-18 15:48 . 2009-06-18 15:59 -------- d-----w- c:\program files\PurgeIE
2009-06-18 07:02 . 2009-06-18 07:02 -------- d-----w- c:\program files\MIKSOFT
2009-06-18 06:56 . 2009-06-18 07:02 -------- d-----w- c:\users\Andrew\AppData\Roaming\OxelonMC
2009-06-18 06:56 . 2009-06-18 07:02 -------- d-----w- c:\program files\OxelonMedia
2009-06-18 06:49 . 2002-01-05 19:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-06-18 06:49 . 2009-06-18 06:55 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-06-17 13:43 . 2009-06-18 06:20 -------- d-----w- c:\users\Andrew\AppData\Roaming\FahMon
2009-06-17 13:43 . 2009-06-17 13:43 -------- d-----w- c:\program files\FahMon
2009-06-17 13:43 . 2009-06-17 13:43 2338816 ----a-w- c:\users\Andrew\AppData\Roaming\Folding@home-x86\FahCore_78.exe
2009-06-17 13:42 . 2009-06-17 13:42 10134 ----a-r- c:\users\Andrew\AppData\Roaming\Microsoft\Installer\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}\_D153F602E769D1960CE13B.exe
2009-06-17 13:42 . 2009-06-17 13:42 98477 ----a-r- c:\users\Andrew\AppData\Roaming\Microsoft\Installer\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}\_6FEFF9B68218417F98F549.exe
2009-06-17 13:42 . 2009-06-17 13:42 98477 ----a-r- c:\users\Andrew\AppData\Roaming\Microsoft\Installer\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}\_2377D972A0372FCB34E3F7.exe
2009-06-17 13:41 . 2009-06-28 22:25 -------- d-----w- c:\users\Andrew\AppData\Roaming\Folding@home-x86
2009-06-17 13:41 . 2009-06-17 13:41 -------- d-----w- c:\program files\Folding@home
2009-06-13 02:42 . 2008-04-07 10:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2009-06-10 18:08 . 2009-06-10 18:08 -------- d-----w- c:\program files\Adobe Media Player
2009-06-10 18:07 . 2009-06-10 18:07 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-10 15:04 . 2009-04-21 11:39 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-06-10 15:04 . 2009-04-23 12:14 623616 ----a-w- c:\windows\system32\localspl.dll
2009-06-10 15:03 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-10 15:03 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-10 15:03 . 2009-04-23 12:15 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-06 07:04 . 2002-07-17 20:23 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2009-06-06 07:04 . 2002-07-17 20:20 84832 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2009-06-06 07:04 . 2009-06-06 07:04 -------- d-----w- c:\program files\Free DVD Ripper
2009-06-06 06:49 . 2009-06-06 06:48 36864 ----a-w- c:\programdata\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
2009-06-05 21:55 . 2009-06-05 21:55 -------- d-----w- c:\program files\iPod
2009-06-05 21:54 . 2009-06-05 21:55 -------- d-----w- c:\program files\iTunes
2009-06-05 21:52 . 2009-06-05 21:53 -------- d-----w- c:\program files\QuickTime
2009-06-05 21:45 . 2009-06-05 21:45 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-03 16:49 . 2009-06-28 02:12 -------- d-----w- C:\AdobeTemp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-02 07:05 . 2009-05-19 03:10 117760 ----a-w- c:\users\Andrew\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-01 06:18 . 2009-04-24 02:37 55302 ----a-w- c:\programdata\nvModes.dat
2009-07-01 06:12 . 2009-04-24 01:51 -------- d-----w- c:\programdata\avg8
2009-06-23 14:40 . 2009-04-24 01:51 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-23 14:40 . 2009-04-24 01:51 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-23 14:40 . 2009-04-24 01:51 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-19 08:37 . 2009-04-24 23:30 -------- d-----w- c:\programdata\Apple
2009-06-16 03:38 . 2007-11-26 03:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-10 15:11 . 2007-11-26 04:40 -------- d-----w- c:\program files\Microsoft Works
2009-06-10 15:10 . 2007-11-26 05:02 -------- d-----w- c:\programdata\Microsoft Help
2009-06-09 14:15 . 2009-04-29 00:55 -------- d-----w- c:\users\Andrew\AppData\Roaming\CyberLink
2009-06-05 21:54 . 2009-04-24 23:30 -------- d-----w- c:\program files\Common Files\Apple
2009-06-01 12:42 . 2009-04-24 01:29 84352 ----a-w- c:\users\Andrew\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-01 12:37 . 2007-11-26 05:10 -------- d-----w- c:\program files\CyberLink
2009-06-01 12:36 . 2009-06-01 12:35 -------- d-----w- c:\programdata\SmartSound Software Inc
2009-06-01 12:35 . 2009-06-01 12:35 -------- d-----w- c:\program files\SmartSound Software
2009-06-01 12:11 . 2009-06-01 12:11 3584 ----a-r- c:\users\Andrew\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-06-01 12:11 . 2009-06-01 12:11 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-06-01 12:11 . 2009-06-01 12:11 -------- d-----w- c:\program files\MSECACHE
2009-06-01 03:08 . 2009-06-01 03:08 -------- d-----w- c:\users\Andrew\AppData\Roaming\HP
2009-06-01 03:08 . 2007-11-26 05:08 -------- d-----w- c:\programdata\HP
2009-06-01 02:53 . 2009-06-01 02:53 -------- d-----w- c:\programdata\Minnetonka Audio Software
2009-06-01 02:10 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-06-01 02:10 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-01 02:10 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-06-01 02:09 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-06-01 02:09 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-06-01 02:09 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-06-01 02:09 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-06-01 02:07 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-01 02:07 . 2008-02-15 19:34 -------- d-----w- c:\programdata\NVIDIA
2009-05-30 16:59 . 2009-05-30 16:59 -------- d-----w- c:\programdata\RapidSolution
2009-05-30 16:59 . 2009-05-30 16:59 -------- d-----w- c:\program files\RapidSolution
2009-05-29 18:36 . 2009-05-29 18:36 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-29 18:36 . 2009-05-29 18:36 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-19 06:43 . 2009-05-19 06:43 -------- d-----w- c:\program files\IObit
2009-05-19 06:16 . 2009-05-19 06:16 100 ----a-w- c:\users\Andrew\AppData\Roaming\Systweak\AdvancedVistaOptimizer2009\bcd.bat
2009-05-19 05:59 . 2009-05-19 05:59 -------- d-----w- c:\users\Andrew\AppData\Roaming\GTek
2009-05-19 05:51 . 2009-05-19 05:46 -------- d-----w- c:\users\Andrew\AppData\Roaming\Systweak
2009-05-19 05:50 . 2009-05-19 05:50 -------- d-----w- c:\program files\Systweak
2009-05-19 04:51 . 2009-05-19 04:51 -------- d-----w- c:\users\Andrew\AppData\Roaming\IObit
2009-05-19 03:15 . 2009-04-24 16:46 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-05-19 03:08 . 2009-05-19 03:08 -------- d-----w- c:\users\Andrew\AppData\Roaming\SUPERAntiSpyware.com
2009-05-19 03:07 . 2009-05-19 03:07 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-17 05:43 . 2009-05-17 05:38 -------- d-----w- c:\program files\Wheel Of Fortune 2
2009-05-17 05:39 . 2009-05-17 05:39 -------- d-----w- c:\programdata\Sony Online Entertainment
2009-05-16 07:35 . 2008-08-14 12:57 73312 ----a-w- c:\windows\system32\drivers\adfs.sys
2009-05-16 07:28 . 2007-11-26 05:09 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-16 06:43 . 2009-05-16 06:43 -------- d-----w- c:\programdata\FLEXnet
2009-05-16 06:36 . 2009-05-16 06:36 -------- d-----w- c:\programdata\ALM
2009-05-16 06:32 . 2009-04-24 18:47 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-05-16 06:06 . 2009-05-16 06:06 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-05-13 09:11 . 2009-05-13 09:11 -------- d-----w- c:\programdata\Zabersoft
2009-05-13 09:11 . 2009-05-13 09:11 -------- d-----w- c:\program files\PimpFish
2009-05-13 09:07 . 2009-05-13 09:07 -------- d-----w- c:\programdata\Keronsoft
2009-05-13 08:39 . 2009-05-13 08:27 -------- d-----w- c:\program files\Mihov Picture Downloader
2009-05-13 08:35 . 2009-05-13 08:35 -------- d-----w- c:\programdata\Kavatec
2009-05-12 04:17 . 2009-05-12 04:17 -------- d-----w- c:\program files\Internet Image Hunter
2009-05-11 14:35 . 2009-05-11 14:35 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-11 14:35 . 2007-11-26 05:37 -------- d-----w- c:\program files\Java
2009-05-09 15:44 . 2009-05-09 15:44 -------- d-----w- c:\program files\IrfanView
2009-05-09 14:48 . 2009-05-09 14:48 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2009-05-09 14:43 . 2009-05-09 14:43 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2009-05-07 12:59 . 2009-04-24 23:33 -------- d-----w- c:\users\Andrew\AppData\Roaming\Apple Computer
2009-05-05 17:15 . 2009-05-05 17:15 1095808 ----a-w- c:\windows\system32\drivers\smserial.sys
2009-05-02 14:47 . 2009-04-24 01:51 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-29 00:52 . 2009-04-29 00:52 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-04-25 02:24 . 2009-04-25 02:24 53248 ----a-r- c:\users\Andrew\AppData\Roaming\Microsoft\Installer\{DC33421C-0E1C-470A-BE37-7B7C82677812}\EchoLink_Web_Site._B5759EDEA3D244BBB2AAF1B15E1EC021.exe
2009-04-25 02:24 . 2009-04-25 02:24 53248 ----a-r- c:\users\Andrew\AppData\Roaming\Microsoft\Installer\{DC33421C-0E1C-470A-BE37-7B7C82677812}\EchoLink_Support.u_B5759EDEA3D244BBB2AAF1B15E1EC021.exe
2009-04-25 02:24 . 2009-04-25 02:24 45056 ----a-r- c:\users\Andrew\AppData\Roaming\Microsoft\Installer\{DC33421C-0E1C-470A-BE37-7B7C82677812}\EchoLink.chm_B5759EDEA3D244BBB2AAF1B15E1EC021.exe
2009-04-25 02:24 . 2009-04-25 02:24 40960 ----a-r- c:\users\Andrew\AppData\Roaming\Microsoft\Installer\{DC33421C-0E1C-470A-BE37-7B7C82677812}\EchoLink.exe11_B5759EDEA3D244BBB2AAF1B15E1EC021.exe
2009-04-25 02:24 . 2009-04-25 02:24 40960 ----a-r- c:\users\Andrew\AppData\Roaming\Microsoft\Installer\{DC33421C-0E1C-470A-BE37-7B7C82677812}\EchoLink.exe1_B5759EDEA3D244BBB2AAF1B15E1EC021.exe
2009-04-25 02:24 . 2009-04-25 02:24 40960 ----a-r- c:\users\Andrew\AppData\Roaming\Microsoft\Installer\{DC33421C-0E1C-470A-BE37-7B7C82677812}\ARPPRODUCTICON.exe
2009-04-24 06:22 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-04-24 06:22 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-04-24 04:24 . 2009-04-24 04:24 7040776 ----a-w- c:\users\Andrew\AppData\Roaming\MySpace\IM\Install\MSIMClientSetup.1.0.789.0-static-A.exe
2009-04-24 03:48 . 2009-04-24 03:48 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-04-24 03:48 . 2009-04-24 03:48 272896 ----a-w- c:\windows\system32\polstore.dll
2009-04-24 03:35 . 2009-04-24 03:35 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-04-24 03:13 . 2009-04-24 03:13 4981248 ----a-w- c:\windows\system32\NlsLexicons0013.dll
2009-04-24 03:12 . 2009-04-24 03:12 6346240 ----a-w- c:\windows\system32\NlsLexicons001d.dll
2009-04-24 03:11 . 2009-04-24 03:11 3104768 ----a-w- c:\windows\system32\NlsData004c.dll
2009-04-24 03:06 . 2009-04-24 03:06 6656 ----a-w- c:\windows\system32\kbd106n.dll
2009-04-24 03:03 . 2009-04-24 03:03 9728 ----a-w- c:\windows\system32\lsass.exe
2009-04-24 03:02 . 2009-04-24 03:02 37888 ----a-w- c:\windows\system32\printcom.dll
2009-04-24 03:01 . 2009-04-24 03:01 14848 ----a-w- c:\windows\system32\wshrm.dll
2009-04-24 02:50 . 2009-04-24 02:50 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-04-24 02:42 . 2009-04-24 02:42 84480 ----a-w- c:\windows\system32\INETRES.dll
2009-04-24 02:40 . 2009-04-24 02:40 2048 ----a-w- c:\windows\system32\msxml6r.dll
2009-04-24 02:10 . 2009-04-24 02:10 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-04-24 02:10 . 2009-04-24 02:10 43544 ----a-w- c:\windows\system32\wups2.dll
2009-04-24 02:10 . 2009-04-24 02:10 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-04-24 02:10 . 2009-04-24 02:10 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-04-24 02:10 . 2009-04-24 02:10 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-04-24 02:10 . 2009-04-24 02:10 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-04-24 02:10 . 2009-04-24 02:10 34328 ----a-w- c:\windows\system32\wups.dll
2009-04-24 02:10 . 2009-04-24 02:10 31232 ----a-w- c:\windows\system32\wuapp.exe
2009-04-24 02:10 . 2009-04-24 02:10 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-04-24 02:04 . 2009-04-24 02:03 27430 ----a-w- c:\users\Andrew\AppData\Roaming\nvModes.dat
2009-04-11 06:33 . 2009-06-01 01:51 986600 ----a-w- c:\windows\system32\winload.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 21:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnhancedStorageShell]
@="{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}"
[HKEY_CLASSES_ROOT\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}]
2009-04-11 06:28 114176 ----a-w- c:\windows\System32\EhStorShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-17 1830128]
"AVO Ram Optimizer"="c:\program files\systweak\advanced vista optimizer 2009\AVO.exe" [2009-01-09 216296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-05-05 1466368]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-11 148888]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-23 1948440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-10 37888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-29 198160]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-03-11 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-08-17 4702208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-3-14 2756608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"BindDirectlyToPropertySetStorage"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:thumbup2::d4,b7,e8,68,5f,e2,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-529898789-909434743-3839394550-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{334D7D46-1D66-4022-9908-87E1DE0A7302}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{BB94DB1A-C77D-4DCA-92AD-54C57CE00BEE}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{88901493-73B5-4508-B2C1-6B1321D319F1}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A61FFC8C-9F51-4B08-85B3-F734AEE8DD31}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{024EC2AC-121D-42C7-B3BF-433BBDDF1748}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{7B7D14B1-C7CA-4E65-A56B-B4E6D0B1FF4B}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{547192FF-6A40-4864-9D00-AFECDB174310}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{391B6388-EF39-4888-80F0-848D80BEDBAC}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F03776F8-FA59-4F49-A87C-38E4C8EA9856}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{83C3586C-66B5-4931-BFDD-44D97CCBE7FF}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A6CFE4D9-FAAA-4D67-8343-52AB596F832C}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{9C4056F1-7086-412C-A33D-502CAB23EDE8}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{4F0B463E-A3AB-4577-BFE5-803F25096473}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{74F74EF8-EF08-48FF-BF1F-2BEE493AF237}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{CD4996E9-B1CC-4152-85BC-A617BD061DD8}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{80AE82C2-608A-48E4-A962-939EEEE51FFA}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{1B0BCE6C-386B-4EEE-839A-3E7547A6C286}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{84ECD28D-0A1C-4B8C-8716-1834C1D88AF7}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{99D5D2DC-29E5-4D5D-BABF-39180D9CB46E}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{88955256-6151-4D49-83B4-49AD001BED9D}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{00CC1C27-EB1C-4543-9943-E22230A33188}"= c:\program files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{18DBB6E0-8D51-4C05-9963-660541B5739E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4C767320-2497-404A-B108-1DD05A3250DB}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{52D831C8-3DA7-480F-8FE0-0A6F0115B9E6}c:\\program files\\echolink\\echolink\\echolink.exe"= UDP:c:\program files\echolink\echolink\echolink.exe:EchoLink
"UDP Query User{0BD386D1-6810-41E7-95D8-0371BC9B1656}c:\\program files\\echolink\\echolink\\echolink.exe"= TCP:c:\program files\echolink\echolink\echolink.exe:EchoLink
"TCP Query User{2F577546-0FA7-476B-9AD0-97B2EC7E5D6D}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{2B20A891-A5A0-4861-9B29-6F1D43C554C7}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{56D77CD7-9A33-404B-8337-4A37BE605F01}"= UDP:5353:Adobe CSI CS4
"{5523C7E9-F2BA-4F6B-A3BC-896CD3AC6DED}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{189DA5AF-90AA-40CB-93F0-35343D45E6EC}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{06303169-833C-43B0-8F68-F780453ED461}"= UDP:3703:Adobe Version Cue CS4 Server
"{EAD19FD9-1638-42BF-BDE6-05F234F981F8}"= UDP:3704:Adobe Version Cue CS4 Server
"{7988E36B-C880-4E29-8699-A875D43D3B0C}"= UDP:51000:Adobe Version Cue CS4 Server
"{5B0BB113-6039-4FA8-AE3C-B44F3006575A}"= UDP:51001:Adobe Version Cue CS4 Server
"{3C291B1B-FAB6-4BCA-9A25-883945988615}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server
"{DA1789A2-BD36-4006-B2EF-E64841175DB4}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server
"{A932CDA1-8B5C-493E-AF9A-0B6F9A35CAED}"= c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{AB381B77-047D-4723-8944-B6ED8FDAF8FB}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{F22F7CD2-9D1E-4ED1-81A9-2EAAD9116FAB}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{94F88648-4584-4296-8F5F-F5459BD813DE}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{8E1A9967-D497-4BB8-96FF-FE3F957A6396}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2009-03-13 288112]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-06-23 327688]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-02 108552]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-05-19 9968]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-06-23 906520]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-06-23 298776]
S2 AVO2009 Defrag;AVO2009 Defrag;c:\program files\Systweak\Advanced Vista Optimizer 2009\AVODefragService32.exe [2009-01-09 398056]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-07-02 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-05-19 16:32]

2009-07-02 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-05-19 20:54]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: PimpFish Basic - Grab movies on this page - c:\program files\PimpFish\GRABPAGEMOVIES.HTM
IE: PimpFish Basic - Grab pictures on this page - c:\program files\PimpFish\GRABPAGEPICS.HTM
IE: PimpFish Basic - Grab pictures this page links to - c:\program files\PimpFish\GRABPAGELINKS.HTM
IE: PimpFish Basic - Grab Target File - c:\program files\PimpFish\GRABLINK.HTM
IE: PimpFish Basic - Grab This Picture - c:\program files\PimpFish\GRABPIC.HTM
FF - ProfilePath - c:\users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\p7ed524s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/defaulta.aspx
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: c:\users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\p7ed524s.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-02 02:03
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-529898789-909434743-3839394550-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:75,25,5b,4e,a2,a1,a3,9c,80,ca,45,5a,90,cc,34,c0,63,32,1e,ea,08,42,2c,
ab,ba,0f,df,a9,bb,ef,f2,9e,83,49,21,a7,58,69,61,2e,7d,d9,62,ea,98,5e,b1,d4,\
"??"=hex:6e,72,89,d0,89,1f,c9,75,a2,fb,02,a5,c9,a4,eb,84

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\windows\System32\rundll32.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-07-02 2:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-02 07:10

Pre-Run: 142,117,490,688 bytes free
Post-Run: 142,324,645,888 bytes free

378 --- E O F --- 2009-06-24 14:34


New DDS log:

DDS (Ver_09-06-26.01) - NTFSx86
Run by Andrew at 2:16:32.21 on Thu 07/02/2009
Internet Explorer: 8.0.6001.18783 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1918 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Systweak\Advanced Vista Optimizer 2009\AVODefragService32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\WindowsMobile\wmdc.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\mobsync.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\Explorer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Andrew\Desktop\dds.scr

============== Pseudo HJT Report ===============

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: PimpFish Basic Toolbar Opcode Handler: {29c88e20-4234-41b9-a9db-982958c95fb1} - c:\program files\pimpfish\PimpFish.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: FloatBar Class: {75b1a646-cdce-4c06-b52f-84f4463b4fc8} - c:\program files\pimpfish\FloatBar.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: PimpFish Basic: {d593de91-7b41-45c2-830e-e9a99ab142aa} - c:\program files\pimpfish\PimpFish.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [AVO Ram Optimizer] c:\program files\systweak\advanced vista optimizer 2009\AVO.exe -s
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\users\andrew\appdata\roaming\micros~1\windows\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Winamp Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Append to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: PimpFish Basic - Grab movies on this page - c:\program files\pimpfish\GRABPAGEMOVIES.HTM
IE: PimpFish Basic - Grab pictures on this page - c:\program files\pimpfish\GRABPAGEPICS.HTM
IE: PimpFish Basic - Grab pictures this page links to - c:\program files\pimpfish\GRABPAGELINKS.HTM
IE: PimpFish Basic - Grab Target File - c:\program files\pimpfish\GRABLINK.HTM
IE: PimpFish Basic - Grab This Picture - c:\program files\pimpfish\GRABPIC.HTM
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\windows\system32\avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\andrew\appdata\roaming\mozilla\firefox\profiles\p7ed524s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/defaulta.aspx
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: c:\users\andrew\appdata\roaming\mozilla\firefox\profiles\p7ed524s.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-23 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-23 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-2-17 9968]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-4-23 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-23 298776]
R2 AVO2009 Defrag;AVO2009 Defrag;c:\program files\systweak\advanced vista optimizer 2009\AVODefragService32.exe [2009-5-19 398056]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-4-23 24652]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-6-6 84832]

=============== Created Last 30 ================

2009-07-02 02:03 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-07-02 01:51 161,792 a------- c:\windows\SWREG.exe
2009-07-02 01:51 155,136 a------- c:\windows\PEV.exe
2009-07-02 01:51 98,816 a------- c:\windows\sed.exe
2009-07-01 01:09 <DIR> --d----- c:\users\andrew\appdata\roaming\WinPatrol
2009-06-23 09:42 <DIR> --d----- c:\programdata\AVG Security Toolbar
2009-06-23 09:42 <DIR> --d----- c:\progra~2\AVG Security Toolbar
2009-06-20 03:57 <DIR> --d----- c:\program files\Vodei
2009-06-18 10:48 <DIR> --d----- c:\program files\PurgeIE
2009-06-18 02:02 <DIR> --d----- c:\program files\MIKSOFT
2009-06-18 01:56 <DIR> --d----- c:\users\andrew\appdata\roaming\OxelonMC
2009-06-18 01:56 <DIR> --d----- c:\program files\OxelonMedia
2009-06-18 01:49 344,064 a------- c:\windows\system32\msvcr70.dll
2009-06-18 01:49 <DIR> --d----- c:\program files\common files\DVDVideoSoft
2009-06-17 08:43 <DIR> --d----- c:\users\andrew\appdata\roaming\FahMon
2009-06-17 08:43 <DIR> --d----- c:\program files\FahMon
2009-06-17 08:41 <DIR> --d----- c:\users\andrew\appdata\roaming\Folding@home-x86
2009-06-17 08:41 <DIR> --d----- c:\program files\Folding@home
2009-06-12 21:42 22,872 a----r-- c:\windows\system32\AdobePDFUI.dll
2009-06-10 10:04 2,034,688 a------- c:\windows\system32\win32k.sys
2009-06-10 10:04 623,616 a------- c:\windows\system32\localspl.dll
2009-06-06 02:04 84,832 a------- c:\windows\system32\drivers\ASPI32.SYS
2009-06-06 02:04 45,056 a------- c:\windows\system32\WNASPI32.DLL
2009-06-06 02:04 <DIR> --d----- c:\program files\Free DVD Ripper
2009-06-06 01:49 <DIR> --d----- c:\programdata\Temp
2009-06-05 16:55 <DIR> --d----- c:\program files\iPod
2009-06-05 16:54 <DIR> --d----- c:\program files\iTunes
2009-06-03 11:49 <DIR> --d----- C:\AdobeTemp

==================== Find3M ====================

2009-07-01 01:18 55,302 a------- c:\programdata\nvModes.dat
2009-07-01 01:18 55,302 a------- c:\progra~2\nvModes.dat
2009-06-25 10:16 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-25 10:16 51,200 a------- c:\windows\inf\infpub.dat
2009-06-23 09:40 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-23 09:40 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-18 09:05 86,016 a------- c:\windows\inf\infstor.dat
2009-05-31 21:07 665,600 a------- c:\windows\inf\drvindex.dat
2009-05-29 13:36 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-05-29 13:36 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-05-16 02:35 73,312 a------- c:\windows\system32\drivers\adfs.sys
2009-05-11 09:35 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-09 09:48 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2009-05-09 09:43 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2009-05-09 00:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 00:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-05-05 12:15 1,095,808 a------- c:\windows\system32\drivers\smserial.sys
2009-04-28 19:52 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-04-24 01:46 174 a--sh--- c:\program files\desktop.ini
2009-04-24 01:22 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-04-24 01:22 82,432 a------- c:\windows\system32\axaltocm.dll
2009-04-23 22:48 272,896 a------- c:\windows\system32\polstore.dll
2009-04-23 22:48 61,440 a------- c:\windows\system32\winipsec.dll
2009-04-23 22:37 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-04-23 22:35 2,048 a------- c:\windows\system32\msxml3r.dll
2009-04-23 22:13 4,981,248 a------- c:\windows\system32\NlsLexicons0013.dll
2009-04-23 22:12 6,346,240 a------- c:\windows\system32\NlsLexicons001d.dll
2009-04-23 22:11 3,104,768 a------- c:\windows\system32\NlsData004c.dll
2009-04-23 22:06 6,656 a------- c:\windows\system32\kbd106n.dll
2009-04-23 22:03 9,728 a------- c:\windows\system32\lsass.exe
2009-04-23 22:02 37,888 a------- c:\windows\system32\printcom.dll
2009-04-23 22:01 14,848 a------- c:\windows\system32\wshrm.dll
2009-04-23 21:50 41,984 a------- c:\windows\system32\netfxperf.dll
2009-04-23 21:42 84,480 a------- c:\windows\system32\INETRES.dll
2009-04-23 21:40 2,048 a------- c:\windows\system32\msxml6r.dll
2009-04-23 21:10 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-04-23 21:10 83,456 a------- c:\windows\system32\wudriver.dll
2009-04-23 21:10 162,064 a------- c:\windows\system32\wuwebv.dll
2009-04-23 21:10 31,232 a------- c:\windows\system32\wuapp.exe
2009-04-23 21:04 27,430 a------- c:\users\andrew\appdata\roaming\nvModes.dat
2009-04-23 07:15 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-11 01:33 986,600 a------- c:\windows\system32\winload.exe
2009-04-11 01:33 926,184 a------- c:\windows\system32\winresume.exe
2009-04-11 01:33 614,376 a------- c:\windows\system32\ci.dll
2009-04-11 01:32 50,664 a------- c:\windows\system32\PSHED.DLL
2009-04-11 01:32 3,601,896 a------- c:\windows\system32\ntkrnlpa.exe
2009-04-11 01:32 3,549,672 a------- c:\windows\system32\ntoskrnl.exe
2009-04-11 01:32 438,744 a------- c:\windows\system32\mcupdate_GenuineIntel.dll
2009-04-11 01:32 245,736 a------- c:\windows\system32\clfs.sys
2009-04-11 01:32 177,128 a------- c:\windows\system32\halmacpi.dll
2009-04-11 01:32 140,776 a------- c:\windows\system32\halacpi.dll
2009-04-11 01:32 17,896 a------- c:\windows\system32\kd1394.dll
2009-04-11 01:32 19,944 a------- c:\windows\system32\kdusb.dll
2009-04-11 01:32 17,384 a------- c:\windows\system32\kdcom.dll
2009-04-11 01:27 627,200 a------- c:\windows\system32\sethc.exe
2009-04-11 01:22 7,168 a------- c:\windows\system32\f3ahvoas.dll
2009-04-11 01:21 37,376 a------- c:\windows\system32\cdd.dll
2009-04-11 00:03 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-04-11 00:03 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-04-10 23:57 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-04-10 23:54 2,048 a------- c:\windows\system32\mferror.dll
2009-04-10 23:39 16,384 a------- c:\windows\system32\iscsilog.dll
2009-04-10 23:27 2,560 a------- c:\windows\system32\msimsg.dll
2009-04-10 23:23 289,792 a------- c:\windows\system32\atmfd.dll
2009-04-10 23:12 617,984 a------- c:\windows\system32\adtschema.dll
2009-04-10 20:59 107,612 a------- c:\windows\system32\StructuredQuerySchema.bin
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 2:16:53.88 ===============

Attached Files


Edited by AndrewGS, 02 July 2009 - 02:20 AM.


#10 screen317

screen317

  • Malware Response Team
  • 236 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:09:05 PM

Posted 05 July 2009 - 06:20 PM

Hello,


I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". I suggest you remove the program now. Navigate to Start --> Control Panel --> Add or Remove Programs and uninstall the following programs if present.
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
  • Viewpoint Toolbar

Let me know if you decided to uninstall it. Also, your version of Acrobat Reader is out of date. Instead of Acrobat Reader, I recommend the less bloated and open source (free) Foxit Reader[/ur].

In addition, I recommend uninstalling AVO Ram Optimizer. As you can see, it's not doing anything for your startup and shut down times.



Regarding your slow startup and shut down, since your computer has above average specs, the problem lies with the number of applications and services attempting to run on startup. Disabling the unnecessary startup entries will free resources and allow your computer to boot more quickly. All of the following can be started manually if you need to use them, but if you trust my recommendation below, running the following Registry fix (which we will make a backup for first) will probably result in a considerable performance boost.


First, delete this file:
c:\users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk


Next, please back your Registry with ERUNT.
  • Please use the following link and scroll down to ERUNT and download it.
    [url="http://aumha.org/freeware/freeware.php"]http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe



Please open Notepad. Copy and paste the following text (starting with REGEDIT4) into the Notepad document.

Navigate to File --> Save As..., and save the file as Fix.reg (make sure the Save As Type is set to All Files).

Save it to your Desktop.

REGEDIT4


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=-
"LightScribe Control Panel"=-
"SUPERAntiSpyware"=-
"AVO Ram Optimizer"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QPService"=-
"UCam_Menu"=-
"SunJavaUpdateSched"=-
"WinampAgent"=-
"Adobe Reader Speed Launcher"=-
"TkBellExe"=-
"AdobeCS4ServiceManager"=-
"Adobe Acrobat Speed Launcher"=-
"Acrobat Assistant 8.0"=-
"QuickTime Task"=-
"UpdatePDRShortCut"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"=-


Now navigate to your Desktop, and double click fix.reg (Click Yes to the prompt).


Restart your computer a couple times and see if you notice any difference in performance.

If there were any adverse effects (which there shouldn't be...), let me know and we'll address them.

-screen317

#11 AndrewGS

AndrewGS
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Location:Houston, TX, USA
  • Local time:07:05 PM

Posted 09 July 2009 - 01:49 PM

I notice it's a little quicker on the startup, but the shutdown is still quite lengthy. It's ok though, as long as there are no apparent problems.

Thanks for the help!

#12 screen317

screen317

  • Malware Response Team
  • 236 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:09:05 PM

Posted 10 July 2009 - 10:58 PM

You're welcome. Nothing else I can see. :thumbup2: I'll keep this topic open for a while in case you have any other questions...

Do this please:

Navigate to Start --> Run, and type Combofix /u in the box that appears. Click OK afterwards. Notice the space between the X and the /u

This uninstalls all of ComboFix's components.

-screen317

Edited by screen317, 10 July 2009 - 10:58 PM.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users