Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

So many Viruses!!!


  • This topic is locked This topic is locked
2 replies to this topic

#1 thomasink

thomasink

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 05 June 2009 - 01:15 AM

I have so many trojans and torjan downloaders and nothing will get rid of them! please someone help me!! Pop-ups and fake virus scans infected files disabled taske manger!!! =[


DDS (Ver_09-05-14.01) - NTFSx86
Run by Owner at 1:52:22.92 on Fri 06/05/2009
Internet Explorer: 6.0.2600.0000
Microsoft Windows XP Home Edition 5.1.2600.0.1252.1.1033.18.510.30 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\3361\SVCHOST.exe -sysrun
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\igfxtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe
C:\WINDOWS\System32\SYS32DLL.exe
C:\WINDOWS\System32\avast!Antivirus.exe
svchost.exe
C:\WINDOWS\dhcp\svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\sopidkc.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
svchost.exe C:\WINDOWS\TEMP\VRT6.tmp
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Owner.AWESOMECOMP\Desktop\dds.scr
C:\WINDOWS\System32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://srch-us5.hpwis.com/
uDefault_Page_URL = hxxp://us5.hpwis.com/
uDefault_Search_URL = hxxp://srch-us5.hpwis.com/
uSearch Bar = hxxp://srch-us5.hpwis.com/
mDefault_Page_URL = hxxp://us5.hpwis.com/
mDefault_Search_URL = hxxp://srch-us5.hpwis.com/
mSearch Page = hxxp://srch-us5.hpwis.com/
mStart Page = hxxp://us5.hpwis.com/
mSearch Bar = hxxp://srch-us5.hpwis.com/
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
mSearchAssistant = hxxp://srch-us5.hpwis.com/
mCustomizeSearch = hxxp://srch-us5.hpwis.com/
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\ntos.exe,
TB: &hp toolkit: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\hp\explorebar\HPTOOLKT.DLL
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
EB: hp toolkit: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [SYS32DLL] SYS32DLL
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Malware Doctor] c:\documents and settings\localservice\application data\1361538659.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
mRun: [NAV CfgWiz] c:\progra~1\norton~1\Cfgwiz.exe /R
mRun: [NAV Agent] c:\progra~1\norton~1\navapw32.exe
mRun: [Malware Doctor] c:\documents and settings\localservice\application data\1361538659.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [DDCM] "c:\program files\wildtangent\ddc\ddcmanager\DDCMan.exe" -Background
mRun: [DDCActiveMenu] "c:\program files\wildtangent\ddc\activemenu\DDCActiveMenu.exe" -boot
mRun: [svchost.exe] "c:\windows\system32\3361\SVCHOST.exe"
mRunOnce: [svchost.exe] "c:\windows\system32\3361\SVCHOST.exe"
dRun: [SYSDLL] SYSDLL
dRun: [<NO NAME>] c:\windows\temp\mrumv7ix8j.exe
dRun: [Windows Resurections] c:\windows\temp\mrumv7ix8j.exe
dRun: [Diagnostic Manager] c:\windows\temp\4142510494.exe
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\custom~1.lnk - c:\hp\region\customizeIe.wsf
uPolicies-system: DisableRegistryTools = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {17A27031-71FC-11d4-815C-005004D0F1FA} - c:\program files\marketbrowser\lmt\MarketBrowser_Launch.xpy
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
LSP: c:\windows\system32\ZKLSPR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxsrvc.dll

============= SERVICES / DRIVERS ===============

R2 avast!Antivirus;avast!Antivirus;c:\windows\system32\avast!antivirus.exe -k netsvcs --> c:\windows\system32\avast!Antivirus.exe -k netsvcs [?]
R2 DhcpSrv;Dhcp server;c:\windows\dhcp\svchost.exe [2009-4-19 261120]
R2 Ias;Ias;c:\windows\system32\svchost.exe -k netsvcs [2003-8-19 33280]
R2 msncache;msncache;c:\windows\system32\svchost.exe -k netsvcs [2003-8-19 33280]
R2 sopidkc;sopidkc Service;c:\windows\system32\sopidkc.exe [2001-8-18 145408]
S2 AudioSrvALG;Windows Audio AudioSrvALG;c:\windows\system32\8i.exe srv --> c:\windows\system32\8i.exe srv [?]
S2 DwiuR;DwiuR;c:\windows\system32\svchost.exe -k netsvcs [2003-8-19 33280]
S2 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton antivirus\Navapsvc.exe [2002-2-27 116344]
S3 NAVAP;NAVAP;c:\windows\system32\drivers\NAVAP.SYS [2001-12-9 183872]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20020227.005\NAVENG.SYS [2002-5-3 65920]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20020227.005\NAVEX15.SYS [2002-5-3 585792]
S3 ntalme;ntalme;c:\windows\system32\ntalme.sys [2003-8-19 2304]
S3 pcm1394;pcm1394;c:\windows\system32\pcm1394.sys [2003-8-19 2304]
S3 restore;restore;\??\c:\windows\system32\drivers\restore.sys --> c:\windows\system32\drivers\restore.sys [?]
S3 sndintd;sndintd;c:\windows\system32\sndintd.sys [2003-8-19 2304]

=============== Created Last 30 ================

2009-06-05 00:39 0 a------- c:\windows\system32\A6.tmp
2009-06-05 00:39 0 a------- c:\windows\system32\A5.tmp
2009-06-05 00:39 84 a------- c:\windows\system32\A4.tmp
2009-06-05 00:39 23,552 a------- c:\windows\system32\wmimgr32.dll
2009-06-05 00:06 0 a------- c:\windows\system32\A3.tmp
2009-06-05 00:06 0 a------- c:\windows\system32\A2.tmp
2009-06-05 00:06 84 a------- c:\windows\system32\A1.tmp
2009-06-03 15:53 9,216 a------- c:\windows\system32\A0.tmp
2009-06-03 15:53 1 a------- c:\windows\system32\9F.tmp
2009-06-03 15:53 84 a------- c:\windows\system32\9E.tmp
2009-06-03 01:38 29,184 a------- c:\windows\system32\jbnmcd.dll
2009-06-02 18:45 210 a------- c:\windows\system32\sft.res
2009-06-02 18:45 29,184 a------- c:\windows\system32\jbnmck.dll
2009-06-02 16:54 175,734 a------- c:\windows\hpdj3600.hi1
2009-06-02 16:54 8,452 a------- c:\windows\hpdj3600.bu1
2009-06-02 14:35 9,216 a------- c:\windows\system32\9D.tmp
2009-06-02 14:35 1 a------- c:\windows\system32\9C.tmp
2009-06-02 14:35 84 a------- c:\windows\system32\9B.tmp
2009-06-02 14:32 9,216 a------- c:\windows\system32\9A.tmp
2009-06-02 14:32 84 a------- c:\windows\system32\96.tmp
2009-06-02 14:32 1 a------- c:\windows\system32\99.tmp
2009-06-02 14:27 9,216 a------- c:\windows\system32\98.tmp
2009-06-02 14:27 1 a------- c:\windows\system32\97.tmp
2009-06-02 14:27 84 a------- c:\windows\system32\95.tmp
2009-06-02 14:23 9,216 a------- c:\windows\system32\94.tmp
2009-06-02 14:23 1 a------- c:\windows\system32\93.tmp
2009-06-02 14:23 84 a------- c:\windows\system32\92.tmp
2009-06-02 14:19 9,216 a------- c:\windows\system32\91.tmp
2009-06-02 14:19 1 a------- c:\windows\system32\90.tmp
2009-06-02 14:19 84 a------- c:\windows\system32\8F.tmp
2009-06-02 14:15 9,216 a------- c:\windows\system32\8E.tmp
2009-06-02 14:15 1 a------- c:\windows\system32\8D.tmp
2009-06-02 14:14 84 a------- c:\windows\system32\8C.tmp
2009-06-02 14:10 9,216 a------- c:\windows\system32\8B.tmp
2009-06-02 14:10 1 a------- c:\windows\system32\8A.tmp
2009-06-02 14:10 84 a------- c:\windows\system32\89.tmp
2009-06-02 14:06 9,216 a------- c:\windows\system32\88.tmp
2009-06-02 14:06 1 a------- c:\windows\system32\87.tmp
2009-06-02 14:06 84 a------- c:\windows\system32\86.tmp
2009-06-02 14:01 9,216 a------- c:\windows\system32\85.tmp
2009-06-02 14:01 84 a------- c:\windows\system32\83.tmp
2009-06-02 14:01 1 a------- c:\windows\system32\84.tmp
2009-06-02 13:57 9,216 a------- c:\windows\system32\82.tmp
2009-06-02 13:57 1 a------- c:\windows\system32\81.tmp
2009-06-02 13:57 84 a------- c:\windows\system32\80.tmp
2009-06-02 13:53 9,216 a------- c:\windows\system32\7F.tmp
2009-06-02 13:53 1 a------- c:\windows\system32\7E.tmp
2009-06-02 13:52 84 a------- c:\windows\system32\7D.tmp
2009-06-02 13:48 9,216 a------- c:\windows\system32\7C.tmp
2009-06-02 13:48 1 a------- c:\windows\system32\7B.tmp
2009-06-02 13:48 84 a------- c:\windows\system32\7A.tmp
2009-06-02 13:44 9,216 a------- c:\windows\system32\79.tmp
2009-06-02 13:44 1 a------- c:\windows\system32\78.tmp
2009-06-02 13:44 84 a------- c:\windows\system32\77.tmp
2009-06-02 13:40 9,216 a------- c:\windows\system32\76.tmp
2009-06-02 13:40 1 a------- c:\windows\system32\75.tmp
2009-06-02 13:40 84 a------- c:\windows\system32\74.tmp
2009-06-02 13:36 9,216 a------- c:\windows\system32\73.tmp
2009-06-02 13:36 84 a------- c:\windows\system32\71.tmp
2009-06-02 13:36 1 a------- c:\windows\system32\72.tmp
2009-06-02 13:32 9,216 a------- c:\windows\system32\70.tmp
2009-06-02 13:32 1 a------- c:\windows\system32\6F.tmp
2009-06-02 13:32 84 a------- c:\windows\system32\6E.tmp
2009-06-02 13:24 9,216 a------- c:\windows\system32\6D.tmp
2009-06-02 13:24 1 a------- c:\windows\system32\6C.tmp
2009-06-02 13:24 84 a------- c:\windows\system32\6B.tmp
2009-06-02 13:20 9,216 a------- c:\windows\system32\6A.tmp
2009-06-02 13:19 1 a------- c:\windows\system32\69.tmp
2009-06-02 13:19 84 a------- c:\windows\system32\68.tmp
2009-06-02 13:15 9,216 a------- c:\windows\system32\67.tmp
2009-06-02 13:15 1 a------- c:\windows\system32\66.tmp
2009-06-02 13:15 84 a------- c:\windows\system32\65.tmp
2009-06-02 13:10 9,216 a------- c:\windows\system32\4.tmp
2009-06-02 13:10 1 a------- c:\windows\system32\3.tmp
2009-06-02 13:10 84 a------- c:\windows\system32\2.tmp
2009-06-02 13:06 9,216 a------- c:\windows\system32\64.tmp
2009-06-02 13:06 1 a------- c:\windows\system32\63.tmp
2009-06-02 13:06 84 a------- c:\windows\system32\62.tmp
2009-06-02 13:00 9,216 a------- c:\windows\system32\60.tmp
2009-06-02 13:00 1 a------- c:\windows\system32\F.tmp
2009-06-02 13:00 84 a------- c:\windows\system32\E.tmp
2009-06-02 12:49 32,444 a------- c:\windows\hpdj3600.his
2009-06-02 12:49 2,920 a------- c:\windows\hpdj3600.ini
2009-06-02 11:03 1 a------- c:\windows\system32\D.tmp
2009-06-02 11:03 49,152 a------- c:\windows\system32\C.tmp
2009-06-02 11:03 84 a------- c:\windows\system32\B.tmp
2009-06-02 10:46 <DIR> --d----- c:\program files\Windows Installer Clean Up
2009-06-02 08:29 9,216 a------- c:\windows\system32\A.tmp
2009-06-02 08:29 1 a------- c:\windows\system32\9.tmp
2009-06-02 08:28 84 a------- c:\windows\system32\8.tmp
2009-06-01 17:53 1 a------- c:\windows\system32\7.tmp
2009-06-01 17:53 82,432 a------- c:\windows\system32\6.tmp
2009-06-01 17:53 84 a------- c:\windows\system32\5.tmp
2009-06-01 17:28 1 a------- c:\windows\system32\1DB.tmp
2009-06-01 17:27 82,432 a------- c:\windows\system32\127.tmp
2009-06-01 17:27 84 a------- c:\windows\system32\F4.tmp
2009-06-01 17:25 480 a------- c:\windows\system32\win32hlp.cnf
2009-06-01 12:44 64,512 a------- c:\windows\system32\5F.tmp
2009-06-01 12:44 1 a------- c:\windows\system32\5E.tmp
2009-06-01 12:44 84 a------- c:\windows\system32\5D.tmp
2009-06-01 07:21 29,696 a------- c:\windows\system32\frmwrk32.ex_
2009-06-01 05:04 29,696 a------- c:\windows\system32\5C.tmp
2009-06-01 05:04 1 a------- c:\windows\system32\5B.tmp
2009-06-01 05:04 84 a------- c:\windows\system32\53.tmp
2009-05-31 19:58 0 a------- c:\windows\system32\5A.tmp
2009-05-31 19:58 0 a------- c:\windows\system32\59.tmp
2009-05-31 19:58 124 a------- c:\windows\system32\51.tmp
2009-05-31 16:43 0 a------- c:\windows\system32\54.tmp
2009-05-31 16:43 0 a------- c:\windows\system32\52.tmp
2009-05-31 16:43 124 a------- c:\windows\system32\4D.tmp
2009-05-30 20:52 0 a------- c:\windows\system32\4E.tmp
2009-05-30 20:52 84 a------- c:\windows\system32\4B.tmp
2009-05-30 19:00 0 a------- c:\windows\system32\4C.tmp
2009-05-30 19:00 84 a------- c:\windows\system32\45.tmp
2009-05-30 18:18 0 a------- c:\windows\system32\4A.tmp
2009-05-30 18:17 37,376 a---h--- c:\windows\pp10.ex_
2009-05-30 18:17 2 ----h--- c:\windows\sonce122730.dat
2009-05-30 16:15 0 a------- c:\windows\system32\252.tmp
2009-05-30 16:15 84 a------- c:\windows\system32\250.tmp
2009-05-30 16:15 <DIR> --d----- c:\windows\system32\sysloc
2009-05-30 16:15 38,912 a---h--- c:\windows\ld08.ex_
2009-05-28 16:42 <DIR> --d----- c:\docume~1\owner~1.awe\applic~1\MySpace
2009-05-28 16:42 <DIR> --d----- c:\program files\MySpace
2009-05-28 07:44 0 a------- c:\windows\system32\11.tmp
2009-05-28 00:24 0 a------- c:\windows\system32\46.tmp
2009-05-28 00:24 120 a------- c:\windows\system32\10.tmp
2009-05-27 15:08 0 a------- c:\windows\system32\44.tmp
2009-05-27 03:50 33,792 a------- c:\program files\common files\edghioqr.dll
2009-05-26 18:44 135,168 -------- c:\windows\system32\VT100.EXE
2009-05-26 18:44 0 a------- c:\windows\system32\49.tmp
2009-05-26 18:44 0 a------- c:\windows\system32\48.tmp
2009-05-26 18:44 84 a------- c:\windows\system32\47.tmp
2009-05-26 18:43 0 a------- c:\windows\system32\43.tmp
2009-05-26 18:43 84 a------- c:\windows\system32\3F.tmp
2009-05-26 18:43 0 a------- c:\windows\system32\42.tmp
2009-05-26 10:37 0 a------- C:\62.tmp
2009-05-26 10:37 0 a------- c:\windows\system32\61.tmp
2009-05-26 10:37 0 a------- C:\60.tmp
2009-05-26 10:37 0 a------- C:\5F.tmp
2009-05-26 10:37 0 a------- C:\5E.tmp
2009-05-26 10:37 0 a------- C:\5C.tmp
2009-05-26 08:28 0 a------- C:\51.tmp
2009-05-26 08:28 0 a------- C:\50.tmp
2009-05-26 08:28 0 a------- C:\4F.tmp
2009-05-26 08:28 0 a------- C:\4E.tmp
2009-05-26 08:28 0 a------- C:\4D.tmp
2009-05-26 08:28 0 a------- C:\4C.tmp
2009-05-26 08:28 0 a------- C:\4B.tmp
2009-05-26 08:28 0 a------- C:\4A.tmp
2009-05-26 08:28 0 a------- C:\49.tmp
2009-05-26 08:28 0 a------- C:\48.tmp
2009-05-26 08:27 0 a------- C:\47.tmp
2009-05-26 08:27 0 a------- C:\46.tmp
2009-05-26 08:27 0 a------- C:\45.tmp
2009-05-26 08:27 0 a------- C:\44.tmp
2009-05-26 08:27 0 a------- C:\43.tmp
2009-05-26 08:27 0 a------- C:\42.tmp
2009-05-26 08:27 51,712 a------- C:\41.tmp
2009-05-26 08:27 20,480 a------- C:\40.tmp
2009-05-26 08:21 19,968 a------- c:\windows\system32\3D.tmp
2009-05-26 08:21 1 a------- c:\windows\system32\3C.tmp
2009-05-26 08:21 84 a------- c:\windows\system32\38.tmp
2009-05-26 07:56 19,968 a------- c:\windows\system32\3B.tmp
2009-05-26 07:56 1 a------- c:\windows\system32\3A.tmp
2009-05-26 07:56 84 a------- c:\windows\system32\39.tmp
2009-05-26 07:55 19,968 a------- c:\windows\system32\37.tmp
2009-05-26 07:55 1 a------- c:\windows\system32\36.tmp
2009-05-26 07:55 0 a------- c:\windows\win.ini
2009-05-26 07:55 84 a------- c:\windows\system32\32.tmp
2009-05-26 07:49 19,968 a------- c:\windows\system32\35.tmp
2009-05-26 07:49 1 a------- c:\windows\system32\34.tmp
2009-05-26 07:49 84 a------- c:\windows\system32\33.tmp
2009-05-26 07:49 19,968 a------- c:\windows\system32\31.tmp
2009-05-26 07:48 1 a------- c:\windows\system32\2B.tmp
2009-05-26 07:48 84 a------- c:\windows\system32\2A.tmp
2009-05-26 06:12 19,968 a------- c:\windows\system32\30.tmp
2009-05-26 06:12 19,968 a------- c:\windows\system32\2F.tmp
2009-05-26 06:12 1 a------- c:\windows\system32\2E.tmp
2009-05-26 06:12 84 a------- c:\windows\system32\2D.tmp
2009-05-26 06:12 0 a------- c:\windows\system32\2C.tmp
2009-05-26 06:12 84 a------- c:\windows\system32\29.tmp
2009-05-26 06:09 19,968 a------- c:\windows\system32\28.tmp
2009-05-26 06:08 19,968 a------- c:\windows\system32\27.tmp
2009-05-26 06:08 1 a------- c:\windows\system32\26.tmp
2009-05-26 06:08 1 a------- c:\windows\system32\25.tmp
2009-05-26 06:08 84 a------- c:\windows\system32\21.tmp
2009-05-26 06:08 84 a------- c:\windows\system32\1A.tmp
2009-05-26 03:31 1 a------- c:\windows\system32\uniq.tll
2009-05-26 03:30 19,968 a------- c:\windows\system32\EC.tmp
2009-05-26 03:30 0 a------- c:\windows\system32\EB.tmp
2009-05-26 03:30 84 a------- c:\windows\system32\EA.tmp
2009-05-25 10:38 65,536 a------- c:\windows\system32\24.tmp
2009-05-25 10:38 1 a------- c:\windows\system32\23.tmp
2009-05-25 10:38 84 a------- c:\windows\system32\22.tmp
2009-05-25 10:38 65,536 a------- c:\windows\system32\20.tmp
2009-05-25 10:38 1 a------- c:\windows\system32\1F.tmp
2009-05-25 10:38 32,768 a------- c:\windows\system32\avast!Antivirus.exe
2009-05-25 10:38 84 a------- c:\windows\system32\18.tmp
2009-05-24 17:35 0 a------- c:\windows\system32\1D.tmp
2009-05-24 17:35 120 a------- c:\windows\system32\17.tmp
2009-05-24 16:17 0 a------- c:\windows\system32\1E.tmp
2009-05-24 16:17 0 a------- c:\windows\system32\1C.tmp
2009-05-24 16:17 44,032 a------- c:\windows\system32\1B.tmp
2009-05-24 16:17 120 a------- c:\windows\system32\19.tmp
2009-05-24 16:17 120 a------- c:\windows\system32\16.tmp
2009-05-23 20:46 <DIR> --ds---- c:\documents and settings\owner.awesomecomp\UserData
2009-05-22 19:12 <DIR> --d----- c:\windows\Favorites
2009-05-22 19:07 15,000 a------- c:\windows\system32\sdjee3inf.dl_
2009-05-22 15:11 2 ----h--- c:\windows\sonce123148.dat
2009-05-22 14:58 2 ----h--- c:\windows\sonce122688.dat
2009-05-22 14:30 <DIR> --d----- c:\program files\LanqiEngine
2009-05-22 12:49 40,449 a------- c:\windows\system32\reader_s.ex_
2009-05-22 12:49 120 a------- c:\windows\system32\15.tmp
2009-05-22 12:49 40,960 a------- c:\windows\system32\SYSDLL.exe
2009-05-22 12:49 <DIR> --d----- c:\windows\system32\121973
2009-05-22 09:18 <DIR> --d----- c:\program files\MetaStream
2009-05-22 09:07 <DIR> --d----- c:\windows\3075C5C308074924AF8FFF27052C12AE.TMP
2009-05-22 08:27 <DIR> --d----- c:\docume~1\owner~1.awe\applic~1\Malwarebytes
2009-05-22 08:27 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-22 08:26 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-22 08:26 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-22 08:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-22 08:19 70,144 a------- c:\windows\system32\D6.tmp
2009-05-22 08:19 70,144 a------- c:\windows\system32\D1.tmp
2009-05-22 08:19 120 a------- c:\windows\system32\CE.tmp
2009-05-22 08:19 120 a------- c:\windows\system32\CC.tmp
2009-05-22 05:35 70,144 a------- c:\windows\system32\14.tmp
2009-05-21 23:21 1 a------- c:\windows\system32\13.tmp
2009-05-21 23:21 84 a------- c:\windows\system32\12.tmp
2009-05-21 20:07 46,592 a------- c:\windows\system32\irmserv32.dll
2009-05-21 20:07 84 a------- c:\windows\system32\55.tmp
2009-05-21 20:07 1 a------- c:\windows\system32\56.tmp
2009-05-21 20:07 1,056 a------- c:\windows\system32\jxa
2009-05-21 20:07 84 a------- c:\windows\system32\4F.tmp
2009-05-21 20:07 1 a------- c:\windows\system32\50.tmp
2009-05-20 20:34 1 a------- c:\windows\9g2234wesdf3dfgjf23
2009-05-20 20:34 2 ----h--- c:\windows\sto452730.dat
2009-05-20 20:34 <DIR> --d----- c:\windows\system32\870159
2009-05-20 20:34 155 a--s---- c:\windows\system32\416052712.dat
2009-05-20 20:34 50,176 ---shr-- c:\windows\system32\8i.exe
2009-05-19 18:18 <DIR> --d----- C:\WUTemp
2009-05-19 18:18 182,880 a------- c:\windows\system32\iuenginenew.dll
2009-05-19 18:13 <DIR> --d----- c:\program files\XP Codec Pack
2009-05-19 03:14 217,127 a------- c:\windows\system32\drv43260.dll
2009-05-19 03:14 208,935 a------- c:\windows\system32\drv33260.dll
2009-05-19 03:14 1,184,984 a------- c:\windows\system32\wvc1dmod.dll
2009-05-19 03:14 626,688 a------- c:\windows\system32\vp7vfw.dll
2009-05-19 03:14 176,165 a------- c:\windows\system32\drv23260.dll
2009-05-19 03:14 65,602 a------- c:\windows\system32\cook3260.dll
2009-05-19 03:14 1,645,320 a------- c:\windows\gdiplus.dll
2009-05-19 03:09 87,608 a------- c:\docume~1\owner~1.awe\applic~1\inst.exe
2009-05-19 03:09 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-05-19 03:09 47,360 a------- c:\docume~1\owner~1.awe\applic~1\pcouffin.sys
2009-05-19 02:37 3 a------- c:\windows\system32\bversion.dll
2009-05-19 01:30 43,528 -------- c:\windows\system32\drivers\PxHelp20.sys
2009-05-19 01:29 <DIR> --d----- c:\program files\common files\DivX Shared
2009-05-19 01:28 735,232 a------- c:\windows\system32\AdvOcr.dll
2009-05-19 01:28 94,208 a------- c:\windows\system32\TRSOCR.dll
2009-05-19 01:28 95 a------- c:\windows\system32\TRSOCR.ini
2009-05-19 00:49 102,400 a------- c:\windows\S87ekhV.exe
2009-05-19 00:10 32,137,216 a------- c:\windows\system32\TRSOCR.dat
2009-05-18 22:49 581,632 a------- c:\windows\system32\IPHACTION.dll
2009-05-18 22:39 0 a------- c:\windows\system32\IpSvchostF.dll
2009-05-18 22:28 61,440 a------- c:\windows\system32\tcpd.exe
2009-05-18 22:28 42,496 a------- c:\windows\system32\AUTMGR.EXE
2009-05-18 22:28 926,720 a------- c:\windows\system32\kernel32_check.dll
2009-05-18 22:28 172,032 a------- c:\windows\system32\tcpcon.dll
2009-05-18 22:28 10,240 a------- c:\windows\system32\Packer.dll
2009-05-18 22:28 9 a------- c:\windows\system32\riphy.dll
2009-05-18 22:28 9 a------- c:\windows\system32\iphy.dll
2009-05-18 22:28 3 a------- c:\windows\system32\fhpatch.dll
2009-05-18 21:30 1,172 a------- c:\windows\mozver.dat
2009-05-18 21:24 179,712 a------- c:\windows\system32\tpsaxyd.exe
2009-05-18 20:33 23,070 a------- c:\windows\system32\drivers\RTL8139.sys
2009-05-18 20:30 65,536 a------- c:\windows\DUMP91ff.tmp
2009-05-18 20:30 65,536 a------- c:\windows\DUMP6fd1.tmp
2009-05-18 20:27 116 a------- c:\windows\SYSTEM.INI
2009-05-18 20:12 376 a------- c:\windows\ODBC.INI
2009-05-18 19:35 <DIR> --d----- c:\docume~1\owner~1.awe\applic~1\uTorrent
2009-05-18 17:50 <DIR> --d----- c:\docume~1\owner~1.awe\applic~1\Symantec
2009-05-18 17:50 <DIR> --d----- c:\documents and settings\owner.awesomecomp\WINDOWS
2009-05-18 17:50 <DIR> --d----- c:\documents and settings\Owner.AWESOMECOMP
2009-05-18 14:43 99,840 a------- c:\windows\system32\xoexei.dll
2009-05-18 14:43 99,840 a------- c:\windows\system32\sfqkglyl.dll
2009-05-18 08:04 66,560 a------- c:\windows\system32\UACjcnwucfkpqdlybp.dll
2009-05-18 08:04 <DIR> --d----- c:\windows\system32\790151
2009-05-18 08:04 15,000 a------- c:\windows\system32\aef3fee.dll
2009-05-18 08:04 19,968 a------- c:\windows\system32\UACnqaushiftdbnqmc.dll
2009-05-18 08:03 17,408 a------- c:\windows\system32\UACsbqwxdrcmbgiowx.dll
2009-05-18 08:03 19,968 a------- c:\windows\system32\UACdcqbgqrnebrmxbm.dll
2009-05-18 08:03 224 a------- c:\windows\system32\UACiluajgsxmxardyr.dat
2009-05-18 08:03 24,064 a------- c:\windows\system32\UACfucoukmvocaeqmn.dll
2009-05-18 08:00 99,840 a------- c:\windows\system32\qsiviy.dll
2009-05-18 08:00 99,840 a------- c:\windows\system32\cpnxbcsp.dll
2009-05-18 07:57 99,840 a------- c:\windows\system32\utkdel.dll
2009-05-18 07:57 99,840 a------- c:\windows\system32\xmhtvagb.dll
2009-05-17 21:36 223,232 a------- c:\windows\system32\sqlite3.dll
2009-05-17 21:36 36,864 a------- c:\windows\system32\ascbalon.dll
2009-05-17 21:36 217,088 a------- c:\windows\system32\ConTest.dll
2009-05-17 21:36 20,480 a------- c:\windows\system32\SysRestore.dll
2009-05-17 21:36 86,016 a------- c:\windows\system32\SQLiteWrapper.dll
2009-05-17 17:02 99,840 a------- c:\windows\system32\szcjym.dll
2009-05-17 17:02 99,840 a------- c:\windows\system32\ilbdvakf.dll
2009-05-16 22:05 60,416 a------- c:\windows\system32\SYS32DLL.exe
2009-05-16 22:05 <DIR> --d----- c:\windows\system32\796525
2009-05-16 22:04 99,840 a------- c:\windows\system32\tamdln.dll
2009-05-16 22:04 99,840 a------- c:\windows\system32\acshjhxk.dll
2009-05-16 12:50 99,840 a------- c:\windows\system32\snqhro.dll
2009-05-16 12:50 99,840 a------- c:\windows\system32\fjohygta.dll
2009-05-15 17:51 15,000 a------- c:\windows\system32\sdrgfcvbf.dll
2009-05-15 07:51 99,328 a------- c:\windows\system32\lybyku.dll
2009-05-15 07:51 99,328 a------- c:\windows\system32\jcdymnhn.dll
2009-05-14 19:49 99,328 a------- c:\windows\system32\bdudnk.dll
2009-05-14 19:49 99,328 a------- c:\windows\system32\bcjlgcew.dll
2009-05-13 19:33 99,840 a------- c:\windows\system32\xsbmge.dll
2009-05-13 19:33 99,840 a------- c:\windows\system32\ojtrljmr.dll
2009-05-13 07:18 98,816 a------- c:\windows\system32\crmoea.dll
2009-05-13 07:18 98,816 a------- c:\windows\system32\olvtcfwi.dll
2009-05-13 07:17 1,406,743 a--sh--- c:\windows\system32\iidmrwlx.tmp
2009-05-12 17:00 99,328 a------- c:\windows\system32\ebjqkymh.dll
2009-05-12 17:00 99,328 a------- c:\windows\system32\cspvdc.dll
2009-05-12 05:03 99,328 a------- c:\windows\system32\pmykhg.dll
2009-05-12 05:03 99,328 a------- c:\windows\system32\ovriamqk.dll
2009-05-12 04:57 99,328 a------- c:\windows\system32\llgfax.dll
2009-05-12 04:57 99,328 a------- c:\windows\system32\vhmkasmc.dll
2009-05-11 07:06 99,328 a------- c:\windows\system32\zubkel.dll
2009-05-11 07:06 99,328 a------- c:\windows\system32\klryntpi.dll
2009-05-11 07:06 1,406,730 ---sh--- c:\windows\system32\fdaxpgyq.ini
2009-05-10 19:03 99,328 a------- c:\windows\system32\qnorur.dll
2009-05-10 19:03 99,328 a------- c:\windows\system32\hgcuulbi.dll
2009-05-10 19:03 1,406,730 ---sh--- c:\windows\system32\rejsouir.ini
2009-05-09 23:35 1,406,730 ---sh--- c:\windows\system32\mdqkimot.ini
2009-05-09 23:35 99,328 a------- c:\windows\system32\hhroox.dll
2009-05-09 23:35 99,328 a------- c:\windows\system32\qquuiled.dll
2009-05-09 23:35 1,433,101 a--sh--- c:\windows\system32\rcddlrsq.tmp
2009-05-08 20:04 99,840 a------- c:\windows\system32\rmoetawx.dll
2009-05-08 20:04 99,840 a------- c:\windows\system32\ieusob.dll
2009-05-08 08:02 99,840 a------- c:\windows\system32\kxwtrl.dll
2009-05-08 08:02 99,840 a------- c:\windows\system32\flbvcliw.dll
2009-05-08 08:00 1,433,110 ---sh--- c:\windows\system32\ngginfue.ini
2009-05-07 14:27 1,433,110 ---sh--- c:\windows\system32\qgbawafn.ini
2009-05-07 14:24 99,328 a------- c:\windows\system32\tlorytgt.dll
2009-05-07 14:24 99,328 a------- c:\windows\system32\hxgran.dll
2009-05-06 20:25 99,328 a------- c:\windows\system32\xpkxns.dll
2009-05-06 20:25 99,328 a------- c:\windows\system32\rketvfqs.dll
2009-05-06 20:22 1,433,110 ---sh--- c:\windows\system32\umdwxsuv.ini
2009-05-06 08:25 1,433,110 ---sh--- c:\windows\system32\caaahbon.ini
2009-05-06 08:22 99,840 a------- c:\windows\system32\riylju.dll
2009-05-06 08:22 99,840 a------- c:\windows\system32\ikemlfeo.dll

==================== Find3M ====================

2009-06-03 08:59 108,000 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-05-26 06:09 125,440 a------- c:\windows\system32\userinit.exe
2009-05-22 05:35 161,536 a------- c:\windows\system32\drivers\ndis.sys
2009-05-05 20:25 99,840 a------- c:\windows\system32\yrzxqh.dll
2009-05-05 20:25 99,840 a------- c:\windows\system32\cipkuhhb.dll
2009-05-05 08:22 99,328 a------- c:\windows\system32\qsyhff.dll
2009-05-05 08:22 99,328 a------- c:\windows\system32\fllaciln.dll
2009-05-04 20:23 99,328 a------- c:\windows\system32\ihtbdq.dll
2009-05-04 20:23 99,328 a------- c:\windows\system32\fgdsamwv.dll
2009-05-04 08:23 99,328 a------- c:\windows\system32\wuxxsreh.dll
2009-05-04 08:23 99,328 a------- c:\windows\system32\dypvpx.dll
2009-05-04 04:27 99,328 a------- c:\windows\system32\qfzjkd.dll
2009-05-04 04:27 99,328 a------- c:\windows\system32\duqlxkbg.dll
2009-05-03 16:27 99,328 a------- c:\windows\system32\geszir.dll
2009-05-03 16:27 99,328 a------- c:\windows\system32\avcpjkua.dll
2009-05-03 04:27 99,328 a------- c:\windows\system32\qctbvvrf.dll
2009-05-03 04:27 99,328 a------- c:\windows\system32\eefwcd.dll
2009-05-02 16:27 99,328 a------- c:\windows\system32\oakppfao.dll
2009-05-02 16:27 99,328 a------- c:\windows\system32\askfxa.dll
2009-05-02 04:24 99,328 a------- c:\windows\system32\vzpihd.dll
2009-05-02 04:24 99,328 a------- c:\windows\system32\amgcbaat.dll
2009-05-01 16:23 99,328 a------- c:\windows\system32\rxqdoxjf.dll
2009-05-01 16:23 99,328 a------- c:\windows\system32\kgffyd.dll
2009-05-01 04:23 99,328 a------- c:\windows\system32\glwchkdv.dll
2009-05-01 04:23 99,328 a------- c:\windows\system32\dzjrlu.dll
2009-04-30 16:23 99,328 a------- c:\windows\system32\uthydwoq.dll
2009-04-30 16:23 99,328 a------- c:\windows\system32\rxtcto.dll
2009-04-30 04:23 99,328 a------- c:\windows\system32\ovlrjnxf.dll
2009-04-30 04:23 99,328 a------- c:\windows\system32\afffsf.dll
2009-04-29 16:24 98,816 a------- c:\windows\system32\zavweq.dll
2009-04-29 16:24 98,816 a------- c:\windows\system32\cmdnllsk.dll
2009-04-29 04:21 98,816 a------- c:\windows\system32\uvxrmt.dll
2009-04-29 04:21 98,816 a------- c:\windows\system32\jercncag.dll
2009-04-28 00:19 99,328 a------- c:\windows\system32\uwpptlsm.dll
2009-04-28 00:19 99,328 a------- c:\windows\system32\rlosnf.dll
2009-04-27 12:22 99,840 a------- c:\windows\system32\ncxtgh.dll
2009-04-27 12:22 99,840 a------- c:\windows\system32\eticcfpv.dll
2009-04-27 00:16 99,840 a------- c:\windows\system32\ptnnnu.dll
2009-04-27 00:16 99,840 a------- c:\windows\system32\ljnkybka.dll
2009-04-26 18:35 15,000 a------- c:\windows\system32\jksahfo93wjfkd.dll
2009-04-26 07:39 99,328 a------- c:\windows\system32\oviemaow.dll
2009-04-26 07:39 99,328 a------- c:\windows\system32\enelxz.dll
2009-04-25 17:07 61,440 a------- c:\windows\system32\21B.tmp
2009-04-25 17:07 153,088 a------- c:\windows\system32\219.tmp
2009-04-25 16:13 99,328 a------- c:\windows\system32\pelxuyds.dll
2009-04-25 16:13 99,328 a------- c:\windows\system32\mfqonp.dll
2009-04-25 16:12 15,000 a------- c:\windows\system32\kjsdiowq8oikf.dll
2009-04-24 22:38 99,328 a------- c:\windows\system32\omscfykr.dll
2009-04-24 22:38 99,328 a------- c:\windows\system32\kjzexz.dll
2009-04-24 10:38 99,840 a------- c:\windows\system32\qexprp.dll
2009-04-24 10:38 99,840 a------- c:\windows\system32\ifbtixed.dll
2009-04-23 22:38 99,840 a------- c:\windows\system32\qtubomse.dll
2009-04-23 22:38 99,840 a------- c:\windows\system32\ktcpze.dll
2009-04-23 02:16 99,328 a------- c:\windows\system32\okxpbepo.dll
2009-04-23 02:16 99,328 a------- c:\windows\system32\hnvcrd.dll
2009-04-22 14:21 99,840 a------- c:\windows\system32\shrbadis.dll
2009-04-22 14:21 99,840 a------- c:\windows\system32\pxwauy.dll
2009-04-22 02:21 99,840 a------- c:\windows\system32\tptaocib.dll
2009-04-22 02:21 99,840 a------- c:\windows\system32\apzose.dll
2009-04-21 14:18 99,840 a------- c:\windows\system32\sedpkqhj.dll
2009-04-21 14:18 99,840 a------- c:\windows\system32\ddcmxf.dll
2009-04-21 02:21 99,840 a------- c:\windows\system32\uomemelm.dll
2009-04-21 02:21 99,840 a------- c:\windows\system32\cbpvoc.dll
2009-04-21 02:18 71,680 a------- c:\windows\system32\rqoeaamc.exe
2009-04-20 14:15 99,840 a------- c:\windows\system32\hkyjmhat.dll
2009-04-20 14:15 99,840 a------- c:\windows\system32\eibxwn.dll
2009-04-19 17:02 15,000 a------- c:\windows\system32\zfgh83jg3.dll
2009-04-19 16:17 15,000 a------- c:\windows\system32\yaubfh983ind.dll
2009-04-19 14:22 262,144 a------- c:\windows\system32\nvrsk.dll
2009-04-19 14:22 15,000 a------- c:\windows\system32\sdfgerfgf3f.dll
2009-04-19 14:16 99,840 a------- c:\windows\system32\cqgdcg.dll
2009-04-19 14:16 99,840 a------- c:\windows\system32\arnohkxy.dll
2009-04-06 20:28 90,112 a------- c:\windows\system32\dpl100.dll
2009-04-06 20:28 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-04-06 20:28 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-04-06 20:28 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-04-06 20:28 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-04-06 20:28 684,032 a------- c:\windows\system32\DivX.dll
2001-08-18 08:00 94,784 ---sh--- c:\windows\twain.dll
2001-08-18 08:00 46,592 ---sh--- c:\windows\twain_32.dll
2001-08-18 08:00 995,383 ---sh--- c:\windows\system32\mfc42.dll
2001-08-18 08:00 50,688 ---sh--- c:\windows\system32\msvcirt.dll
2001-08-18 08:00 401,462 ---sh--- c:\windows\system32\msvcp60.dll
2001-08-18 08:00 322,560 ---sh--- c:\windows\system32\msvcrt.dll
2001-08-18 08:00 569,344 ---sh--- c:\windows\system32\oleaut32.dll
2001-08-18 08:00 106,496 ---sh--- c:\windows\system32\olepro32.dll
2001-08-18 08:00 50,688 ---sh--- c:\windows\system32\regsvr32.exe
2008-09-06 03:07 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090620080907\index.dat

============= FINISH: 1:55:31.84 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:10 PM

Posted 05 June 2009 - 04:56 AM

Hi,

I have bad news for you :thumbup2:

I see you're dealing with Virut on top of the other nasty malware you are dealing with. In that case, it's unfortunately a lost case - Game over situation and a format and reinstall is the fastest and especially the safest solution.

You may want to read this why:
Virut and other File infectors - Throwing in the Towel?

So, I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files...
This because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again.


Read here for instructions how to format and reinstall Windows: http://web.mit.edu/ist/products/winxp/adva...all-format.html
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:10 PM

Posted 15 June 2009 - 10:24 AM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users