Go Back   Cyber Tech Help Support Forums > Operating Systems > Windows 7


Topic Tools
Old March 31st, 2010, 04:48 PM
alanis alanis is offline
Senior Member
Join Date: Feb 2003
Location: midwest
Posts: 226
Unhappy Email sent but not to the people I sent it to

What do you make of this? Could this be virus?
Thanks for reading!

Well something weird is going on....the people I sent it to...all the names changed.... getting post master status notification message...

When I checked my sent folder, all my names were different!! I use windows live email

People I hadn't sent this to are now getting it!!
Subject I used: You're up, Sister

subject changed to:
isabelle jeninez
philippe petrault
emma hills
sebastien jamard
saloua houamed
iman ayayda
pia Duhem
Nicole Roux
David Eccleston
Bivec Natasa
Salmon Noreen
Reply With Quote

Old March 31st, 2010, 08:28 PM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
CTH Subscriber
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,812
Hi alanis. Can we just clarify a few issues please.

1. Are those people on your contact list?

2. Are you saying that the subject of the email changed to the names of the people you have listed? If not, what did the subject change to?

3. Have you tried resending the email? If not, please do so and tell me if the same issue occurred.

I am going to close your topic in the Malware Removal Forum. If it is a malware issue (which I seriously doubt) I can deal with it and will transfer your topic to the MR Forum anyway.
Reply With Quote
Old March 31st, 2010, 10:27 PM
alanis alanis is offline
Senior Member
Join Date: Feb 2003
Location: midwest
Posts: 226
yes the people I mailed the email to are on my contact list, but was random not ones I chose

the subject changed to those names I posted
just noticed another thing it CC to all my contacts

I sent the mail to another address and it did not do anything weird

Also on March 10, I got an email from a friend...but apparently she didn't send it. The email asked me to join a LiveHealthClub saying she wanted to be my friend, with a link but I did NOT open it, emailed the friend and that is when she said she didn't send it. She has yahoo mail if that is important.

Thanks Ann Marie for helping!!
I've got Webroot for AV and have just d/loaded AVG So far nothing has come up with a virus...going to scan again.
Reply With Quote
Old March 31st, 2010, 10:42 PM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
CTH Subscriber
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,812
If the email you received on 10th March contained a worm, I would have thought you would see evidence of an infection before now.

I'll have a look at some logs for you though. Go here and download DDS to your Desktop and doubleclick on DDS.scr to run it. When the scan has finished, two logs will open. Copy and paste both reports in this topic. The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.

Also let me know the result of your scans when you have completed them please.
Reply With Quote
Old March 31st, 2010, 11:25 PM
alanis alanis is offline
Senior Member
Join Date: Feb 2003
Location: midwest
Posts: 226

DDS (Ver_10-03-17.01) - NTFSX64
Run by Susie Williams at 17:16:28.59 on Wed 03/31/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3836.1696 [GMT -5:00]

============== Running Processes ===============

C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.ex e
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stw rt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.e xe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stw rt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.e xe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\desktop weather\desktopweather_328512.exe
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\Brownie\BrStsW64.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Brownie\Brnipmon.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\Pres entationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\AVG\AVG9\avgui.exe
C:\Program Files (x86)\AVG\AVG9\avgscana.exe
Reply With Quote
Old March 31st, 2010, 11:26 PM
alanis alanis is offline
Senior Member
Join Date: Feb 2003
Location: midwest
Posts: 226
scan continues

C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Program Files (x86)\Webroot\WebrootSecurity\SSU.EXE
C:\Users\Susie Williams\Downloads\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.kcrg.com/weather/ppflogos
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy& pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy& pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy& pf=cnnb
mLocal Page = c:\windows\syswow64\blank.htm
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - c:\program files (x86)\common files\homepage protection\HomepageProtection.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn\toolbar\3.0.0560.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files (x86)\msn\toolbar\3.0.0560.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [HPADVISOR] "c:\program files (x86)\hewlett-packard\hp advisor\HPAdvisor.exe" view=DOCKVIEW
uRun: [LightScribe Control Panel] "c:\program files (x86)\common files\lightscribe\LightScribeControlPanel.exe" -hidden
uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [HPCam_Menu] "c:\program files (x86)\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe" "c:\program files (x86)\hewlett-packard\media\webcam" updatewithcreateonce "software\hewlett-packard\media\Webcam"
mRun: [Corel File Shell Monitor] "c:\program files (x86)\corel\corel paint shop pro photo x2\CorelIOMonitor.exe"
mRun: [QlbCtrl.exe] "c:\program files (x86)\hewlett-packard\hp quick launch buttons\QlbCtrl.exe" /Start
mRun: [NortonOnlineBackupReminder] "c:\program files (x86)\symantec\norton online backup\activation\NobuActivation.exe" UNATTENDED
mRun: [UpdatePRCShortCut] "c:\program files (x86)\hewlett-packard\recovery\muitransfer\muistartmenu.exe" "c:\program files (x86)\hewlett-packard\recovery" updatewithcreateonce "software\cyberlink\PowerRecover"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [HP Software Update] "c:\program files (x86)\hp\hp software update\HPWuSchd2.exe"
mRun: [<NO NAME>]
mRun: [WirelessAssistant] "c:\program files (x86)\hewlett-packard\hp wireless assistant\HPWAMain.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BrStsWnd] "c:\program files (x86)\brownie\BrstsW64.exe" Autorun
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [AVG9_TRAY] "c:\progra~2\avg\avg9\avgtray.exe"
Reply With Quote
Old March 31st, 2010, 11:27 PM
alanis alanis is offline
Senior Member
Join Date: Feb 2003
Location: midwest
Posts: 226
mRun: [SpySweeper] "c:\program files (x86)\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
StartupFolder: c:\users\susiew~1\appdata\roaming\micros~1\windows \startm~1\programs\startup\deskto~1.lnk - c:\program files (x86)\desktop weather\desktopweather_328512.exe
uPolicies-system: WallpaperStyle = 2
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files (x86)\common files\lightscribe\LSRunOnce.exe"
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [SysTrayApp] "c:\program files\idt\wdm\sttray64.exe"
mRun-x64: [SmartMenu] "c:\program files\hewlett-packard\hp mediasmart\SmartMenu.exe" /background
mRun-x64: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
AppInit_DLLs-X64: avgrssta.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\susiew~1\appdata\roaming\mozilla\firefox\ profiles\4pdgzery.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.kcrg.com/weather/ppflogos
FF - prefs.js: keyword.URL - hxxp://www.google.co.in/search?btnG=Google+Search&q=
FF - component: c:\program files (x86)\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files (x86)\avg\avg9\toolbar\firefox\avg@igeared\compone nts\IGeared_tavgp_xputils2.dll
FF - component: c:\program files (x86)\avg\avg9\toolbar\firefox\avg@igeared\compone nts\IGeared_tavgp_xputils3.dll
FF - component: c:\program files (x86)\avg\avg9\toolbar\firefox\avg@igeared\compone nts\IGeared_tavgp_xputils35.dll
FF - component: c:\program files (x86)\avg\avg9\toolbar\firefox\avg@igeared\compone nts\xpavgtbapi.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabl ed", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_every where__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_bro ken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
Reply With Quote
Old March 31st, 2010, 11:28 PM
alanis alanis is offline
Senior Member
Join Date: Feb 2003
Location: midwest
Posts: 226
============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs 0bbc.sys [2009-11-6 37488]
R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2010-3-31 269320]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2010-3-31 35464]
R1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2010-3-31 316936]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/12/03 00:37:43];c:\program files (x86)\hewlett-packard\media\dvd\000.fcl [2009-12-3 146928]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filereposi tory\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AE STSr64.exe [2009-12-3 89600]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-7-2 203264]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files (x86)\avg\avg9\avgemc.exe [2010-3-31 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-3-31 308064]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2009-7-8 30520]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files (x86)\webroot\webrootsecurity\SpySweeper.exe [2009-11-6 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files (x86)\webroot\webrootsecurity\WRConsumerService.ex e [2010-2-27 1201640]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-8-15 228408]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2009-6-29 70656]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-12-3 215040]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-12-3 36408]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\avg\avg9\toolbar\ToolbarBroker.exe [2010-3-31 369920]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-12-3 216576]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VS TAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VS TDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\driver s\VSTCNXT6.SYS [2009-7-13 740864]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-3 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x64.sys [2009-6-10 389120]

=============== Created Last 30 ================

2010-03-31 18:50:29 12976 ----a-w- c:\windows\system32\avgrssta.dll
2010-03-31 18:50:27 316936 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2010-03-31 18:50:22 269320 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2010-03-31 18:50:20 35464 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2010-03-31 18:50:20 0 d-----w- c:\windows\system32\drivers\Avg
2010-03-31 18:49:25 0 d-----w- c:\programdata\AVG Security Toolbar
2010-03-31 18:41:55 0 d-----w- c:\program files (x86)\AVG
2010-03-31 18:41:37 0 d-----w- c:\programdata\avg9
2010-03-03 11:12:12 0 d-----w- c:\windows\syswow64\Wat
2010-03-03 11:12:12 0 d-----w- c:\windows\system32\Wat

==================== Find3M ====================

2010-03-31 01:20:10 2218 ----a-w- c:\users\susiew~1\appdata\roaming\wklnhst.dat
2010-03-28 16:13:13 952 --sha-w- c:\programdata\KGyGaAvL.sys
2010-02-24 15:16:06 212864 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 08:22:50 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 07:56:00 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-02-23 07:55:56 1225216 ----a-w- c:\windows\syswow64\urlmon.dll
2010-02-23 07:55:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-02-23 07:55:43 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-02-23 07:55:43 5964800 ----a-w- c:\windows\syswow64\mshtml.dll
2010-02-23 07:55:24 10978816 ----a-w- c:\windows\syswow64\ieframe.dll
2010-02-23 07:55:20 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-02-02 08:36:47 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-02 07:45:54 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-01-20 11:44:31 22774 ----a-w- c:\windows\hpqins15.dat
2010-01-19 09:05:57 424960 ----a-w- c:\windows\system32\secproc.dll
2010-01-19 09:05:57 422912 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-19 09:05:57 121856 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-19 09:05:57 121856 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-19 09:00:44 305152 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-19 09:00:43 357888 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-19 09:00:37 356352 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-19 09:00:37 306688 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-18 23:29:31 85504 ----a-w- c:\windows\syswow64\secproc_ssp_isv.dll
2010-01-18 23:29:31 85504 ----a-w- c:\windows\syswow64\secproc_ssp.dll
2010-01-18 23:29:31 365568 ----a-w- c:\windows\syswow64\secproc_isv.dll
2010-01-18 23:29:30 369152 ----a-w- c:\windows\syswow64\secproc.dll
2010-01-18 23:28:33 324608 ----a-w- c:\windows\syswow64\RMActivate_isv.exe
2010-01-18 23:28:33 277504 ----a-w- c:\windows\syswow64\RMActivate_ssp_isv.exe
2010-01-18 23:28:30 320512 ----a-w- c:\windows\syswow64\RMActivate.exe
2010-01-18 23:28:30 280064 ----a-w- c:\windows\syswow64\RMActivate_ssp.exe
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f6 96639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb 108c86c\WinMail.exe

============= FINISH: 17:17:40.60 ===============
Reply With Quote
Old March 31st, 2010, 11:30 PM
alanis alanis is offline
Senior Member
Join Date: Feb 2003
Location: midwest
Posts: 226

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/29/2009 2:23:21 PM
System Uptime: 3/31/2010 3:57:52 PM (2 hours ago)

Motherboard: Quanta | | 3638
Processor: AMD Turion(tm) II Ultra Dual-Core Mobile M600 | Socket S1G3 | 1080/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 450 GiB total, 408.552 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 2.524 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP39: 3/3/2010 5:11:33 AM - Windows Update
RP40: 3/5/2010 5:51:41 AM - Windows Update
RP41: 3/9/2010 6:40:20 AM - Windows Update
RP42: 3/10/2010 9:42:19 PM - Windows Update
RP43: 3/12/2010 6:01:04 AM - Windows Update
RP44: 3/16/2010 6:48:44 AM - Windows Update
RP45: 3/18/2010 4:29:37 PM - Windows Update
RP46: 3/22/2010 1:40:45 PM - Windows Update
RP47: 3/24/2010 9:25:13 AM - Windows Update
RP48: 3/26/2010 6:26:49 AM - Windows Update
RP49: 3/30/2010 6:34:34 AM - Windows Update
RP50: 3/31/2010 10:54:14 AM - Windows Update
RP51: 3/31/2010 1:41:12 PM - Installed AVG Free 9.0

==== Installed Programs ======================

Activate Norton Online Backup
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.1 MUI
AMD USB Filter Driver
Apple Application Support
Apple Software Update
Atheros Driver Installation Program
AVG Free 9.0
Brother HL-2170W
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compatibility Pack for the 2007 Office system
Corel Paint Shop Pro Photo X2
Corel VideoStudio 12
CyberLink DVD Suite
desktop weather
Homepage Protection
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart DVD
HP MediaSmart Internet TV
HP MediaSmart Live TV
HP MediaSmart Movie Themes
HP MediaSmart Music/Photo/Video
HP MediaSmart SlingPlayer
HP MediaSmart Software Notebook Demo
HP MediaSmart Webcam
HP Quick Launch Buttons
HP Setup
HP Support Assistant
HP Update
HP User Guides 0153
HP Wireless Assistant
HPAsset component for HP Active Support Library
IDT Audio
Java(TM) 6 Update 17
Junk Mail filter update
LightScribe System Software
Microsoft Choice Guard
Microsoft Live Search Toolbar
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Mozilla Firefox (3.6.2)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
Realtek 8136 8168 8169 Ethernet Driver
Realtek USB 2.0 Card Reader
Spy Sweeper Core
Visual C++ 8.0 Runtime Setup Package (x64)
Webroot AntiVirus with Spy Sweeper
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Live Writer
Windows Media Encoder 9 Series

==== Event Viewer Messages From Past Week ========

3/31/2010 3:56:52 PM, Error: ssidrv [26] - Failed to set monitor event rule.

==== End Of File ===========================
Reply With Quote
Old March 31st, 2010, 11:31 PM
alanis alanis is offline
Senior Member
Join Date: Feb 2003
Location: midwest
Posts: 226
Will post back and tell you the results of scans.

Reply With Quote
Old March 31st, 2010, 11:37 PM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
CTH Subscriber
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,812
Ok. Your logs look fine alanis. There is no evidence of any malware files or startups.
Reply With Quote
Old March 31st, 2010, 11:41 PM
alanis alanis is offline
Senior Member
Join Date: Feb 2003
Location: midwest
Posts: 226
Well, that's a step in the right direction!
Reply With Quote
Old March 31st, 2010, 11:45 PM
alanis alanis is offline
Senior Member
Join Date: Feb 2003
Location: midwest
Posts: 226
forgot to ask...Is it safe to do my online banking?
I also changed my password and sec. question on msn.
Reply With Quote
Old March 31st, 2010, 11:47 PM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
CTH Subscriber
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,812
Sure, provided the scans dont find any problems.
Reply With Quote
Old March 31st, 2010, 11:50 PM
alanis alanis is offline
Senior Member
Join Date: Feb 2003
Location: midwest
Posts: 226
Webroot only had a tracking cookie, found no infection. AVG is still scanning
Reply With Quote


Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT +1. The time now is 07:33 AM.