Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with AntiVirus Plus & PC AntiSpyware 2010


  • This topic is locked This topic is locked
2 replies to this topic

#1 a_fine_mess

a_fine_mess

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 13 September 2009 - 04:35 PM

My Computer is infected with AntiVirus Plus & PC AntiSpyware 2010. On booting up, AntiVirus Plus start running with a message stating that my machine is infected. This is followed by another message stating my anti-spyware is out of date and then when I click on the ballon, PC AntiSpyware starts running as if it were downloading something. This happens every few minutes. The machine had AVAST installed but I unistalled it thinking I'll update it latest version. Now, this malware won't let me install Spybot or Avast to scan the drives. Attached are the logs
Any help would be appreciated -

Thanks
Laurence

Computer specs

OS : Windows XP, service pack 3
Intel P4 2.8Ghz
384 MB RAM


DDS (Ver_09-07-30.01) - NTFSx86
Run by Elano at 15:04:39.81 on Sun 09/13/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.383.135 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\Elano\LOCALS~1\Temp\b.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\msb.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Documents and Settings\Elano\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [NordBull] c:\windows\msb.exe
uRun: [braviax] c:\windows\system32\braviax.exe
uRun: [Monopod] c:\docume~1\elano\locals~1\temp\b.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimage\TrueImageMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [braviax] braviax.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197133213718
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
AppInit_DLLs: cru629.dat
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 relog_ap nwprovau

============= SERVICES / DRIVERS ===============

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2007-12-8 5632]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-9-13 130936]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-9-13 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-9-13 1097096]

=============== Created Last 30 ================

2009-09-13 14:42 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-09-13 14:42 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-09-13 14:42 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-13 14:42 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-09-13 14:42 <DIR> --d----- c:\program files\common files\PC Tools
2009-09-13 14:42 <DIR> --d----- c:\program files\Spyware Doctor
2009-09-13 14:42 <DIR> --d----- c:\docume~1\elano\applic~1\PC Tools
2009-09-13 14:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-09-13 14:27 <DIR> --d----- C:\Josh
2009-09-13 13:49 6,144 a------- c:\windows\system32\cru629.dat
2009-09-13 13:44 308,160 a------- c:\temp\avast_home_setup.exe
2009-09-13 13:35 407,680 a------- c:\temp\aswclnr.exe
2009-08-27 02:14 80,384 a------- c:\windows\system32\~.exe
2009-08-27 01:58 11,264 a------- c:\windows\braviax.exe
2009-08-27 01:58 6,144 a------- c:\windows\cru629.dat
2009-08-27 01:32 46 a------- C:\p2hhr.bat
2009-08-27 01:32 1,072 a------- c:\windows\system32\pxs
2009-08-27 01:32 30,208 a------- c:\windows\system32\westkj.dll
2009-08-27 01:32 15,000 a------- c:\windows\system32\tajf83ikdmf.dll
2009-08-27 01:32 21,504 a------- C:\kvhwftjn.exe
2009-08-27 01:32 191,721 a------- c:\windows\system32\wisdstr.exe
2009-08-27 01:32 10,752 a------- C:\yihw.exe
2009-08-27 01:31 0 a--sh--- C:\-997859586
2009-08-27 01:31 11,264 a------- c:\windows\system32\braviax.exe
2009-08-19 16:28 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-08-19 00:36 <DIR> --d----- c:\windows\system32\XPSViewer
2009-08-19 00:34 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-08-19 00:34 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-19 00:34 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-19 00:34 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-19 00:34 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-08-19 00:34 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-08-19 00:34 117,760 -------- c:\windows\system32\prntvpt.dll
2009-08-18 22:08 142,852 a------- c:\windows\msb.exe
2009-08-17 17:57 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-08-17 17:54 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll

==================== Find3M ====================

2009-08-27 02:14 29,184 a------- c:\windows\system32\drivers\beep.sys
2009-08-10 16:37 144,896 a------- c:\windows\msa.exe
2009-08-10 16:37 207,364 a------- c:\windows\system32\msxml71.dll
2009-08-05 03:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 13:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-03 11:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-25 02:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 02:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 02:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 02:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 02:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 02:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-16 08:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 08:36 81,920 a------- c:\windows\system32\fontsub.dll
2008-09-04 20:08 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090420080905\index.dat

============= FINISH: 15:05:41.42 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 a_fine_mess

a_fine_mess
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 14 September 2009 - 05:18 PM

Hi All,

I just wanted to let you know that I fixed the problem using Malware Bytes. It got rid of the troublesome files

2009-08-27 02:14 80,384 a------- c:\windows\system32\~.exe
2009-08-27 01:58 11,264 a------- c:\windows\braviax.exe
2009-08-27 01:58 6,144 a------- c:\windows\cru629.dat
2009-08-27 01:32 46 a------- C:\p2hhr.bat
2009-08-27 01:32 10,752 a------- C:\yihw.exe

and then some

When I rebooted, Windows automatically did a chkdsk scan and fixed some of the windows files.

Thanks for the instructions. I know you guys are busy and I really appreciate the effort.

Laurence

#3 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 15 September 2009 - 06:04 PM

We appreciate you letting us know Laurence.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users