1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Searching for removal tools for virus

Discussion in 'Malware and Virus Removal Archive' started by joesteph, 2009/09/16.

  1. 2009/09/16
    joesteph

    joesteph Inactive Thread Starter

    Joined:
    2004/09/11
    Messages:
    43
    Likes Received:
    0
    [Inactive] Searching for removal tools for virus

    Hi there,

    I couldn't find what I was looking for going through the FAQ's, so here is my issue. I have currently 2 viruses that have been detected by telus securities. They are: Backdoor.Win32.Bredolab.wt and Backdoor.Wind32.Bredolab.wa.

    Would anyone have a solution on how to get rid of these viruses before I dump the whole thing??

    Thank-you,
    Your help is much appreciated,

    Lucy
     
    joesteph,
    #1
  2. 2009/09/16
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Please read this as indicated at the head of the forum and post the logs requested in this thread.
     
    PeteC,
    #2


  3. to hide this advert.

  4. 2009/09/16
    joesteph

    joesteph Inactive Thread Starter

    Joined:
    2004/09/11
    Messages:
    43
    Likes Received:
    0
    Thank-you Pete!
    Here are the results:


    DDS (Ver_09-07-30.01) - NTFSx86
    Run by Lucy at 11:22:58.48 on Wed 09/16/2009
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2264 [GMT -7:00]

    AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: TELUS security services Anti-Virus *On-access scanning enabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
    FW: TELUS security services Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
    FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\TELUS\TELUS security services\Fws.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
    svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\TELUS\TELUS security advisor\Tsa.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSMonitor.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\AVG\AVG8\avgui.exe
    C:\Program Files\AVG\AVG8\avgscanx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\IncrediMail\Bin\IncMail.exe
    C:\Program Files\IncrediMail\bin\IMApp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Lucy\Local Settings\Temporary Internet Files\Content.IE5\DAVOZXOC\dds[1].scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    uURLSearchHooks: H - No File
    BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program files\stopzilla!\SZSG.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: PopKill Class: {3c060ea2-e6a9-4e49-a530-d4657b8c449a} - c:\program files\telus\telus security services\pkR.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files\stopzilla!\SZSG.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
    uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [UIUCU] c:\docume~1\lucy\locals~1\temp\UIUCU.EXE -CLEAN_UP -S
    mRun: [Tsa.exe] "c:\program files\telus\telus security advisor\Tsa.exe" /AUTORUN
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
    mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe "
    mRun: [<NO NAME>]
    mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe "
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [AVGIDS] "c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSUI.exe "
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1250834685500
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: avgrsstarter - avgrsstx.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\lucy\applic~1\mozilla\firefox\profiles\o4rq1e2e.default\
    FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
    FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
    FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.1691.8062\npCIDetect13.dll
    FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\telus\telus security advisor\nprpspa.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref( "media.enforce_same_site_origin ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "media.cache_size ", 51200);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "media.ogg.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "media.wave.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "media.autoplay.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.urlbar.autocomplete.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "capability.policy.mailnews.*.wholeText ", "noAccess ");
    c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.storage.default_quota ", 5120);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "content.sink.event_probe_rate ", 3);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.http.prompt-temp-redirect ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "layout.css.dpi ", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "layout.css.devPixelsPerPx ", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "gestures.enable_single_finger_input ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.max_chrome_script_run_time ", 0);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.tcp.sendbuffer ", 131072);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "geo.enabled ", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.remember_cert_checkbox_default_setting ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr ", "moz35 ");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-cjkt ", "moz35 ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.blocklist.level ", 2);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.urlbar.restrict.typed ", "~ ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.urlbar.default.behavior ", 0);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.history ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.formdata ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.passwords ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.downloads ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.cookies ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.cache ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.sessions ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.offlineApps ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.siteSettings ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.history ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.formdata ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.passwords ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.downloads ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.cookies ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.cache ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.sessions ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.offlineApps ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.siteSettings ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.sanitize.migrateFx3Prefs ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.ssl_override_behavior ", 2);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "security.alternate_certificate_error_page ", "certerror ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.privatebrowsing.autostart ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.privatebrowsing.dont_prompt_on_enter ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "geo.wifi.uri ", "https://www.google.com/loc/json ");

    ============= SERVICES / DRIVERS ===============

    R0 AVGIDSErHr;AVGIDSErHr;c:\windows\system32\drivers\AVGIDSErHr.sys [2009-7-22 25608]
    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-9-16 12552]
    R0 KL1;KL1;c:\windows\system32\drivers\kl1.sys [2009-8-20 112144]
    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-9-15 28544]
    R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [2009-5-12 61328]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-16 335240]
    R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-16 27784]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-16 108552]
    R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-8-20 196368]
    R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-9-16 908056]
    R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-9-16 297752]
    R2 avgfws8;AVG8 Firewall;c:\progra~1\avg\avg8\avgfws8.exe [2009-9-16 1370488]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSAgent.exe [2009-7-22 5641736]
    R2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSWatcher.exe [2009-7-22 571912]
    R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2009-7-20 935208]
    R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-9-16 29208]
    R3 AVGIDSDriver;AVGIDSDriver;c:\program files\avg\avg8\identityprotection\agent\driver\platform_xp\AVGIDSDriver.sys [2009-7-22 121352]
    R3 AVGIDSFilter;AVGIDSFilter;c:\program files\avg\avg8\identityprotection\agent\driver\platform_xp\AVGIDSFilter.sys [2009-7-22 30216]
    R3 AVGIDSShim;AVGIDSShim;c:\program files\avg\avg8\identityprotection\agent\driver\platform_xp\AVGIDSShim.sys [2009-7-22 27232]
    S2 gupdate1ca22a45ec9e0f0;Google Update Service (gupdate1ca22a45ec9e0f0);c:\program files\google\update\GoogleUpdate.exe [2009-8-21 133104]
    S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-5-14 309744]
    S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-5-14 166384]
    S2 SessionLauncher;SessionLauncher;c:\docume~1\lucy\locals~1\temp\dx9\sessionlauncher.exe --> c:\docume~1\lucy\locals~1\temp\dx9\SessionLauncher.exe [?]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-9-16 29208]
    S3 getPlusHelper;getPlus(R) Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-4 14336]
    S3 Radialpoint Security Services;TELUS security services;c:\program files\telus\telus security services\RpsSecurityAwareR.exe [2008-12-9 97520]
    S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-5-14 1120752]

    =============== Created Last 30 ================

    2009-09-16 10:24 <DIR> --d-h--- C:\$AVG8.VAULT$
    2009-09-16 10:00 744 a------- c:\windows\system32\drivers\kgpcpy.cfg
    2009-09-16 09:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Downloaded Installations
    2009-09-16 09:52 11,952 a------- c:\windows\system32\avgrsstx.dll
    2009-09-16 09:52 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
    2009-09-16 09:52 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
    2009-09-16 09:52 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
    2009-09-16 09:52 <DIR> --d----- c:\windows\system32\drivers\Avg
    2009-09-16 09:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
    2009-09-16 09:51 50,968 a------- c:\windows\system32\avgfwdx.dll
    2009-09-16 09:51 29,208 a------- c:\windows\system32\drivers\avgfwdx.sys
    2009-09-16 09:51 <DIR> --d----- c:\program files\AVG
    2009-09-16 09:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
    2009-09-16 09:43 <DIR> --d----- c:\docume~1\lucy\applic~1\AVG8
    2009-09-15 22:26 <DIR> --d----- c:\docume~1\lucy\applic~1\Malwarebytes
    2009-09-15 22:26 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-09-15 22:26 19,160 a------- c:\windows\system32\drivers\mbam.sys
    2009-09-15 22:26 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
    2009-09-15 22:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2009-09-15 22:22 28,544 a------- c:\windows\system32\drivers\pavboot.sys
    2009-09-15 22:21 <DIR> --d----- c:\program files\Panda Security
    2009-09-15 20:20 5,632 a------- c:\windows\system32\ptpusb.dll
    2009-09-15 20:20 159,232 a------- c:\windows\system32\ptpusd.dll
    2009-09-09 18:40 153,088 -c------ c:\windows\system32\dllcache\triedit.dll
    2009-09-05 18:01 <DIR> --d----- c:\program files\Nero
    2009-09-05 18:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
    2009-09-05 10:36 <DIR> --d----- c:\documents and settings\lucy\.housecall6.6
    2009-09-04 21:32 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
    2009-09-02 14:14 <DIR> --d----- c:\windows\.jagex_cache_32
    2009-08-21 17:22 268,648 a------- c:\windows\system32\mucltui.dll
    2009-08-21 17:22 27,496 a------- c:\windows\system32\mucltui.dll.mui
    2009-08-21 16:28 <DIR> --d-h--- c:\windows\msdownld.tmp
    2009-08-21 16:28 <DIR> --d----- c:\windows\Logs
    2009-08-21 16:00 <DIR> --d----- C:\e43b77aee61fa79256678810cc
    2009-08-21 16:00 <DIR> --d----- c:\windows\SxsCaPendDel
    2009-08-21 15:50 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
    2009-08-21 15:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Uninstall
    2009-08-21 15:19 <DIR> --d----- c:\windows\RegisteredPackages
    2009-08-21 15:18 <DIR> --d----- c:\program files\common files\SureThing Shared
    2009-08-21 15:18 <DIR> --d----- c:\program files\common files\Sonic Shared
    2009-08-21 15:17 <DIR> --d----- c:\program files\Roxio
    2009-08-21 15:17 1,123,696 a------- c:\windows\system32\D3DCompiler_33.dll
    2009-08-21 15:17 443,752 a------- c:\windows\system32\d3dx10_33.dll
    2009-08-21 15:17 3,495,784 a------- c:\windows\system32\d3dx9_33.dll
    2009-08-21 15:09 221,184 a------- c:\windows\system32\wmpns.dll
    2009-08-21 14:56 <DIR> --d----- c:\windows\system32\scripting
    2009-08-21 14:56 <DIR> --d----- c:\windows\l2schemas
    2009-08-21 14:56 <DIR> --d----- c:\windows\system32\en
    2009-08-21 14:56 <DIR> --d----- c:\windows\system32\bits
    2009-08-21 14:52 <DIR> --d----- c:\windows\network diagnostic
    2009-08-21 14:39 327,040 -------- c:\windows\system32\drivers\ati2mtaa.sys
    2009-08-21 14:15 56 a---h--- c:\windows\system32\ezsidmv.dat
    2009-08-21 14:14 <DIR> --d--r-- c:\program files\Skype
    2009-08-21 14:00 25,856 a------- c:\windows\system32\drivers\usbprint.sys
    2009-08-21 14:00 15,104 a------- c:\windows\system32\drivers\usbscan.sys
    2009-08-21 13:59 198,656 a------- c:\windows\system32\CNMLM81.DLL
    2009-08-21 13:59 106,496 a------- c:\windows\system32\cnco460.dll
    2009-08-21 13:59 1,302,528 a------- c:\windows\system32\CNCC460.DLL
    2009-08-21 13:59 135,168 a------- c:\windows\system32\CNCL460.DLL
    2009-08-21 13:59 69,632 a------- c:\windows\system32\CNCI460.DLL
    2009-08-21 13:37 5,504 a------- c:\windows\system32\drivers\mstee.sys
    2009-08-21 13:37 10,880 a------- c:\windows\system32\drivers\ndisip.sys
    2009-08-21 13:36 15,232 a------- c:\windows\system32\drivers\streamip.sys
    2009-08-21 13:36 16,384 a------- c:\windows\system32\ipsink.ax
    2009-08-21 13:36 11,136 a------- c:\windows\system32\drivers\slip.sys
    2009-08-21 13:36 19,200 a------- c:\windows\system32\drivers\wstcodec.sys
    2009-08-21 13:36 85,248 a------- c:\windows\system32\drivers\nabtsfec.sys
    2009-08-21 13:36 17,024 a------- c:\windows\system32\drivers\ccdecode.sys
    2009-08-21 13:36 60,032 a------- c:\windows\system32\drivers\usbaudio.sys
    2009-08-21 13:35 91,136 a------- c:\windows\system32\kswdmcap.ax
    2009-08-21 13:35 28,672 a------- c:\windows\system32\vidcap.ax
    2009-08-21 13:35 61,952 a------- c:\windows\system32\kstvtune.ax
    2009-08-21 13:35 53,760 a------- c:\windows\system32\vfwwdm32.dll
    2009-08-21 13:35 43,008 a------- c:\windows\system32\ksxbar.ax
    2009-08-21 13:30 1,075,360 a------- c:\windows\system32\drivers\Camdrl.sys
    2009-08-21 13:30 527,136 a------- c:\windows\system32\LVUI2RC.dll
    2009-08-21 13:30 348,160 a------- c:\windows\system\msvcr71.dll
    2009-08-21 13:30 264,992 a------- c:\windows\system32\lvcodec2.dll
    2009-08-21 13:30 215,840 a------- c:\windows\system32\LVUI2.dll
    2009-08-21 13:30 154,400 a------- c:\windows\system\CamExL20.dll
    2009-08-21 13:30 129,824 a------- c:\windows\system32\lvci1051.dll
    2009-08-21 13:30 117,536 a------- c:\windows\system\CamExL20.ax
    2009-08-21 13:30 50,127 a------- c:\windows\system32\lvcoinst.ini
    2009-08-21 13:30 41,504 a------- c:\windows\system32\drivers\LVUSBSta.sys
    2009-08-21 13:30 13,398 a------- c:\windows\system32\Repository.reg
    2009-08-21 12:11 <DIR> --d----- c:\program files\common files\Symantec Shared
    2009-08-21 12:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
    2009-08-21 12:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
    2009-08-21 12:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
    2009-08-21 11:33 <DIR> --d----- c:\documents and settings\lucy\Tracing
    2009-08-21 11:31 <DIR> --d----- c:\program files\Microsoft
    2009-08-21 11:31 <DIR> --d----- c:\program files\Windows Live SkyDrive
    2009-08-21 11:26 <DIR> --d----- c:\program files\common files\Windows Live
    2009-08-21 11:22 <DIR> --d----- c:\program files\CCleaner
    2009-08-21 11:17 <DIR> --d----- c:\windows\system32\Adobe
    2009-08-21 11:11 411,368 a------- c:\windows\system32\deploytk.dll
    2009-08-21 11:11 73,728 a------- c:\windows\system32\javacpl.cpl
    2009-08-21 10:57 32,656 a------- c:\windows\system32\msonpmon.dll
    2009-08-21 10:54 <DIR> --d----- c:\windows\SHELLNEW
    2009-08-21 00:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard
    2009-08-21 00:06 <DIR> --d----- c:\program files\STOPzilla!
    2009-08-21 00:06 <DIR> --d----- c:\program files\common files\iS3
    2009-08-21 00:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
    2009-08-20 23:55 <DIR> --d----- c:\program files\IncrediMail
    2009-08-20 23:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IncrediMail
    2009-08-20 23:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IM
    2009-08-20 23:52 <DIR> --dsh--- c:\documents and settings\lucy\IECompatCache
    2009-08-20 23:51 <DIR> --dsh--- c:\documents and settings\lucy\PrivacIE
    2009-08-20 23:49 <DIR> --dsh--- c:\documents and settings\lucy\IETldCache
    2009-08-20 23:46 11,067,392 -c------ c:\windows\system32\dllcache\ieframe.dll
    2009-08-20 23:46 1,985,536 -c------ c:\windows\system32\dllcache\iertutil.dll
    2009-08-20 23:46 594,432 -c------ c:\windows\system32\dllcache\msfeeds.dll
    2009-08-20 23:46 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
    2009-08-20 23:46 55,296 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
    2009-08-20 23:46 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
    2009-08-20 23:46 <DIR> --d----- c:\windows\ie8updates
    2009-08-20 23:46 101,376 -c------ c:\windows\system32\dllcache\iecompat.dll
    2009-08-20 23:44 <DIR> -cd-h--- c:\windows\ie8
    2009-08-20 23:40 <DIR> --d----- c:\windows\system32\XPSViewer
    2009-08-20 23:39 14,048 -------- c:\windows\system32\spmsg2.dll
    2009-08-20 23:37 <DIR> --d----- c:\program files\MSXML 6.0
    2009-08-20 23:26 <DIR> --d----- C:\6ce17e7bdcfb15c55074c716d5
    2009-08-20 23:24 <DIR> --d----- c:\windows\ServicePackFiles
    2009-08-20 23:24 <DIR> --d----- c:\windows\pss
    2009-08-20 23:23 <DIR> --d----- c:\program files\MSXML 4.0
    2009-08-20 23:21 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
    2009-08-20 23:21 272,128 -------- c:\windows\system32\drivers\bthport.sys
    2009-08-20 23:20 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
    2009-08-20 23:20 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
    2009-08-20 23:20 110,592 -c------ c:\windows\system32\dllcache\services.exe
    2009-08-20 23:20 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
    2009-08-20 23:20 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
    2009-08-20 23:20 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
    2009-08-20 23:20 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
    2009-08-20 23:20 730,112 -c------ c:\windows\system32\dllcache\lsasrv.dll
    2009-08-20 23:20 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
    2009-08-20 23:20 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
    2009-08-20 23:20 2,189,056 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
    2009-08-20 23:20 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
    2009-08-20 23:16 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
    2009-08-20 23:13 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
    2009-08-20 23:08 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
    2009-08-20 23:08 333,952 -c------ c:\windows\system32\dllcache\srv.sys
    2009-08-20 23:08 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
    2009-08-20 23:08 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
    2009-08-20 23:04 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
    2009-08-20 23:04 2,560 -------- c:\windows\system32\xpsp4res.dll
    2009-08-20 23:03 <DIR> --dsh--- c:\documents and settings\lucy\UserData
    2009-08-20 23:01 15,000,864 a--sh--- c:\windows\system32\drivers\fidbox.dat
    2009-08-20 23:01 1,184,800 a--sh--- c:\windows\system32\drivers\fidbox2.dat
    2009-08-20 23:01 190,052 a--sh--- c:\windows\system32\drivers\fidbox.idx
    2009-08-20 23:01 103,076 a--sh--- c:\windows\system32\drivers\fidbox2.idx
    2009-08-20 22:58 112,144 a------- c:\windows\system32\drivers\kl1.sys
    2009-08-20 22:58 53,192 a------- c:\windows\system32\drivers\rp_skt32.sys
    2009-08-20 22:58 48,384 a------- c:\windows\system32\drivers\rp_pkt32.sys
    2009-08-20 22:57 <DIR> --d----- c:\program files\Raxco
    2009-08-20 22:57 <DIR> --d----- c:\docume~1\lucy\applic~1\TELUS
    2009-08-20 22:57 <DIR> --d----- c:\program files\TELUS
    2009-08-20 22:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TELUS
    2009-08-20 22:54 26,144 a------- c:\windows\system32\spupdsvc.exe
    2009-08-20 22:54 <DIR> --d----- c:\windows\system32\PreInstall
    2009-08-20 22:46 <DIR> --d----- c:\windows\system32\SoftwareDistribution
    2009-08-20 22:46 44,544 a----r-- c:\windows\system32\drivers\bcm4sbxp.sys
    2009-08-20 22:46 <DIR> --d----- c:\program files\Broadcom
    2009-08-20 22:42 167,936 a----r-- c:\windows\system32\NVUNINST.EXE
    2009-08-20 22:40 1,171,464 a------- c:\windows\system32\drivers\sthda.sys
    2009-08-20 22:40 225,280 a------- c:\windows\system32\stacapi.dll
    2009-08-20 22:40 <DIR> --d----- c:\program files\SigmaTel
    2009-08-20 22:38 36,864 a------- c:\windows\system32\drivers\AmdK8.sys
    2009-08-20 22:38 <DIR> --d----- c:\program files\AMD
    2009-08-20 22:35 <DIR> --d----- c:\windows\system32\ReinstallBackups
    2009-08-20 22:32 520,192 -------- c:\windows\system32\ati2sgag.exe
    2009-08-20 22:31 <DIR> --d----- c:\program files\ATI Technologies
    2009-08-20 22:30 <DIR> --d----- c:\windows\system32\vmm32
    2009-08-20 22:30 <DIR> --d----- c:\program files\Dell
    2009-08-20 22:29 <DIR> --d----- c:\documents and settings\Lucy
    2009-08-20 22:28 <DIR> --ds---- c:\windows\system32\Microsoft
    2009-08-20 22:26 8,192 a------- c:\windows\REGLOCS.OLD
    2009-08-20 22:24 571,392 ac------ c:\windows\system32\dllcache\tintlgnt.ime
    2009-08-20 22:23 78,336 ac------ c:\windows\system32\dllcache\chajei.ime
    2009-08-20 22:22 23,392 a------- c:\windows\system32\nscompat.tlb
    2009-08-20 22:22 <DIR> --dsh--- c:\documents and settings\all users\DRM
    2009-08-20 22:21 <DIR> --d-h--- c:\program files\WindowsUpdate
    2009-08-20 22:21 <DIR> --d----- c:\program files\common files\MSSoap
    2009-08-20 22:20 <DIR> --d----- c:\program files\Online Services
    2009-08-20 22:20 <DIR> --d----- c:\program files\Messenger
    2009-08-20 22:20 <DIR> --d----- c:\program files\MSN Gaming Zone
    2009-08-20 22:19 <DIR> --d----- c:\program files\Windows NT
    2009-08-20 15:15 <DIR> --d----- c:\program files\common files\ODBC
    2009-08-20 15:15 <DIR> --d----- c:\program files\common files\SpeechEngines
    2009-08-20 15:15 <DIR> --d--r-- c:\documents and settings\all users\Documents

    ==================== Find3M ====================

    2009-08-21 15:00 87,263 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
    2009-08-20 22:20 21,640 a------- c:\windows\system32\emptyregdb.dat
    2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll
    2009-07-31 05:47 499,712 a------- c:\windows\system32\msvcp71.dll
    2009-07-31 05:47 348,160 a------- c:\windows\system32\msvcr71.dll
    2009-07-28 21:37 119,808 a------- c:\windows\system32\t2embed.dll
    2009-07-28 21:37 81,920 a------- c:\windows\system32\fontsub.dll
    2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll
    2009-07-22 17:23 74,760 a------- c:\windows\system32\drivers\UniversalDD.sys
    2009-07-22 17:23 25,608 a------- c:\windows\system32\drivers\AVGIDSErHr.sys
    2009-07-20 14:57 17,408 a----r-- c:\windows\system32\SZIO5.dll
    2009-07-20 14:56 311,296 a----r-- c:\windows\system32\SZBase5.dll
    2009-07-20 14:56 540,672 a----r-- c:\windows\system32\SZComp5.dll
    2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll
    2009-07-12 12:21 233,472 a------- c:\windows\system32\wmpdxm.dll
    2009-07-09 15:52 126,976 a----r-- c:\windows\system32\IS3HTUI5.dll
    2009-07-09 15:52 393,216 a----r-- c:\windows\system32\IS3DBA5.dll
    2009-07-09 15:51 385,024 a----r-- c:\windows\system32\IS3UI5.dll
    2009-07-09 15:51 61,440 a----r-- c:\windows\system32\IS3Hks5.dll
    2009-07-09 15:51 23,040 a----r-- c:\windows\system32\IS3XDat5.dll
    2009-07-09 15:50 225,280 a----r-- c:\windows\system32\IS3Win325.dll
    2009-07-09 15:50 94,208 a----r-- c:\windows\system32\IS3Inet5.dll
    2009-07-09 15:50 90,112 a----r-- c:\windows\system32\IS3Svc5.dll
    2009-07-09 15:47 724,992 a----r-- c:\windows\system32\IS3Base5.dll
    2009-07-03 10:09 915,456 a------- c:\windows\system32\wininet.dll
    2009-06-25 11:36 661,504 a------- c:\windows\system32\mqqm.dll
    2009-06-25 11:36 517,120 a------- c:\windows\system32\mqsnap.dll
    2009-06-25 11:36 471,552 a------- c:\windows\system32\mqutil.dll
    2009-06-25 11:36 225,280 a------- c:\windows\system32\mqoa.dll
    2009-06-25 11:36 186,880 a------- c:\windows\system32\mqtrig.dll
    2009-06-25 11:36 177,152 a------- c:\windows\system32\mqrt.dll
    2009-06-25 11:36 138,240 a------- c:\windows\system32\mqad.dll
    2009-06-25 11:36 123,392 a------- c:\windows\system32\mqrtdep.dll
    2009-06-25 11:36 95,744 a------- c:\windows\system32\mqsec.dll
    2009-06-25 11:36 48,640 a------- c:\windows\system32\mqupgrd.dll
    2009-06-25 11:36 47,104 a------- c:\windows\system32\mqdscli.dll
    2009-06-25 11:36 16,896 a------- c:\windows\system32\mqise.dll
    2009-06-25 01:25 730,112 a------- c:\windows\system32\lsasrv.dll
    2009-06-25 01:25 301,568 a------- c:\windows\system32\kerberos.dll
    2009-06-25 01:25 147,456 a------- c:\windows\system32\schannel.dll
    2009-06-25 01:25 136,192 a------- c:\windows\system32\msv1_0.dll
    2009-06-25 01:25 56,832 a------- c:\windows\system32\secur32.dll
    2009-06-25 01:25 54,272 a------- c:\windows\system32\wdigest.dll
    2009-06-22 04:49 117,248 a------- c:\windows\system32\mqtgsvc.exe
    2009-06-22 04:49 19,968 a------- c:\windows\system32\mqbkup.exe
    2009-06-22 04:49 4,608 a------- c:\windows\system32\mqsvc.exe

    ============= FINISH: 11:24:02.62 ===============
     
    joesteph,
    #3
  5. 2009/09/16
    joesteph

    joesteph Inactive Thread Starter

    Joined:
    2004/09/11
    Messages:
    43
    Likes Received:
    0
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-07-30.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 8/20/2009 10:25:11 PM
    System Uptime: 9/16/2009 9:58:09 AM (2 hours ago)

    Motherboard: Dell Inc | | 0UT226
    Processor: AMD Sempron(tm) Processor 3400+ | Socket M2 | 1803/800mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 145 GiB total, 126.498 GiB free.
    D: is Removable
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1: 8/20/2009 10:30:17 PM - System Checkpoint
    RP2: 8/20/2009 10:30:43 PM - Installed Dell Resource CD
    RP3: 8/20/2009 10:32:17 PM - Installed ATI Catalyst Control Center
    RP4: 8/20/2009 10:38:45 PM - Installed Athlon 64 Processor Driver
    RP5: 8/20/2009 10:40:49 PM - Installed Windows XP KB835221WXP.
    RP6: 8/20/2009 10:41:27 PM - Installed SigmaTel Audio
    RP7: 8/20/2009 10:46:11 PM - Installed Broadcom 440x 10/100 Integrated Controller
    RP8: 8/20/2009 10:54:32 PM - Software Distribution Service 3.0
    RP9: 8/20/2009 11:07:08 PM - Software Distribution Service 3.0
    RP10: 8/20/2009 11:22:49 PM - Software Distribution Service 3.0
    RP11: 8/20/2009 11:37:50 PM - Installed Windows XP WIC.
    RP12: 8/20/2009 11:39:33 PM - Installed %1 %2.
    RP13: 8/20/2009 11:39:36 PM - Printer Driver Microsoft XPS Document Writer Installed
    RP14: 8/20/2009 11:42:35 PM - Software Distribution Service 3.0
    RP15: 8/20/2009 11:51:26 PM - Installed Windows XP WgaNotify.
    RP16: 8/21/2009 12:06:21 AM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
    RP17: 8/21/2009 10:53:39 AM - Installed Microsoft Office Home and Student 2007
    RP18: 8/21/2009 10:57:24 AM - Printer Driver Send To Microsoft OneNote Driver Installed
    RP19: 8/21/2009 11:11:23 AM - Installed Java(TM) 6 Update 15
    RP20: 8/21/2009 11:15:49 AM - Installed Adobe Reader 9.1.
    RP21: 8/21/2009 2:05:24 PM - Installed WinZip 12.1
    RP22: 8/21/2009 2:43:07 PM - Software Distribution Service 3.0
    RP23: 8/21/2009 3:17:37 PM - Installed DirectX
    RP24: 8/21/2009 3:50:37 PM - Software Distribution Service 3.0
    RP25: 8/21/2009 4:07:04 PM - Printer Driver Microsoft XPS Document Writer Installed
    RP26: 8/21/2009 4:14:55 PM - Software Distribution Service 3.0
    RP27: 8/21/2009 4:31:14 PM - Installed DirectX
    RP28: 8/21/2009 4:56:02 PM - Printer Driver Send To Microsoft OneNote Driver Installed
    RP29: 8/21/2009 5:19:12 PM - Printer Driver Send To Microsoft OneNote Driver Installed
    RP30: 8/22/2009 3:00:14 AM - Software Distribution Service 3.0
    RP31: 8/23/2009 3:00:13 AM - Software Distribution Service 3.0
    RP32: 8/23/2009 12:24:00 PM - Software Distribution Service 3.0
    RP33: 8/23/2009 8:11:50 PM - Software Distribution Service 3.0
    RP34: 8/24/2009 3:00:14 AM - Software Distribution Service 3.0
    RP35: 8/25/2009 3:00:14 AM - Software Distribution Service 3.0
    RP36: 8/25/2009 10:50:59 PM - Software Distribution Service 3.0
    RP37: 8/26/2009 3:00:15 AM - Software Distribution Service 3.0
    RP38: 8/27/2009 3:30:51 AM - System Checkpoint
    RP39: 8/28/2009 3:00:15 AM - Software Distribution Service 3.0
    RP40: 8/29/2009 3:00:15 AM - Software Distribution Service 3.0
    RP41: 8/29/2009 11:08:06 PM - Software Distribution Service 3.0
    RP42: 8/29/2009 11:52:53 PM - Installed Roxio Update Manager
    RP43: 8/30/2009 3:00:15 AM - Software Distribution Service 3.0
    RP44: 8/31/2009 3:00:15 AM - Software Distribution Service 3.0
    RP45: 9/1/2009 3:00:16 AM - Software Distribution Service 3.0
    RP46: 9/2/2009 3:00:15 AM - Software Distribution Service 3.0
    RP47: 9/2/2009 8:59:43 PM - Software Distribution Service 3.0
    RP48: 9/3/2009 3:00:14 AM - Software Distribution Service 3.0
    RP49: 9/4/2009 3:00:15 AM - Software Distribution Service 3.0
    RP50: 9/5/2009 3:00:15 AM - Software Distribution Service 3.0
    RP51: 9/5/2009 9:34:28 AM - Software Distribution Service 3.0
    RP52: 9/5/2009 10:32:38 AM - Installed Java(TM) 6 Update 16
    RP53: 9/5/2009 6:00:46 PM - Installed Nero 9 Essentials 4.4.9.0
    RP54: 9/6/2009 3:00:14 AM - Software Distribution Service 3.0
    RP55: 9/7/2009 3:00:14 AM - Software Distribution Service 3.0
    RP56: 9/8/2009 3:00:16 AM - Software Distribution Service 3.0
    RP57: 9/9/2009 3:00:15 AM - Software Distribution Service 3.0
    RP58: 9/9/2009 6:41:11 PM - Software Distribution Service 3.0
    RP59: 9/10/2009 3:00:14 AM - Software Distribution Service 3.0
    RP60: 9/11/2009 3:59:46 AM - System Checkpoint
    RP61: 9/12/2009 5:11:26 AM - System Checkpoint
    RP62: 9/12/2009 10:08:08 AM - Software Distribution Service 3.0
    RP63: 9/13/2009 3:00:15 AM - Software Distribution Service 3.0
    RP64: 9/13/2009 9:26:04 AM - Software Distribution Service 3.0
    RP65: 9/14/2009 3:00:14 AM - Software Distribution Service 3.0
    RP66: 9/15/2009 3:38:18 AM - System Checkpoint
    RP67: 9/15/2009 10:56:20 AM - Installed Trend Micro Internet Security
    RP68: 9/15/2009 11:48:48 AM - Removed Trend Micro Internet Security
    RP69: 9/16/2009 9:51:24 AM - Installed AVG 8.5
    RP70: 9/16/2009 10:12:58 AM - Avg8 Update
    RP71: 9/16/2009 10:13:24 AM - Avg8 Update

    ==== Installed Programs ======================

    2007 Microsoft Office Suite Service Pack 2 (SP2)
    Acrobat.com
    Adobe AIR
    Adobe Download Manager
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.1.3
    Adobe Shockwave Player 11.5
    Advertising Center
    Athlon 64 Processor Driver
    ATI - Software Uninstall Utility
    ATI Catalyst Control Center
    ATI Display Driver
    AVG 8.5
    AVG Identity Protection
    Broadcom 440x 10/100 Integrated Controller
    Canon MP460
    CCleaner (remove only)
    Dell Resource CD
    DirectXInstallService
    Google Chrome
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    High Definition Audio Driver Package - KB835221
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    IncrediMail
    IncrediMail 2.0
    Java(TM) 6 Update 16
    Logitech Audio Echo Cancellation Component
    Logitech QuickCam
    Logitech Video Enumerator
    Logitech® Camera Driver
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office Live Add-in 1.3
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Mozilla Firefox (3.5.3)
    MSN
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 6.0 Parser (KB933579)
    MVision
    Nero 9 Essentials
    Nero ControlCenter
    Nero Installer
    Nero Online Upgrade
    Nero StartSmart
    Nero StartSmart OEM
    neroxml
    NVIDIA Drivers
    Panda ActiveScan 2.0
    PerfectDisk
    Roxio Activation Module
    Roxio CinePlayer Decoder Pack
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator Premier
    Roxio Creator Premier 10
    Roxio Creator Tools
    Roxio Express Labeler
    Roxio Update Manager
    RPS Ad Blocker
    RPS AntiFraud
    RPS AntiSpyware
    RPS AntiVirus
    RPS App Detector
    RPS Backup
    RPS Burn
    RPS CRT
    RPS Diagnostic Utility
    RPS Firewall
    RPS Ksdk
    RPS ParentalControl
    RPS Performance Tool
    RPS PopupBlocker
    RPS Privacy Manager
    RPS RpsCore
    RPS Security Cleanup
    RPS Zip
    Security Update for CAPICOM (KB931906)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Segoe UI
    SigmaTel Audio
    Skype web features
    Skype™ 4.1
    STOPzilla
    TELUS security advisor 2.0.21
    TELUS security services
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Windows Internet Explorer 8 (KB972636)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB973815)
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Format Runtime
    Windows XP Service Pack 3
    WinZip 12.1
    XML Paper Specification Shared Components Pack 1.0

    ==== Event Viewer Messages From Past Week ========

    9/9/2009 6:45:07 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: The 2007 Microsoft Office Suite Service Pack 2 (SP2).
    9/16/2009 9:59:38 AM, error: Service Control Manager [7000] - The Logitech LVPr2Mon Driver service failed to start due to the following error: The parameter is incorrect.
    9/15/2009 11:08:14 AM, error: Service Control Manager [7001] - The tmxpflt service depends on the tmpreflt service which failed to start because of the following error: The parameter is incorrect.
    9/15/2009 11:08:14 AM, error: Service Control Manager [7000] - The tmpreflt service failed to start due to the following error: The parameter is incorrect.
    9/12/2009 10:11:16 AM, error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the path specified.
    9/12/2009 10:09:26 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

    ==== End Of File ===========================
     
    joesteph,
    #4
  6. 2009/09/16
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Thanks :)

    One of our trained malware analysts will take a look at your logs ASAP, but it may be a day or so before you get a response as they are always very busy. All logs are dealt with in the order received.

    Thank you for your patience.
     
    PeteC,
    #5
  7. 2009/09/16
    joesteph

    joesteph Inactive Thread Starter

    Joined:
    2004/09/11
    Messages:
    43
    Likes Received:
    0
    Thank-you for all your help so far!
    Lucy
     
    joesteph,
    #6
  8. 2009/09/16
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    I notice that you have 2 AV's and 2 Firewalls enabled - that is not good practice - there will be conflicts and you will undoubtedly get instructions to remove one of each ...
     
    PeteC,
    #7
  9. 2009/09/16
    joesteph

    joesteph Inactive Thread Starter

    Joined:
    2004/09/11
    Messages:
    43
    Likes Received:
    0
    Yes, I've ran them all to see what they all came up with. I will be uninstalling one of each once I am done. Thank-you Pete! :eek:)
     
    joesteph,
    #8
  10. 2009/09/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    No, you have to uninstall one pair now, before we proceed.
    If you're planning on uninstalling AVG, make sure, you use AVG Remover: http://www.avg.com/download-tools

    When done.....

    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    ***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

    STEP 1. Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    * Close SUPERAntiSpyware.

    PHYSICALLY DISCONNECT FROM THE INTERNET

    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Click Scan your Computer... button.
    * Click Scanning Preferences/Control Center... button.
    * Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
    - Close browsers before scanning.
    - Terminate memory threats before quarantining.
    * Click the Close button to leave the control center screen.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, choose Perform Complete Scan.
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
    * Make sure everything has a checkmark next to it and click Next.
    * A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
    * If asked if you want to reboot, click Yes.
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
    - Click Preferences, then click the Statistics/Logs tab.
    - Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    - If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    - Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.
    Post SUPERAntiSpyware log.

    RECONNECT TO THE INTERNET

    RESTART COMPUTER!

    STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    RESTART COMPUTER

    STEP 4. Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Download HijackThis Installer
    Install, and run it.
    Post HijackThis log.
    NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #9
  11. 2009/09/17
    joesteph

    joesteph Inactive Thread Starter

    Joined:
    2004/09/11
    Messages:
    43
    Likes Received:
    0
    Hi Broni,

    Thank-you so very much for all your help and response. I have actually found my recovery disc and reformated my computer before I had a chance to see this message. I use my computer for business and banking and needed it cleaned asap.

    I have these instructions printed off so that if this re occurs, I will know what to do next time.

    Thank-you ever so kindly for all your help, (Pete and Broni)
     
    joesteph,
    #10
  12. 2009/09/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Not a problem :)
     
    broni,
    #11

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...