Another computer. Please confirm viruses/malware gone

View previous topic View next topic Go down

Another computer. Please confirm viruses/malware gone

Post by Hardykat on Wed Jan 06, 2010 5:19 pm

You guys are either going to love me or hate me this year Laughing

Basically I need some advanced tech eyes to make sure that I got rid of the viruses/malware/etc that was plaguing a system I'm working on.

The computer I'm working on belongs to my supervisor's daughter. It's a Gateway laptop, Windows XP Home SP3. It was brought me yesterday. Startup took forever and it has a ton of programs that opened on start up. Originally it was SP2. Upgraded that today. So far I found 2 antivirus programs running (McAfee & AVG), as well as tons of garbage programs that I'll have to delete. Turned off McAfee, ran HIJack This (was told that another tech worked on this. Saw Spybot and CCLeaner too). The sup forgot to bring the powercord so I worked on the comp for 45 minutes before the battery went dead. I was able to install and run Malwarebytes. It cleaned off 1407 infected objects!


Ran HiJack This again today after the Service pack upgrade:


Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 11:46:45 AM, on 1/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\WebUpdateSvc4.exe
C:\Program Files\Xobni\XobniService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\Program Files\Corel\Corel Digital Studio 2010\Gadget.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Corel\Standby\Standby.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.65.122 browser-security.microsoft.com
O1 - Hosts: 91.212.65.122 antiwareprotect.com
O1 - Hosts: 91.212.65.122 [You must be registered and logged in to see this link.]
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [UVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_15_Download_version\TrayServer.exe
O4 - HKLM\..\Run: [CorelGadget] Rundll32.exe "c:\Program Files\Common Files\Ulead Systems\Gadget\GadgetEB.dll",LaunchGadget
O4 - HKLM\..\Run: [Standby] "c:\Program Files\Common Files\Corel\Standby\Standby.exe" -START
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CAHeadless] C:\Program Files\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB6.3; FunWebProducts; .NET CLR 2.0.50727; 3P_UVRM 1.00.1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; Zune 4.0; .NET4.0C; .NET4.0E; InfoPath.1; Zango 10.3.85.0)" -"http://www.agame.com/game/Street-Sesh.html"
O4 - Global Startup: McAfee Security Scan.lnk = ?
O8 - Extra context menu item: Google Sidewiki... - [You must be registered and logged in to see this link.] Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\User\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files\Cozi Express\CoziProtocolHandler.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Web Update Wizard Service V4 (WebUpdate4) - Data Perceptions / PowerProgrammer - C:\WINDOWS\system32\WebUpdateSvc4.exe
O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe

--
End of file - 9631 bytes

Thanks in advance.

Hardykat
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-12-21
Gender Gender : Female
OS OS : Windows 7 Home Premium
Protection Protection : Norton 360,
Points Points : 25741
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Another computer. Please confirm viruses/malware gone

Post by Belahzur on Wed Jan 06, 2010 6:08 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
    R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 91.212.65.122 browser-security.microsoft.com
    O1 - Hosts: 91.212.65.122 antiwareprotect.com
    O1 - Hosts: 91.212.65.122 [You must be registered and logged in to see this link.]
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)



  • Press "Fix Checked"
  • Close Hijack This.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Another computer. Please confirm viruses/malware gone

Post by Hardykat on Wed Jan 06, 2010 6:52 pm

Malwarebytes' Anti-Malware 1.43
Database version: 3502
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

1/6/2010 1:46:06 PM
mbam-log-2010-01-06 (13-46-06).txt

Scan type: Quick Scan
Objects scanned: 129265
Time elapsed: 22 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


While Malwarebytes was running, AVG was popping up virus warnings:

"Infection";"Trojan horse Injector.DR";"C:\Documents and Settings\User\Local Settings\Temp\futu.exe";"";"1/5/2010, 10:48:54 AM"
"Infection";"Trojan horse Generic16.SID";"C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\05Y38TY7\op[1].exe";"";"1/5/2010, 10:51:37 AM"
"Infection";"Virus identified Worm/Generic_r.FS";"C:\Documents and Settings\User\Local Settings\Temp\podmena.exe";"";"1/5/2010, 11:09:00 AM"
"Infection";"Virus found Win32/Heur";"C:\Documents and Settings\User\Local Settings\Temp\88.exe";"";"1/6/2010, 1:29:46 PM"
"Infection";"Virus found Script/Exploit";"C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\37ERMWIG\pdffile[1].pdf";"";"1/6/2010, 1:35:46 PM"

Hardykat
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-12-21
Gender Gender : Female
OS OS : Windows 7 Home Premium
Protection Protection : Norton 360,
Points Points : 25741
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Another computer. Please confirm viruses/malware gone

Post by Belahzur on Wed Jan 06, 2010 7:53 pm

Hello.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Another computer. Please confirm viruses/malware gone

Post by Hardykat on Wed Jan 06, 2010 8:01 pm

DDS (Ver_09-12-01.01) - NTFSx86
Run by User at 14:57:43.50 on Wed 01/06/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1179 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\WebUpdateSvc4.exe
C:\Program Files\Xobni\XobniService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\Program Files\Corel\Corel Digital Studio 2010\Gadget.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride =
uSearchAssistant = [You must be registered and logged in to see this link.]
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {B4ED5942-117B-475E-A42E-51E595C888D4} - No File
TB: {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [CAHeadless] c:\program files\adobe\elements organizer 8.0\caheadless\ElementsAutoAnalyzer.exe
uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB6.3; FunWebProducts; .NET CLR 2.0.50727; 3P_UVRM 1.00.1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; Zune 4.0; .NET4.0C; .NET4.0E; InfoPath.1; Zango 10.3.85.0)" -"http://www.agame.com/game/Street-Sesh.html"
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [UVS12 Preload] c:\program files\corel\corel videostudio 12\uvPL.exe
mRun: [TrayServer] c:\program files\magix\movie_edit_pro_15_download_version\TrayServer.exe
mRun: [CorelGadget] Rundll32.exe "c:\program files\common files\ulead systems\gadget\GadgetEB.dll",LaunchGadget
mRun: [Standby] "c:\program files\common files\corel\standby\Standby.exe" -START
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
IE: &Search
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\user\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - [You must be registered and logged in to see this link.]
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [You must be registered and logged in to see this link.]
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - [You must be registered and logged in to see this link.]
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\program files\cozi express\CoziProtocolHandler.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\tye7vj3i.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npclntax_ZangoSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ZangoSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npkanevapatch.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-23 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-23 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-6 360584]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-1-6 285392]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\norton pc checkup\engine\2.0.2.506\SymcPCCULaunchSvc.exe [2009-12-12 103280]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\norton pc checkup\engine\2.0.2.506\ccSvcHst.exe [2009-12-12 126392]
R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [2007-10-15 237784]
R2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2009-10-12 46824]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2007-7-18 264576]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-4-6 23064]
S2 clr_optimization_v4.0.21006_32;Microsoft .NET Framework NGEN v4.0.21006_X86;c:\windows\microsoft.net\framework\v4.0.21006\mscorsvw.exe [2009-10-7 129856]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2009-11-24 1527900]
S3 USB-100;Realtek RTL8150 USB 10/100 Fast Ethernet Adapter;c:\windows\system32\drivers\RTL8150.SYS [2007-12-22 27519]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.21006\wpf\WPFFontCache_v0400.exe [2009-10-7 752984]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

=============== Created Last 30 ================

2010-01-06 17:59:37 0 d--h--w- C:\$AVG
2010-01-06 17:59:11 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-06 17:59:10 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2010-01-06 17:58:55 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-01-06 16:03:57 0 d-----w- c:\windows\LastGood.Tmp
2010-01-06 16:00:10 0 d-----w- c:\windows\system32\scripting
2010-01-06 16:00:10 0 d-----w- c:\windows\l2schemas
2010-01-06 16:00:09 0 d-----w- c:\windows\system32\en
2010-01-06 16:00:09 0 d-----w- c:\windows\system32\bits
2010-01-06 15:53:54 0 d-----w- c:\windows\network diagnostic
2010-01-05 16:24:29 0 d-----w- c:\program files\TrendMicro
2010-01-05 15:43:23 0 d-----w- c:\docume~1\user\applic~1\Malwarebytes
2010-01-05 15:43:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-05 15:43:17 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 15:43:17 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-05 15:43:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-01 04:10:25 441847 ----a-w- C:\AnalysisLog.sr0
2009-12-31 15:00:06 0 d-----w- c:\program files\Windows Media Connect 2
2009-12-31 14:59:18 0 d-----w- C:\428fbf9d6ca6f8d687fea3
2009-12-30 14:57:50 0 d-----w- c:\docume~1\alluse~1\applic~1\Electronic Arts
2009-12-30 05:28:29 0 d-----w- c:\program files\EA GAMES
2009-12-30 03:29:14 445504 ----a-r- c:\windows\system32\vp6vfw.dll
2009-12-29 01:35:40 0 d-----w- c:\program files\common files\Akamai
2009-12-29 01:10:34 0 d-----w- c:\program files\NCH Swift Sound
2009-12-29 00:57:06 69304 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-28 16:49:39 0 d-----w- c:\program files\iPod
2009-12-28 16:49:35 0 d-----w- c:\program files\iTunes
2009-12-28 16:49:35 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-26 19:17:29 88 --sh--r- c:\docume~1\alluse~1\applic~1\230E533276.sys
2009-12-26 19:17:28 2828 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2009-12-26 19:17:25 0 d-----w- c:\documents and settings\user\Corel
2009-12-26 18:33:57 0 d-----w- c:\windows\system32\windows media
2009-12-26 18:33:39 0 d-----w- c:\windows\RegisteredPackages
2009-12-26 18:33:37 0 d--h--w- c:\windows\msdownld.tmp
2009-12-26 18:31:41 0 d-----w- c:\docume~1\alluse~1\applic~1\Corel
2009-12-26 18:30:04 0 d-----w- c:\program files\common files\Protexis
2009-12-26 18:26:38 0 d-----w- c:\program files\common files\Corel
2009-12-26 18:25:59 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2009-12-23 20:18:34 520192 ----a-w- c:\windows\Living 3D Fireplace 20 Premium.scr
2009-12-18 02:49:23 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-12-18 02:43:11 0 d-----w- c:\program files\common files\DeskShare Shared
2009-12-18 02:43:05 0 d-----w- c:\program files\Deskshare
2009-12-16 23:19:23 0 d-----w- c:\program files\common files\Yahoo!
2009-12-16 23:19:22 0 d-----w- c:\program files\Pinnacle
2009-12-16 23:19:22 0 d-----w- c:\docume~1\alluse~1\applic~1\Pinnacle VideoSpin
2009-12-14 22:58:14 0 d-----w- c:\docume~1\user\applic~1\Screaming Bee
2009-12-14 22:57:31 0 d-----w- c:\program files\Screaming Bee
2009-12-14 02:10:29 0 d-----w- c:\program files\Vstplugins
2009-12-14 02:04:49 0 d-----w- c:\program files\Sony
2009-12-13 01:50:05 0 d-----w- c:\program files\AskSearch
2009-12-12 18:09:52 0 d-----w- c:\docume~1\user\applic~1\Tific
2009-12-12 18:09:43 0 d-----w- c:\windows\system32\drivers\NortonPCCheckup
2009-12-12 18:09:42 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2009-12-12 18:09:39 0 d-----w- c:\program files\NortonInstaller
2009-12-12 18:09:39 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller

==================== Find3M ====================

2010-01-06 17:59:17 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-06 17:59:12 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-14 23:52:40 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2009-11-14 23:52:40 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf
2009-11-14 23:51:38 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_09_00.Wdf
2009-11-14 23:22:56 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01009.Wdf
2009-11-14 23:22:54 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2009-10-29 05:38:23 667136 ----a-w- c:\windows\system32\wininet.dll
2009-10-25 03:41:56 29249847 ----a-w- c:\windows\tay.SCR
2009-10-25 03:38:57 9716646 ----a-w- c:\windows\tayla screen saver.SCR
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2008-06-01 03:03:52 262144 ----a-w- c:\program files\Uninstall Ask Toolbar.dll
2008-05-03 14:51:03 774144 ----a-w- c:\program files\RngInterstitial.dll
2008-04-17 12:10:38 0 ----a-w- c:\program files\temp01

============= FINISH: 14:58:47.79 ===============

Hardykat
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-12-21
Gender Gender : Female
OS OS : Windows 7 Home Premium
Protection Protection : Norton 360,
Points Points : 25741
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Another computer. Please confirm viruses/malware gone

Post by Hardykat on Wed Jan 06, 2010 8:02 pm

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/25/2008 3:38:44 PM
System Uptime: 1/6/2010 11:18:07 AM (3 hours ago)

Motherboard: Gateway | |
Processor: Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz | uFCPGA2 | 1596/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 61.295 GiB free.
D: is CDROM ()
E: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP113: 10/7/2009 3:00:18 AM - Software Distribution Service 3.0
RP114: 10/7/2009 9:41:09 AM - Avg8 Update
RP115: 10/8/2009 3:00:17 AM - Software Distribution Service 3.0
RP116: 10/8/2009 7:35:43 PM - Installed Adobe Premiere Elements 8.0.
RP117: 10/8/2009 7:39:52 PM - Configured SmartSound Quicktracks for Premiere Elements 8.0
RP118: 10/11/2009 7:54:27 PM - System Checkpoint
RP119: 10/12/2009 8:14:50 PM - System Checkpoint
RP120: 10/13/2009 9:14:49 PM - System Checkpoint
RP121: 10/16/2009 7:45:59 PM - System Checkpoint
RP122: 10/18/2009 4:48:54 PM - System Checkpoint
RP123: 10/19/2009 9:43:57 PM - System Checkpoint
RP124: 10/20/2009 10:02:24 PM - System Checkpoint
RP125: 10/24/2009 11:57:39 PM - System Checkpoint
RP126: 10/26/2009 12:34:49 AM - System Checkpoint
RP127: 10/27/2009 1:34:48 AM - System Checkpoint
RP128: 10/28/2009 2:34:49 AM - System Checkpoint
RP129: 10/29/2009 3:34:49 AM - System Checkpoint
RP130: 10/30/2009 4:34:49 AM - System Checkpoint
RP131: 10/31/2009 5:41:57 AM - System Checkpoint
RP132: 11/1/2009 6:34:49 AM - System Checkpoint
RP133: 11/2/2009 7:34:49 AM - System Checkpoint
RP134: 11/3/2009 8:34:48 AM - System Checkpoint
RP135: 11/4/2009 9:34:48 AM - System Checkpoint
RP136: 11/5/2009 10:34:48 AM - System Checkpoint
RP137: 11/6/2009 11:34:48 AM - System Checkpoint
RP138: 11/7/2009 11:35:53 AM - System Checkpoint
RP139: 11/8/2009 6:24:16 PM - Software Distribution Service 3.0
RP140: 11/9/2009 5:25:55 PM - Avg8 Update
RP141: 11/9/2009 5:30:53 PM - Software Distribution Service 3.0
RP142: 11/12/2009 8:29:33 PM - System Checkpoint
RP143: 11/13/2009 3:00:17 AM - Software Distribution Service 3.0
RP144: 11/14/2009 9:52:14 AM - System Checkpoint
RP145: 11/14/2009 6:21:27 PM - Software Distribution Service 3.0
RP146: 11/15/2009 9:42:41 AM - Software Distribution Service 3.0
RP147: 11/16/2009 5:21:57 PM - Software Distribution Service 3.0
RP148: 11/17/2009 7:02:20 PM - System Checkpoint
RP149: 11/18/2009 3:00:17 AM - Software Distribution Service 3.0
RP150: 11/19/2009 5:06:32 PM - Software Distribution Service 3.0
RP151: 11/20/2009 6:05:56 PM - System Checkpoint
RP152: 11/20/2009 6:37:11 PM - Installed Windows XP KB942288-v3.
RP153: 11/20/2009 6:37:53 PM - Installed Windows XP KB958655-v2.
RP154: 11/21/2009 3:00:16 AM - Software Distribution Service 3.0
RP155: 11/22/2009 3:00:17 AM - Software Distribution Service 3.0
RP156: 11/22/2009 11:09:39 AM - Software Distribution Service 3.0
RP157: 11/23/2009 5:29:03 PM - Software Distribution Service 3.0
RP158: 11/23/2009 9:46:16 PM - Installed Corel VideoStudio
RP159: 11/24/2009 3:00:32 AM - Software Distribution Service 3.0
RP160: 11/24/2009 5:28:42 PM - Installed muvee Reveal
RP161: 11/25/2009 2:57:37 PM - Software Distribution Service 3.0
RP162: 11/27/2009 12:11:21 PM - System Checkpoint
RP163: 11/29/2009 12:43:17 PM - Avg8 Update
RP164: 11/30/2009 12:44:37 PM - System Checkpoint
RP165: 12/1/2009 6:35:42 PM - System Checkpoint
RP166: 12/2/2009 7:25:58 PM - System Checkpoint
RP167: 12/3/2009 8:02:46 PM - System Checkpoint
RP168: 12/4/2009 11:14:30 PM - System Checkpoint
RP169: 12/5/2009 11:44:20 PM - System Checkpoint
RP170: 12/7/2009 12:19:51 AM - System Checkpoint
RP171: 12/8/2009 1:19:51 AM - System Checkpoint
RP172: 12/9/2009 2:19:50 AM - System Checkpoint
RP173: 12/10/2009 3:00:21 AM - Software Distribution Service 3.0
RP174: 12/10/2009 8:20:32 AM - Avg8 Update
RP175: 12/11/2009 8:27:08 AM - System Checkpoint
RP176: 12/12/2009 8:20:14 AM - Avg8 Update
RP177: 12/12/2009 8:21:04 AM - Avg8 Update
RP178: 12/13/2009 8:27:08 AM - System Checkpoint
RP179: 12/13/2009 9:03:54 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP180: 12/13/2009 9:04:47 PM - Installed Vegas Movie Studio HD 9.0
RP181: 12/14/2009 5:57:30 PM - Installed MorphVOX Junior
RP182: 12/15/2009 9:08:00 PM - System Checkpoint
RP183: 12/16/2009 6:19:00 PM - Installed Pinnacle VideoSpin.
RP184: 12/17/2009 9:12:48 PM - System Checkpoint
RP185: 12/18/2009 9:22:30 PM - System Checkpoint
RP186: 12/19/2009 3:00:19 AM - Software Distribution Service 3.0
RP187: 12/20/2009 9:38:17 AM - System Checkpoint
RP188: 12/21/2009 10:26:34 AM - System Checkpoint
RP189: 12/22/2009 12:41:59 PM - Avg8 Update
RP190: 12/23/2009 12:43:45 PM - System Checkpoint
RP191: 12/24/2009 1:42:43 PM - System Checkpoint
RP192: 12/25/2009 2:42:50 PM - System Checkpoint
RP193: 12/26/2009 1:25:19 PM - Installed DirectX
RP194: 12/26/2009 1:33:51 PM - Installed Windows Media Format 9 Series Runtime Setup
RP195: 12/27/2009 3:00:17 AM - Software Distribution Service 3.0
RP196: 12/28/2009 3:34:29 AM - System Checkpoint
RP197: 12/28/2009 9:32:31 AM - Avg8 Update
RP198: 12/30/2009 1:17:34 AM - System Checkpoint
RP199: 12/31/2009 2:05:25 AM - System Checkpoint
RP200: 12/31/2009 9:57:16 AM - Installed Windows Media Player 11
RP201: 12/31/2009 9:58:16 AM - Software Distribution Service 3.0
RP202: 1/1/2010 3:00:18 AM - Software Distribution Service 3.0
RP203: 1/2/2010 1:26:06 PM - System Checkpoint
RP204: 1/3/2010 2:04:42 PM - System Checkpoint
RP205: 1/4/2010 8:40:39 AM - Avg8 Update
RP206: 1/5/2010 11:18:48 AM - Installed Windows XP WgaNotify.
RP207: 1/5/2010 11:24:29 AM - Installed HiJackThis
RP208: 1/5/2010 11:29:00 AM - Removed SUPERAntiSpyware Free Edition
RP209: 1/5/2010 11:31:07 AM - Software Distribution Service 3.0
RP210: 1/6/2010 10:39:18 AM - Installed Windows XP KB932823-v3.
RP211: 1/6/2010 10:42:34 AM - Software Distribution Service 3.0
RP212: 1/6/2010 12:32:44 PM - Removed Microsoft Silverlight
RP213: 1/6/2010 12:33:13 PM - Removed Microsoft Silverlight 3 SDK
RP214: 1/6/2010 12:58:48 PM - Installed AVG Free 9.0

==== Installed Programs ======================

123VideoMagic
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Premiere Elements 8.0
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player 11.5
Agere Systems HDA Modem
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ares 3.1.5.3034
AutoUpdate
AVG Free 9.0
AVS DVDMenu Editor 1.2.1.20
AVS Update Manager 1.0
AVS Video Recorder 2.4
AVS Video ReMaker 2.4
AVS Video ReMaker 3.1.1.83
AVS4YOU Software Navigator 1.3
Big Fish Games Client
Bonjour
CCleaner (remove only)
Clip Art Collection
Contents
Corel Digital Studio 2010
Corel VideoStudio 12
Corel WinDVD 2010
Cozi
Crystal Reports for Visual Studio
Curious George Learns Phonics
DeviceIO
Digital DJ Pro 1.7.0
DivX Codec
DivX Player
Dotfuscator Software Services - Community Edition
DVDF10
EA Download Manager
Fashion Star
Fashionista
Firebird SQL Server - MAGIX Edition
Gadget
Google Chrome
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB958655-v2)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
ICA
Indaba Console v2
Intel(R) Graphics Media Accelerator Driver
InterActual Player
InterVideo DeviceService
IPM_SU
iTunes
Java(TM) 6 Update 11
Java(TM) 6 Update 3
Let it Snow Animated Wallpaper #1
LightScribe 1.4.124.1
Living 3D Dolphins Full Screen Saver
Living 3D Fireplace 2.0 Premium Screen Saver
Living 3D Waterfalls Full Screen Saver
Living Marine Aquarium 2.0 Animated Wallpaper
MAGIX 3D Maker (embeded)
MAGIX Movie Edit Pro 15 Download version 8.5.0.30 (UK)
MAGIX Movie Edit Pro 15 Plus Download version 8.0.5.8 (UK)
MAGIX Screenshare 4.3.6.1987 (UK)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile Beta 2
Microsoft .NET Framework 4 Extended Beta 2
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Help 3.0 Beta 2
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Development Tools for Visual Studio 2010 (x86)
Microsoft Office Professional Edition 2003
Microsoft SharePoint Development Tools
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 Beta English
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime v1.0 SP1 Beta (x86)
Microsoft Sync Framework SDK v1.0 SP1 Beta
Microsoft Sync Framework Services v1.0 SP1 Beta (x86)
Microsoft Sync Services for ADO.NET v2.0 SP1 Beta (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 Beta 2 x86 Runtime - 10.0.21006
Microsoft Visual F# Runtime 1.0
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Beta 2
Microsoft Visual Studio 2010 Professional Beta 2 - ENU
Microsoft Visual Studio Macro Tools
Microsoft WinUsb 1.0
Microsoft XML Parser
Mirar
MixPad Audio Mixer
MLE
MorphVOX Junior
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.5.7)
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
muvee Reveal
Norton PC Checkup
Norton Security Scan
Peggle Deluxe
Peggle Deluxe (remove only)
Peggle(TM) Deluxe
Pinnacle VideoSpin
PowerDVD
Prism Video Converter
PSPH10
Puppy Luv
PureHD
QuickTime
RealArcade
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Safari
Samsung Master
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB976325)
Service Pack 1 for SQL Server 2008 (KB968369)
Setup
Share
SmartSound Quicktracks for Premiere Elements 8.0
Smilebox
Spybot - Search & Destroy
SQL Server 2008 R2 Management Objects
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
The Rosetta Stone
The Sims™ 2 Double Deluxe
Ulead DVD MovieFactory 6
Ulead DVD MovieFactory 6 TBYB
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
VDS10
Vegas Movie Studio HD 9.0
Video Edit Magic 4.4
Video Fun Box 2.50 DEMO
VideoPad Video Editor
VideoStudio
VIO
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
Visual Studio 2010 Beta 2 Tools for SQL Server Compact ENU
Visual Studio 2010 Tools for Office Runtime Beta 2 (x86)
Web Deployment Tool
Web Update Wizard (Redistributable) 4.0
WebFldrs XP
WildTangent Games
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Writer
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
World of Kaneva v4.0
Xobni
Xobni Core
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)

==== Event Viewer Messages From Past Week ========

12/31/2009 8:07:32 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00164479A01C. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
1/5/2010 11:32:06 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 8 for Windows XP.
1/5/2010 11:19:50 AM, error: Service Control Manager [7034] - The Protexis Licensing V2 service terminated unexpectedly. It has done this 1 time(s).
1/5/2010 11:19:36 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/5/2010 11:19:24 AM, error: Service Control Manager [7034] - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 2 time(s).
1/5/2010 11:19:14 AM, error: Service Control Manager [7031] - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/5/2010 11:19:04 AM, error: Service Control Manager [7031] - The Zune Bus Enumerator service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/5/2010 11:18:38 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
1/5/2010 11:11:40 AM, error: Dhcp [1002] - The IP address lease 192.168.1.27 for the Network Card with network address 00164479A01C has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
1/5/2010 10:34:10 AM, error: Dhcp [1002] - The IP address lease 192.168.2.5 for the Network Card with network address 00164479A01C has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
1/4/2010 9:48:09 PM, error: Dhcp [1002] - The IP address lease 192.168.2.5 for the Network Card with network address 00164479A01C has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
1/3/2010 12:05:49 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
1/3/2010 12:05:47 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
1/3/2010 12:04:08 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
1/3/2010 12:04:06 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
1/3/2010 12:03:43 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

==== End Of File ===========================

Hardykat
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-12-21
Gender Gender : Female
OS OS : Windows 7 Home Premium
Protection Protection : Norton 360,
Points Points : 25741
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Another computer. Please confirm viruses/malware gone

Post by Belahzur on Wed Jan 06, 2010 9:28 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Ares 3.1.5.3034
    Java(TM) 6 Update 11
    Java(TM) 6 Update 3

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    c:\program files\Uninstall Ask Toolbar.dll
    c:\program files\AskSearch


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Another computer. Please confirm viruses/malware gone

Post by Hardykat on Wed Jan 06, 2010 10:18 pm

========== FILES ==========
c:\program files\Uninstall Ask Toolbar.dll moved successfully.
c:\program files\AskSearch\bin folder moved successfully.
c:\program files\AskSearch folder moved successfully.

OTM by OldTimer - Version 3.1.4.0 log created on 01062010_171651

Hardykat
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-12-21
Gender Gender : Female
OS OS : Windows 7 Home Premium
Protection Protection : Norton 360,
Points Points : 25741
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Another computer. Please confirm viruses/malware gone

Post by Belahzur on Wed Jan 06, 2010 11:12 pm

Hello.

Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Select the second option where it says "This special release provides a few key fixes.".
  • Click the "Download" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u17-windows-i586.exe that you downloaded to install the newest version.

We can remove OTMoveIt now.

  • Please double-click OTM.exe to run it again.
  • Press the green CleanUp! button.
  • Press Yes cleanup process prompt, do the same for the reboot prompt.
How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Another computer. Please confirm viruses/malware gone

Post by Hardykat on Fri Jan 08, 2010 9:28 pm

Sorry about the 2 day absence. Was off yesterday. Anyway, my supervisor took the laptop back. It's running fine. I'll forward this information to him.

Hardykat
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-12-21
Gender Gender : Female
OS OS : Windows 7 Home Premium
Protection Protection : Norton 360,
Points Points : 25741
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum