Thread: continuation of the viruses, correspondence with Ried, work computer #3
View Single Post
Old 06-30-2009, 12:14 PM   #1 (permalink)
arda21
Registered User
 
Join Date: Jun 2008
Posts: 93
OS: XP Service Pack 2


continuation of the viruses, correspondence with Ried, work computer #3
-- dear ried i believe this computer is clean but just in case --


DDS (Ver_09-06-26.01) - NTFSx86
Run by Zak Malakan at 13:21:41.25 on Tue 06/30/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1790.1358 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\DOCUME~1\ZAKMAL~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\Zak Malakan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://en.us.acer.yahoo.com
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
mStart Page = hxxp://en.us.acer.yahoo.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
mRun: [Preload] c:\windows\RUNXMLPL.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [WarReg_PopUp] c:\acer\wr_popup\WarReg_PopUp.exe /idle
mRun: [Acer ePresentation HPD] c:\acer\empowering technology\epresentation\ePresentation.exe
mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe
mRun: [Boot] c:\acer\empowering technology\epower\Boot.exe
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acerem~1.lnk - c:\acer\empowering technology\Acer.Empowering.Framework.Launcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: AtiExtEvent - Ati2evxx.dll

============= SERVICES / DRIVERS ===============

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2007-4-3 39680]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2007-4-2 35712]
S2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2006-4-14 28933976]

=============== Created Last 30 ================

2009-06-23 11:58 100 a------- c:\documents and settings\zak malakan\drvkeys.bat
2009-06-23 11:57 92 a------- c:\windows\GridV.UNI
2009-06-23 11:52 78,208 a------- c:\windows\system32\drivers\epm-shd.sys
2009-06-23 11:52 57,344 a------- c:\windows\system32\acpimof.dll
2009-06-23 11:52 45,056 a------- c:\windows\system32\Epm-Po.dll
2009-06-23 11:52 4,096 a------- c:\windows\system32\drivers\epm-psd.sys
2009-06-23 11:51 69,632 a------- c:\windows\system32\eRecUtil.dll
2009-06-23 11:51 602,112 a------- c:\windows\system32\Acer.Empowering.Windows.Forms_v820.dll
2009-06-23 11:51 602,112 a------- c:\windows\system32\Acer.Empowering.Windows.Forms.dll
2009-06-23 11:51 331,776 a------- c:\windows\system32\ScrollBarLib.dll
2009-06-23 11:51 53,248 a------- c:\windows\system32\Interop.Shell32.dll
2009-06-23 11:51 49,152 a------- c:\windows\system32\SysMonitor.exe
2009-06-23 11:51 <DIR> --d----- C:\Acer
2009-06-23 11:51 <DIR> --d----- c:\program files\Yahoo!
2009-06-23 11:50 631 -------- C:\PDVD.iss
2009-06-23 11:50 27,168 -------- c:\windows\system32\msxml3a.dll
2009-06-23 11:49 36,909,056 a------- c:\windows\system32\acer.scr
2009-06-23 11:49 9,178,170 a------- c:\windows\system32\acer.exe
2009-06-23 11:49 <DIR> --d----- c:\windows\ACER
2009-06-23 11:48 <DIR> --d----- c:\program files\Fingerprint Sensor
2009-06-23 11:45 <DIR> --d----- c:\program files\ATI Technologies
2009-06-23 11:44 <DIR> --d----- c:\documents and settings\Zak Malakan
2009-06-23 00:34 8,192 a------- c:\windows\REGLOCS.OLD
2009-06-23 00:32 <DIR> --d----- c:\program files\CONEXANT
2009-06-23 00:28 2,215 a--sh--- C:\Patch.rev
2009-06-23 00:25 3,072,056 a------- c:\windows\ACERTX.bmp
2009-06-23 00:25 988,800 a------- c:\windows\system32\drivers\HSF_DPV.sys
2009-06-23 00:25 730,112 a------- c:\windows\system32\drivers\HSF_CNXT.sys
2009-06-23 00:25 209,664 a------- c:\windows\system32\drivers\HSFHWAZL.sys
2009-06-23 00:25 176,128 a------- c:\windows\system32\UCI32M16.dll
2009-06-23 00:25 144,201 a------- c:\windows\system32\drivers\HSFProf.cty
2009-06-23 00:25 94,208 a------- c:\windows\system32\mdmxsdk.dll
2009-06-23 00:25 12,672 a------- c:\windows\system32\drivers\mdmxsdk.sys
2009-06-23 00:23 131,072 a------- c:\windows\PRELAUNCH.EXE
2009-06-23 00:23 <DIR> --d----- c:\windows\Lan
2009-06-23 00:23 39 a------- c:\windows\PreLaunch.ini

==================== Find3M ====================


============= FINISH: 13:21:48.26 ===============
Attached Files
File Type: zip Attach.zip (1.9 KB, 1 views)
arda21 is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here