They got me good-I have everything: trojans/virus

#1 poliziano


  
  
  

Posted 07 October 2009 - 05:35 PM


I admit it. I got what I was looking for. I downloaded from a torrent and I got hit really bad.
Avast went berserk with all types of alerts. Wireless mouse stopped working, windows explorer is non responsive, system restore has been de-activated by the infection. Spybot search and destroy tried to correct some of the issues with no success. I have a message "Host process has stopped working" popping up every two minutes.
Please help. I learned my lesson!


DDS (Ver_09-09-29.01) - NTFSx86
Run by Stefano at 17:08:15.30 on Wed 10/07/2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_15

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig?hl=en
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: OToolbarHelper Class: {ead3a971-6a23-4246-8691-c9244e858967} - c:\program files\paypal\paypal plug-in\PayPalHelper.dll
TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - c:\program files\paypal\paypal plug-in\OToolbar.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\stefano\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [MediaGate] "c:\program files\mediagate\hd media server\DigitalMediaServer.exe"
uRun: [Simplify Media] "c:\program files\simplify media\SimplifyMedia.exe"
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [calc] rundll32.exe c:\windows\system32\config\system~1\ntuser.dll,_IWMPEvents@0
uRun: [ctfmon.exe] c:\windows\system32\rundll32.exe c:\users\stefano\appdata\local\temp\4927xxx.dll,DllMain
uRun: [silikipepu] Rundll32.exe "c:\programdata\geduvuwe\geduvuwe.dll",s
uRun: [Login Software 2009] c:\users\stefano\appdata\local\temp\t6na5el2a.exe
uRun: [Yjafosi8kdf98winmdkmnkmfnwe] c:\users\stefano\appdata\local\temp\system.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [SMSERIAL] "c:\program files\motorola\smserial\sm56hlpr.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\iaanotif.exe"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] "c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe" /Start
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] "c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe"
mRun: [WAWifiMessage] "c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\12.0\sharedcom\RoxWatchTray12.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\8.0"
mRun: [calc] rundll32.exe c:\windows\system32\calc.dll,_IWMPEvents@0
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: RunStartupScriptSync = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: RunStartupScriptSync = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
AppInit_DLLs: APSHook.dll,c:\programdata\hemiyubu\hemiyubu.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli c:\programdata\geduvuwe\geduvuwe.dll c:\programdata\hemiyubu\hemiyubu.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\stefano\appdata\roaming\mozilla\firefox\profiles\nahorkry.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\\npGoogleOneClick8.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\stefano\appdata\local\google\update\\npGoogleOneClick8.dll
FF - plugin: c:\users\stefano\appdata\roaming\mozilla\firefox\profiles\nahorkry.default\extensions\{9eb34849-81d3-4841-939d-666d522b889a}\plugins\npSlingPlayer.dll
FF - plugin: c:\users\stefano\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\stefano\appdata\roaming\mozilla\plugins\npPxPlay.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2009-10-07 13:50 0 a------- c:\windows\system32\41.exe
2009-10-07 13:47 25,088 a--sh--- c:\windows\system32\calc.dll
2009-10-07 13:47 25,088 a--sh--- c:\users\stefano\ntuser.dll
2009-10-07 13:47 <DIR> --d----- c:\programdata\zugilesu
2009-10-07 13:47 <DIR> --d----- c:\programdata\hemiyubu
2009-10-07 13:47 <DIR> --d----- c:\programdata\geduvuwe
2009-10-07 13:47 <DIR> --d----- c:\progra~2\zugilesu
2009-10-07 13:47 <DIR> --d----- c:\progra~2\hemiyubu
2009-10-07 13:47 <DIR> --d----- c:\progra~2\geduvuwe
2009-10-07 13:47 918 a------- c:\windows\system32\critical_warning.html
2009-10-07 13:47 <DIR> --d----- c:\windows\system32\lowsec
2009-10-07 13:47 229,888 a------- C:\scxmgj.exe
2009-10-07 13:47 75,264 a------- C:\srvgdoqj.exe
2009-10-07 13:47 155,284 a------- C:\jyvtfwu.exe
2009-10-07 13:47 123,979 a------- C:\gfsufon.exe
2009-10-07 13:47 66,048 a------- C:\ylmh.exe
2009-10-07 13:42 <DIR> --d----- c:\users\stefano\appdata\roaming\MixMeister Technology
2009-10-07 13:41 <DIR> --d----- c:\program files\MixMeister Fusion + Video
2009-10-07 13:16 <DIR> --d----- c:\program files\MP3 Checker
2009-10-05 15:52 2,421,760 a------- c:\windows\system32\wucltux.dll
2009-10-05 15:51 171,608 a------- c:\windows\system32\wuwebv.dll
2009-10-05 15:51 54,272 a------- c:\windows\system32\wuapp.exe
2009-10-03 07:30 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-09-30 20:01 <DIR> --d----- c:\program files\Jar2Exe Wizard
2009-09-30 19:50 <DIR> --d----- c:\users\stefano\.beaTunes
2009-09-30 19:50 <DIR> --d----- c:\program files\tagtraum industries
2009-09-30 17:10 <DIR> --d----- c:\program files\Nero
2009-09-30 17:09 <DIR> --d----- c:\programdata\Nero
2009-09-30 17:09 <DIR> --d----- c:\progra~2\Nero
2009-09-24 15:58 <DIR> --d----- c:\windows\system32\vi-VN
2009-09-24 15:58 <DIR> --d----- c:\windows\system32\eu-ES
2009-09-24 15:58 <DIR> --d----- c:\windows\system32\ca-ES
2009-09-24 15:44 <DIR> --d----- c:\windows\system32\EventProviders
2009-09-24 12:35 968,192 a------- c:\windows\system32\wcnwiz2.dll
2009-09-24 12:34 406,016 a------- c:\windows\system32\vds.exe
2009-09-24 12:33 867,328 a------- c:\windows\system32\wmpmde.dll
2009-09-24 12:32 542,208 a------- c:\windows\system32\pnpui.dll
2009-09-24 12:31 153 a------- c:\windows\system32\RacUREx.xml
2009-09-24 12:31 744,448 a------- c:\windows\system32\wbem\wbemcore.dll
2009-09-24 12:31 265,728 a------- c:\windows\system32\wbem\esscli.dll
2009-09-24 12:31 189,440 a------- c:\windows\system32\wbem\mofd.dll
2009-09-24 12:31 83,968 a------- c:\windows\system32\wbem\wmiutils.dll
2009-09-24 12:31 30,208 a------- c:\windows\system32\wbem\wbemprox.dll
2009-09-24 12:31 614,912 a------- c:\windows\system32\wbem\fastprox.dll
2009-09-24 12:31 265,728 a------- c:\windows\system32\wbem\repdrvfs.dll
2009-09-24 12:31 705,536 a------- c:\windows\system32\SmiEngine.dll
2009-09-24 12:31 218,624 a------- c:\windows\system32\wdscore.dll
2009-09-24 12:31 151,040 a------- c:\windows\system32\PkgMgr.exe
2009-09-24 12:30 247,808 a------- c:\windows\system32\drvstore.dll
2009-09-23 13:14 <DIR> --d----- c:\program files\CCleaner
2009-09-23 10:08 <DIR> --d----- c:\programdata\BIAS
2009-09-23 10:08 <DIR> --d----- c:\progra~2\BIAS
2009-09-23 10:03 <DIR> --d----- c:\users\stefano\appdata\roaming\Macrovision
2009-09-23 09:59 <DIR> --d----- c:\users\stefano\appdata\roaming\LightZone
2009-09-23 09:49 <DIR> --d----- c:\program files\common files\eSellerate
2009-09-23 09:36 <DIR> --d----- c:\programdata\Uninstall
2009-09-23 09:36 <DIR> --d----- c:\progra~2\Uninstall
2009-09-23 09:29 <DIR> --d----- c:\programdata\CinemaNow
2009-09-23 09:29 <DIR> --d----- c:\progra~2\CinemaNow
2009-09-23 09:28 <DIR> --d----- c:\program files\CinemaNow
2009-09-23 09:26 <DIR> --d----- c:\users\stefano\appdata\roaming\Simple Star
2009-09-23 09:26 <DIR> --d----- c:\programdata\PhotoShow Shared Assets
2009-09-23 09:26 <DIR> --d----- c:\progra~2\PhotoShow Shared Assets
2009-09-23 09:24 <DIR> --d----- c:\programdata\SmartSound Software Inc
2009-09-23 09:24 <DIR> --d----- c:\progra~2\SmartSound Software Inc
2009-09-23 09:24 <DIR> --d----- c:\program files\SmartSound Software
2009-09-22 19:04 1 a---h--- c:\windows\mulch200.ini
2009-09-17 19:20 <DIR> --d----- c:\programdata\Macrovision
2009-09-17 19:20 <DIR> --d----- c:\program files\Roxio 2010
2009-09-17 19:17 <DIR> --d----- c:\users\stefano\appdata\roaming\Roxio Log Files
2009-09-16 09:39 <DIR> --d----- c:\users\stefano\appdata\roaming\DiskAid
2009-09-16 09:07 <DIR> --d----- c:\users\stefano\appdata\roaming\Sling Media
2009-09-16 07:42 <DIR> --d----- c:\program files\LD-Anime
2009-09-15 16:23 <DIR> --d----- c:\program files\iPhone Configuration Utility
2009-09-15 16:22 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-09-15 16:22 26,600 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-15 16:21 <DIR> --d----- c:\program files\iPod
2009-09-15 16:21 <DIR> --d----- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-15 16:21 <DIR> --d----- c:\program files\iTunes
2009-09-15 16:21 <DIR> --d----- c:\progra~2\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-13 14:32 <DIR> --d----- c:\program files\PowerISO
2009-09-09 03:01 <DIR> --dsh--- c:\windows\system32\%APPDATA%
2009-09-09 00:14 904,776 a------- c:\windows\system32\drivers\tcpip.sys
2009-09-09 00:14 105,984 a------- c:\windows\system32\netiohlp.dll
2009-09-09 00:14 30,720 a------- c:\windows\system32\drivers\tcpipreg.sys
2009-09-09 00:14 47,616 a------- c:\windows\system32\NETSTAT.EXE
2009-09-09 00:14 40,448 a------- c:\windows\system32\ARP.EXE
2009-09-09 00:14 38,400 a------- c:\windows\system32\ROUTE.EXE
2009-09-09 00:14 31,744 a------- c:\windows\system32\MRINFO.EXE
2009-09-09 00:14 30,720 a------- c:\windows\system32\finger.exe
2009-09-09 00:14 30,208 a------- c:\windows\system32\TCPSVCS.EXE
2009-09-09 00:14 29,184 a------- c:\windows\system32\HOSTNAME.EXE
2009-09-09 00:14 17,920 a------- c:\windows\system32\netevent.dll

==================== Find3M ====================

2009-10-07 16:55 103,865 a------- c:\programdata\nvModes.dat
2009-10-07 16:55 103,865 a------- c:\progra~2\nvModes.dat
2009-10-07 15:12 205,624 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-09-24 16:05 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-24 16:05 143,360 a------- c:\windows\inf\infstor.dat
2009-09-24 16:05 86,016 a------- c:\windows\inf\infpub.dat
2009-09-24 15:57 665,600 a------- c:\windows\inf\drvindex.dat
2009-08-28 19:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-28 19:42 40,448 a------- c:\windows\system32\drivers\usbaapl.sys
2009-08-17 12:05 53,328 a------- c:\windows\system32\drivers\aswMonFlt.sys
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-21 17:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 17:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 17:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 16:13 154,112 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 09:54 71,680 a------- c:\windows\system32\atl.dll
2009-07-15 08:40 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-07-15 08:39 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-15 08:39 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-15 08:39 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-11 15:01 513,536 a------- c:\windows\system32\wlansvc.dll
2009-07-11 15:01 302,592 a------- c:\windows\system32\wlansec.dll
2009-07-11 15:01 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-07-11 15:01 65,024 a------- c:\windows\system32\wlanapi.dll
2009-07-11 13:03 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-07-09 22:03 123,888 a------- c:\windows\system32\pxcpyi64.exe
2009-07-09 22:03 125,424 a------- c:\windows\system32\pxinsi64.exe
2008-06-01 07:41 174 a--sh--- c:\program files\desktop.ini
2007-12-30 06:33 47,360 a------- c:\users\stefano\appdata\roaming\pcouffin.sys
2007-12-26 10:27 27,525 a------- c:\users\stefano\appdata\roaming\nvModes.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2006-05-03 05:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 06:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2008-03-16 08:30 216,064 ---shr-- c:\windows\system32\nbDX.dll

============= FINISH: 17:08:52.49 ===============

==== Installed Programs ======================

"Nero SoundTrax Help
7-Zip 4.57
Ad-Aware 2007
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Audition 3.0
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Creative Suite 4 Master Collection
Adobe CS4 American English Speech Analysis Models
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Reader 8.1.3
Adobe Setup
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe Visual Communicator 3
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Adobe XMP Panels CS4
Advertising Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AuthenTec Fingerprint Sensor Minimum Install
avast! Antivirus
Avi2Dvd 0.4.5 beta
Bit Che
CCleaner (remove only)
CDex extraction audio
CinemaNow Media Manager
Combined Community Codec Pack 2008-01-24
CyberLink PowerDirector
dBpoweramp [Calculate Audio CRC] Codec
dBpoweramp Dalet Codec
dBpoweramp FLAC Codec
dBpoweramp Monkeys Audio Codec
dBpoweramp Mp2 and BwfMp2 codec
dBpoweramp mp3 (Fraunhofer IIS) Codec
dBpoweramp Music Converter
dBpoweramp Ogg Vorbis Codec
dBpoweramp Real Audio (Helix) Encoder
dBPoweramp tooLame MP2 codec
dBpoweramp Wave64 Codec
dBpoweramp WavPack Codec
DC-Bass Source 1.1.1
DirectVobSub (remove only)
DScaler 5 Mpeg Decoders
ESU for Microsoft Vista
GEAR 32bit Driver Installer
GIMP 2.6.4
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Updater
HD Media Server
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Doc Viewer
HP Help and Support
HP Integrated Module with Bluetooth wireless technology
HP Quick Launch Buttons 6.20 B1
HP QuickPlay 3.2
HP Update
HP User Guides 0056
HP Wireless Assistant
Intel Matrix Storage Manager
Intel® IPP Run-Time Installer 5.2 for Windows* on IA-32
InterVideo DeviceService
iPhone Configuration Utility
Java™ 6 Update 15
Java™ 6 Update 6
Java™ 6 Update 7
Kaspersky Online Scanner
LightScribe System Software
Matroska Pack - Lazy Man's MKV 0.9.9
Menu Templates - Starter Kit
Microsoft .NET Framework 3.5 SP1
Microsoft IntelliPoint 6.1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft XML Parser
MixMeister Fusion + Video 7.3.2
MobileMe Control Panel
MONOGRAM AMR Splitter/Decoder (remove only)
Motorola SM56 Data Fax Modem
Movie Templates - Starter Kit
Mozilla Firefox (3.5.3)
MP3 Checker 1.08
Mp3 Tag Tools v1.2
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MusicBrainz Tagger 0.10.5
Nero 9
Nero BurningROM
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DriveSpeed
Nero Express
Nero InfoTool
Nero Installer
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero RescueAgent Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero WaveEditor
Nero WaveEditor Help
Netflix Movie Viewer
NVIDIA Drivers
OpenOffice.org Installer 1.0
OpenSource Flash Video Splitter (remove only)
Panopticum Rich Typing 1.3
PayPal Plug-In
Photodex Presenter
Photoshop Camera Raw
ProShow Gold
RealMedia (remove only)
Realtek High Definition Audio Driver
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator 2010 Pro
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Tools
Roxio Express Labeler 3
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
SHOUTcast Source (remove only)
Sibelius Scorch (ActiveX Only)
Simplify Media
Slacker USB Station Refresher
SmartSound Quicktracks Plugin
Sonic Update Manager
Sony Cinescore 1.0
Sony Cinescore Plug-In 1.0
Sony Noise Reduction Plug-In 2.0h
Sound Forge Pro 10.0
Spybot - Search & Destroy
SpywareBlaster 4.0
Suite Shared Configuration CS4
SUPER © Version 2009.bld.36 (June 10, 2009)
SureThing CD Labeler LightScribe 5.0.581.0
Symantec Technical Support Web Controls
Synaptics Pointing Device Driver
tagtraum industries beaTunes 2.0.16
TMPGEnc DVD Author 3 with DivX Authoring
Ulead DVD MovieFactory 6
Unlocker 1.8.7
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Outlook 2007 Junk Email Filter (kb973514)
VeriSoft Access Manager
Videora iPhone Converter 4.01
Videora iPod Converter 3.07
Vista Codec Package
VonageTalk 0.9.3
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
WinRAR archiver
Your Uninstaller! 2008 Version 6.0
YouTube Uploader for CASIO

==== End Of File ===========================

Attached Files

  • Attached File  ark.txt   58.96KB   0 downloads

#2 Elise


    

  
  
  
  
  

Posted 24 October 2009 - 07:30 AM

Hello ,
And :( to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We need to check for rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
    Direct Download
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
Please be patient and I'd be grateful if you would note the following
  • The cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log
  • RootRepeal log

Please give me some time to review your logs and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay

regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."


Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome


Malware analyst @ Emsisoft

#3 poliziano

  

  
  
  

Posted 24 October 2009 - 01:13 PM

Thank you very much for your reply but I could not possible wait 17 days for a response.
I solved the issue by reformatting the hard drive.

I do understand that you are all doing this out the greatness of your big hearts but IF you decided to offer this service, you should really look into doing it faster.
Bottom line: either you do it faster or don't do it at all. Just don't advertise false expectations of hope for those who terribly need you

#4 Elise


    

  
  
  
  
  

Posted 24 October 2009 - 01:50 PM

Since this issue seems resolved, this topic will now be closed.

If you are the original topic starter and you need this topic to be reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."


Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome


Malware analyst @ Emsisoft

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users