virtumonde

Status
Not open for further replies.
R

Red_Earth

New member
I have recently been given a Compaq Presario, which is running XP media center.

It was given to me because of problems which the previous owner gave up on and bought a macbook.

In adding and running Spybot S&D it found some 135 problems which I asked it to then fix all.

It could not fix some problems and asked me to restart.

upon restart each time it would find 6 or so problems and only be able to fix 4 'without a restart'.

I watched Spybot run because I found it odd there were so many files 917655.

toward the end of the scans large numbers of files are called virtumonde.sdn.
I looked it up on wiki and it comes up a virus.

I'm not sure how to proceed.
 
Hello and welcome to the forums here at Spybot S&D.

Please read through the instructions at this link.

Then post your HijackThis log back here for me to review.

Please do not start a new topic but reply back here.

Regards,
Dave
 
hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:07 AM, on 2/28/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\IA\command.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\SeekeenSrch\seekeen155.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\SeekeenSrch\seekeen.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Common Files\{7C622FEF-089C-1033-0413-060405060001}\Update.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\lphctvoj0e57v.exe
C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\ikzo\ikzom.exe
C:\Program Files\Csvnro\Csvnro.exe
C:\Program Files\Belkin\F5D8053v4\BelkinWCUI.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\pphctvoj0e57v.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\COMMON~1\ikzo\ikzol.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [{7C622FEF-089C-1033-0413-060405060001}] "C:\Program Files\Common Files\{7C622FEF-089C-1033-0413-060405060001}\Update.exe" te-110-12-0000213
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [{7C622FEF-089B-1033-0413-060405060001}] "C:\Program Files\Common Files\{7C622FEF-089B-1033-0413-060405060001}\Update.exe" te-110-12-0000213
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [{7C622FEF-089D-1033-0413-060405060001}] "C:\Program Files\Common Files\{7C622FEF-089D-1033-0413-060405060001}\Update.exe" te-110-12-0000213
O4 - HKLM\..\Run: [ALCMTR] ALCMTR.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [lphctvoj0e57v] C:\WINDOWS\system32\lphctvoj0e57v.exe
O4 - HKLM\..\Run: [SMrhcpvoj0e57v] C:\Program Files\rhcpvoj0e57v\rhcpvoj0e57v.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Sxpv] C:\WINDOWS\S?mantec\w?auboot.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ikzo] C:\PROGRA~1\COMMON~1\ikzo\ikzom.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Uhqif] C:\WINDOWS\?racle\r?ndll32.exe
O4 - HKCU\..\Run: [Atdntep] "C:\Documents and Settings\Compaq_Administrator\My Documents\?dobe\j?vaw.exe"
O4 - HKCU\..\Run: [Dbbxpi] C:\WINDOWS\system32\s?stem32\?ti2evxx.exe
O4 - HKCU\..\Run: [Wvrmaf] C:\WINDOWS\?racle\m?iexec.exe
O4 - HKCU\..\Run: [Mdlhgl] C:\WINDOWS\system32\?ymantec\??rvices.exe
O4 - HKCU\..\Run: [QdrModule12] "C:\Program Files\QdrModule\QdrModule12.exe"
O4 - HKCU\..\Run: [Csvnro] C:\Program Files\Csvnro\Csvnro.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Belkin Wireless Networking Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SeekeenSrch Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SeekeenSrch\seekeen155.exe

--
End of file - 8932 bytes
 
Okay that gives us a start. Quite a collection of Malware you have there. Before beginning to fix anything I'd like to get a better look at things so we know where we stand.

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.

++++++++++++++++++++++++++

Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.
 
dds

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/31/2006 11:26:45 AM
System Uptime: 2/28/2010 2:04:26 PM (0 hours ago)

Motherboard: ASUSTek Computer INC. | | NAGAMI2L
Processor: AMD Athlon(tm) 64 Processor 3500+ | Socket 939 | 2204/199mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 104 GiB total, 86.841 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 0.504 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Hosts File Hijack ======================

Hosts: 192.168.200.3 ad.doubleclick.net
Hosts: 192.168.200.3 ad.fastclick.net
Hosts: 192.168.200.3 ads.fastclick.net
Hosts: 192.168.200.3 atdmt.com
Hosts: 192.168.200.3 avp.ch
Hosts: 192.168.200.3 avp.com
Hosts: 192.168.200.3 avp.ru
Hosts: 192.168.200.3 awaps.net
Hosts: 192.168.200.3 banner.fastclick.net
Hosts: 192.168.200.3 banners.fastclick.net
Hosts: 192.168.200.3 ca.com
Hosts: 192.168.200.3 click.atdmt.com
Hosts: 192.168.200.3 clicks.atdmt.com
Hosts: 192.168.200.3 customer.symantec.com
Hosts: 192.168.200.3 dispatch.mcafee.com
Hosts: 192.168.200.3 download.mcafee.com
Hosts: 192.168.200.3 download.microsoft.com
Hosts: 192.168.200.3 downloads-us1.kaspersky-labs.com
Hosts: 192.168.200.3 downloads.microsoft.com
Hosts: 192.168.200.3 downloads1.kaspersky-labs.com
Hosts: 192.168.200.3 downloads2.kaspersky-labs.com
Hosts: 192.168.200.3 downloads3.kaspersky-labs.com
Hosts: 192.168.200.3 downloads4.kaspersky-labs.com
Hosts: 192.168.200.3 engine.awaps.net
Hosts: 192.168.200.3 f-secure.com
Hosts: 192.168.200.3 fastclick.net
Hosts: 192.168.200.3 ftp.avp.ch
Hosts: 192.168.200.3 ftp.f-secure.com
Hosts: 192.168.200.3 ftp.kasperskylab.ru
Hosts: 192.168.200.3 ftp.sophos.com
Hosts: 192.168.200.3 go.microsoft.com
Hosts: 192.168.200.3 ids.kaspersky-labs.com
Hosts: 192.168.200.3 kaspersky-labs.com
Hosts: 192.168.200.3 kaspersky.com
Hosts: 192.168.200.3 liveupdate.symantec.com
Hosts: 192.168.200.3 liveupdate.symantecliveupdate.com
Hosts: 192.168.200.3 mast.mcafee.com
Hosts: 192.168.200.3 mcafee.com
Hosts: 192.168.200.3 microsoft.com
Hosts: 192.168.200.3 msdn.microsoft.com
Hosts: 192.168.200.3 my-etrust.com
Hosts: 192.168.200.3 nai.com
Hosts: 192.168.200.3 networkassociates.com
Hosts: 192.168.200.3 office.microsoft.com
Hosts: 192.168.200.3 pandasoftware.com
Hosts: 192.168.200.3 phx.corporate-ir.net
Hosts: 192.168.200.3 rads.mcafee.com
Hosts: 192.168.200.3 secure.nai.com
Hosts: 192.168.200.3 securityresponse.symantec.com
Hosts: 192.168.200.3 service1.symantec.com
Hosts: 192.168.200.3 sophos.com
Hosts: 192.168.200.3 support.microsoft.com
Hosts: 192.168.200.3 symantec.com
Hosts: 192.168.200.3 trendmicro.com
Hosts: 192.168.200.3 update.symantec.com
Hosts: 192.168.200.3 updates.symantec.com
Hosts: 192.168.200.3 updates5.kaspersky-labs.com
Hosts: 192.168.200.3 us.mcafee.com
Hosts: 192.168.200.3 vil.nai.com
Hosts: 192.168.200.3 viruslist.com
Hosts: 192.168.200.3 viruslist.ru
Hosts: 192.168.200.3 virusscan.jotti.org
Hosts: 192.168.200.3 virustotal.com
Hosts: 192.168.200.3 windowsupdate.microsoft.com
Hosts: 192.168.200.3 www.avp.ch
Hosts: 192.168.200.3 www.avp.com
Hosts: 192.168.200.3 www.avp.ru
Hosts: 192.168.200.3 www.awaps.net
Hosts: 192.168.200.3 www.ca.com
Hosts: 192.168.200.3 www.f-secure.com
Hosts: 192.168.200.3 www.kaspersky.com
Hosts: 192.168.200.3 www.kaspersky.ru
Hosts: 192.168.200.3 www.mcafee.com
Hosts: 192.168.200.3 www.microsoft.com
Hosts: 192.168.200.3 www.my-etrust.com
Hosts: 192.168.200.3 www.nai.com
Hosts: 192.168.200.3 www.networkassociates.com
Hosts: 192.168.200.3 www.pandasoftware.com
Hosts: 192.168.200.3 www.sophos.com
Hosts: 192.168.200.3 www.symantec.com
Hosts: 192.168.200.3 www.symantec.com
Hosts: 192.168.200.3 www.trendmicro.com
Hosts: 192.168.200.3 www.viruslist.com
Hosts: 192.168.200.3 www.viruslist.ru
Hosts: 192.168.200.3 www.virustotal.com
Hosts: 192.168.200.3 www3.ca.com

==== Installed Programs ======================

Adobe Flash Player ActiveX
Adobe Reader 7.0.5
AIM 6
Ancient Sudoku
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 4
Belkin N Wireless USB Adapter Setup
Blackhawk Striker 2
Bookworm Deluxe
Bounce Symphony
BufferChm
Chuzzle Deluxe
Compaq Connections (remove only)
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
Csvnro
CueTour
Dasher
Data Fax SoftModem with SmartCP
Destinations
DeviceManagementQFolder
Diner Dash
Easy Internet Sign-up
ERUNT 1.1j
Fairies
FATE
Flip Words
FullDPAppQFolder
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB979306)
HP DVD Play 2.1
HP Game Console
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Rhapsody
HP Software Update
HP Support Overview
HPPhotoSmartExpress
HpSdpAppCoreApp
Insaniquarium Deluxe
InstantShareDevices
iTunes
Jewel Quest
LightScribe 1.4.84.1
Mah Jong Quest
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Away Mode
Microsoft Money 2006
Microsoft Office 2000 Disc 2
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
Microsoft Office Standard Edition 2003
Microsoft Works
MSN
MSXML 4.0 SP2 (KB973688)
Netscape Browser (remove only)
OptionalContentQFolder
PC-Doctor 5 for Windows
PC Confidential 2008
PhoTags Express
PhotoGallery
Poker Superstars
Polar Bowler
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
QuickTime
RandMap
RCT3 Soaked
RealPlayer
Realtek High Definition Audio Driver
Remove WeatherBug Installer
Rhapsody
Rhapsody Player Engine
Ricochet Lost Worlds
RollerCoaster Tycoon® 3
Safari
SCRABBLE
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Seekeen 1.0 build 155
SkinsHP1
SlideShow
SlideShowMusic
Slingo Deluxe
Snowy The Bears Adventure
Sonic Express Labeler
Sonic MyDVD Plus
Sonic_PrimoSDK
Spybot - Search & Destroy
Tennis Titans
Tornado Jockey
Tradewinds
Unload
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB973768

==== Event Viewer Messages From Past Week ========

2/28/2010 11:07:46 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1 Security Update for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB953297).
2/28/2010 11:02:44 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

==== End Of File ===========================
 
2nd

DDS (Ver_09-12-01.01) - NTFSx86
Run by Compaq_Administrator at 14:10:55.42 on Sun 02/28/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.702.353 [GMT -5:00]

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\{7C622FEF-089C-1033-0413-060405060001}\Update.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\lphctvoj0e57v.exe
C:\WINDOWS\IA\command.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\ikzo\ikzom.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Csvnro\Csvnro.exe
C:\Program Files\Belkin\F5D8053v4\BelkinWCUI.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\All Users\Application Data\SeekeenSrch\seekeen155.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\pphctvoj0e57v.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\SeekeenSrch\seekeen.exe
C:\Program Files\Safari\Safari.exe
C:\PROGRA~1\COMMON~1\ikzo\ikzol.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.hotmail.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: PCCBHO.CPCCBHO: {22fc6ce8-7d47-479f-b74a-bfbb04adb9af} - c:\program files\winferno\pc confidential\PCCBHO.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {C1B4DEC2-2623-438E-9CA2-C9043AB28508} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {12DA1BC4-5384-42fd-A119-3C99D2D146A2} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Sxpv] c:\windows\s?mantec\w?auboot.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ikzo] c:\progra~1\common~1\ikzo\ikzom.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [Uhqif] c:\windows\?racle\r?ndll32.exe
uRun: [Atdntep] "c:\documents and settings\compaq_administrator\my documents\?dobe\j?vaw.exe"
uRun: [Dbbxpi] c:\windows\system32\s?stem32\?ti2evxx.exe
uRun: [Wvrmaf] c:\windows\?racle\m?iexec.exe
uRun: [Mdlhgl] c:\windows\system32\?ymantec\??rvices.exe
uRun: [QdrModule12] "c:\program files\qdrmodule\QdrModule12.exe"
uRun: [Csvnro] c:\program files\csvnro\Csvnro.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [<NO NAME>]
mRun: [PCDrProfiler]
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [{7C622FEF-089C-1033-0413-060405060001}] "c:\program files\common files\{7c622fef-089c-1033-0413-060405060001}\Update.exe" te-110-12-0000213
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
mRun: [{7C622FEF-089B-1033-0413-060405060001}] "c:\program files\common files\{7c622fef-089b-1033-0413-060405060001}\Update.exe" te-110-12-0000213
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [{7C622FEF-089D-1033-0413-060405060001}] "c:\program files\common files\{7c622fef-089d-1033-0413-060405060001}\Update.exe" te-110-12-0000213
mRun: [ALCMTR] ALCMTR.EXE
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [lphctvoj0e57v] c:\windows\system32\lphctvoj0e57v.exe
mRun: [SMrhcpvoj0e57v] c:\program files\rhcpvoj0e57v\rhcpvoj0e57v.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9e.exe
StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\f5d8053v4\BelkinWCUI.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - c:\program files\winferno\pc confidential\PCConfidential.exe
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA} - c:\program files\winferno\pc confidential\PCConfidential.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
Hosts: 192.168.200.3 ad.doubleclick.net
Hosts: 192.168.200.3 ad.fastclick.net
Hosts: 192.168.200.3 ads.fastclick.net
Hosts: 192.168.200.3 atdmt.com
Hosts: 192.168.200.3 avp.ch

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

R2 cmdService;Command Service;c:\windows\ia\command.exe [2007-6-3 293888]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 SeekeenSrch Service;SeekeenSrch Service;c:\documents and settings\all users\application data\seekeensrch\seekeen155.exe [2010-2-26 4608]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2009-1-10 517632]

=============== Created Last 30 ================

2010-02-28 16:24:56 60512 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-28 16:21:33 94208 ----a-w- c:\windows\system32\pphctvoj0e57v.exe
2010-02-28 16:06:22 0 d-----w- c:\windows\ServicePackFiles
2010-02-28 16:05:42 0 d-----w- c:\program files\MSXML 4.0
2010-02-27 04:06:13 0 ----a-w- c:\windows\system32\atmtd.dll.tmp
2010-02-26 23:11:47 0 d-----w- c:\program files\Spybot - Search & Destroy

==================== Find3M ====================

2010-02-26 23:45:19 94208 ----a-w- c:\windows\system32\C7.tmp
2010-02-26 23:45:08 94208 ----a-w- c:\windows\system32\C6.tmp
2010-02-26 23:43:42 94208 ----a-w- c:\windows\system32\C5.tmp
2010-02-26 23:42:48 94208 ----a-w- c:\windows\system32\C4.tmp
2010-02-26 23:42:01 94208 ----a-w- c:\windows\system32\C3.tmp
2010-02-26 23:41:09 94208 ----a-w- c:\windows\system32\C2.tmp
2010-02-26 23:40:44 94208 ----a-w- c:\windows\system32\C1.tmp
2010-02-26 23:39:00 94208 ----a-w- c:\windows\system32\C0.tmp
2010-02-26 23:37:16 94208 ----a-w- c:\windows\system32\BF.tmp
2010-02-26 23:36:03 94208 ----a-w- c:\windows\system32\BE.tmp
2010-02-26 23:35:50 94208 ----a-w- c:\windows\system32\BD.tmp
2010-02-26 23:35:21 94208 ----a-w- c:\windows\system32\BC.tmp
2010-02-26 23:34:55 94208 ----a-w- c:\windows\system32\BB.tmp
2010-02-26 23:33:48 94208 ----a-w- c:\windows\system32\B9.tmp
2010-02-26 23:32:34 94208 ----a-w- c:\windows\system32\B8.tmp
2010-02-26 23:28:18 94208 ----a-w- c:\windows\system32\B7.tmp
2010-02-26 23:27:25 94208 ----a-w- c:\windows\system32\B6.tmp
2010-02-26 23:25:53 94208 ----a-w- c:\windows\system32\B5.tmp
2010-02-26 23:25:37 94208 ----a-w- c:\windows\system32\B2.tmp
2010-02-26 23:25:05 94208 ----a-w- c:\windows\system32\B1.tmp
2010-02-26 23:24:43 94208 ----a-w- c:\windows\system32\B0.tmp
2010-02-26 23:24:32 94208 ----a-w- c:\windows\system32\AF.tmp
2010-02-26 23:23:53 94208 ----a-w- c:\windows\system32\AE.tmp
2010-02-26 23:23:45 94208 ----a-w- c:\windows\system32\AD.tmp
2010-02-26 23:23:31 94208 ----a-w- c:\windows\system32\AC.tmp
2010-02-26 23:23:07 94208 ----a-w- c:\windows\system32\AB.tmp
2010-02-26 23:22:07 94208 ----a-w- c:\windows\system32\AA.tmp
2010-02-26 23:21:54 94208 ----a-w- c:\windows\system32\A9.tmp
2010-02-26 23:21:41 94208 ----a-w- c:\windows\system32\A8.tmp
2010-02-26 23:21:33 94208 ----a-w- c:\windows\system32\A7.tmp
2010-02-26 23:21:09 94208 ----a-w- c:\windows\system32\A6.tmp
2010-02-26 23:20:49 94208 ----a-w- c:\windows\system32\A5.tmp
2010-02-26 23:20:30 94208 ----a-w- c:\windows\system32\A4.tmp
2010-02-26 23:18:06 94208 ----a-w- c:\windows\system32\A3.tmp
2009-12-31 16:14:12 352640 ------w- c:\windows\system32\drivers\srv.sys
2009-12-31 16:14:12 352640 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-16 13:35:58 18432 ------w- c:\windows\system32\dllcache\iedw.exe
2009-12-16 12:58:04 343040 ------w- c:\windows\system32\mspaint.exe
2009-12-16 12:58:04 343040 ------w- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:35:35 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2009-12-14 07:35:35 33280 ------w- c:\windows\system32\csrsrv.dll
2009-12-08 08:59:48 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2009-12-04 14:41:55 453760 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2005-08-02 20:46:54 187904 --sha-r- c:\windows\ia\asappsrv.dll
2005-08-02 20:58:38 293888 --sha-r- c:\windows\ia\command.exe
2005-07-29 20:24:26 472 --sha-r- c:\windows\ia\KE.vbs

============= FINISH: 14:11:42.53 ===============
 
at a stand still for now

I have clicked on "this link" to see a list of programs to be disabled, but I have not found the list.
 
Red_Earth said:
I have clicked on "this link" to see a list of programs to be disabled, but I have not found the list.
Click to expand...
Don't worry about it. In your case it doesn't appear you have ANY security software at all here, so nothing to disable. I will advise some free programs after we do some cleanup.
 
This file

When you say download this file, I did it and ran it but I interrupted it because it had not had all of my drives checkmarked. I stopped scan.
I reopened and scanned again. this time it froze or something; I left it alone because it was taking a long time and it sent my monitor into a sleep mode from which I could not revive it.
I had to hard reboot. I have deleted the file and will attempt to download again and run it again and post my results. Thank you for being patient. I am not very saavy.
 
Okay no problem. If you cannot get it to run then just let me know and we'll proceed with the fix. Most of this Malware has been around a long time (in the wild). We don't see much of it these days but it tends to make comebacks at times. My inclination though is that this PC has been infected for some time now.
 
again

I downloaded a new file, and it scanned for hours and hours.
When I wasn't paying attention, again, it went into a frozen mode where my monitor wouldn't come on. I even unplugged the blue cable in back and in plugging it back in it still wouldn't let me see the screen. I plugged in a usb mouse and not only would it not wake up my monitor, it wouldn't light up to show power to it.
The computer, however, was running. The orange light was flickering, and the fan was running.
The previous owner has not run this computer in over a year and a half or so.
 
Okay so this is "old" Malware.

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RcAuto1.gif


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Please also post an updated HijackThis log and let me know how it's running.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 
comboFix

ComboFix 10-03-01.01 - Compaq_Administrator 03/01/2010 13:00:06.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.702.356 [GMT -5:00]
Running from: c:\docume~1\COMPAQ~1\LOCALS~1\Temp\Saf52.tmp\ComboFix.exe
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
The following files were disabled during the run:
c:\windows\IA\asappsrv.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\35573251.exe
c:\documents and settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk
c:\documents and settings\Compaq_Administrator\Application Data\rhcpvoj0e57v
c:\documents and settings\Compaq_Administrator\Cookies\_install.exe
c:\documents and settings\Compaq_Administrator\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\Compaq_Administrator\Local Settings\Temporary Internet Files\CPV.stt
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\CPV.stt
C:\Microsoft
c:\microsoft\svchost.exe
c:\progra~1\COMMON~1\{3C622~1
c:\progra~1\COMMON~1\{7C622~1
c:\progra~1\COMMON~1\{7C622~1\system.dll
c:\progra~1\COMMON~1\{7C622~1\Update.exe
c:\progra~1\COMMON~1\{7C622~2
c:\progra~1\COMMON~1\{7C622~2\system.dll
c:\progra~1\COMMON~1\{7C622~2\Update.exe
c:\progra~1\COMMON~1\{7C622~3
c:\progra~1\COMMON~1\{7C622~3\system.dll
c:\progra~1\COMMON~1\{7C622~3\Update.exe
c:\program files\asks~1
c:\program files\Common Files\curity~1
c:\program files\Common Files\dobe~1
c:\program files\Common Files\racle~1
c:\program files\Common Files\smante~1
c:\program files\Common Files\smbols~1
c:\program files\Common Files\sstem~1
c:\program files\Common Files\ymante~1
c:\program files\crosof~1.net
c:\program files\curity~1
c:\program files\JavaCore
c:\program files\mantec~1
c:\program files\racle~1
c:\program files\rhcpvoj0e57v
c:\program files\shcrvoj0e57v
c:\program files\Spcron
c:\program files\sstem3~1
c:\program files\Svconr
c:\program files\Svconr\Svconr.exe.lzma
c:\program files\Temporary
c:\program files\Temporary\InsiDERInst.exe
c:\program files\wnsxs~1
c:\program files\ystem~1
c:\recycler\S-1-5-21-527237240-179605362-725345543-500
c:\windows\IA
c:\windows\IA\asappsrv.dll.vir
c:\windows\IA\command.exe
c:\windows\IA\KE.vbs
c:\windows\icroso~1
c:\windows\icroso~1.net
c:\windows\mcroso~1
c:\windows\racle~1
c:\windows\smante~1
c:\windows\sstem~1
c:\windows\system32\asks~1
c:\windows\system32\atmtd.dll.tmp
c:\windows\system32\COMCTL32.OCA
c:\windows\system32\curity~1
c:\windows\system32\E.tmp
c:\windows\system32\fnts~1
c:\windows\system32\lphctvoj0e57v.exe
c:\windows\system32\mantec~1
c:\windows\system32\pphctvoj0e57v.exe
c:\windows\system32\racle~1
c:\windows\system32\s.ico
c:\windows\system32\sks~1
c:\windows\system32\sstem3~1
c:\windows\system32\stem~1
c:\windows\system32\unsvchosts.lzma
c:\windows\system32\wapisu.exe
c:\windows\system32\wnsxs~1
c:\windows\system32\ymante~1
c:\windows\tsks~1
c:\windows\ymbols~1
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_COM+_MESSAGES
-------\Service_cmdService


((((((((((((((((((((((((( Files Created from 2010-02-01 to 2010-03-01 )))))))))))))))))))))))))))))))
.

2010-03-01 00:08 . 2010-03-01 00:08 293376 ----a-w- C:\2outg8ml.exe
2010-02-28 16:40 . 2010-02-28 16:41 -------- d-----w- c:\program files\ERUNT
2010-02-28 16:25 . 2010-02-28 16:25 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\PCHealth
2010-02-28 16:24 . 2010-02-28 16:24 60512 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-28 16:06 . 2010-02-28 16:06 -------- d-----w- c:\windows\ServicePackFiles
2010-02-28 16:05 . 2010-02-28 16:05 -------- d-----w- c:\program files\MSXML 4.0
2010-02-26 23:11 . 2010-02-26 23:16 -------- d-----w- c:\program files\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-26 23:49 . 2008-07-23 12:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-26 23:45 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\C7.tmp
2010-02-26 23:45 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\C6.tmp
2010-02-26 23:43 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\C5.tmp
2010-02-26 23:42 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\C4.tmp
2010-02-26 23:42 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\C3.tmp
2010-02-26 23:41 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\C2.tmp
2010-02-26 23:40 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\C1.tmp
2010-02-26 23:39 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\C0.tmp
2010-02-26 23:37 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\BF.tmp
2010-02-26 23:36 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\BE.tmp
2010-02-26 23:35 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\BD.tmp
2010-02-26 23:35 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\BC.tmp
2010-02-26 23:34 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\BB.tmp
2010-02-26 23:33 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\B9.tmp
2010-02-26 23:32 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\B8.tmp
2010-02-26 23:28 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\B7.tmp
2010-02-26 23:27 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\B6.tmp
2010-02-26 23:25 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\B5.tmp
2010-02-26 23:25 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\B2.tmp
2010-02-26 23:25 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\B1.tmp
2010-02-26 23:24 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\B0.tmp
2010-02-26 23:24 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\AF.tmp
2010-02-26 23:23 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\AE.tmp
2010-02-26 23:23 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\AD.tmp
2010-02-26 23:23 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\AC.tmp
2010-02-26 23:23 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\AB.tmp
2010-02-26 23:22 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\AA.tmp
2010-02-26 23:21 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\A9.tmp
2010-02-26 23:21 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\A8.tmp
2010-02-26 23:21 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\A7.tmp
2010-02-26 23:21 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\A6.tmp
2010-02-26 23:20 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\A5.tmp
2010-02-26 23:20 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\A4.tmp
2010-02-26 23:18 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\A3.tmp
2010-02-26 23:06 . 2007-08-16 18:02 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Apple Computer
2010-02-26 10:00 . 2009-03-14 15:40 -------- d-----w- c:\program files\SeekeenSrch
2010-02-26 09:26 . 2009-03-14 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SeekeenSrch
2009-12-31 16:14 . 2004-08-09 21:00 352640 ------w- c:\windows\system32\drivers\srv.sys
2009-12-22 05:35 . 2004-08-09 21:00 668672 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:35 . 2004-08-09 21:00 81920 ------w- c:\windows\system32\ieencode.dll
2009-12-16 12:58 . 2004-08-09 21:00 343040 ------w- c:\windows\system32\mspaint.exe
2009-12-14 07:35 . 2004-08-09 21:00 33280 ------w- c:\windows\system32\csrsrv.dll
2009-12-04 14:41 . 2004-08-09 21:00 453760 ------w- c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sxpv"="c:\windows\S?mantec\w?auboot.exe" [?]
"Uhqif"="c:\windows\?racle\r?ndll32.exe" [?]
"Atdntep"="c:\documents and settings\Compaq_Administrator\My Documents\?dobe\j?vaw.exe" [?]
"Dbbxpi"="c:\windows\system32\s?stem32\?ti2evxx.exe" [?]
"Wvrmaf"="c:\windows\?racle\m?iexec.exe" [?]
"Mdlhgl"="c:\windows\system32\?ymantec\??rvices.exe" [?]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ikzo"="c:\progra~1\COMMON~1\ikzo\ikzom.exe" [2006-07-19 9216]
"Aim6"="c:\program files\AIM6\aim6.exe" [2007-04-27 50736]
"Csvnro"="c:\program files\Csvnro\Csvnro.exe" [2008-04-29 57344]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"nwiz"="nwiz.exe" [2006-01-24 1519616]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-05-22 180269]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9e.exe" [2007-11-21 218496]

c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Networking Utility.lnk - c:\program files\Belkin\F5D8053v4\BelkinWCUI.exe [2009-1-10 1474560]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 SeekeenSrch Service;SeekeenSrch Service;c:\documents and settings\All Users\Application Data\SeekeenSrch\seekeen155.exe [2/26/2010 4:26 AM 4608]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [1/10/2009 8:16 PM 517632]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{C1B4DEC2-2623-438E-9CA2-C9043AB28508} - (no file)
HKLM-Run-PCDrProfiler - (no file)
HKLM-Run-{7C622FEF-089C-1033-0413-060405060001} - c:\program files\Common Files\{7C622FEF-089C-1033-0413-060405060001}\Update.exe
HKLM-Run-{7C622FEF-089B-1033-0413-060405060001} - c:\program files\Common Files\{7C622FEF-089B-1033-0413-060405060001}\Update.exe
HKLM-Run-{7C622FEF-089D-1033-0413-060405060001} - c:\program files\Common Files\{7C622FEF-089D-1033-0413-060405060001}\Update.exe
HKLM-Run-lphctvoj0e57v - c:\windows\system32\lphctvoj0e57v.exe
HKLM-Run-SMrhcpvoj0e57v - c:\program files\rhcpvoj0e57v\rhcpvoj0e57v.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-01 13:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3312)
c:\program files\SeekeenSrch\seekeen.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\ARPWRMSG.EXE
c:\program files\SeekeenSrch\seekeen.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2010-03-01 13:18:22 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-01 18:18

Pre-Run: 93,198,229,504 bytes free
Post-Run: 93,758,308,352 bytes free

- - End Of File - - D98D1C79BD649ECF2050BDCED9B9203F
 
Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:23:04 PM, on 3/1/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\All Users\Application Data\SeekeenSrch\seekeen155.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\ikzo\ikzom.exe
C:\Program Files\SeekeenSrch\seekeen.exe
C:\Program Files\Csvnro\Csvnro.exe
C:\Program Files\Belkin\F5D8053v4\BelkinWCUI.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Sxpv] C:\WINDOWS\S?mantec\w?auboot.exe
O4 - HKCU\..\Run: [ikzo] C:\PROGRA~1\COMMON~1\ikzo\ikzom.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Uhqif] C:\WINDOWS\?racle\r?ndll32.exe
O4 - HKCU\..\Run: [Atdntep] "C:\Documents and Settings\Compaq_Administrator\My Documents\?dobe\j?vaw.exe"
O4 - HKCU\..\Run: [Dbbxpi] C:\WINDOWS\system32\s?stem32\?ti2evxx.exe
O4 - HKCU\..\Run: [Wvrmaf] C:\WINDOWS\?racle\m?iexec.exe
O4 - HKCU\..\Run: [Mdlhgl] C:\WINDOWS\system32\?ymantec\??rvices.exe
O4 - HKCU\..\Run: [Csvnro] C:\Program Files\Csvnro\Csvnro.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Belkin Wireless Networking Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SeekeenSrch Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SeekeenSrch\seekeen155.exe

--
End of file - 7304 bytes
 
This time

Okay so
During the ComboFix run a dialog box popped up and asked me to write down a file name that was trying to access ComboFix.
The file name is

C:\WINDOWS\IA\asapposrv.dll

The program did its scan and I posted the results.
After that I scanned with Hijackthis.
I posted those results as well.
I then restarted my computer and the popups that had been popping up did not pop up.
However a red shield with a white X appears in the lower right tray with a balloon that reads: Your computer might be at risk. Antivirus software might not be installed.
Other than that I would not question the integrity of the system had I not been told there was a problem. So Far.
 
Hi,

Wow, some of this Malware has been on this system for YEARS!

Before you do anything else combofix needs to be run from the desktop as advised earlier. You downloaded it to a temp folder (c:\docume~1\COMPAQ~1\LOCALS~1\Temp\Saf52.tmp\ComboFix.exe). Please move it from there to the desktop, or download a fresh copy to your desktop (whichever is easier for you).

After doing that...

1. Open Notepad

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
http://forums.spybot.info/showthread.php?p=361959#post361959

Collect::
c:\windows\IA\asappsrv.dll

File::
C:\windows\system32\C7.tmp
c:\windows\system32\C6.tmp
c:\windows\system32\C5.tmp
c:\windows\system32\C4.tmp
c:\windows\system32\C3.tmp
c:\windows\system32\C2.tmp
c:\windows\system32\C1.tmp
c:\windows\system32\C0.tmp
c:\windows\system32\BF.tmp
c:\windows\system32\BE.tmp
c:\windows\system32\BD.tmp
c:\windows\system32\BC.tmp
c:\windows\system32\BB.tmp
c:\windows\system32\B9.tmp
c:\windows\system32\B8.tmp
c:\windows\system32\B7.tmp
c:\windows\system32\B6.tmp
c:\windows\system32\B5.tmp
c:\windows\system32\B2.tmp
c:\windows\system32\B1.tmp
c:\windows\system32\B0.tmp
c:\windows\system32\AF.tmp
c:\windows\system32\AE.tmp
c:\windows\system32\AD.tmp
c:\windows\system32\AC.tmp
c:\windows\system32\AB.tmp
c:\windows\system32\AA.tmp
c:\windows\system32\A9.tmp
c:\windows\system32\A8.tmp
c:\windows\system32\A7.tmp
c:\windows\system32\A6.tmp
c:\windows\system32\A5.tmp
c:\windows\system32\A4.tmp
c:\windows\system32\A3.tmp

Folder::
c:\program files\SeekeenSrch
c:\documents and settings\All Users\Application Data\SeekeenSrch
c:\progra~1\COMMON~1\ikzo
c:\program files\Csvnro

Driver:::
SeekeenSrch Service

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sxpv"=-
"Uhqif"=-
"Atdntep"=-
"Dbbxpi"=-
"Wvrmaf"=-
"Mdlhgl"=-
"ikzo"=-
"Csvnro"=-


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScriptB-4.gif



5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.
 
oops

ComboFix 10-03-01.01 - Compaq_Administrator 03/01/2010 17:41:53.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.702.446 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Compaq_Administrator\Local Settings\Temporary Internet Files\bestwiner.stt
c:\windows\Downloaded Program Files\_install.exe
c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\_install.exe
c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\_install.exe
c:\windows\SoftwareDistribution\Download\00f4dcdbcc87699e75212b885cb6bebf\_install.exe
c:\windows\SoftwareDistribution\Download\00f4dcdbcc87699e75212b885cb6bebf\sp2qfe\_install.exe
c:\windows\SoftwareDistribution\Download\00f4dcdbcc87699e75212b885cb6bebf\update\_install.exe

.
((((((((((((((((((((((((( Files Created from 2010-02-01 to 2010-03-01 )))))))))))))))))))))))))))))))
.

2010-03-01 00:08 . 2010-03-01 00:08 293376 ----a-w- C:\2outg8ml.exe
2010-02-28 16:40 . 2010-02-28 16:41 -------- d-----w- c:\program files\ERUNT
2010-02-28 16:25 . 2010-02-28 16:25 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\PCHealth
2010-02-28 16:24 . 2010-02-28 16:24 60512 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-28 16:06 . 2010-02-28 16:06 -------- d-----w- c:\windows\ServicePackFiles
2010-02-28 16:05 . 2010-02-28 16:05 -------- d-----w- c:\program files\MSXML 4.0
2010-02-26 23:11 . 2010-02-26 23:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-26 09:26 . 2009-09-02 20:10 4608 ----a-w- c:\documents and settings\All Users\Application Data\SeekeenSrch\seekeen155.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-01 19:49 . 2007-06-10 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2010-03-01 19:43 . 2007-08-16 18:01 -------- d-----w- c:\program files\iTunes
2010-03-01 19:43 . 2007-08-16 17:59 -------- d-----w- c:\program files\Common Files\Apple
2010-03-01 19:42 . 2007-08-16 18:01 -------- d-----w- c:\program files\iPod
2010-03-01 19:26 . 2008-06-25 12:54 -------- d-----w- c:\program files\Internet Chess Club
2010-03-01 19:22 . 2007-01-31 21:20 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Netscape
2010-03-01 19:19 . 2007-01-13 17:57 -------- d-----w- c:\program files\Rhapsody
2010-03-01 19:18 . 2007-05-12 01:09 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Atari
2010-02-26 23:49 . 2008-07-23 12:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-26 23:45 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\C7.tmp
2010-02-26 23:45 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\C6.tmp
2010-02-26 23:43 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\C5.tmp
2010-02-26 23:42 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\C4.tmp
2010-02-26 23:42 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\C3.tmp
2010-02-26 23:41 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\C2.tmp
2010-02-26 23:40 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\C1.tmp
2010-02-26 23:39 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\C0.tmp
2010-02-26 23:37 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\BF.tmp
2010-02-26 23:36 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\BE.tmp
2010-02-26 23:35 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\BD.tmp
2010-02-26 23:35 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\BC.tmp
2010-02-26 23:34 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\BB.tmp
2010-02-26 23:33 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\B9.tmp
2010-02-26 23:32 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\B8.tmp
2010-02-26 23:28 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\B7.tmp
2010-02-26 23:27 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\B6.tmp
2010-02-26 23:25 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\B5.tmp
2010-02-26 23:25 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\B2.tmp
2010-02-26 23:25 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\B1.tmp
2010-02-26 23:24 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\B0.tmp
2010-02-26 23:24 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\AF.tmp
2010-02-26 23:23 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\AE.tmp
2010-02-26 23:23 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\AD.tmp
2010-02-26 23:23 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\AC.tmp
2010-02-26 23:23 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\AB.tmp
2010-02-26 23:22 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\AA.tmp
2010-02-26 23:21 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\A9.tmp
2010-02-26 23:21 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\A8.tmp
2010-02-26 23:21 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\A7.tmp
2010-02-26 23:21 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\A6.tmp
2010-02-26 23:20 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\A5.tmp
2010-02-26 23:20 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\A4.tmp
2010-02-26 23:18 . 2008-07-11 15:04 94208 ----a-w- c:\windows\system32\A3.tmp
2010-02-26 23:06 . 2007-08-16 18:02 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Apple Computer
2010-02-26 10:00 . 2009-03-14 15:40 -------- d-----w- c:\program files\SeekeenSrch
2010-02-26 09:26 . 2009-03-14 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SeekeenSrch
2009-12-31 16:14 . 2004-08-09 21:00 352640 ------w- c:\windows\system32\drivers\srv.sys
2009-12-22 05:35 . 2004-08-09 21:00 668672 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:35 . 2004-08-09 21:00 81920 ------w- c:\windows\system32\ieencode.dll
2009-12-16 12:58 . 2004-08-09 21:00 343040 ------w- c:\windows\system32\mspaint.exe
2009-12-14 07:35 . 2004-08-09 21:00 33280 ------w- c:\windows\system32\csrsrv.dll
2009-12-08 18:55 . 2004-08-10 04:00 2180352 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:19 . 2004-08-10 04:00 2057728 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 14:41 . 2004-08-09 21:00 453760 ------w- c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sxpv"="c:\windows\S?mantec\w?auboot.exe" [?]
"Uhqif"="c:\windows\?racle\r?ndll32.exe" [?]
"Atdntep"="c:\documents and settings\Compaq_Administrator\My Documents\?dobe\j?vaw.exe" [?]
"Dbbxpi"="c:\windows\system32\s?stem32\?ti2evxx.exe" [?]
"Wvrmaf"="c:\windows\?racle\m?iexec.exe" [?]
"Mdlhgl"="c:\windows\system32\?ymantec\??rvices.exe" [?]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ikzo"="c:\progra~1\COMMON~1\ikzo\ikzom.exe" [2006-07-19 9216]
"Csvnro"="c:\program files\Csvnro\Csvnro.exe" [2008-04-29 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"nwiz"="nwiz.exe" [2006-01-24 1519616]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-05-22 180269]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9e.exe" [2007-11-21 218496]

c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Networking Utility.lnk - c:\program files\Belkin\F5D8053v4\BelkinWCUI.exe [2009-1-10 1474560]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [1/10/2009 8:16 PM 517632]
S2 SeekeenSrch Service;SeekeenSrch Service;c:\documents and settings\All Users\Application Data\SeekeenSrch\seekeen155.exe [2/26/2010 4:26 AM 4608]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-01 17:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-03-01 17:48:29
ComboFix-quarantined-files.txt 2010-03-01 22:48
ComboFix2.txt 2010-03-01 18:18

Pre-Run: 94,759,530,496 bytes free
Post-Run: 94,705,057,792 bytes free

- - End Of File - - AB2BB21D40DD7344D6F13CFF67449AE8
 
new ComboFix run log (with pasted code to startup)

ComboFix 10-03-01.01 - Compaq_Administrator 03/01/2010 17:55:44.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.702.364 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Administrator\Desktop\CFScript.txt
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

FILE ::
"c:\windows\system32\A3.tmp"
"c:\windows\system32\A4.tmp"
"c:\windows\system32\A5.tmp"
"c:\windows\system32\A6.tmp"
"c:\windows\system32\A7.tmp"
"c:\windows\system32\A8.tmp"
"c:\windows\system32\A9.tmp"
"c:\windows\system32\AA.tmp"
"c:\windows\system32\AB.tmp"
"c:\windows\system32\AC.tmp"
"c:\windows\system32\AD.tmp"
"c:\windows\system32\AE.tmp"
"c:\windows\system32\AF.tmp"
"c:\windows\system32\B0.tmp"
"c:\windows\system32\B1.tmp"
"c:\windows\system32\B2.tmp"
"c:\windows\system32\B5.tmp"
"c:\windows\system32\B6.tmp"
"c:\windows\system32\B7.tmp"
"c:\windows\system32\B8.tmp"
"c:\windows\system32\B9.tmp"
"c:\windows\system32\BB.tmp"
"c:\windows\system32\BC.tmp"
"c:\windows\system32\BD.tmp"
"c:\windows\system32\BE.tmp"
"c:\windows\system32\BF.tmp"
"c:\windows\system32\C0.tmp"
"c:\windows\system32\C1.tmp"
"c:\windows\system32\C2.tmp"
"c:\windows\system32\C3.tmp"
"c:\windows\system32\C4.tmp"
"c:\windows\system32\C5.tmp"
"c:\windows\system32\C6.tmp"
"c:\windows\system32\C7.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\SeekeenSrch
c:\documents and settings\All Users\Application Data\SeekeenSrch\seekeen147.exe
c:\documents and settings\All Users\Application Data\SeekeenSrch\seekeen155.exe
c:\progra~1\COMMON~1\ikzo
c:\progra~1\COMMON~1\ikzo\ikzoa.exe
c:\progra~1\COMMON~1\ikzo\ikzoa.lck
c:\progra~1\COMMON~1\ikzo\ikzod\class-barrel
c:\progra~1\COMMON~1\ikzo\ikzod\ikzoc.dll
c:\progra~1\COMMON~1\ikzo\ikzol.exe
c:\progra~1\COMMON~1\ikzo\ikzol.lck
c:\progra~1\COMMON~1\ikzo\ikzom.exe
c:\progra~1\COMMON~1\ikzo\ikzom.lck
c:\progra~1\COMMON~1\ikzo\ikzop.exe
c:\progra~1\COMMON~1\ikzo\ikzop.lck
c:\program files\Csvnro
c:\program files\Csvnro\Csvnro.exe
c:\program files\SeekeenSrch
c:\program files\SeekeenSrch\home.js
c:\program files\SeekeenSrch\readme.html
c:\program files\SeekeenSrch\seekeen.dll
c:\program files\SeekeenSrch\seekeen.exe
c:\program files\SeekeenSrch\skopt.exe
c:\program files\SeekeenSrch\uninstall.exe
c:\windows\system32\A3.tmp
c:\windows\system32\A4.tmp
c:\windows\system32\A5.tmp
c:\windows\system32\A6.tmp
c:\windows\system32\A7.tmp
c:\windows\system32\A8.tmp
c:\windows\system32\A9.tmp
c:\windows\system32\AA.tmp
c:\windows\system32\AB.tmp
c:\windows\system32\AC.tmp
c:\windows\system32\AD.tmp
c:\windows\system32\AE.tmp
c:\windows\system32\AF.tmp
c:\windows\system32\B0.tmp
c:\windows\system32\B1.tmp
c:\windows\system32\B2.tmp
c:\windows\system32\B5.tmp
c:\windows\system32\B6.tmp
c:\windows\system32\B7.tmp
c:\windows\system32\B8.tmp
c:\windows\system32\B9.tmp
c:\windows\system32\BB.tmp
c:\windows\system32\BC.tmp
c:\windows\system32\BD.tmp
c:\windows\system32\BE.tmp
c:\windows\system32\BF.tmp
c:\windows\system32\C0.tmp
c:\windows\system32\C1.tmp
c:\windows\system32\C2.tmp
c:\windows\system32\C3.tmp
c:\windows\system32\C4.tmp
c:\windows\system32\C5.tmp
c:\windows\system32\C6.tmp
c:\windows\system32\C7.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SEEKEENSRCH_SERVICE
-------\Service_SeekeenSrch Service


((((((((((((((((((((((((( Files Created from 2010-02-01 to 2010-03-01 )))))))))))))))))))))))))))))))
.

2010-03-01 00:08 . 2010-03-01 00:08 293376 ----a-w- C:\2outg8ml.exe
2010-02-28 16:40 . 2010-02-28 16:41 -------- d-----w- c:\program files\ERUNT
2010-02-28 16:25 . 2010-02-28 16:25 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\PCHealth
2010-02-28 16:24 . 2010-02-28 16:24 60512 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-28 16:06 . 2010-02-28 16:06 -------- d-----w- c:\windows\ServicePackFiles
2010-02-28 16:05 . 2010-02-28 16:05 -------- d-----w- c:\program files\MSXML 4.0
2010-02-26 23:11 . 2010-02-26 23:16 -------- d-----w- c:\program files\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-01 19:49 . 2007-06-10 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2010-03-01 19:43 . 2007-08-16 18:01 -------- d-----w- c:\program files\iTunes
2010-03-01 19:43 . 2007-08-16 17:59 -------- d-----w- c:\program files\Common Files\Apple
2010-03-01 19:42 . 2007-08-16 18:01 -------- d-----w- c:\program files\iPod
2010-03-01 19:26 . 2008-06-25 12:54 -------- d-----w- c:\program files\Internet Chess Club
2010-03-01 19:22 . 2007-01-31 21:20 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Netscape
2010-03-01 19:19 . 2007-01-13 17:57 -------- d-----w- c:\program files\Rhapsody
2010-03-01 19:18 . 2007-05-12 01:09 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Atari
2010-02-26 23:49 . 2008-07-23 12:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-26 23:06 . 2007-08-16 18:02 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Apple Computer
2009-12-31 16:14 . 2004-08-09 21:00 352640 ------w- c:\windows\system32\drivers\srv.sys
2009-12-22 05:35 . 2004-08-09 21:00 668672 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:35 . 2004-08-09 21:00 81920 ------w- c:\windows\system32\ieencode.dll
2009-12-16 12:58 . 2004-08-09 21:00 343040 ------w- c:\windows\system32\mspaint.exe
2009-12-14 07:35 . 2004-08-09 21:00 33280 ------w- c:\windows\system32\csrsrv.dll
2009-12-08 18:55 . 2004-08-10 04:00 2180352 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:19 . 2004-08-10 04:00 2057728 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 14:41 . 2004-08-09 21:00 453760 ------w- c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"nwiz"="nwiz.exe" [2006-01-24 1519616]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-05-22 180269]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9e.exe" [2007-11-21 218496]

c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Networking Utility.lnk - c:\program files\Belkin\F5D8053v4\BelkinWCUI.exe [2009-1-10 1474560]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [1/10/2009 8:16 PM 517632]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

AddRemove-SeekeenSrch - c:\program files\SeekeenSrch\uninstall.exe
AddRemove-Csvnro - c:\program files\Csvnro\Csvnro.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-01 18:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\arservice.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\ARPWRMSG.EXE
.
**************************************************************************
.
Completion time: 2010-03-01 18:05:08 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-01 23:05
ComboFix2.txt 2010-03-01 22:48
ComboFix3.txt 2010-03-01 18:18

Pre-Run: 94,738,001,920 bytes free
Post-Run: 94,696,960,000 bytes free

- - End Of File - - EDB6E351B8194884D6EF4F82B8FAB408
 
HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:08:13 PM, on 3/1/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Belkin\F5D8053v4\BelkinWCUI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Belkin Wireless Networking Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6015 bytes
 
Status
Not open for further replies.
Back
Top