Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde.sci


  • This topic is locked This topic is locked
11 replies to this topic

#1 keldron

keldron

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 26 April 2009 - 06:40 AM

Hello recently my computer got infected with Virtumonde.sci ( I doscovered that after I ran SPybot Search and Destroy ) and it detected this : Virtumonde.sci (SBI $BA5DD7C5) Browser Helper Object HKEY_LOCAL-MACHINE\SOFTWARE\MIcrosoft\Win..... " and I'm not sure how to proceed with the removal of said Virus , Also when I ran Malwarebytes it detected 2 instances of the virus but I did not remove it either ( I didn't know if me clickign the remove buttom will affect your ability to help me or no so I just didn't touch it ) .
I also use External USB HDD to store some of my sensetive data and from what I read Virtumonde can affect external HDD'S as well so I would appreciate if we could not only take care of my main HDD but also make sure that my external HDD is free of Viruses ( does formatting it would get rid of the Virus ? )



DDS (Ver_09-03-16.01) - NTFSx86
Run by Administrator at 4:36:12.28 on Sun 04/26/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2091 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Spybot - Search & Destroy\SDFiles.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/?rs=1
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = localhost
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {549B5CA7-4A86-11D7-A4DF-000874180BB3} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPHUPD05] c:\program files\hp\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\imstart.lnk - c:\program files\intermute\IMStart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\137903\program\BackWeb-137903.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238318823953
DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} - file://c:\docume~1\admini~1\locals~1\temp\ThereInstallHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8B486EF6-6B2A-4A1E-BB0D-236CB2DBB8D2} - file://c:\program files\there\thereclient\ThereVoiceTrainer.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {AAF421E6-7914-430A-9981-72B31AFF3BF4} - file://c:\program files\there\thereclient\ThereLauncher.dll
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-28 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-28 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-28 108552]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-3-29 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-3-29 234888]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-28 298264]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 953168]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-4-26 38496]
S0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-28 64160]
S2 mrtRate;mrtRate; [x]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-3-28 33176]

=============== Created Last 30 ================

2009-04-26 03:18 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-04-26 03:18 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-26 03:18 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-26 03:18 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-26 03:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-20 11:53 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-04-20 11:53 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-04-20 11:53 5,632 a------- c:\windows\system32\ptpusb.dll
2009-04-20 11:53 159,232 a------- c:\windows\system32\ptpusd.dll
2009-04-18 21:29 <DIR> --d----- c:\program files\Visual Color Picker 2
2009-04-15 12:26 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-15 12:26 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-15 12:26 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-15 12:26 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 12:26 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-15 12:26 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-15 12:26 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 12:26 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 12:26 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-15 12:22 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 12:22 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-15 12:22 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-10 22:40 4,096 a------- c:\windows\system32\crash
2009-04-10 17:39 <DIR> --d----- c:\docume~1\admini~1\applic~1\Windows Search
2009-04-10 17:05 <DIR> --d----- c:\program files\LSI SoftModem
2009-04-10 17:04 <DIR> --d----- c:\docume~1\admini~1\applic~1\Acreon
2009-04-10 17:03 <DIR> --d----- c:\docume~1\admini~1\applic~1\Windows Desktop Search
2009-04-10 17:03 <DIR> --d----- c:\program files\Windows Desktop Search
2009-04-10 17:03 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-04-10 17:02 192,000 -c------ c:\windows\system32\dllcache\offfilt.dll
2009-04-10 17:02 98,304 -c------ c:\windows\system32\dllcache\nlhtml.dll
2009-04-10 17:02 29,696 -c------ c:\windows\system32\dllcache\mimefilt.dll
2009-04-10 17:01 <DIR> --d----- c:\windows\system32\RTCOM
2009-03-30 04:11 <DIR> --d----- c:\program files\Bethesda Softworks
2009-03-30 04:11 507,400 a------- c:\windows\system32\XAudio2_1.dll
2009-03-30 04:11 65,032 a------- c:\windows\system32\XAPOFX1_0.dll
2009-03-30 04:08 81,768 a------- c:\windows\system32\xinput1_3.dll
2009-03-30 04:08 1,123,696 a------- c:\windows\system32\D3DCompiler_33.dll
2009-03-30 04:08 443,752 a------- c:\windows\system32\d3dx10_33.dll
2009-03-30 04:08 3,495,784 a------- c:\windows\system32\d3dx9_33.dll
2009-03-30 04:08 <DIR> --d----- c:\windows\system32\xlive
2009-03-30 04:06 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-03-29 15:06 268,648 a------- c:\windows\system32\mucltui.dll
2009-03-29 15:06 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-03-29 14:20 <DIR> --d----- c:\program files\Ventrilo
2009-03-29 14:20 262 a------- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-03-29 14:20 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-03-29 14:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Blizzard
2009-03-29 02:37 <DIR> --d----- c:\program files\common files\Blizzard Entertainment
2009-03-29 02:29 <DIR> --d----- c:\program files\World of Warcraft
2009-03-29 02:08 32,592 a------- c:\windows\system32\msonpmon.dll
2009-03-29 02:02 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2009-03-29 01:31 <DIR> --d----- c:\program files\SpywareBlaster
2009-03-29 00:51 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-03-29 00:37 <DIR> --d----- c:\documents and settings\administrator\Tracing
2009-03-29 00:35 <DIR> --d----- c:\program files\Microsoft Office Outlook Connector
2009-03-29 00:34 <DIR> --d----- c:\program files\Microsoft
2009-03-29 00:34 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-03-29 00:27 <DIR> --d----- c:\program files\common files\Windows Live
2009-03-29 00:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Azureus
2009-03-29 00:27 <DIR> --d----- c:\program files\AskBarDis
2009-03-29 00:27 <DIR> --d----- c:\docume~1\admini~1\applic~1\Azureus
2009-03-29 00:26 <DIR> --d----- c:\program files\Vuze
2009-03-29 00:23 <DIR> --d----- c:\program files\Trend Micro
2009-03-29 00:22 <DIR> --d----- c:\program files\CCleaner
2009-03-29 00:21 <DIR> --d----- c:\program files\IZArc
2009-03-28 23:37 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-03-28 23:17 <DIR> --d----- c:\windows\system32\XPSViewer
2009-03-28 23:16 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-28 23:16 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-28 23:16 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-28 23:16 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-03-28 23:16 117,760 -------- c:\windows\system32\prntvpt.dll
2009-03-28 23:16 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-03-28 23:16 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-03-28 23:11 <DIR> --d----- c:\program files\MSXML 4.0
2009-03-28 23:08 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-03-28 23:08 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-03-28 23:08 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-28 23:08 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-03-28 23:08 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-03-28 23:08 268,288 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-03-28 23:08 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-03-28 23:08 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-28 23:08 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-03-28 22:51 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-03-28 22:50 2,189,056 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-28 22:50 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-28 22:50 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-28 22:50 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-28 22:50 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-03-28 22:50 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-03-28 22:50 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-03-28 22:50 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2009-03-28 22:50 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-03-28 22:50 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-03-28 22:50 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-03-28 22:37 <DIR> --d----- c:\windows\system32\scripting
2009-03-28 22:37 <DIR> --d----- c:\windows\l2schemas
2009-03-28 22:37 <DIR> --d----- c:\windows\system32\en
2009-03-28 22:32 <DIR> --d----- c:\windows\network diagnostic
2009-03-28 22:22 286,720 -c------ c:\windows\system32\dllcache\blackbox.dll
2009-03-28 22:22 159,232 -c------ c:\windows\system32\dllcache\cewmdm.dll
2009-03-28 22:22 999 -c------ c:\windows\system32\dllcache\bktrh.gif
2009-03-28 22:22 233,472 -------- c:\windows\system32\azroles.dll
2009-03-28 22:22 7,168 -------- c:\windows\system32\bitsprx4.dll
2009-03-28 22:22 8,192 -c------ c:\windows\system32\dllcache\asferror.dll
2009-03-28 22:22 136,192 -------- c:\windows\system32\aaclient.dll
2009-03-28 21:54 <DIR> --d----- c:\program files\Combined Community Codec Pack
2009-03-28 21:52 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-03-28 21:50 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-03-28 21:50 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-28 21:49 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-28 21:49 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-03-28 21:49 <DIR> --d----- c:\program files\AVG
2009-03-28 21:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-03-28 21:49 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-28 21:48 <DIR> --d----- c:\program files\Lavasoft
2009-03-28 21:48 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-28 21:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-03-28 20:05 <DIR> --d----- c:\windows\peernet
2009-03-28 20:05 <DIR> --d----- c:\windows\provisioning
2009-03-28 20:04 647,872 -------- c:\windows\system32\Mscomct2.ocx
2009-03-28 20:04 41,984 -------- c:\windows\Ctregrun.exe
2009-03-28 20:03 <DIR> --d----- c:\windows\ServicePackFiles
2009-03-28 20:02 44,032 -------- c:\windows\system32\CTSVCCDA.EXE
2009-03-28 20:02 25,088 -------- c:\windows\system32\CTSVCCTL.EXE
2009-03-28 20:02 <DIR> --d----- c:\program files\common files\Creative
2009-03-28 20:02 <DIR> --d-h--- c:\program files\Creative Installation Information
2009-03-28 19:59 <DIR> --d----- c:\program files\Creative
2009-03-28 19:57 54,156 a---h--- c:\windows\QTFont.qfn
2009-03-28 19:57 1,409 a------- c:\windows\QTFont.for
2009-03-28 19:56 11,264 -------- c:\windows\system32\spnpinst.exe
2009-03-28 19:55 9,271,864 -c------ c:\windows\system32\dllcache\ehcir.ird
2009-03-28 19:55 67,866 -------- c:\windows\system32\drivers\netwlan5.img
2009-03-28 19:55 7,208 -------- c:\windows\system32\secupd.sig
2009-03-28 19:55 4,569 -------- c:\windows\system32\secupd.dat
2009-03-28 19:55 151,552 a------- c:\windows\system32\SUGO3CI.exe
2009-03-28 19:55 57,344 a------- c:\windows\system32\SUGO3CI.dll
2009-03-28 19:55 555 a------- c:\windows\system32\sugo3LMK.SMT
2009-03-28 19:55 11,502 -------- c:\windows\Dr. Printer Icon.ico
2009-03-28 19:55 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-03-28 19:54 22,663 a------- c:\windows\system32\sugo3LMK.DLL
2009-03-28 19:54 <DIR> --d----- c:\windows\system32\drivers\Samsung
2009-03-28 19:54 41,984 -------- c:\windows\system32\drivers\DGIVECP.SYS
2009-03-28 19:54 <DIR> --d----- c:\program files\Samsung
2009-03-28 19:47 0 a------- c:\windows\ativpsrm.bin
2009-03-28 19:41 221,184 a------- c:\windows\system32\wmpns.dll
2009-03-28 19:32 <DIR> --dshr-- C:\cmdcons
2009-03-28 19:32 <DIR> --d----- c:\windows\setup.pss
2009-03-28 19:31 <DIR> --d----- c:\windows\setupupd
2009-03-28 19:27 <DIR> --d----- c:\program files\common files\ATI Technologies
2009-03-28 19:23 <DIR> --d----- c:\windows\system32\bits
2009-03-28 19:23 <DIR> --d----- c:\windows\system32\PreInstall
2009-03-28 19:23 <DIR> --d-h--- c:\windows\$hf_mig$
2009-03-28 19:22 354,304 a------- c:\windows\system32\winhttp.dll
2009-03-28 19:22 18,944 a------- c:\windows\system32\qmgrprxy.dll
2009-03-28 19:22 438,784 -------- c:\windows\system32\xpob2res.dll
2009-03-28 19:22 8,192 -------- c:\windows\system32\bitsprx2.dll
2009-03-28 19:22 7,168 -------- c:\windows\system32\bitsprx3.dll
2009-03-28 19:22 3,107,788 a----r-- c:\windows\system32\ativvaxx.dat
2009-03-28 19:22 2,096 a----r-- c:\windows\system32\drivers\ativdkxx.vp
2009-03-28 19:22 1,311,202 a----r-- c:\windows\system32\drivers\ativcaxx.cpa
2009-03-28 19:22 43,152 a----r-- c:\windows\system32\drivers\ativvpxx.vp
2009-03-28 19:22 2,096 a----r-- c:\windows\system32\drivers\ativckxx.vp
2009-03-28 19:22 929 a----r-- c:\windows\system32\drivers\ativcaxx.vp
2009-03-28 19:20 <DIR> --d----- c:\program files\ATI
2009-03-28 19:20 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-03-28 19:19 593,920 -------- c:\windows\system32\ati2sgag.exe
2009-03-28 19:19 <DIR> --d----- c:\program files\ATI Technologies
2009-03-28 19:18 <DIR> --d----- C:\ATI
2009-03-28 19:18 213,528 a------- c:\windows\system32\wuaucpl.cpl
2009-03-28 19:18 183,296 a------- c:\windows\system32\wuaueng1.dll
2009-03-28 19:18 165,888 a------- c:\windows\system32\wuauclt1.exe
2009-03-28 19:16 <DIR> --dsh--- c:\documents and settings\administrator\UserData
2009-03-28 19:14 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-28 19:14 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-28 19:12 <DIR> --d----- c:\windows\system32\Lang
2009-03-28 19:12 3,910 a--shr-- c:\windows\system32\drivers\HP_PC098A-ABA M1070N_YW_Pavi_QMXK429_E43NAhmEPT6_4_IPuffer_SASUSTeK Computer INC._V1.xx_B3.04_T040705_WXP1_L409_M3072_J160_7Intel_8Pentium 4_92.8_111063044_N10EC8139_P_Z11C1048C_K_A_U80862658_G_O_D.MRK
2009-03-28 19:12 191,488 a------- c:\windows\system32\iuengine.dll
2009-03-28 19:10 21,060 -------- c:\windows\system32\drivers\iviaspi.sys
2009-03-28 19:10 10,368 -------- c:\windows\system32\drivers\pfc.sys
2009-03-28 19:10 204,800 a------- c:\windows\system32\IVIresizeW7.dll
2009-03-28 19:10 192,512 a------- c:\windows\system32\IVIresizeP6.dll
2009-03-28 19:10 188,416 a------- c:\windows\system32\IVIresizePX.dll
2009-03-28 19:10 200,704 a------- c:\windows\system32\IVIresizeA6.dll
2009-03-28 19:10 192,512 a------- c:\windows\system32\IVIresizeM6.dll
2009-03-28 19:10 20,480 a------- c:\windows\system32\IVIresize.dll
2009-03-28 19:09 <DIR> --d----- c:\program files\common files\Sonic
2009-03-28 19:09 <DIR> --d----- c:\program files\common files\SureThing Shared
2009-03-28 19:09 <DIR> --d----- c:\program files\Sonic
2009-03-28 19:09 <DIR> --d----- c:\program files\RecordNow!
2009-03-28 19:07 52,480 a------- c:\windows\system32\drivers\i8042prt.sys
2009-03-28 19:07 24,576 a------- c:\windows\system32\drivers\kbdclass.sys
2009-03-28 10:44 86,016 a------- c:\windows\SOUNDMAN.EXE
2009-03-28 10:44 9,710,592 a------- c:\windows\RTLCPL.EXE
2009-03-28 10:44 3,966,976 a------- c:\windows\system32\drivers\RtkHDAud.sys
2009-03-28 10:44 2,807,808 a------- c:\windows\ALCWZRD.EXE
2009-03-28 10:44 299,008 a------- c:\windows\system32\ALSNDMGR.CPL
2009-03-28 10:44 69,632 a------- c:\windows\ALCMTR.EXE
2009-03-28 10:43 246 a------- c:\windows\system\hpsysdrv.dat
2009-03-28 10:42 <DIR> --d----- c:\windows\I386
2009-03-28 10:32 <DIR> --d--r-- c:\documents and settings\all users\Documents
2009-03-28 10:32 <DIR> --d--r-- c:\windows\Offline Web Pages
2009-03-28 10:31 <DIR> -cdshr-- c:\windows\system32\dllcache

==================== Find3M ====================

2009-03-28 22:42 92,627 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-09 05:03 121,984 a------- c:\windows\system32\drivers\Rtnicxp.sys
2009-03-06 07:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-03 12:18 73,728 a------- c:\windows\system32\RtNicProp32.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-25 15:58 3,565,568 a------- c:\windows\system32\drivers\ati2mtag.sys
2009-02-25 14:42 442,368 a------- c:\windows\system32\ATIDEMGX.dll
2009-02-25 14:41 325,120 a------- c:\windows\system32\ati2dvag.dll
2009-02-25 14:30 11,841,536 a------- c:\windows\system32\atioglxx.dll
2009-02-25 14:30 204,800 a------- c:\windows\system32\atipdlxx.dll
2009-02-25 14:29 155,648 a------- c:\windows\system32\Oemdspif.dll
2009-02-25 14:29 26,112 a------- c:\windows\system32\Ati2mdxx.exe
2009-02-25 14:29 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-02-25 14:29 155,648 a------- c:\windows\system32\ati2evxx.dll
2009-02-25 14:27 602,112 a------- c:\windows\system32\ati2evxx.exe
2009-02-25 14:26 53,248 a------- c:\windows\system32\ATIDDC.DLL
2009-02-25 14:16 3,817,984 a------- c:\windows\system32\ati3duag.dll
2009-02-25 14:09 307,200 a------- c:\windows\system32\atiiiexx.dll
2009-02-25 13:59 2,670,080 a------- c:\windows\system32\ativvaxx.dll
2009-02-25 13:58 3,107,788 a------- c:\windows\system32\ativva5x.dat
2009-02-25 13:58 887,724 a------- c:\windows\system32\ativva6x.dat
2009-02-25 13:44 49,664 a------- c:\windows\system32\amdpcom32.dll
2009-02-25 13:40 475,136 a------- c:\windows\system32\atikvmag.dll
2009-02-25 13:38 126,976 a------- c:\windows\system32\atiadlxx.dll
2009-02-25 13:38 17,408 a------- c:\windows\system32\atitvo32.dll
2009-02-25 13:37 53,248 a------- c:\windows\system32\drivers\ati2erec.dll
2009-02-25 13:35 290,816 a------- c:\windows\system32\atiok3x2.dll
2009-02-25 13:32 45,056 a------- c:\windows\system32\aticalrt.dll
2009-02-25 13:32 45,056 a------- c:\windows\system32\aticalcl.dll
2009-02-25 13:32 626,688 a------- c:\windows\system32\ati2cqag.dll
2009-02-25 13:30 3,227,648 a------- c:\windows\system32\aticaldd.dll
2009-02-20 11:09 78,336 -------- c:\windows\system32\ieencode.dll
2009-02-09 05:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 05:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 05:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 05:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-02-06 04:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 04:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 03:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 03:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-03 12:59 56,832 a------- c:\windows\system32\secur32.dll
2009-01-26 10:55 182,995 a------- c:\windows\system32\atiicdxx.dat
2004-09-14 14:44 0 a--sh--- c:\windows\sminst\HPCD.SYS

============= FINISH: 4:37:46.89 ===============





I attached Spybot S&D scan file too ( hope it helps )

Any help in removal of this Virus would be greatly appreciated .

Sincerely

Keldron

Attached Files


Edited by keldron, 26 April 2009 - 07:05 AM.


BC AdBot (Login to Remove)

 


#2 keldron

keldron
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 27 April 2009 - 01:31 PM

Updated DDS Reports / Attach File and Hijackthis report ( i'm in the middle of doing another scan with malwarebytes and a-squared ( i am doing the scans one after another ) once the scans are done I will post the logs as well )


DDS (Ver_09-03-16.01) - NTFSx86
Run by Administrator at 11:23:48.79 on Mon 04/27/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.1666 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\WINDOWS\ALCMTR.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\SDFiles.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\a-squared Free\a2free.exe
C:\Documents and Settings\Administrator\Desktop\ipod\ipod\ipod\ipod.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/?rs=1
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = localhost
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPHUPD05] c:\program files\hp\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\imstart.lnk - c:\program files\intermute\IMStart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\137903\program\BackWeb-137903.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238318823953
DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} - file://c:\docume~1\admini~1\locals~1\temp\ThereInstallHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8B486EF6-6B2A-4A1E-BB0D-236CB2DBB8D2} - file://c:\program files\there\thereclient\ThereVoiceTrainer.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {AAF421E6-7914-430A-9981-72B31AFF3BF4} - file://c:\program files\there\thereclient\ThereLauncher.dll
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-28 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-28 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-28 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-28 108552]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-4-26 425080]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-3-29 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-3-29 234888]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-28 298264]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 953168]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
S2 mrtRate;mrtRate; [x]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-3-28 33176]

=============== Created Last 30 ================

2009-04-26 22:21 <DIR> --d----- C:\VundoFix Backups
2009-04-26 18:07 <DIR> --d----- c:\program files\a-squared Free
2009-04-26 03:18 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-04-26 03:18 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-26 03:18 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-26 03:18 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-26 03:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-20 11:53 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-04-20 11:53 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-04-20 11:53 5,632 a------- c:\windows\system32\ptpusb.dll
2009-04-20 11:53 159,232 a------- c:\windows\system32\ptpusd.dll
2009-04-18 21:29 <DIR> --d----- c:\program files\Visual Color Picker 2
2009-04-15 12:26 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-15 12:26 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-15 12:26 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-15 12:26 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 12:26 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-15 12:26 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-15 12:26 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 12:26 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 12:26 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-15 12:22 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 12:22 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-15 12:22 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-10 22:40 4,096 a------- c:\windows\system32\crash
2009-04-10 17:39 <DIR> --d----- c:\docume~1\admini~1\applic~1\Windows Search
2009-04-10 17:05 <DIR> --d----- c:\program files\LSI SoftModem
2009-04-10 17:04 <DIR> --d----- c:\docume~1\admini~1\applic~1\Acreon
2009-04-10 17:03 <DIR> --d----- c:\docume~1\admini~1\applic~1\Windows Desktop Search
2009-04-10 17:03 <DIR> --d----- c:\program files\Windows Desktop Search
2009-04-10 17:03 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-04-10 17:02 192,000 -c------ c:\windows\system32\dllcache\offfilt.dll
2009-04-10 17:02 98,304 -c------ c:\windows\system32\dllcache\nlhtml.dll
2009-04-10 17:02 29,696 -c------ c:\windows\system32\dllcache\mimefilt.dll
2009-04-10 17:01 <DIR> --d----- c:\windows\system32\RTCOM
2009-03-30 04:11 <DIR> --d----- c:\program files\Bethesda Softworks
2009-03-30 04:11 507,400 a------- c:\windows\system32\XAudio2_1.dll
2009-03-30 04:11 65,032 a------- c:\windows\system32\XAPOFX1_0.dll
2009-03-30 04:08 81,768 a------- c:\windows\system32\xinput1_3.dll
2009-03-30 04:08 1,123,696 a------- c:\windows\system32\D3DCompiler_33.dll
2009-03-30 04:08 443,752 a------- c:\windows\system32\d3dx10_33.dll
2009-03-30 04:08 3,495,784 a------- c:\windows\system32\d3dx9_33.dll
2009-03-30 04:08 <DIR> --d----- c:\windows\system32\xlive
2009-03-30 04:06 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-03-29 15:06 268,648 a------- c:\windows\system32\mucltui.dll
2009-03-29 15:06 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-03-29 14:20 <DIR> --d----- c:\program files\Ventrilo
2009-03-29 14:20 262 a------- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-03-29 14:20 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-03-29 14:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Blizzard
2009-03-29 02:37 <DIR> --d----- c:\program files\common files\Blizzard Entertainment
2009-03-29 02:29 <DIR> --d----- c:\program files\World of Warcraft
2009-03-29 02:08 32,592 a------- c:\windows\system32\msonpmon.dll
2009-03-29 02:02 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2009-03-29 01:31 <DIR> --d----- c:\program files\SpywareBlaster
2009-03-29 00:51 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-03-29 00:37 <DIR> --d----- c:\documents and settings\administrator\Tracing
2009-03-29 00:35 <DIR> --d----- c:\program files\Microsoft Office Outlook Connector
2009-03-29 00:34 <DIR> --d----- c:\program files\Microsoft
2009-03-29 00:34 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-03-29 00:27 <DIR> --d----- c:\program files\common files\Windows Live
2009-03-29 00:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Azureus
2009-03-29 00:27 <DIR> --d----- c:\program files\AskBarDis
2009-03-29 00:27 <DIR> --d----- c:\docume~1\admini~1\applic~1\Azureus
2009-03-29 00:26 <DIR> --d----- c:\program files\Vuze
2009-03-29 00:23 <DIR> --d----- c:\program files\Trend Micro
2009-03-29 00:22 <DIR> --d----- c:\program files\CCleaner
2009-03-29 00:21 <DIR> --d----- c:\program files\IZArc
2009-03-28 23:37 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-03-28 23:17 <DIR> --d----- c:\windows\system32\XPSViewer
2009-03-28 23:16 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-28 23:16 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-28 23:16 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-28 23:16 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-03-28 23:16 117,760 -------- c:\windows\system32\prntvpt.dll
2009-03-28 23:16 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-03-28 23:16 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-03-28 23:11 <DIR> --d----- c:\program files\MSXML 4.0
2009-03-28 23:08 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-03-28 23:08 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-03-28 23:08 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-28 23:08 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-03-28 23:08 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-03-28 23:08 268,288 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-03-28 23:08 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-03-28 23:08 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-28 23:08 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-03-28 22:51 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-03-28 22:50 2,189,056 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-28 22:50 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-28 22:50 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-28 22:50 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-28 22:50 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-03-28 22:50 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-03-28 22:50 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-03-28 22:50 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2009-03-28 22:50 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-03-28 22:50 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-03-28 22:50 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-03-28 22:37 <DIR> --d----- c:\windows\system32\scripting
2009-03-28 22:37 <DIR> --d----- c:\windows\l2schemas
2009-03-28 22:37 <DIR> --d----- c:\windows\system32\en
2009-03-28 22:32 <DIR> --d----- c:\windows\network diagnostic
2009-03-28 22:22 286,720 -c------ c:\windows\system32\dllcache\blackbox.dll
2009-03-28 22:22 159,232 -c------ c:\windows\system32\dllcache\cewmdm.dll
2009-03-28 22:22 999 -c------ c:\windows\system32\dllcache\bktrh.gif
2009-03-28 22:22 233,472 -------- c:\windows\system32\azroles.dll
2009-03-28 22:22 7,168 -------- c:\windows\system32\bitsprx4.dll
2009-03-28 22:22 8,192 -c------ c:\windows\system32\dllcache\asferror.dll
2009-03-28 22:22 136,192 -------- c:\windows\system32\aaclient.dll
2009-03-28 21:54 <DIR> --d----- c:\program files\Combined Community Codec Pack
2009-03-28 21:52 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-03-28 21:50 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-03-28 21:50 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-28 21:49 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-28 21:49 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-03-28 21:49 <DIR> --d----- c:\program files\AVG
2009-03-28 21:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-03-28 21:49 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-28 21:48 <DIR> --d----- c:\program files\Lavasoft
2009-03-28 21:48 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-28 21:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-03-28 20:05 <DIR> --d----- c:\windows\peernet
2009-03-28 20:05 <DIR> --d----- c:\windows\provisioning
2009-03-28 20:04 647,872 -------- c:\windows\system32\Mscomct2.ocx
2009-03-28 20:04 41,984 -------- c:\windows\Ctregrun.exe
2009-03-28 20:03 <DIR> --d----- c:\windows\ServicePackFiles
2009-03-28 20:02 44,032 -------- c:\windows\system32\CTSVCCDA.EXE
2009-03-28 20:02 25,088 -------- c:\windows\system32\CTSVCCTL.EXE
2009-03-28 20:02 <DIR> --d----- c:\program files\common files\Creative
2009-03-28 20:02 <DIR> --d-h--- c:\program files\Creative Installation Information
2009-03-28 19:59 <DIR> --d----- c:\program files\Creative
2009-03-28 19:57 54,156 a---h--- c:\windows\QTFont.qfn
2009-03-28 19:57 1,409 a------- c:\windows\QTFont.for
2009-03-28 19:56 11,264 -------- c:\windows\system32\spnpinst.exe
2009-03-28 19:55 9,271,864 -c------ c:\windows\system32\dllcache\ehcir.ird
2009-03-28 19:55 67,866 -------- c:\windows\system32\drivers\netwlan5.img
2009-03-28 19:55 7,208 -------- c:\windows\system32\secupd.sig
2009-03-28 19:55 4,569 -------- c:\windows\system32\secupd.dat
2009-03-28 19:55 151,552 a------- c:\windows\system32\SUGO3CI.exe
2009-03-28 19:55 57,344 a------- c:\windows\system32\SUGO3CI.dll
2009-03-28 19:55 555 a------- c:\windows\system32\sugo3LMK.SMT
2009-03-28 19:55 11,502 -------- c:\windows\Dr. Printer Icon.ico
2009-03-28 19:55 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-03-28 19:54 22,663 a------- c:\windows\system32\sugo3LMK.DLL
2009-03-28 19:54 <DIR> --d----- c:\windows\system32\drivers\Samsung
2009-03-28 19:54 41,984 -------- c:\windows\system32\drivers\DGIVECP.SYS
2009-03-28 19:54 <DIR> --d----- c:\program files\Samsung
2009-03-28 19:47 0 a------- c:\windows\ativpsrm.bin
2009-03-28 19:41 221,184 a------- c:\windows\system32\wmpns.dll
2009-03-28 19:32 <DIR> --dshr-- C:\cmdcons
2009-03-28 19:32 <DIR> --d----- c:\windows\setup.pss
2009-03-28 19:31 <DIR> --d----- c:\windows\setupupd
2009-03-28 19:27 <DIR> --d----- c:\program files\common files\ATI Technologies
2009-03-28 19:23 <DIR> --d----- c:\windows\system32\bits
2009-03-28 19:23 <DIR> --d----- c:\windows\system32\PreInstall
2009-03-28 19:23 <DIR> --d-h--- c:\windows\$hf_mig$
2009-03-28 19:22 354,304 a------- c:\windows\system32\winhttp.dll
2009-03-28 19:22 18,944 a------- c:\windows\system32\qmgrprxy.dll
2009-03-28 19:22 438,784 -------- c:\windows\system32\xpob2res.dll
2009-03-28 19:22 8,192 -------- c:\windows\system32\bitsprx2.dll
2009-03-28 19:22 7,168 -------- c:\windows\system32\bitsprx3.dll
2009-03-28 19:22 3,107,788 a----r-- c:\windows\system32\ativvaxx.dat
2009-03-28 19:22 2,096 a----r-- c:\windows\system32\drivers\ativdkxx.vp
2009-03-28 19:22 1,311,202 a----r-- c:\windows\system32\drivers\ativcaxx.cpa
2009-03-28 19:22 43,152 a----r-- c:\windows\system32\drivers\ativvpxx.vp
2009-03-28 19:22 2,096 a----r-- c:\windows\system32\drivers\ativckxx.vp
2009-03-28 19:22 929 a----r-- c:\windows\system32\drivers\ativcaxx.vp
2009-03-28 19:20 <DIR> --d----- c:\program files\ATI
2009-03-28 19:20 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-03-28 19:19 593,920 -------- c:\windows\system32\ati2sgag.exe
2009-03-28 19:19 <DIR> --d----- c:\program files\ATI Technologies
2009-03-28 19:18 <DIR> --d----- C:\ATI
2009-03-28 19:18 213,528 a------- c:\windows\system32\wuaucpl.cpl
2009-03-28 19:18 183,296 a------- c:\windows\system32\wuaueng1.dll
2009-03-28 19:18 165,888 a------- c:\windows\system32\wuauclt1.exe
2009-03-28 19:16 <DIR> --dsh--- c:\documents and settings\administrator\UserData
2009-03-28 19:14 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-28 19:14 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-28 19:12 <DIR> --d----- c:\windows\system32\Lang
2009-03-28 19:12 3,910 a--shr-- c:\windows\system32\drivers\HP_PC098A-ABA M1070N_YW_Pavi_QMXK429_E43NAhmEPT6_4_IPuffer_SASUSTeK Computer INC._V1.xx_B3.04_T040705_WXP1_L409_M3072_J160_7Intel_8Pentium 4_92.8_111063044_N10EC8139_P_Z11C1048C_K_A_U80862658_G_O_D.MRK
2009-03-28 19:12 191,488 a------- c:\windows\system32\iuengine.dll
2009-03-28 19:10 21,060 -------- c:\windows\system32\drivers\iviaspi.sys
2009-03-28 19:10 10,368 -------- c:\windows\system32\drivers\pfc.sys
2009-03-28 19:10 204,800 a------- c:\windows\system32\IVIresizeW7.dll
2009-03-28 19:10 192,512 a------- c:\windows\system32\IVIresizeP6.dll
2009-03-28 19:10 188,416 a------- c:\windows\system32\IVIresizePX.dll
2009-03-28 19:10 200,704 a------- c:\windows\system32\IVIresizeA6.dll
2009-03-28 19:10 192,512 a------- c:\windows\system32\IVIresizeM6.dll
2009-03-28 19:10 20,480 a------- c:\windows\system32\IVIresize.dll
2009-03-28 19:09 <DIR> --d----- c:\program files\common files\Sonic
2009-03-28 19:09 <DIR> --d----- c:\program files\common files\SureThing Shared
2009-03-28 19:09 <DIR> --d----- c:\program files\Sonic
2009-03-28 19:09 <DIR> --d----- c:\program files\RecordNow!
2009-03-28 19:07 52,480 a------- c:\windows\system32\drivers\i8042prt.sys
2009-03-28 19:07 24,576 a------- c:\windows\system32\drivers\kbdclass.sys

==================== Find3M ====================

2009-03-28 22:42 92,627 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-09 05:03 121,984 a------- c:\windows\system32\drivers\Rtnicxp.sys
2009-03-06 07:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-03 12:18 73,728 a------- c:\windows\system32\RtNicProp32.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-25 14:42 442,368 a------- c:\windows\system32\ATIDEMGX.dll
2009-02-25 14:41 325,120 a------- c:\windows\system32\ati2dvag.dll
2009-02-25 14:30 11,841,536 a------- c:\windows\system32\atioglxx.dll
2009-02-25 14:30 204,800 a------- c:\windows\system32\atipdlxx.dll
2009-02-25 14:29 155,648 a------- c:\windows\system32\Oemdspif.dll
2009-02-25 14:29 26,112 a------- c:\windows\system32\Ati2mdxx.exe
2009-02-25 14:29 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-02-25 14:29 155,648 a------- c:\windows\system32\ati2evxx.dll
2009-02-25 14:27 602,112 a------- c:\windows\system32\ati2evxx.exe
2009-02-25 14:26 53,248 a------- c:\windows\system32\ATIDDC.DLL
2009-02-25 14:16 3,817,984 a------- c:\windows\system32\ati3duag.dll
2009-02-25 14:09 307,200 a------- c:\windows\system32\atiiiexx.dll
2009-02-25 13:59 2,670,080 a------- c:\windows\system32\ativvaxx.dll
2009-02-25 13:58 3,107,788 a------- c:\windows\system32\ativva5x.dat
2009-02-25 13:58 887,724 a------- c:\windows\system32\ativva6x.dat
2009-02-25 13:44 49,664 a------- c:\windows\system32\amdpcom32.dll
2009-02-25 13:40 475,136 a------- c:\windows\system32\atikvmag.dll
2009-02-25 13:38 126,976 a------- c:\windows\system32\atiadlxx.dll
2009-02-25 13:38 17,408 a------- c:\windows\system32\atitvo32.dll
2009-02-25 13:35 290,816 a------- c:\windows\system32\atiok3x2.dll
2009-02-25 13:32 45,056 a------- c:\windows\system32\aticalrt.dll
2009-02-25 13:32 45,056 a------- c:\windows\system32\aticalcl.dll
2009-02-25 13:32 626,688 a------- c:\windows\system32\ati2cqag.dll
2009-02-25 13:30 3,227,648 a------- c:\windows\system32\aticaldd.dll
2009-02-20 11:09 78,336 -------- c:\windows\system32\ieencode.dll
2009-02-09 05:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 05:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 05:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 05:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-02-06 04:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 04:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 03:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 03:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-03 12:59 56,832 a------- c:\windows\system32\secur32.dll
2004-09-14 14:44 0 a--sh--- c:\windows\sminst\HPCD.SYS

============= FINISH: 11:25:08.82 ===============

Attached Files


Edited by keldron, 27 April 2009 - 03:39 PM.


#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:25 PM

Posted 08 May 2009 - 02:00 AM

Hello keldron,

Posted Image

Sorry about the delay.:thumbup2: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#4 keldron

keldron
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 10 May 2009 - 03:05 AM

New Hijackthis as requested

Attached Files



#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:25 PM

Posted 10 May 2009 - 03:22 AM

Hello,

Uh oh! :thumbup2: You have an old version of HijackThis.

I need for you to go offline completely and disable ALL your protective programs after you download ComboFix, but before you run it. Sometimes those programs interfere with it, and we don't want that! :)

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Please do this:
1. Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Then please delete/uninstall the old version to avoid confusion. :step4:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#6 keldron

keldron
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 10 May 2009 - 03:04 PM

both logs as requested :

Attached Files



#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:25 PM

Posted 12 May 2009 - 11:25 PM

Hello,

How is it running now please? :thumbup2:

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#8 keldron

keldron
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 13 May 2009 - 02:41 AM

well it seems to be running ok . I had no problems with viruses poping up or anything like that ( no slow downs , no pop ups , also my virus scans ( AVG , MalwareBytes and Asquared did not detect anything in the scans other than some random cookies from the web sites I visited ) .

Did I get rid of the problem ??

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:25 PM

Posted 13 May 2009 - 03:05 AM

Hello,

ComboFix removed some stuff, but other than that it looks okay.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Navigate to and delete the following file(s)(if they exist):

C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe <----this is spyware from HP. It phones home and gives them your data. :)

Please delete ComboFix and its accompanying folder C:\Qoobox. Empty your Recycle bin and reboot your computer.

Other than that you should be good to go. :thumbup2:

http://mvps.org/winhelp2002/unwanted.htm Please also read Tony Klein's excellent article: How I got Infected in the First Place

Take care!
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#10 keldron

keldron
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 13 May 2009 - 02:50 PM

Done all the steps as recommended .

Thx for your help I hope the nasty Virus is gone for good !!!!!!

Also thx for recommending the links to other articles it helped me update my system so that now no more nasty little bugs on it shall ever exist !!!!!!!!! :thumbup2:

#11 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:25 PM

Posted 14 May 2009 - 09:10 AM

You're most welcome. :thumbup2:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:25 PM

Posted 24 May 2009 - 04:25 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users