Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

wins32/heur


  • This topic is locked This topic is locked
4 replies to this topic

#1 efrx

efrx

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 19 February 2009 - 12:52 AM

computers restarts itself when i open documents, an error appears when it restarts wich it reads: the instruction at "0x00720666" referred memory at "0x00720666" could not be "written" i can't install or uninstall java an message appears and it reads : the windows installer service could not be accessed. it also tellme im infected with Win32/Rustock.G





DDS (Ver_09-02-01.01) - NTFSx86
Run by HP_Administrator at 23:00:15.26 on Wed 02/18/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1145 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\eHome\ehmsas.exe
svchost.exe C:\WINDOWS\TEMP\VRTCC.tmp
C:\WINDOWS\TEMP\VRTE1.tmp
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Windows Live\Contacts\wlcomm.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\EA.tmp
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\3361\svchost.exe -sysrun
C:\Program Files\CCleaner\CCleaner.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: noexplorer - No File
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar1.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {c5bf49a2-94f3-42bd-f434-3604812c8955} - No File
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Aim6]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [DISCover] c:\program files\disc\DISCover.exe
mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdMgr.exe
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [svchost.exe] "c:\windows\system32\3361\svchost.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRunOnce: [svchost.exe] "c:\windows\system32\3361\svchost.exe"
dRun: [jrcxsews.exe] c:\windows\jrcxsews.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\xccstart.lnk - c:\windows\system\xccef090131.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: trymedia.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5523/mcfscan.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
STS: {C5BF49A2-94F3-42BD-F434-3604812C8955} - No File
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R1 avgldx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-13 325128]
R1 avgmfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-13 27656]
R1 avgtdix;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-13 107272]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-4 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-4 55024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-13 298264]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-4 7408]
S0 ftpqhing;ftpqhing;c:\windows\system32\drivers\qacwaylx.sys []
S1 2daeb890;2daeb890;c:\windows\system32\drivers\2daeb890.sys --> c:\windows\system32\drivers\2daeb890.sys [?]
S1 ethavjdf;ethavjdf;c:\windows\system32\drivers\ethavjdf.sys --> c:\windows\system32\drivers\ethavjdf.sys [?]
S1 ethdaalb;ethdaalb;c:\windows\system32\drivers\ethdaalb.sys --> c:\windows\system32\drivers\ethdaalb.sys [?]
S1 ethdoqgj;ethdoqgj;c:\windows\system32\drivers\ethdoqgj.sys --> c:\windows\system32\drivers\ethdoqgj.sys [?]
S1 ethermrw;ethermrw;c:\windows\system32\drivers\ethermrw.sys --> c:\windows\system32\drivers\ethermrw.sys [?]
S1 etherrci;etherrci;c:\windows\system32\drivers\etherrci.sys --> c:\windows\system32\drivers\etherrci.sys [?]
S1 ethimzrc;ethimzrc;c:\windows\system32\drivers\ethimzrc.sys --> c:\windows\system32\drivers\ethimzrc.sys [?]
S1 ethjivuz;ethjivuz;c:\windows\system32\drivers\ethjivuz.sys --> c:\windows\system32\drivers\ethjivuz.sys [?]
S1 ethkbytb;ethkbytb;c:\windows\system32\drivers\ethkbytb.sys --> c:\windows\system32\drivers\ethkbytb.sys [?]
S1 ethluokj;ethluokj;c:\windows\system32\drivers\ethluokj.sys --> c:\windows\system32\drivers\ethluokj.sys [?]
S1 ethmsgga;ethmsgga;c:\windows\system32\drivers\ethmsgga.sys --> c:\windows\system32\drivers\ethmsgga.sys [?]
S1 ethnfqdr;ethnfqdr;c:\windows\system32\drivers\ethnfqdr.sys --> c:\windows\system32\drivers\ethnfqdr.sys [?]
S1 etholope;etholope;c:\windows\system32\drivers\etholope.sys --> c:\windows\system32\drivers\etholope.sys [?]
S1 ethqjdgv;ethqjdgv;c:\windows\system32\drivers\ethqjdgv.sys --> c:\windows\system32\drivers\ethqjdgv.sys [?]
S1 ethqnrtc;ethqnrtc;c:\windows\system32\drivers\ethqnrtc.sys --> c:\windows\system32\drivers\ethqnrtc.sys [?]
S1 ethrxdks;ethrxdks;c:\windows\system32\drivers\ethrxdks.sys --> c:\windows\system32\drivers\ethrxdks.sys [?]
S1 ethvbvza;ethvbvza;c:\windows\system32\drivers\ethvbvza.sys --> c:\windows\system32\drivers\ethvbvza.sys [?]
S1 ethvfvge;ethvfvge;c:\windows\system32\drivers\ethvfvge.sys --> c:\windows\system32\drivers\ethvfvge.sys [?]
S1 ethxwtoq;ethxwtoq;c:\windows\system32\drivers\ethxwtoq.sys --> c:\windows\system32\drivers\ethxwtoq.sys [?]
S1 ethymeny;ethymeny;c:\windows\system32\drivers\ethymeny.sys --> c:\windows\system32\drivers\ethymeny.sys [?]
S1 ethyxcwl;ethyxcwl;c:\windows\system32\drivers\ethyxcwl.sys --> c:\windows\system32\drivers\ethyxcwl.sys [?]
S2 0148841234371400mcinstcleanup;McAfee Application Installer Cleanup (0148841234371400);c:\docume~1\hp_adm~1\locals~1\temp\014884~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\hp_adm~1\locals~1\temp\014884~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate1c9854b6929c4da;Google Update Service (gupdate1c9854b6929c4da);c:\program files\google\update\GoogleUpdate.exe [2009-2-2 133104]

=============== Created Last 30 ================

2009-02-18 22:40 <DIR> --d----- c:\windows\pss
2009-02-18 22:29 3,584 a------- c:\windows\jrcxsews.exe
2009-02-18 22:26 47,104 a------- c:\windows\system32\reader_s.exe
2009-02-18 22:26 164,132 a------- c:\windows\system32\EA.tmp
2009-02-18 22:26 7,168 a------- c:\windows\system32\E8.tmp
2009-02-18 22:26 25,601 a------- c:\windows\system32\E7.tmp
2009-02-18 22:26 168 a------- c:\windows\system32\E5.tmp
2009-02-18 20:58 162,564 a------- c:\windows\system32\E6.tmp
2009-02-18 20:58 7,168 a------- c:\windows\system32\E4.tmp
2009-02-18 20:58 38,913 a------- c:\windows\system32\E2.tmp
2009-02-18 20:58 168 a------- c:\windows\system32\E0.tmp
2009-02-18 20:54 47,104 a------- c:\documents and settings\hp_administrator\reader_s.exe
2009-02-18 20:54 43,009 a------- c:\windows\services.exe
2009-02-18 20:54 24,253 a------- c:\windows\system32\E3.tmp
2009-02-18 20:54 7,168 a------- c:\windows\system32\E1.tmp
2009-02-18 20:54 38,913 a------- c:\windows\system32\DE.tmp
2009-02-18 20:54 168 a------- c:\windows\system32\DC.tmp
2009-02-18 20:01 162,564 a------- c:\windows\system32\DF.tmp
2009-02-18 20:01 7,168 a------- c:\windows\system32\DD.tmp
2009-02-18 20:01 25,601 a------- c:\windows\system32\DA.tmp
2009-02-18 20:00 168 a------- c:\windows\system32\D9.tmp
2009-02-18 19:56 53,053 a------- c:\windows\system32\DB.tmp
2009-02-18 19:56 7,168 a------- c:\windows\system32\D8.tmp
2009-02-18 19:56 25,601 a------- c:\windows\system32\D6.tmp
2009-02-18 19:56 168 a------- c:\windows\system32\D3.tmp
2009-02-18 18:45 163,268 a------- c:\windows\system32\D7.tmp
2009-02-18 18:45 7,168 a------- c:\windows\system32\D5.tmp
2009-02-18 18:45 24,577 a------- c:\windows\system32\D1.tmp
2009-02-18 18:45 168 a------- c:\windows\system32\D0.tmp
2009-02-18 18:18 163,268 a------- c:\windows\system32\D4.tmp
2009-02-18 18:18 7,168 a------- c:\windows\system32\D2.tmp
2009-02-18 18:18 24,577 a------- c:\windows\system32\CF.tmp
2009-02-18 18:18 168 a------- c:\windows\system32\CC.tmp
2009-02-18 15:34 164,132 a------- c:\windows\system32\CE.tmp
2009-02-18 15:34 2,048 a------- c:\windows\system32\CB.tmp
2009-02-18 15:34 24,577 a------- c:\windows\system32\C2.tmp
2009-02-18 15:34 168 a------- c:\windows\system32\C1.tmp
2009-02-18 15:16 164,132 a------- c:\windows\system32\CD.tmp
2009-02-18 15:16 2,048 a------- c:\windows\system32\CA.tmp
2009-02-18 15:16 24,577 a------- c:\windows\system32\C8.tmp
2009-02-18 15:16 168 a------- c:\windows\system32\C7.tmp
2009-02-18 15:11 0 a------- c:\windows\system32\AB.tmp
2009-02-18 15:11 30,208 a------- c:\windows\system32\AA.tmp
2009-02-18 15:11 2,048 a------- c:\windows\system32\A8.tmp
2009-02-18 15:11 24,577 a------- c:\windows\system32\A7.tmp
2009-02-18 15:11 168 a------- c:\windows\system32\A6.tmp
2009-02-18 15:06 49,664 a----r-- c:\windows\system32\drivers\hpzid412.sys.bak
2009-02-18 15:06 21,568 a----r-- c:\windows\system32\drivers\hpzius12.sys.bak
2009-02-18 15:06 16,496 a----r-- c:\windows\system32\drivers\hpzipr12.sys.bak
2009-02-18 15:03 164,132 a------- c:\windows\system32\C3.tmp
2009-02-18 15:03 2,048 a------- c:\windows\system32\C0.tmp
2009-02-18 15:03 38,913 a------- c:\windows\system32\BF.tmp
2009-02-18 15:03 168 a------- c:\windows\system32\BE.tmp
2009-02-18 14:51 251,392 a------- c:\windows\xccdf32_090131a.dll
2009-02-18 14:51 0 a------- c:\windows\system32\C9.tmp
2009-02-18 14:50 2,048 a------- c:\windows\system32\C6.tmp
2009-02-18 14:50 38,913 a------- c:\windows\system32\C5.tmp
2009-02-18 14:50 168 a------- c:\windows\system32\C4.tmp
2009-02-15 22:24 <DIR> --d----- c:\documents and settings\hp_administrator\AdobeLicensingFilesBackup
2009-02-15 16:03 <DIR> --d----- c:\program files\CCleaner
2009-02-15 14:50 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Sammsoft
2009-02-13 23:00 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-02-13 22:55 0 a------- c:\windows\orihufaj.dll
2009-02-13 22:16 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-13 22:16 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-02-13 22:16 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-13 22:16 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-02-13 22:16 <DIR> --d----- c:\program files\AVG
2009-02-13 22:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-02-13 21:04 0 a------- c:\windows\ewelunutow.dll
2009-02-13 19:07 95 a------- c:\windows\system32\TRSOCR.ini
2009-02-13 19:06 3 a------- c:\windows\system32\bversion.dll
2009-02-13 19:04 49,152 a------- c:\windows\system32\TRSOCR.dll
2009-02-13 19:03 737,280 a------- c:\windows\system32\TRSOCR.dat
2009-02-13 18:48 565,248 a------- c:\windows\system32\IPHACTION.dll
2009-02-13 18:16 10,240 a------- c:\windows\ahunuzeh.dll
2009-02-13 17:00 0 a------- c:\windows\system32\drivers\senekalefqtocj.sys
2009-02-13 17:00 0 a------- c:\windows\system32\drivers\seneka.sys
2009-02-13 16:59 206 a------- c:\windows\system32\MRT.INI
2009-02-13 16:46 0 a------- c:\windows\efacazuc.dll
2009-02-13 14:50 0 a------- c:\windows\system32\IpSvchostF.dll
2009-02-13 14:50 0 a------- c:\windows\system32\drivers\senekauralpxnw.sys
2009-02-13 14:48 2 a------- C:\-1801959023
2009-02-13 14:48 608 a------- c:\windows\xccwinsys.ini
2009-02-13 14:48 <DIR> --d----- c:\windows\system32\inf
2009-02-13 14:47 372 a--sh--- c:\windows\system32\MoYbbcfe.ini2
2009-02-13 14:47 1,180 a------- c:\windows\ftpqhing
2009-02-13 14:47 30,235 a--sh--- c:\windows\system32\MoYbbcfe.ini
2009-02-13 14:47 59 a------- c:\windows\system32\senekarpyhihfa.dat
2009-02-13 14:42 5,643 a------- c:\windows\system32\senekawqxcbagi.dat
2009-02-12 22:22 <DIR> --d----- c:\windows\system32\LogFiles
2009-02-12 08:24 208,744 a------- c:\windows\system32\muweb.dll
2009-02-12 08:24 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-02-12 08:24 268,648 a------- c:\windows\system32\mucltui.dll
2009-02-11 12:12 <DIR> --d----- c:\windows\McAfee.com
2009-02-11 12:04 <DIR> --d----- c:\documents and settings\hp_administrator\Tracing
2009-02-11 12:02 <DIR> --d----- c:\program files\Microsoft
2009-02-11 12:01 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-02-11 11:59 <DIR> --d----- c:\program files\common files\Windows Live
2009-02-10 17:08 <DIR> --d----- c:\windows\system32\scripting
2009-02-10 17:08 <DIR> --d----- c:\windows\system32\en
2009-02-10 17:08 <DIR> --d----- c:\windows\l2schemas
2009-02-10 17:08 <DIR> --d----- c:\windows\system32\bits
2009-02-10 17:03 <DIR> --d----- c:\windows\ServicePackFiles
2009-02-10 08:22 117,094 a------- c:\windows\hpoins11.dat
2009-02-10 08:21 827,392 a----r-- c:\windows\system32\hpotiop2.dll
2009-02-10 08:21 254,026 a----r-- c:\windows\system32\hpovst09.dll
2009-02-10 08:21 659,456 a----r-- c:\windows\system32\hpowiax2.dll
2009-02-09 13:00 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-02-09 10:45 16,496 a----r-- c:\windows\system32\drivers\HPZipr12.sys
2009-02-09 10:45 49,664 a----r-- c:\windows\system32\drivers\HPZid412.sys
2009-02-09 10:44 77,824 a----r-- c:\windows\system32\HPZIDS01.dll
2009-02-09 10:44 38,400 a------- c:\windows\system32\hpz3l054.dll
2009-02-09 10:44 282,624 a----r-- c:\windows\system32\HPZc3212.dll
2009-02-09 10:44 21,568 a----r-- c:\windows\system32\drivers\HPZius12.sys
2009-02-09 10:26 117,021 -------- c:\windows\hpoins11.dat.temp
2009-02-09 10:26 11,634 -------- c:\windows\hpomdl11.dat.temp
2009-02-07 14:01 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-02-07 14:00 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-02-02 19:54 <DIR> --d----- c:\windows\system32\XPSViewer
2009-02-02 19:53 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-02 19:53 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-02-02 19:53 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-02 19:53 117,760 -------- c:\windows\system32\prntvpt.dll
2009-02-02 19:53 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-02 19:53 <DIR> --d----- C:\96a0d4dcbb3e26669192fe38951159
2009-02-02 19:53 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-02-02 19:53 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-02-02 09:35 25 a------- c:\windows\cdplayer.ini
2009-02-02 09:33 <DIR> --d----- c:\program files\common files\xing shared
2009-02-01 20:07 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-02-01 20:07 12,160 a------- c:\windows\system32\dllcache\mouhid.sys
2009-02-01 20:07 21,504 a------- c:\windows\system32\hidserv.dll
2009-02-01 20:07 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2009-02-01 19:51 144,384 -------- c:\windows\system32\onex.dll
2009-02-01 19:49 1,309,184 -------- c:\windows\system32\drivers\mtlstrm.sys
2009-02-01 12:03 <DIR> --d----- c:\windows\system32\appmgmt
2009-02-01 11:50 6,066,688 -------- c:\windows\system32\dllcache\ieframe.dll
2009-02-01 11:50 2,455,488 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-02-01 11:50 991,232 -------- c:\windows\system32\dllcache\ieframe.dll.mui
2009-02-01 11:50 459,264 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-02-01 11:50 383,488 -------- c:\windows\system32\dllcache\ieapfltr.dll
2009-02-01 11:50 267,776 -------- c:\windows\system32\dllcache\iertutil.dll
2009-02-01 11:50 63,488 -------- c:\windows\system32\dllcache\icardie.dll
2009-02-01 11:50 52,224 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-02-01 11:50 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-01 11:47 <DIR> --d----- c:\windows\network diagnostic
2009-02-01 08:57 <DIR> --dsh--- c:\documents and settings\hp_administrator\UserData
2009-02-01 08:54 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-02-01 08:48 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-01 08:46 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2009-02-01 02:01 <DIR> --d----- c:\windows\system32\PreInstall
2009-02-01 01:42 <DIR> --d----- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-02-01 01:42 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-02-01 01:42 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-02-01 01:42 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-02-01 00:51 <DIR> --dshr-- c:\windows\system32\dllcache
2009-02-01 00:35 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-01 00:35 73,728 a------- c:\windows\system32\javacpl.cpl
2009-02-01 00:35 <DIR> --dshr-- C:\cmdcons
2009-02-01 00:34 <DIR> --d----- c:\windows\setupupd
2009-02-01 00:31 1,905 a--shr-- c:\windows\system32\drivers\103C_HP_CPC_EX276AA-ABA a1540n_YC_0Pavi_QMXF624_E63NAemMPA2_48_INODUSM_SASUSTek Computer INC._V1.03_B3.04_T060614_WXP2_L409_M1983_J250_7AMD_8Athlon 64 X2 Dual Core_92.2_#080830_N_Z14F12F20_G10DE0241.MRK
2009-02-01 00:28 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Intuit
2009-02-01 00:28 <DIR> --d----- c:\documents and settings\hp_administrator\WINDOWS
2009-02-01 00:28 <DIR> --d----- c:\documents and settings\HP_Administrator
2009-02-01 00:26 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-01-30 13:35 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\VirusRemover2008
2009-01-30 13:34 2,204 a------- c:\windows\hhrviqtz
2009-01-25 01:38 268 a---h--- C:\sqmdata02.sqm
2009-01-25 01:38 244 a---h--- C:\sqmnoopt02.sqm
2009-01-24 09:36 <DIR> --d----- c:\program files\AskBarDis
2009-01-22 20:30 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Thinstall

==================== Find3M ====================

2009-02-13 14:49 1,536 a------- c:\windows\system32\AUTMGR.EXE
2009-02-13 14:49 989,696 a------- c:\windows\system32\kernel32_check.dll
2009-02-13 14:49 10,240 a------- c:\windows\system32\Packer.dll
2009-02-13 14:49 3,182 a------- c:\windows\ios.dat
2009-02-10 17:16 92,947 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-02-10 17:15 45,056 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\uninstallui\eHelpSetup.exe
2009-02-10 17:15 44,032 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\scripts\devcon.exe
2009-02-10 17:15 341,048 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\HPBasicDetection3.dll
2009-02-10 17:15 217,088 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
2009-02-10 17:15 163,840 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemcheck.dll
2009-02-10 17:15 61,440 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemutil.dll
2009-02-10 17:15 40,960 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\ScDmi.dll
2009-02-10 17:15 32,768 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\uploadHSC.dll
2009-02-10 17:15 32,768 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\Scom.dll
2009-01-16 21:35 3,594,752 -------- c:\windows\system32\dllcache\mshtml.dll
2008-12-19 03:10 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-18 23:25 634,024 -------- c:\windows\system32\dllcache\iexplore.exe
2008-12-18 23:23 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-12-11 04:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-11-04 11:42 51,984 a------- c:\docume~1\hp_adm~1\applic~1\GDIPFONTCACHEV1.DAT
2008-10-20 23:32 116 a------- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat

============= FINISH: 23:01:03.98 ===============

Attached Files


Edited by efrx, 19 February 2009 - 01:10 AM.


BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:56 PM

Posted 22 February 2009 - 05:36 PM

Hello efrx,


I have bad news for you :thumbup2:

I see you're dealing with Virut on top of the other nasty malware you are dealing with. In that case, it's unfortunately a lost case - Game over situation and a format and reinstall is the fastest and especially the safest solution.

You may want to read this why:
Virut and other File infectors - Throwing in the Towel?

So, I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files...
This because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again.


Read here for instructions how to format and reinstall Windows: http://web.mit.edu/ist/products/winxp/adva...all-format.html

Edited by SifuMike, 24 February 2009 - 01:45 PM.
Virut virus spotted

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 efrx

efrx
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 24 February 2009 - 06:44 PM

thanks for looking at the post

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:56 PM

Posted 24 February 2009 - 07:30 PM

Your welcome. I just hate giving you such bad news.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:56 PM

Posted 03 March 2009 - 12:34 AM

Since your problem appears to be resolved, this thread will now be closed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users