Jump to content

oljim2112

Members
  • Posts

    1
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I can't delete the traces left by this virus. The one that I can't delete is: FXSAPIDebugLogFile Here are the logs Thanks in advance . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by DELL GX 620 at 4:12:21 on 2012-04-26 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3574.2433 [GMT -5:00] . AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Application Updater\ApplicationUpdater.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\RunDll32.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.igoogle.com/ uSearch Bar = Preserve uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\5.5\iobitToolbarIE.dll BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\5.5\iobitToolbarIE.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\5.5\iobitToolbarIE.dll uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe mRun: [Conime] %windir%\system32\conime.exe mRun: [<NO NAME>] mRun: [searchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe" mRun: [unlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray dRunOnce: [KodakHomeCenter] "c:\program files\kodak\aio\center\AiOHomeCenter.exe" mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm IE: Download with IDM - c:\program files\internet download manager\IEExt.htm IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{4154CC54-DB23-4ED6-BAE8-C1325268E67F} : DhcpNameServer = 209.18.47.61 209.18.47.62 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: igfxcui - igfxdev.dll Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll . ============= SERVICES / DRIVERS =============== . R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2012-1-25 15672] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-10-20 612184] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-10-20 337880] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-3-29 242240] R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-7-18 116608] R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2011-12-9 913752] R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2012-4-16 784792] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-10-20 20696] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-10-20 57688] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-3-23 44768] R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2011-12-29 89376] R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-10-23 821592] R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2012-3-16 389120] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-25 654408] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-25 22344] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 Freemake Improver;Freemake Improver;c:\programdata\freemake\freemakeutilsservice\FreemakeUtilsService.exe [2012-3-24 86528] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-20 136176] S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464] S3 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\FileMonitor.sys [2012-4-18 20336] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-20 136176] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024] S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-4-10 121064] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-4-10 12776] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-4-10 136808] S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2011-4-11 77184] S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2011-4-11 25600] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224] S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-4-11 112640] S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\UrlFilter.sys [2012-4-18 19792] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-10-20 1343400] . =============== Created Last 30 ================ . 2012-04-26 09:11:14 6734704 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b77a40a7-02ff-463f-a23f-b458d63abeea}\mpengine.dll 2012-04-25 20:34:22 -------- d-----w- c:\users\dell gx 620\appdata\local\Temp 2012-04-25 19:55:40 -------- d-----w- c:\program files\Unlocker 2012-04-25 08:15:51 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-25 08:15:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-24 18:56:42 -------- d-----w- c:\program files\Application Updater 2012-04-24 18:56:41 -------- d-----w- c:\program files\IObit Toolbar 2012-04-24 18:56:41 -------- d-----w- c:\program files\common files\Spigot 2012-04-24 09:19:57 719872 ----a-w- c:\windows\system32\devil.dll 2012-04-24 09:19:56 70656 ----a-w- c:\windows\system32\yv12vfw.dll 2012-04-24 09:19:56 369152 ----a-w- c:\windows\system32\avisynth.dll 2012-04-24 09:19:56 32256 ----a-w- c:\windows\system32\AVSredirect.dll 2012-04-24 09:19:55 70656 ----a-w- c:\windows\system32\i420vfw.dll 2012-04-24 09:19:33 -------- d-----w- c:\program files\AviSynth 2.5 2012-04-24 06:19:30 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-04-24 06:19:30 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-04-24 06:19:30 327749 ----a-w- c:\windows\system32\drvc.dll 2012-04-24 06:17:25 -------- d-----w- c:\program files\Conduit 2012-04-24 06:17:19 -------- d-----w- c:\users\dell gx 620\appdata\local\Conduit 2012-04-24 04:01:24 -------- d-----w- c:\users\dell gx 620\appdata\roaming\HandBrake 2012-04-24 04:00:31 -------- d-----w- c:\program files\Handbrake 2012-04-14 10:30:06 -------- d-----w- c:\users\dell gx 620\.ssh 2012-04-12 09:28:52 770912 ----a-w- c:\windows\system32\Msfdbqp.dll 2012-04-12 09:28:52 511328 ----a-w- c:\windows\system32\Synchronization2.dll 2012-04-12 09:28:52 397152 ----a-w- c:\windows\system32\Msfdbse.dll 2012-04-12 09:28:52 253280 ----a-w- c:\windows\system32\MetaStore2.dll 2012-04-12 09:28:52 230240 ----a-w- c:\windows\system32\Msfdb.dll 2012-04-12 09:28:52 189792 ----a-w- c:\windows\system32\SimpleProviders2.dll 2012-04-12 09:28:52 171360 ----a-w- c:\windows\system32\FileSyncProvider2.dll 2012-04-12 09:28:52 156512 ----a-w- c:\windows\system32\FeedSync2.dll 2012-04-12 08:01:02 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-12 08:01:02 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-12 08:01:01 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-04-12 08:01:01 159232 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-10 09:38:19 -------- d-----w- c:\users\dell gx 620\appdata\local\NPE 2012-04-10 09:38:19 -------- d-----w- c:\programdata\Norton 2012-04-10 07:27:06 136808 ----a-w- c:\windows\system32\drivers\ssadmdm.sys 2012-04-10 07:27:06 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys 2012-04-10 07:27:06 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys 2012-04-10 07:27:06 10472 ----a-w- c:\windows\system32\drivers\ssadcm.sys 2012-04-10 07:27:06 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys 2012-04-10 07:27:06 10344 ----a-w- c:\windows\system32\drivers\ssadwh.sys 2012-04-10 07:27:05 121064 ----a-w- c:\windows\system32\drivers\ssadbus.sys 2012-04-10 07:25:33 12488 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys 2012-04-10 07:25:33 12488 ----a-w- c:\windows\system32\drivers\sscdwh.sys 2012-04-10 07:25:32 14920 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys 2012-04-10 07:25:32 132424 ----a-w- c:\windows\system32\drivers\sscdmdm.sys 2012-04-10 07:25:32 12616 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys 2012-04-10 07:25:32 12616 ----a-w- c:\windows\system32\drivers\sscdcm.sys 2012-04-10 07:25:32 104648 ----a-w- c:\windows\system32\drivers\sscdbus.sys 2012-04-09 22:17:16 -------- d-----w- c:\users\dell gx 620\appdata\local\Samsung 2012-04-09 22:06:26 4659712 ----a-w- c:\windows\system32\Redemption.dll 2012-04-09 22:06:06 -------- d-----w- c:\program files\MarkAny 2012-04-09 22:04:16 -------- d-----w- c:\users\dell gx 620\appdata\roaming\Samsung 2012-04-09 22:04:11 -------- d-----w- c:\programdata\Samsung 2012-04-09 22:04:11 -------- d-----w- c:\program files\Samsung 2012-04-09 22:02:52 -------- d-----w- c:\users\dell gx 620\appdata\local\Downloaded Installations 2012-03-29 06:50:45 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2012-03-29 06:50:16 -------- d-----w- c:\program files\DAEMON Tools Lite 2012-03-29 05:10:00 -------- d-----w- c:\users\dell gx 620\appdata\roaming\DAEMON Tools Lite 2012-03-29 05:09:58 -------- d-----w- c:\programdata\DAEMON Tools Lite . ==================== Find3M ==================== . 2012-03-09 14:12:36 121208 ----a-w- c:\windows\system32\drivers\AnyDVD.sys 2012-03-06 23:15:19 41184 ----a-w- c:\windows\avastSS.scr 2012-03-06 23:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-03-06 23:02:14 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-03-06 23:01:48 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll 2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll 2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-02-17 05:34:22 919040 ----a-w- c:\windows\system32\rdpcorets.dll 2012-02-17 05:34:22 826880 ----a-w- c:\windows\system32\rdpcore.dll 2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll 2012-02-07 16:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-02-03 03:54:27 2343424 ----a-w- c:\windows\system32\win32k.sys 2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe . ============= FINISH: 4:12:55.31 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.