Page 1 of 8 12345 ... LastLast
Results 1 to 10 of 76

Thread: virtumonde

  1. #1
    Member
    Join Date
    Feb 2010
    Posts
    85

    Default virtumonde

    I have recently been given a Compaq Presario, which is running XP media center.

    It was given to me because of problems which the previous owner gave up on and bought a macbook.

    In adding and running Spybot S&D it found some 135 problems which I asked it to then fix all.

    It could not fix some problems and asked me to restart.

    upon restart each time it would find 6 or so problems and only be able to fix 4 'without a restart'.

    I watched Spybot run because I found it odd there were so many files 917655.

    toward the end of the scans large numbers of files are called virtumonde.sdn.
    I looked it up on wiki and it comes up a virus.

    I'm not sure how to proceed.

  2. #2
    Emeritus- Malware Team
    Join Date
    Oct 2009
    Location
    New England, USA
    Posts
    503

    Default

    Hello and welcome to the forums here at Spybot S&D.

    Please read through the instructions at this link.

    Then post your HijackThis log back here for me to review.

    Please do not start a new topic but reply back here.

    Regards,
    Dave

  3. #3
    Member
    Join Date
    Feb 2010
    Posts
    85

    Default hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:23:07 AM, on 2/28/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\arservice.exe
    C:\WINDOWS\IA\command.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\All Users\Application Data\SeekeenSrch\seekeen155.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\SeekeenSrch\seekeen.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\ARPWRMSG.EXE
    C:\Program Files\Common Files\{7C622FEF-089C-1033-0413-060405060001}\Update.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\lphctvoj0e57v.exe
    C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\COMMON~1\ikzo\ikzom.exe
    C:\Program Files\Csvnro\Csvnro.exe
    C:\Program Files\Belkin\F5D8053v4\BelkinWCUI.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\pphctvoj0e57v.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\PROGRA~1\COMMON~1\ikzo\ikzol.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [{7C622FEF-089C-1033-0413-060405060001}] "C:\Program Files\Common Files\{7C622FEF-089C-1033-0413-060405060001}\Update.exe" te-110-12-0000213
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [{7C622FEF-089B-1033-0413-060405060001}] "C:\Program Files\Common Files\{7C622FEF-089B-1033-0413-060405060001}\Update.exe" te-110-12-0000213
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [{7C622FEF-089D-1033-0413-060405060001}] "C:\Program Files\Common Files\{7C622FEF-089D-1033-0413-060405060001}\Update.exe" te-110-12-0000213
    O4 - HKLM\..\Run: [ALCMTR] ALCMTR.EXE
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [lphctvoj0e57v] C:\WINDOWS\system32\lphctvoj0e57v.exe
    O4 - HKLM\..\Run: [SMrhcpvoj0e57v] C:\Program Files\rhcpvoj0e57v\rhcpvoj0e57v.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Sxpv] C:\WINDOWS\S?mantec\w?auboot.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ikzo] C:\PROGRA~1\COMMON~1\ikzo\ikzom.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [Uhqif] C:\WINDOWS\?racle\r?ndll32.exe
    O4 - HKCU\..\Run: [Atdntep] "C:\Documents and Settings\Compaq_Administrator\My Documents\?dobe\j?vaw.exe"
    O4 - HKCU\..\Run: [Dbbxpi] C:\WINDOWS\system32\s?stem32\?ti2evxx.exe
    O4 - HKCU\..\Run: [Wvrmaf] C:\WINDOWS\?racle\m?iexec.exe
    O4 - HKCU\..\Run: [Mdlhgl] C:\WINDOWS\system32\?ymantec\??rvices.exe
    O4 - HKCU\..\Run: [QdrModule12] "C:\Program Files\QdrModule\QdrModule12.exe"
    O4 - HKCU\..\Run: [Csvnro] C:\Program Files\Csvnro\Csvnro.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'Default user')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Global Startup: Belkin Wireless Networking Utility.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
    O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
    O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SeekeenSrch Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SeekeenSrch\seekeen155.exe

    --
    End of file - 8932 bytes

  4. #4
    Emeritus- Malware Team
    Join Date
    Oct 2009
    Location
    New England, USA
    Posts
    503

    Default

    Okay that gives us a start. Quite a collection of Malware you have there. Before beginning to fix anything I'd like to get a better look at things so we know where we stand.

    Download DDS and save it to your desktop from here or here or here.
    Disable any script blocker, and then double click dds.scr to run the tool.
    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt
    • Save both reports to your desktop. Post them back to your topic.


    ++++++++++++++++++++++++++

    Download This file. Note its name and save it to your root folder, such as C:\.

    • Disconnect from the Internet and close all running programs.
    • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
    • Click on this link to see a list of programs that should be disabled.
    • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
    • Allow the driver to load if asked.
    • You may be prompted to scan immediately if it detects rootkit activity.
    • If you are prompted to scan your system click "Yes" to begin the scan.
    • If not prompted, click the "Rootkit/Malware" tab.
    • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
    • Select all drives that are connected to your system to be scanned.
    • Click the Scan button to begin. (Please be patient as it can take some time to complete)
    • When the scan is finished, click Save to save the scan results to your Desktop.
    • Save the file as Results.log and copy/paste the contents in your next reply.
    • Exit the program and re-enable all active protection when done.

  5. #5
    Member
    Join Date
    Feb 2010
    Posts
    85

    Default dds

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-12-01.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/31/2006 11:26:45 AM
    System Uptime: 2/28/2010 2:04:26 PM (0 hours ago)

    Motherboard: ASUSTek Computer INC. | | NAGAMI2L
    Processor: AMD Athlon(tm) 64 Processor 3500+ | Socket 939 | 2204/199mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 104 GiB total, 86.841 GiB free.
    D: is FIXED (FAT32) - 8 GiB total, 0.504 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    No restore point in system.

    ==== Hosts File Hijack ======================

    Hosts: 192.168.200.3 ad.doubleclick.net
    Hosts: 192.168.200.3 ad.fastclick.net
    Hosts: 192.168.200.3 ads.fastclick.net
    Hosts: 192.168.200.3 atdmt.com
    Hosts: 192.168.200.3 avp.ch
    Hosts: 192.168.200.3 avp.com
    Hosts: 192.168.200.3 avp.ru
    Hosts: 192.168.200.3 awaps.net
    Hosts: 192.168.200.3 banner.fastclick.net
    Hosts: 192.168.200.3 banners.fastclick.net
    Hosts: 192.168.200.3 ca.com
    Hosts: 192.168.200.3 click.atdmt.com
    Hosts: 192.168.200.3 clicks.atdmt.com
    Hosts: 192.168.200.3 customer.symantec.com
    Hosts: 192.168.200.3 dispatch.mcafee.com
    Hosts: 192.168.200.3 download.mcafee.com
    Hosts: 192.168.200.3 download.microsoft.com
    Hosts: 192.168.200.3 downloads-us1.kaspersky-labs.com
    Hosts: 192.168.200.3 downloads.microsoft.com
    Hosts: 192.168.200.3 downloads1.kaspersky-labs.com
    Hosts: 192.168.200.3 downloads2.kaspersky-labs.com
    Hosts: 192.168.200.3 downloads3.kaspersky-labs.com
    Hosts: 192.168.200.3 downloads4.kaspersky-labs.com
    Hosts: 192.168.200.3 engine.awaps.net
    Hosts: 192.168.200.3 f-secure.com
    Hosts: 192.168.200.3 fastclick.net
    Hosts: 192.168.200.3 ftp.avp.ch
    Hosts: 192.168.200.3 ftp.f-secure.com
    Hosts: 192.168.200.3 ftp.kasperskylab.ru
    Hosts: 192.168.200.3 ftp.sophos.com
    Hosts: 192.168.200.3 go.microsoft.com
    Hosts: 192.168.200.3 ids.kaspersky-labs.com
    Hosts: 192.168.200.3 kaspersky-labs.com
    Hosts: 192.168.200.3 kaspersky.com
    Hosts: 192.168.200.3 liveupdate.symantec.com
    Hosts: 192.168.200.3 liveupdate.symantecliveupdate.com
    Hosts: 192.168.200.3 mast.mcafee.com
    Hosts: 192.168.200.3 mcafee.com
    Hosts: 192.168.200.3 microsoft.com
    Hosts: 192.168.200.3 msdn.microsoft.com
    Hosts: 192.168.200.3 my-etrust.com
    Hosts: 192.168.200.3 nai.com
    Hosts: 192.168.200.3 networkassociates.com
    Hosts: 192.168.200.3 office.microsoft.com
    Hosts: 192.168.200.3 pandasoftware.com
    Hosts: 192.168.200.3 phx.corporate-ir.net
    Hosts: 192.168.200.3 rads.mcafee.com
    Hosts: 192.168.200.3 secure.nai.com
    Hosts: 192.168.200.3 securityresponse.symantec.com
    Hosts: 192.168.200.3 service1.symantec.com
    Hosts: 192.168.200.3 sophos.com
    Hosts: 192.168.200.3 support.microsoft.com
    Hosts: 192.168.200.3 symantec.com
    Hosts: 192.168.200.3 trendmicro.com
    Hosts: 192.168.200.3 update.symantec.com
    Hosts: 192.168.200.3 updates.symantec.com
    Hosts: 192.168.200.3 updates5.kaspersky-labs.com
    Hosts: 192.168.200.3 us.mcafee.com
    Hosts: 192.168.200.3 vil.nai.com
    Hosts: 192.168.200.3 viruslist.com
    Hosts: 192.168.200.3 viruslist.ru
    Hosts: 192.168.200.3 virusscan.jotti.org
    Hosts: 192.168.200.3 virustotal.com
    Hosts: 192.168.200.3 windowsupdate.microsoft.com
    Hosts: 192.168.200.3 www.avp.ch
    Hosts: 192.168.200.3 www.avp.com
    Hosts: 192.168.200.3 www.avp.ru
    Hosts: 192.168.200.3 www.awaps.net
    Hosts: 192.168.200.3 www.ca.com
    Hosts: 192.168.200.3 www.f-secure.com
    Hosts: 192.168.200.3 www.kaspersky.com
    Hosts: 192.168.200.3 www.kaspersky.ru
    Hosts: 192.168.200.3 www.mcafee.com
    Hosts: 192.168.200.3 www.microsoft.com
    Hosts: 192.168.200.3 www.my-etrust.com
    Hosts: 192.168.200.3 www.nai.com
    Hosts: 192.168.200.3 www.networkassociates.com
    Hosts: 192.168.200.3 www.pandasoftware.com
    Hosts: 192.168.200.3 www.sophos.com
    Hosts: 192.168.200.3 www.symantec.com
    Hosts: 192.168.200.3 www.symantec.com
    Hosts: 192.168.200.3 www.trendmicro.com
    Hosts: 192.168.200.3 www.viruslist.com
    Hosts: 192.168.200.3 www.viruslist.ru
    Hosts: 192.168.200.3 www.virustotal.com
    Hosts: 192.168.200.3 www3.ca.com

    ==== Installed Programs ======================

    Adobe Flash Player ActiveX
    Adobe Reader 7.0.5
    AIM 6
    Ancient Sudoku
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft PhotoImpression 4
    Belkin N Wireless USB Adapter Setup
    Blackhawk Striker 2
    Bookworm Deluxe
    Bounce Symphony
    BufferChm
    Chuzzle Deluxe
    Compaq Connections (remove only)
    CP_AtenaShokunin1Config
    CP_CalendarTemplates1
    cp_LightScribeConfig
    cp_OnlineProjectsConfig
    CP_Package_Basic1
    CP_Package_Variety1
    CP_Package_Variety2
    CP_Package_Variety3
    CP_Panorama1Config
    cp_PosterPrintConfig
    cp_UpdateProjectsConfig
    Csvnro
    CueTour
    Dasher
    Data Fax SoftModem with SmartCP
    Destinations
    DeviceManagementQFolder
    Diner Dash
    Easy Internet Sign-up
    ERUNT 1.1j
    Fairies
    FATE
    Flip Words
    FullDPAppQFolder
    High Definition Audio Driver Package - KB888111
    HijackThis 2.0.2
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows XP (KB888795)
    Hotfix for Windows XP (KB891593)
    Hotfix for Windows XP (KB893357)
    Hotfix for Windows XP (KB895961)
    Hotfix for Windows XP (KB899337)
    Hotfix for Windows XP (KB899510)
    Hotfix for Windows XP (KB902841)
    Hotfix for Windows XP (KB906569)
    Hotfix for Windows XP (KB912024)
    Hotfix for Windows XP (KB935448)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB979306)
    HP DVD Play 2.1
    HP Game Console
    HP Imaging Device Functions 7.0
    HP Photosmart Premier Software 6.5
    HP Rhapsody
    HP Software Update
    HP Support Overview
    HPPhotoSmartExpress
    HpSdpAppCoreApp
    Insaniquarium Deluxe
    InstantShareDevices
    iTunes
    Jewel Quest
    LightScribe 1.4.84.1
    Mah Jong Quest
    Microsoft .NET Framework 1.0 Hotfix (KB887998)
    Microsoft .NET Framework 1.0 Hotfix (KB930494)
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft Away Mode
    Microsoft Money 2006
    Microsoft Office 2000 Disc 2
    Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
    Microsoft Office Standard Edition 2003
    Microsoft Works
    MSN
    MSXML 4.0 SP2 (KB973688)
    Netscape Browser (remove only)
    OptionalContentQFolder
    PC-Doctor 5 for Windows
    PC Confidential 2008
    PhoTags Express
    PhotoGallery
    Poker Superstars
    Polar Bowler
    Python 2.2 pywin32 extensions (build 203)
    Python 2.2.3
    Quicken 2006
    QuickTime
    RandMap
    RCT3 Soaked
    RealPlayer
    Realtek High Definition Audio Driver
    Remove WeatherBug Installer
    Rhapsody
    Rhapsody Player Engine
    Ricochet Lost Worlds
    RollerCoaster TycoonŽ 3
    Safari
    SCRABBLE
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB905915)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921503)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925454)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928090)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB929969)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931768)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933566)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB937143)
    Security Update for Windows XP (KB937894)
    Security Update for Windows XP (KB938127)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB938829)
    Security Update for Windows XP (KB941202)
    Security Update for Windows XP (KB941568)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB941644)
    Security Update for Windows XP (KB941693)
    Security Update for Windows XP (KB942615)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB943485)
    Security Update for Windows XP (KB944338)
    Security Update for Windows XP (KB944533)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB945553)
    Security Update for Windows XP (KB946026)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB947864)
    Security Update for Windows XP (KB948590)
    Security Update for Windows XP (KB948881)
    Security Update for Windows XP (KB950749)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958470)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB971032)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978706)
    Seekeen 1.0 build 155
    SkinsHP1
    SlideShow
    SlideShowMusic
    Slingo Deluxe
    Snowy The Bears Adventure
    Sonic Express Labeler
    Sonic MyDVD Plus
    Sonic_PrimoSDK
    Spybot - Search & Destroy
    Tennis Titans
    Tornado Jockey
    Tradewinds
    Unload
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB912945)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB929338)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Update for Windows XP (KB933360)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB942840)
    Update for Windows XP (KB946627)
    Update for Windows XP (KB953356)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB978207)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    Viewpoint Media Player
    WebFldrs XP
    Windows Installer 3.1 (KB893803)
    Windows Media Format Runtime
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB883667
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB892050
    Windows XP Hotfix - KB893066
    Windows XP Media Center Edition 2005 KB908246
    Windows XP Media Center Edition 2005 KB912067
    Windows XP Media Center Edition 2005 KB973768

    ==== Event Viewer Messages From Past Week ========

    2/28/2010 11:07:46 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1 Security Update for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB953297).
    2/28/2010 11:02:44 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

    ==== End Of File ===========================

  6. #6
    Member
    Join Date
    Feb 2010
    Posts
    85

    Default 2nd

    DDS (Ver_09-12-01.01) - NTFSx86
    Run by Compaq_Administrator at 14:10:55.42 on Sun 02/28/2010
    Internet Explorer: 6.0.2900.2180
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.702.353 [GMT -5:00]

    FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\WINDOWS\system32\svchost -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\arservice.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Common Files\{7C622FEF-089C-1033-0413-060405060001}\Update.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\lphctvoj0e57v.exe
    C:\WINDOWS\IA\command.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\COMMON~1\ikzo\ikzom.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Csvnro\Csvnro.exe
    C:\Program Files\Belkin\F5D8053v4\BelkinWCUI.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Documents and Settings\All Users\Application Data\SeekeenSrch\seekeen155.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\pphctvoj0e57v.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\SeekeenSrch\seekeen.exe
    C:\Program Files\Safari\Safari.exe
    C:\PROGRA~1\COMMON~1\ikzo\ikzol.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Compaq_Administrator\Desktop\dds.scr
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.hotmail.com/
    uSearch Page = hxxp://www.google.com
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
    uSearch Bar = hxxp://www.google.com/ie
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
    mDefault_Search_URL = hxxp://www.google.com/ie
    mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
    uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: PCCBHO.CPCCBHO: {22fc6ce8-7d47-479f-b74a-bfbb04adb9af} - c:\program files\winferno\pc confidential\PCCBHO.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
    TB: {C1B4DEC2-2623-438E-9CA2-C9043AB28508} - No File
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    EB: {12DA1BC4-5384-42fd-A119-3C99D2D146A2} - No File
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [Sxpv] c:\windows\s?mantec\w?auboot.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [ikzo] c:\progra~1\common~1\ikzo\ikzom.exe
    uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
    uRun: [Uhqif] c:\windows\?racle\r?ndll32.exe
    uRun: [Atdntep] "c:\documents and settings\compaq_administrator\my documents\?dobe\j?vaw.exe"
    uRun: [Dbbxpi] c:\windows\system32\s?stem32\?ti2evxx.exe
    uRun: [Wvrmaf] c:\windows\?racle\m?iexec.exe
    uRun: [Mdlhgl] c:\windows\system32\?ymantec\??rvices.exe
    uRun: [QdrModule12] "c:\program files\qdrmodule\QdrModule12.exe"
    uRun: [Csvnro] c:\program files\csvnro\Csvnro.exe
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
    mRun: [<NO NAME>]
    mRun: [PCDrProfiler]
    mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
    mRun: [{7C622FEF-089C-1033-0413-060405060001}] "c:\program files\common files\{7c622fef-089c-1033-0413-060405060001}\Update.exe" te-110-12-0000213
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
    mRun: [{7C622FEF-089B-1033-0413-060405060001}] "c:\program files\common files\{7c622fef-089b-1033-0413-060405060001}\Update.exe" te-110-12-0000213
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [{7C622FEF-089D-1033-0413-060405060001}] "c:\program files\common files\{7c622fef-089d-1033-0413-060405060001}\Update.exe" te-110-12-0000213
    mRun: [ALCMTR] ALCMTR.EXE
    mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    mRun: [lphctvoj0e57v] c:\windows\system32\lphctvoj0e57v.exe
    mRun: [SMrhcpvoj0e57v] c:\program files\rhcpvoj0e57v\rhcpvoj0e57v.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9e.exe
    StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\f5d8053v4\BelkinWCUI.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
    IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - c:\program files\winferno\pc confidential\PCConfidential.exe
    IE: {925DAB62-F9AC-4221-806A-057BFB1014AA} - c:\program files\winferno\pc confidential\PCConfidential.exe
    IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    Hosts: 192.168.200.3 ad.doubleclick.net
    Hosts: 192.168.200.3 ad.fastclick.net
    Hosts: 192.168.200.3 ads.fastclick.net
    Hosts: 192.168.200.3 atdmt.com
    Hosts: 192.168.200.3 avp.ch

    Note: multiple HOSTS entries found. Please refer to Attach.txt

    ============= SERVICES / DRIVERS ===============

    R2 cmdService;Command Service;c:\windows\ia\command.exe [2007-6-3 293888]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 SeekeenSrch Service;SeekeenSrch Service;c:\documents and settings\all users\application data\seekeensrch\seekeen155.exe [2010-2-26 4608]
    R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2009-1-10 517632]

    =============== Created Last 30 ================

    2010-02-28 16:24:56 60512 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-02-28 16:21:33 94208 ----a-w- c:\windows\system32\pphctvoj0e57v.exe
    2010-02-28 16:06:22 0 d-----w- c:\windows\ServicePackFiles
    2010-02-28 16:05:42 0 d-----w- c:\program files\MSXML 4.0
    2010-02-27 04:06:13 0 ----a-w- c:\windows\system32\atmtd.dll.tmp
    2010-02-26 23:11:47 0 d-----w- c:\program files\Spybot - Search & Destroy

    ==================== Find3M ====================

    2010-02-26 23:45:19 94208 ----a-w- c:\windows\system32\C7.tmp
    2010-02-26 23:45:08 94208 ----a-w- c:\windows\system32\C6.tmp
    2010-02-26 23:43:42 94208 ----a-w- c:\windows\system32\C5.tmp
    2010-02-26 23:42:48 94208 ----a-w- c:\windows\system32\C4.tmp
    2010-02-26 23:42:01 94208 ----a-w- c:\windows\system32\C3.tmp
    2010-02-26 23:41:09 94208 ----a-w- c:\windows\system32\C2.tmp
    2010-02-26 23:40:44 94208 ----a-w- c:\windows\system32\C1.tmp
    2010-02-26 23:39:00 94208 ----a-w- c:\windows\system32\C0.tmp
    2010-02-26 23:37:16 94208 ----a-w- c:\windows\system32\BF.tmp
    2010-02-26 23:36:03 94208 ----a-w- c:\windows\system32\BE.tmp
    2010-02-26 23:35:50 94208 ----a-w- c:\windows\system32\BD.tmp
    2010-02-26 23:35:21 94208 ----a-w- c:\windows\system32\BC.tmp
    2010-02-26 23:34:55 94208 ----a-w- c:\windows\system32\BB.tmp
    2010-02-26 23:33:48 94208 ----a-w- c:\windows\system32\B9.tmp
    2010-02-26 23:32:34 94208 ----a-w- c:\windows\system32\B8.tmp
    2010-02-26 23:28:18 94208 ----a-w- c:\windows\system32\B7.tmp
    2010-02-26 23:27:25 94208 ----a-w- c:\windows\system32\B6.tmp
    2010-02-26 23:25:53 94208 ----a-w- c:\windows\system32\B5.tmp
    2010-02-26 23:25:37 94208 ----a-w- c:\windows\system32\B2.tmp
    2010-02-26 23:25:05 94208 ----a-w- c:\windows\system32\B1.tmp
    2010-02-26 23:24:43 94208 ----a-w- c:\windows\system32\B0.tmp
    2010-02-26 23:24:32 94208 ----a-w- c:\windows\system32\AF.tmp
    2010-02-26 23:23:53 94208 ----a-w- c:\windows\system32\AE.tmp
    2010-02-26 23:23:45 94208 ----a-w- c:\windows\system32\AD.tmp
    2010-02-26 23:23:31 94208 ----a-w- c:\windows\system32\AC.tmp
    2010-02-26 23:23:07 94208 ----a-w- c:\windows\system32\AB.tmp
    2010-02-26 23:22:07 94208 ----a-w- c:\windows\system32\AA.tmp
    2010-02-26 23:21:54 94208 ----a-w- c:\windows\system32\A9.tmp
    2010-02-26 23:21:41 94208 ----a-w- c:\windows\system32\A8.tmp
    2010-02-26 23:21:33 94208 ----a-w- c:\windows\system32\A7.tmp
    2010-02-26 23:21:09 94208 ----a-w- c:\windows\system32\A6.tmp
    2010-02-26 23:20:49 94208 ----a-w- c:\windows\system32\A5.tmp
    2010-02-26 23:20:30 94208 ----a-w- c:\windows\system32\A4.tmp
    2010-02-26 23:18:06 94208 ----a-w- c:\windows\system32\A3.tmp
    2009-12-31 16:14:12 352640 ------w- c:\windows\system32\drivers\srv.sys
    2009-12-31 16:14:12 352640 ------w- c:\windows\system32\dllcache\srv.sys
    2009-12-16 13:35:58 18432 ------w- c:\windows\system32\dllcache\iedw.exe
    2009-12-16 12:58:04 343040 ------w- c:\windows\system32\mspaint.exe
    2009-12-16 12:58:04 343040 ------w- c:\windows\system32\dllcache\mspaint.exe
    2009-12-14 07:35:35 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
    2009-12-14 07:35:35 33280 ------w- c:\windows\system32\csrsrv.dll
    2009-12-08 08:59:48 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
    2009-12-04 14:41:55 453760 ------w- c:\windows\system32\dllcache\mrxsmb.sys
    2005-08-02 20:46:54 187904 --sha-r- c:\windows\ia\asappsrv.dll
    2005-08-02 20:58:38 293888 --sha-r- c:\windows\ia\command.exe
    2005-07-29 20:24:26 472 --sha-r- c:\windows\ia\KE.vbs

    ============= FINISH: 14:11:42.53 ===============

  7. #7
    Member
    Join Date
    Feb 2010
    Posts
    85

    Default at a stand still for now

    I have clicked on "this link" to see a list of programs to be disabled, but I have not found the list.

  8. #8
    Emeritus- Malware Team
    Join Date
    Oct 2009
    Location
    New England, USA
    Posts
    503

    Default

    Quote Originally Posted by Red_Earth View Post
    I have clicked on "this link" to see a list of programs to be disabled, but I have not found the list.
    Don't worry about it. In your case it doesn't appear you have ANY security software at all here, so nothing to disable. I will advise some free programs after we do some cleanup.

  9. #9
    Member
    Join Date
    Feb 2010
    Posts
    85

    Default This file

    When you say download this file, I did it and ran it but I interrupted it because it had not had all of my drives checkmarked. I stopped scan.
    I reopened and scanned again. this time it froze or something; I left it alone because it was taking a long time and it sent my monitor into a sleep mode from which I could not revive it.
    I had to hard reboot. I have deleted the file and will attempt to download again and run it again and post my results. Thank you for being patient. I am not very saavy.

  10. #10
    Emeritus- Malware Team
    Join Date
    Oct 2009
    Location
    New England, USA
    Posts
    503

    Default

    Okay no problem. If you cannot get it to run then just let me know and we'll proceed with the fix. Most of this Malware has been around a long time (in the wild). We don't see much of it these days but it tends to make comebacks at times. My inclination though is that this PC has been infected for some time now.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •