Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with red circle white x virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 moshibie

moshibie

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 04 February 2010 - 04:07 PM

Continue to get a pop up SMScvhost.exe has stopped working, pop ups with your computer is infected, and a warning application cannot be executed. the file is infected. please activate your antivirus software. Click here to protect your computer. I receive each of the messages continually. Thank you so much for whatever help I can get.

I did not get anArk.txt log fromRootRepeal. It said it would not work on a 64 bit

Michael



DDS (Ver_09-12-01.01) - NTFSX64
Run by Michael at 13:45:31.56 on Thu 02/04/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4091.2599 [GMT -7:00]

AV: Panda Antivirus Pro 2009 *On-access scanning enabled* (Updated) {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}
SP: Panda Antivirus Pro 2009 *enabled* (Updated) {FE6602D3-1E71-4EBB-B4E3-D1C9CBDAF0A1}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2009\TPSrvWow.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\astsrv.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Michael\Downloads\FbHaker2010\Facebook Hacker.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Michael\AppData\Local\Temp\arcotray.exe
C:\Windows\system32\nlsInterface.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2009\pavsrvx86.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2009\ApVxdWin.exe
C:\Users\Michael\AppData\Local\Temp\Fsl.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Windows\SysWOW64\smss32.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Windows\SysWOW64\mdm.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
C:\Windows\msd.exe
C:\Users\Michael\AppData\Local\Temp\SMScvhost.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2009\psimreal.exe
C:\Users\Michael\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2436531
mLocal Page = c:\windows\syswow64\blank.htm
uURLSearchHooks: iPhone OS 3 Toolbar: {74714d77-1695-4e73-a98e-25cb374f46b4} - c:\program files (x86)\iphone_os_3\tbiPho.dll
mURLSearchHooks: iPhone OS 3 Toolbar: {74714d77-1695-4e73-a98e-25cb374f46b4} - c:\program files (x86)\iphone_os_3\tbiPho.dll
mWinlogon: Shell=explorer.exe rundll32.exe ijao.wto bqaoutd
mWinlogon: Userinit=c:\windows\system32\winlogon32.exe
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files (x86)\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files (x86)\real\realplayer\rpbrowserrecordplugin.dll
BHO: iPhone OS 3 Toolbar: {74714d77-1695-4e73-a98e-25cb374f46b4} - c:\program files (x86)\iphone_os_3\tbiPho.dll
BHO: Megaupload Toolbar: {a057a204-bacc-4d26-c39e-35f1d2a32ec8} - c:\progra~2\megaup~2\MEGAUP~1.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files (x86)\megaupload\mega manager\MegaIEMn.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files (x86)\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: Megaupload Toolbar: {a057a204-bacc-4d26-c39e-35f1d2a32ec8} - c:\progra~2\megaup~2\MEGAUP~1.DLL
TB: iPhone OS 3 Toolbar: {74714d77-1695-4e73-a98e-25cb374f46b4} - c:\program files (x86)\iphone_os_3\tbiPho.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [uTorrent] "c:\program files (x86)\utorrent\uTorrent.exe"
uRun: [AdobeBridge]
uRun: [wLite] "c:\program files (x86)\wlite\wLite.exe" -auto
uRun: [<NO NAME>] c:\users\michael\downloads\fbhaker2010\Facebook Hacker.exe
uRun: [F5JMWNZTHI] c:\users\michael\appdata\local\temp\Fsl.exe
uRun: [smss32.exe] c:\windows\system32\smss32.exe
uRun: [Avp] c:\users\michael\appdata\roaming\avpp\Avpp.exe
mRun: [AdobeCS4ServiceManager] "c:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files (x86)\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files (x86)\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~2\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [VirtualCloneDrive] "c:\program files (x86)\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [APVXDWIN] "c:\program files (x86)\panda security\panda antivirus pro 2009\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "c:\program files (x86)\panda security\panda antivirus pro 2009\Inicio.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [UpdatePDRShortCut] "c:\program files (x86)\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\8.0"
mRun: [TkBellExe] "c:\program files (x86)\common files\real\update_ob\realsched.exe" -osboot
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [smss32.exe] c:\windows\system32\smss32.exe
mRun: [benimKey] c:\windows\myserver.Exe
mRun: [Avp] c:\users\michael\appdata\roaming\avpp\Avpp.exe
uExplorerRun: [avp] c:\users\michael\appdata\roaming\avpp\Avpp.exe
mExplorerRun: [avp] c:\users\michael\appdata\roaming\avpp\Avpp.exe
StartupFolder: c:\users\michael\appdata\roaming\micros~1\windows\startm~1\programs\startup\2554964a.lnk - c:\users\michael\appdata\local\temp\arcotray.exe
StartupFolder: c:\users\michael\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files (x86)\openoffice.org 3\program\quickstart.exe
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Download Link Using Mega Manager... - c:\program files (x86)\megaupload\mega manager\mm_file.htm
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files (x86)\bonjour\ExplorerPlugin.dll
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
Trusted Zone: is-software-download.com
Trusted Zone: is-software-download25.com
Trusted Zone: is10-soft-download.com
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
mASetup: {2QLUJCPD-5548-62V4-MQ5S-TMS1Y4I1U068} - c:\users\michael\appdata\roaming\avpp\Avpp.exe Restart
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - No File
TB-X64: {74714D77-1695-4E73-A98E-25CB374F46B4} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\users\michael\appdata\roaming\mozilla\firefox\profiles\ud3438f2.default\
FF - component: c:\program files (x86)\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\users\michael\appdata\roaming\move networks\plugins\npqmp071701000008.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot64.sys [2009-11-26 33792]
R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-11-26 54480]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 203264]
R2 AmFSM;Panda On-Access Minifilter;c:\windows\system32\drivers\amm6460.sys [2009-11-26 57400]
R2 nlscc;Nalpeiron X64 Service;c:\windows\system32\nlsInterface.EXE [2010-1-11 72192]
R2 Panda Software Controller;Panda Software Controller;c:\program files (x86)\panda security\panda antivirus pro 2009\PsCtrlS.exe [2009-11-26 181504]
R2 PAVFNSVR;Panda Function Service;c:\program files (x86)\panda security\panda antivirus pro 2009\PavFnSvr.exe [2009-11-26 169216]
R2 PAVSRV;Panda On-Access Anti-Malware Service;c:\program files (x86)\panda security\panda antivirus pro 2009\pavsrvx86.exe [2009-11-26 290048]
R2 PskSvcRetail;Panda PSK service;c:\program files (x86)\panda security\panda antivirus pro 2009\psksvc.exe [2009-11-26 28928]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60a.sys [2009-6-10 270848]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\netw5v64.sys [2009-6-10 5434368]
S2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\astsrv.exe --> c:\windows\system32\ASTSRV.EXE [?]
S2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k panda --> c:\windows\system32\svchost -k Panda [?]
S2 nlsInterface;Nalpeiron Licensing Service 64-bit;c:\windows\system32\nlsInterface.EXE [2010-1-11 72192]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-12-11 16776]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-12-11 9096]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2009-11-26 1038088]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam_x64.sys [2008-3-13 27136]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-8-28 49152]

============== File Associations ===============

JSEFile=c:\progra~2\pandas~1\pandaa~1\PAVSCRIP.EXE "%1" %*
VBEFile=c:\progra~2\pandas~1\pandaa~1\PAVSCRIP.EXE "%1" %*
VBSFile=c:\progra~2\pandas~1\pandaa~1\PAVSCRIP.EXE "%1" %*

=============== Created Last 30 ================

2010-02-04 20:36:21 135168 ----a-w- c:\windows\msd.exe
2010-02-04 20:30:42 2931 ----a-w- c:\windows\syswow64\warning.html
2010-02-04 20:14:11 135168 ----a-w- c:\windows\msc.exe
2010-02-04 20:08:26 0 d-----w- C:\SDFix
2010-02-04 19:59:38 135168 ----a-w- c:\windows\msb.exe
2010-02-04 19:56:36 0 ----a-w- c:\windows\syswow64\IS15.exe
2010-02-04 19:56:36 0 ----a-w- c:\windows\syswow64\helper32.dll
2010-02-04 19:56:36 0 ----a-w- c:\windows\syswow64\41.exe
2010-02-04 19:56:23 54272 ----a-w- c:\windows\syswow64\winlogon32.exe
2010-02-04 19:56:23 54272 ----a-w- c:\windows\syswow64\smss32.exe
2010-02-04 19:56:18 22016 ----a-w- c:\windows\syswow64\ijao.wto
2010-02-04 19:55:54 21504 ----a-w- c:\windows\syswow64\glrl.rvo
2010-02-04 19:46:09 0 d-----w- c:\program files (x86)\SuperBladePro
2010-02-04 17:13:48 135168 ----a-w- c:\windows\msa.exe
2010-01-30 22:24:40 0 d-----w- c:\program files (x86)\MSXML 4.0
2010-01-29 23:01:58 0 d-----w- c:\users\michael\appdata\roaming\MAGIX
2010-01-29 23:00:19 0 d-----w- c:\program files (x86)\common files\xara
2010-01-29 23:00:19 0 d-----w- c:\program files (x86)\common files\MAGIX Shared
2010-01-29 22:59:25 0 d-----w- c:\programdata\MAGIX
2010-01-29 22:59:12 120200 ----a-w- c:\windows\syswow64\DLLDEV32i.dll
2010-01-29 22:59:12 0 d-----w- c:\program files (x86)\MAGIX
2010-01-29 22:54:32 700416 ----a-w- c:\windows\syswow64\mgxoschk.dll
2010-01-29 22:54:32 6211 ----a-w- c:\windows\mgxoschk.ini
2010-01-29 22:54:32 0 d-----w- c:\windows\syswow64\MAGIX
2010-01-29 20:51:34 0 d-----w- c:\program files (x86)\Alien Skin
2010-01-28 00:38:10 2870272 ----a-w- c:\windows\explorer.exe
2010-01-28 00:38:10 2614272 ----a-w- c:\windows\syswow64\explorer.exe
2010-01-28 00:38:09 389632 ----a-w- c:\windows\system32\winlogon.exe
2010-01-25 22:47:51 2 ----a-w- c:\windows\syswow64\krx240.dat
2010-01-25 22:47:40 0 d-----w- c:\program files (x86)\Web Button Maker Deluxe
2010-01-22 13:49:33 5961728 ----a-w- c:\windows\syswow64\mshtml.dll
2010-01-22 13:49:33 10976768 ----a-w- c:\windows\syswow64\ieframe.dll
2010-01-22 13:49:32 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-01-22 13:49:32 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-01-22 13:49:32 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-01-22 13:49:32 1224704 ----a-w- c:\windows\syswow64\urlmon.dll
2010-01-22 13:49:32 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-01-16 17:54:29 0 d-----w- c:\users\michael\appdata\roaming\Mask Pro 4.0
2010-01-13 16:52:21 70656 ----a-w- c:\windows\syswow64\fontsub.dll
2010-01-13 16:52:21 148480 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 16:52:21 108544 ----a-w- c:\windows\syswow64\t2embed.dll
2010-01-13 16:52:21 100864 ----a-w- c:\windows\system32\fontsub.dll
2010-01-12 03:21:26 0 d-----w- c:\users\michael\appdata\roaming\Nik Software
2010-01-12 03:17:51 0 d-----w- c:\program files (x86)\Nik Software
2010-01-11 23:46:32 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-01-11 23:46:32 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-01-11 19:11:35 0 d-----w- c:\windows\MSSecurityNS
2010-01-11 19:11:35 0 d-----w- c:\windows\MSSecurityNi
2010-01-11 18:11:21 0 d-----w- c:\program files (x86)\onOne Software
2010-01-11 16:15:04 227840 ----a-w- c:\windows\syswow64\Deco_32.dll
2010-01-11 16:04:02 0 d-----w- c:\users\michael\appdata\roaming\onOne Software
2010-01-11 16:00:54 0 d-----w- c:\programdata\onOne Software
2010-01-11 16:00:50 61440 ----a-w- c:\windows\syswow64\nlssrv32.exe
2010-01-11 16:00:50 57344 ------w- c:\windows\syswow64\ASTSRV.EXE
2010-01-11 16:00:47 72192 ------w- c:\windows\system32\nlsInterface.EXE
2010-01-08 17:56:54 6144 ----a-w- C:\aircam.grf
2010-01-08 17:54:44 85504 ----a-w- c:\windows\syswow64\ff_vfw.dll
2010-01-08 17:54:43 0 d-----w- c:\program files (x86)\ffdshow
2010-01-08 17:52:44 0 d-----w- c:\program files (x86)\Senstic
2010-01-07 23:55:23 0 d-----w- C:\MyAudio
2010-01-07 23:40:41 0 d-----w- c:\programdata\AVS4YOU
2010-01-07 21:20:46 0 d-----w- c:\users\michael\appdata\roaming\AVS4YOU
2010-01-07 21:20:45 1700352 ----a-w- c:\windows\syswow64\GdiPlus.dll
2010-01-07 21:20:43 24576 ----a-w- c:\windows\syswow64\msxml3a.dll
2010-01-07 21:20:43 0 d-----w- c:\program files (x86)\common files\AVSMedia
2010-01-07 21:20:28 0 d-----w- c:\program files (x86)\AVS4YOU
2010-01-07 20:34:55 0 d-----w- c:\users\michael\appdata\roaming\OpenOffice.org
2010-01-07 20:29:53 0 d-----w- c:\program files (x86)\JRE
2010-01-07 20:29:48 0 d-----w- c:\program files (x86)\OpenOffice.org 3
2010-01-07 20:29:04 149280 ----a-w- c:\windows\syswow64\javaws.exe
2010-01-07 20:29:04 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-01-07 20:29:04 145184 ----a-w- c:\windows\syswow64\java.exe
2010-01-07 01:15:59 489480 ----a-w- c:\windows\system32\XAudio2_0.dll
2010-01-07 00:13:55 0 d-----w- C:\temp
2010-01-05 21:48:20 0 d-----w- c:\users\michael\Library
2010-01-05 21:48:20 0 d-----w- c:\users\michael\appdata\roaming\com.adobe.ExMan

==================== Find3M ====================

2010-01-14 18:12:06 212352 ------w- c:\windows\system32\MpSigStub.exe
2010-01-05 01:19:54 411368 ----a-w- c:\windows\syswow64\deploytk.dll
2009-12-19 16:42:12 185920 ----a-w- c:\windows\syswow64\rmoc3260.dll
2009-12-19 16:42:08 6656 ----a-w- c:\windows\syswow64\pndx5016.dll
2009-12-19 16:42:08 5632 ----a-w- c:\windows\syswow64\pndx5032.dll
2009-12-19 16:41:57 348160 ------w- c:\windows\syswow64\msvcr71.dll
2009-12-19 16:41:57 278528 ----a-w- c:\windows\syswow64\pncrt.dll
2009-12-16 23:03:26 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2009-12-15 21:19:48 99384 ----a-w- c:\users\michael\appdata\roaming\inst.exe
2009-12-15 21:19:48 82816 ----a-w- c:\users\michael\appdata\roaming\pcouffin.sys
2009-12-14 22:52:58 82816 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-11-27 01:40:58 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 13:46:46.92 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 PM

Posted 11 February 2010 - 06:44 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted logs, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log



Also, please subscribe to this topic, so you are notified when someone replies. Please continue to check manually on occasion, as every now and then the email may be caught by your spam filter.
To enable topic notifications you should do the following:
  1. Click on the My Controls link at the top of the page to enter your control panel.
  2. Scroll down to the Options category in the left hand side menu bar and click on the Email Settings link.
  3. Put a checkmark in the checkbox labeled Enable 'Email Notification' by default?.
  4. Set the If ticked, choose default type: menu option to Immediate Email Notification to have an email sent immediately when someone replied.

Information on A/V control HERE


PS>> I'm not sure if GMER will run on 64bit, but it's worth a shot.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 PM

Posted 16 February 2010 - 06:41 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users