Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help removing several viruses


  • This topic is locked This topic is locked
2 replies to this topic

#1 sdschob

sdschob

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 02 August 2009 - 10:12 PM

I am running Windows XP with Symantec Antivirus & Webroot Spy Sweeper. Symantic Antivirus has scanned & found the following:
Backdoor.Tidserv!inf
Trojan Horse
Trojan.Fakeavalert
Infostealer

My virus software will not let me remove or delete those and I think one of them dissabled my virus software because Windows Security Center is telling me to turn Symantec Antivirus on when it should all ready be. Below will be my dds log file, please help me with the next step.


DDS (Ver_09-07-30.01) - NTFSx86
Run by HP_Administrator at 21:01:02.67 on Sun 08/02/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.606 [GMT -6:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ActivCard\acachsrv.exe
C:\Program Files\Common Files\ActivCard\acautoreg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office12\GRA8E1~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ehTray] "c:\windows\ehome\ehtray.exe"
mRun: [HPHUPD08] "c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe"
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [SMSERIAL] "sm56hlpr.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [KBD] "c:\hp\kbd\KBD.EXE"
mRun: [acEventServ] "c:\program files\activcard\activcard gold\acevtsrv.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] "c:\progra~1\symant~1\VPTray.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [KernelFaultCheck] "%systemroot%\system32\dumprep" 0 -k
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\activc~1.lnk - c:\program files\activcard\activcard gold\agquickp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\mi1933~1\office12\GR99D3~1.DLL
Notify: acAuth - acauth.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\5krcgm0w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-4-21 29808]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ACachSrv;ActivCard Authentication Service;c:\program files\common files\activcard\acachsrv.exe [2002-12-17 135168]
R2 acautoreg;ActivCard Gold Autoregister;c:\program files\common files\activcard\acautoreg.exe [2002-11-29 53248]
R2 Accoca;ActivCard Gold service;c:\program files\common files\activcard\accoca.exe [2002-8-12 159744]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-4-21 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-7-16 1205760]
R3 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-7-16 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090731.004\naveng.sys [2009-7-31 87888]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090731.004\navex15.sys [2009-7-31 875728]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-9-27 116464]
S3 SCR131C;SCRx31 Serial Smart Card Reader;c:\windows\system32\drivers\SCR131C.sys [2002-11-7 181875]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\drivers\SCR33X2K.sys [2004-4-6 64088]
S3 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]

=============== Created Last 30 ================

2009-08-02 07:33 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Unity
2009-08-02 07:29 <DIR> --d----- c:\program files\Unity
2009-08-01 20:07 552 a------- c:\windows\system32\d3d8caps.dat
2009-07-31 21:04 <DIR> --d----- c:\windows\system32\drivers\NSS
2009-07-31 21:04 <DIR> --d----- c:\program files\Norton Security Scan
2009-07-31 21:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-07-31 21:04 <DIR> --d----- c:\program files\NortonInstaller
2009-07-31 21:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-07-31 20:33 55,296 a------- c:\windows\system32\drivers\UACd.sys
2009-07-31 20:23 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\HPQ
2009-07-30 21:15 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\AVG8
2009-07-30 21:09 <DIR> --d----- c:\program files\CCleaner
2009-07-30 06:55 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-30 06:55 73,728 a------- c:\windows\system32\javacpl.cpl
2009-07-28 20:12 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-07-28 20:12 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-07-28 20:11 <DIR> --d----- c:\program files\iPod
2009-07-28 20:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-28 20:10 <DIR> --d----- c:\program files\Bonjour
2009-07-28 20:07 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-07-28 20:07 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-07-28 17:33 594,432 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-28 17:33 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-21 16:51 <DIR> --d----- c:\program files\common files\EasyInfo
2009-07-20 19:01 <DIR> --d----- c:\program files\Lionhead Studios
2009-07-19 21:48 168,448 a------- c:\windows\system32\unrar.dll
2009-07-19 21:48 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-07-19 21:43 7,709,881 a------- c:\program files\klcodec500s.exe
2009-07-19 13:09 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\BitTorrent
2009-07-19 13:07 1,403,776 a------- c:\program files\BitTorrent-6.2.exe
2009-07-16 19:42 <DIR> --dsh--- c:\documents and settings\hp_administrator\IECompatCache
2009-07-16 19:32 716 a------- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat
2009-07-16 19:21 <DIR> --d----- c:\program files\BitTorrent
2009-07-16 19:14 <DIR> --d----- c:\program files\PFE Studyware
2009-07-16 19:09 <DIR> --d----- c:\program files\Itunes
2009-07-16 18:36 32,592 a------- c:\windows\system32\msonpmon.dll
2009-07-16 18:29 <DIR> --d----- c:\windows\SHELLNEW
2009-07-16 18:26 0 a------- c:\windows\vpc32.INI
2009-07-16 18:20 109,744 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-07-16 18:20 48,816 a------- c:\windows\system32\S32EVNT1.DLL
2009-07-16 18:19 <DIR> --d----- c:\program files\Symantec AntiVirus
2009-07-16 18:17 <DIR> --d----- c:\program files\common files\ActivCard
2009-07-16 18:17 <DIR> --d----- c:\program files\ActivCard
2009-07-16 18:17 1,129 a------- c:\windows\HBCIKRNL.INI
2009-07-16 18:17 <DIR> --d----- c:\program files\SCM Microsystems
2009-07-16 18:15 419 a------- c:\windows\BRWMARK.INI
2009-07-16 18:15 27 a------- c:\windows\BRPP2KA.INI
2009-07-16 18:13 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-07-16 18:13 25,856 a------- c:\windows\system32\dllcache\usbprint.sys
2009-07-16 18:12 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
2009-07-16 18:12 32,128 a------- c:\windows\system32\dllcache\usbccgp.sys
2009-07-16 17:58 <DIR> --d----- c:\windows\system32\scripting
2009-07-16 17:58 <DIR> --d----- c:\windows\system32\en
2009-07-16 17:58 <DIR> --d----- c:\windows\system32\bits
2009-07-16 17:58 <DIR> --d----- c:\windows\l2schemas
2009-07-16 17:56 <DIR> --d----- c:\program files\MSSOAP
2009-07-16 17:55 <DIR> --d----- c:\windows\ServicePackFiles
2009-07-16 17:55 1,563,008 a------- c:\windows\WRSetup.dll
2009-07-16 17:55 <DIR> --d----- c:\program files\Webroot
2009-07-16 17:55 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Webroot
2009-07-16 17:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Webroot
2009-07-16 17:55 164 a------- c:\windows\install.dat
2009-07-16 17:53 <DIR> --d----- c:\windows\network diagnostic
2009-07-16 17:51 40,577,080 a------- c:\program files\SpySweeperRegSetup_EN.exe
2009-07-16 17:44 1,878,888 a------- c:\program files\install_flash_player.exe
2009-07-16 17:35 <DIR> --d----- c:\windows\system32\appmgmt
2009-07-16 17:15 412,160 -------- c:\windows\system32\photometadatahandler.dll
2009-07-16 17:14 10,752 -------- c:\windows\system32\smtpapi.dll
2009-07-16 17:13 227 a------- c:\windows\HP_CounterReport_Update_HPSU.ini
2009-07-16 17:13 214 a------- c:\windows\HP_48BitScanUpdatePatch.ini
2009-07-16 17:05 <DIR> --d----- C:\SystemRoot
2009-07-16 17:04 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\WinBatch
2009-07-16 12:31 <DIR> --d----- C:\temp
2009-07-16 06:52 214 a------- c:\windows\HP_InstantSHareJPG.ini
2009-07-16 06:48 217 a------- c:\windows\HP_IZClosingDiscErrorPatch.ini
2009-07-16 06:47 221 a------- c:\windows\HP_RedboxHprblog_HPSU.ini
2009-07-15 16:46 <DIR> --d----- c:\program files\World of Warcraft
2009-07-15 16:46 <DIR> --d----- c:\program files\common files\Blizzard Entertainment
2009-07-15 16:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Blizzard
2009-07-15 07:37 <DIR> --dsh--- c:\documents and settings\hp_administrator\PrivacIE
2009-07-15 07:09 <DIR> --dsh--- c:\documents and settings\hp_administrator\IETldCache
2009-07-15 01:53 102,912 -------- c:\windows\system32\dllcache\iecompat.dll
2009-07-15 01:52 <DIR> --d----- c:\windows\ie8updates
2009-07-15 01:52 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-15 01:52 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-15 01:52 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
2009-07-15 01:52 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-15 01:51 <DIR> -cd-h--- c:\windows\ie8
2009-07-15 01:46 <DIR> --d----- c:\program files\MSXML 4.0
2009-07-15 01:30 <DIR> --d----- c:\program files\MM Kids
2009-07-15 01:28 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-07-15 01:28 272,128 -------- c:\windows\system32\dllcache\bthport.sys
2009-07-15 01:27 203,136 -------- c:\windows\system32\dllcache\rmcast.sys
2009-07-15 01:26 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2009-07-15 01:19 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2009-07-15 01:19 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-07-15 01:19 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-07-15 01:17 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-07-15 01:17 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-07-15 01:17 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-07-15 01:17 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-07-15 01:17 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-07-15 01:17 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-07-15 01:17 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-07-15 01:17 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-07-15 01:17 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-07-15 01:17 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-07-15 01:17 2,189,056 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-07-15 01:17 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-07-15 01:16 333,952 -------- c:\windows\system32\dllcache\srv.sys
2009-07-15 01:16 691,712 -------- c:\windows\system32\dllcache\inetcomm.dll
2009-07-15 01:14 <DIR> --dsh--- c:\documents and settings\hp_administrator\UserData
2009-07-15 01:12 <DIR> --dshr-- C:\cmdcons
2009-07-15 01:12 <DIR> --d----- c:\windows\setup.pss
2009-07-15 01:12 <DIR> --d----- c:\windows\setupupd
2009-07-15 01:09 <DIR> --d----- c:\windows\system32\PreInstall
2009-07-15 01:08 1,861 a--shr-- c:\windows\system32\drivers\103C_HP_CPC_ED895AA-ABA a1210n_YC_0Pavi_QCNH535_E54NAsyMPC1_48_IAmberine M_SASUSTek Computer INC._V1.03_B3.15_T070125_WXP2_L409_M959_J200_7AMD_8Athlon 64_92.19_#090715_N10EC8139_Z10573052_G10025954.MRK
2009-07-15 01:04 <DIR> --d----- c:\documents and settings\hp_administrator\WINDOWS
2009-07-15 01:04 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Symantec
2009-07-15 01:04 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Intuit
2009-07-15 01:04 <DIR> --d----- c:\documents and settings\HP_Administrator
2009-07-15 01:02 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-07-15 00:57 183 a------- c:\windows\system\hpsysdrv.DAT
2009-07-15 00:55 <DIR> --d----- c:\windows\Motorola
2009-07-15 00:50 <DIR> --d----- c:\windows\I386
2009-07-15 00:42 <DIR> --d--r-- c:\documents and settings\all users\Documents
2009-07-15 00:41 <DIR> --d--r-- c:\windows\Offline Web Pages
2009-07-15 00:39 <DIR> --dshr-- c:\windows\system32\dllcache
2009-07-14 22:20 12,288 a------- c:\windows\system32\dllcache\wb32.exe
2009-07-14 22:18 28,672 a------- c:\windows\system32\nmmkcert.dll
2009-07-14 22:18 12,288 a------- c:\windows\system32\nmevtmsg.dll
2009-07-14 22:18 12,288 a------- c:\windows\system32\dllcache\nmevtmsg.dll
2009-07-14 22:18 188,416 a------- c:\windows\system32\msh261.drv
2009-07-14 22:18 118,784 a------- c:\windows\system32\msg723.acm
2009-07-14 22:18 69,632 a------- c:\windows\system32\msconf.dll
2009-07-14 22:18 34,560 a------- c:\windows\system32\mnmdd.dll
2009-07-14 22:18 32,768 a------- c:\windows\system32\mnmsrvc.exe
2009-07-14 22:12 32,768 a------- c:\windows\system32\isrdbg32.dll
2009-07-14 22:12 81,920 a------- c:\windows\system32\ils.dll
2009-07-14 22:09 12,288 a------- c:\windows\system32\dllcache\cb32.exe

==================== Find3M ====================

2009-07-19 07:18 5,937,152 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-16 18:01 92,191 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-07-16 18:00 287,310 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\HPBasicDetection.dll
2009-07-16 18:00 163,840 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemcheck.dll
2009-07-16 18:00 61,440 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemutil.dll
2009-07-16 18:00 45,056 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\uninstallui\eHelpSetup.exe
2009-07-16 18:00 44,032 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\scripts\devcon.exe
2009-07-16 18:00 40,960 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\ScDmi.dll
2009-07-16 18:00 32,768 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\uploadHSC.dll
2009-07-16 18:00 32,768 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\Scom.dll
2009-07-16 06:47 139,264 a------- c:\windows\system32\hpzjrd01.dll
2009-07-03 11:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-03 11:09 915,456 -------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 11:09 206,848 a------- c:\windows\system32\dllcache\occache.dll
2009-07-03 11:09 1,208,832 -------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 11:09 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 11:09 184,320 a------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 11:09 386,048 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 05:01 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-16 08:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 08:36 119,808 -------- c:\windows\system32\t2embed.dll
2009-06-16 08:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 08:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-03 13:09 1,291,264 -------- c:\windows\system32\quartz.dll
2009-06-03 13:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2009-05-07 09:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 09:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2002-09-16 07:57 16,163 a------- c:\windows\inf\SCMSCR301.zip
2002-09-16 07:57 16,163 a------- c:\windows\inf\scm\scmscr 301 usb (light grey)\drivers\SCMSCR301.zip
2002-07-04 19:33 23,312 a----r-- c:\windows\inf\scm\scmscr 331 usb\drivers\Rdr_Svr.sys
2002-07-04 01:40 45,056 a----r-- c:\windows\inf\scm\scmscr 331 usb\drivers\stc2coinst.dll
2002-07-04 01:40 33,840 a----r-- c:\windows\inf\scm\scmscr 331 usb\drivers\STC2UI16.DLL
2002-07-03 20:32 56,320 a----r-- c:\windows\inf\scm\scmscr 331 usb\drivers\stc2.sys
2002-04-11 11:28 204,800 a----r-- c:\windows\inf\scm\scmscr 331 usb\drivers\installer\setup.exe
2002-04-04 17:36 307,200 a----r-- c:\windows\inf\gemplus\gempc413-sl serial\drivers\GDrivIns.dll
2002-04-04 17:36 307,200 a----r-- c:\windows\inf\gemplus\gempc400 pcmcia\drivers\GDrivIns.dll
2002-03-11 10:45 1,708,856 a----r-- c:\windows\inf\scm\scmscr 331 usb\drivers\installer\instmsia.exe
2002-02-22 14:13 131,072 a----r-- c:\windows\inf\gemplus\gempc413-sl serial\drivers\GDrivRes.dll
2002-02-22 14:13 131,072 a----r-- c:\windows\inf\gemplus\gempc400 pcmcia\drivers\GDrivRes.dll
2002-02-14 17:27 40,960 a----r-- c:\windows\inf\gemplus\gempc413-sl serial\drivers\drivers\gemstrmw.exe
2002-02-14 17:27 40,960 a----r-- c:\windows\inf\gemplus\gempc400 pcmcia\drivers\drivers\gemstrmw.exe
2002-02-01 02:09 18,912 a----r-- c:\windows\inf\scm\scmscr 301 usb (light grey)\drivers\stcusb.sys
2002-02-01 02:09 18,912 a------- c:\windows\inf\stcusb.sys
2002-01-16 05:26 34,057 a----r-- c:\windows\inf\omnikey\cardman 4000 pcmcia\drivers\cmtu3wdm.sys
2002-01-16 05:26 30,073 a----r-- c:\windows\inf\omnikey\cardman 4000 pcmcia\drivers\cmtu0wdm.sys
2002-01-14 03:52 49,152 a----r-- c:\windows\inf\omnikey\cardman 4000 pcmcia\drivers\launchn.dll
2001-12-28 17:29 7,156,736 a----r-- c:\windows\inf\activcard\actr-01 serial\drivers\SmartReader.exe
2001-11-28 01:13 20,404 a----r-- c:\windows\inf\activcard\srr200 usb\drivers\win 98 me\stcusb.sys
2001-11-27 12:16 385,024 a----r-- c:\windows\inf\gemplus\gempc413-sl serial\drivers\RdrInstall.exe
2001-11-27 12:16 385,024 a----r-- c:\windows\inf\gemplus\gempc400 pcmcia\drivers\RdrInstall.exe
2001-11-07 13:09 29,312 a----r-- c:\windows\inf\gemplus\gempc413-sl serial\drivers\drivers\gempc413\nt4\GemPC413.sys
2001-11-07 11:01 31,744 a----r-- c:\windows\inf\gemplus\gempc413-sl serial\drivers\drivers\gempc413\2000_xp\GemPC413.sys
2001-11-05 05:16 33,830 a----r-- c:\windows\inf\omnikey\cardman 4000 pcmcia\drivers\cmts3wdm.sys
2001-11-05 05:16 29,846 a----r-- c:\windows\inf\omnikey\cardman 4000 pcmcia\drivers\cmts1wdm.sys
2001-11-02 12:33 17,408 a----r-- c:\windows\inf\activcard\srr200 usb\drivers\win 2000 xp\stcusb.sys
2001-10-30 10:24 30,022 a----r-- c:\windows\inf\omnikey\cardman 4000 pcmcia\drivers\cmbp0wdm.sys
2001-10-08 00:22 28,442 a----r-- c:\windows\inf\omnikey\cardman 4000 pcmcia\drivers\cmbs2wdm.sys
2001-09-14 06:59 36,377 a----r-- c:\windows\inf\omnikey\cardman 4000 pcmcia\drivers\cmeu0wdm.sys
2001-09-14 05:00 26,136 a----r-- c:\windows\inf\scm\scmscr 111 serial\drivers\win 2k, xp\scr110.sys
2001-09-14 05:00 26,136 a----r-- c:\windows\inf\rsa\rsa scr 111 serial\drivers\win 2k, xp\scr110.sys
2001-09-05 04:23 56,320 a----r-- c:\windows\inf\activcard\srr200 usb\drivers\Setup.exe
2001-09-04 23:23 56,320 a----r-- c:\windows\inf\scm\scmscr 111 serial\drivers\Setup.exe
2001-09-04 23:23 56,320 a----r-- c:\windows\inf\rsa\rsa scr 111 serial\drivers\Setup.exe
2001-08-27 21:13 1,821,008 a----r-- c:\windows\inf\scm\scmscr 331 usb\drivers\installer\instmsiw.exe
2001-08-21 05:49 163,840 a----r-- c:\windows\inf\omnikey\cardman 4000 pcmcia\drivers\cmabout.dll
2001-03-28 02:57 24,576 a----r-- c:\windows\inf\omnikey\cardman 4000 pcmcia\drivers\DLYSW9IN.DLL
2001-02-26 03:36 45,056 a----r-- c:\windows\inf\omnikey\cardman 4000 pcmcia\drivers\dlysw9xn.exe
2001-02-26 01:22 26,089 a----r-- c:\windows\inf\omnikey\cardman 4000 pcmcia\drivers\sccmn50m.sys
2001-02-22 01:47 31,753 a----r-- c:\windows\inf\cherry\st 1000 usb\drivers\cmeu0wdm.sys
2001-02-09 22:44 41,684 a----r-- c:\windows\inf\gemplus\gempc400 pcmcia\drivers\drivers\gempc400\nt4\gpr400.sys
2001-02-07 21:23 18,032 a----r-- c:\windows\inf\gemplus\gempc400 pcmcia\drivers\drivers\gempc400\2000_xp\gempcc.sys
2001-01-25 06:25 36,864 a----r-- c:\windows\inf\omnikey\cardman 4000 pcmcia\drivers\cm6020n.dll
2001-01-25 05:26 36,864 a----r-- c:\windows\inf\cherry\st 1000 usb\drivers\launchn.dll
2001-01-18 14:19 129,024 a----r-- c:\windows\inf\gemplus\gempc413-sl serial\drivers\RdrSetup.exe
2001-01-18 14:19 129,024 a----r-- c:\windows\inf\gemplus\gempc400 pcmcia\drivers\RdrSetup.exe
2000-02-02 22:22 757,416 a----r-- c:\windows\inf\activcard\srr200 usb\drivers\scbase\scbase.exe
2000-02-02 17:22 757,416 a----r-- c:\windows\inf\scm\scmscr 111 serial\drivers\scbase\scbase.exe
2000-02-02 17:22 757,416 a----r-- c:\windows\inf\rsa\rsa scr 111 serial\drivers\scbase\scbase.exe
1999-07-26 03:39 140,568 a----r-- c:\windows\inf\cherry\st 1000 usb\drivers\SMCLIB.EXE
1999-07-26 03:38 757,416 a----r-- c:\windows\inf\cherry\st 1000 usb\drivers\scbase.exe
1999-03-03 23:06 6,144 a----r-- c:\windows\inf\gemplus\gempc400 pcmcia\drivers\drivers\gempc400\nt4\gprControl.sys
1998-11-18 14:09 140,568 a----r-- c:\windows\inf\gemplus\gempc413-sl serial\drivers\microsoft\SMCLIB.EXE
1998-11-18 14:09 140,568 a----r-- c:\windows\inf\gemplus\gempc400 pcmcia\drivers\microsoft\SMCLIB.EXE
1998-09-22 07:42 757,416 a----r-- c:\windows\inf\gemplus\gempc413-sl serial\drivers\microsoft\scbase.exe
1998-09-22 07:42 757,416 a----r-- c:\windows\inf\gemplus\gempc400 pcmcia\drivers\microsoft\scbase.exe
2009-03-27 22:15 32 a--sh--- c:\windows\sminst\HPCD.SYS

============= FINISH: 21:03:08.90 ===============

BC AdBot (Login to Remove)

 


#2 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:04:37 PM

Posted 12 August 2009 - 04:37 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
PW

#3 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:02:37 PM

Posted 20 August 2009 - 09:17 PM

Due to lack of feedback, this topic has been closed.
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users