Jump to content

atmpvcno32 virus


Recommended Posts

Here's my logs:

DDS.txt:

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Run by Compaq_Administrator at 18:45:47 on 2011-07-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1371 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\MYOWNS~2\bar\1.bin\cwbrmon.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\Sktempdm.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nwcfg32.exe
C:\WINDOWS\system32\atmpvcno32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
svchost.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\system32\imapi.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uURLSearchHooks: N/A: {432cad96-6aa6-407a-ab37-6cfdcd73f377} - c:\program files\myownsuperheroie\bar\1.bin\cwSrcAs.dll
mURLSearchHooks: H - No File
mURLSearchHooks: N/A: {432cad96-6aa6-407a-ab37-6cfdcd73f377} - c:\program files\myownsuperheroie\bar\1.bin\cwSrcAs.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Search Assistant BHO: {be5bab39-39b5-45c1-83f2-10ee5ae55587} - c:\program files\myownsuperheroie\bar\1.bin\cwSrcAs.dll
BHO: Toolbar BHO: {c335fe0b-1418-42fb-942f-2c1e13259052} - c:\progra~1\myowns~2\bar\1.bin\cwbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\hypercam toolbar\tbcore3.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\pagerage\YontooIEClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: MyOwnSuperhero: {3bcf580a-adca-4b91-86e0-3898010003e6} - c:\program files\myownsuperheroie\bar\1.bin\cwbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [Detect Kbd Daemon] SK2000DM.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [MyOwnSuperheroIE Browser Plugin Loader] c:\progra~1\myowns~2\bar\1.bin\cwbrmon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\5577497\program\Compaq Connections.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.gamehouse.com/realarcade-webgames/insaniquarium/popcaploader.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{32BC363E-0E44-4E0E-8E23-F7597E33FF13} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{475CDA0F-CA7F-404E-8C2E-5CABF24C6DCA} : NameServer = 10.0.1.1
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\5nz6w7ov.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b159828&v=6.103.018.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - plugin: c:\progra~1\sonyon~1\npsoe.dll
FF - plugin: c:\progra~1\sonyon~1\npsoeact.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
.
============= SERVICES / DRIVERS ===============
.
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2008-11-28 366640]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 mnmsrvc32;NetMeeting Remote Desktop Sharing ;c:\windows\system32\nwcfg32.exe [2011-6-24 565248]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-6-6 22712]
S0 robpiym;robpiym;c:\windows\system32\drivers\uerk.sys --> c:\windows\system32\drivers\uerk.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-13 135664]
S2 MyOwnSuperheroIEService;MyOwnSuperhero Service;c:\progra~1\myowns~2\bar\1.bin\cwbarsvc.exe [2010-10-30 28766]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-13 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-6-6 39984]
S3 PAC207;Webcam Basic;c:\windows\system32\drivers\PFC027.sys [2005-4-8 162176]
S3 SKUSBKBF;USB Keyboard Filter Driver;c:\windows\system32\drivers\skusbkbf.sys [2001-7-27 14048]
S3 SQ931;Zoom 2.0 Webcam;c:\windows\system32\drivers\capt931a.sys --> c:\windows\system32\drivers\Capt931a.sys [?]
.
=============== Created Last 30 ================
.
2011-07-09 19:45:01 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-07-09 19:38:35 565248 ------w- c:\windows\system32\atmpvcno32.exe
2011-07-09 19:15:31 -------- d-sha-r- C:\cmdcons
2011-07-09 19:11:45 98816 ----a-w- c:\windows\sed.exe
2011-07-09 19:11:45 518144 ----a-w- c:\windows\SWREG.exe
2011-07-09 19:11:45 256000 ----a-w- c:\windows\PEV.exe
2011-07-09 19:11:45 208896 ----a-w- c:\windows\MBR.exe
2011-07-09 19:11:36 -------- d-----w- C:\ComboFix
2011-07-04 21:31:59 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-07-04 21:31:56 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-07-02 17:04:46 -------- d-----w- c:\program files\directx
2011-06-25 20:51:52 -------- d-----w- c:\windows\tmp
2011-06-24 04:50:45 565248 ----a-w- c:\windows\system32\nwcfg32.exe
2011-06-14 22:55:04 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-06-14 22:55:04 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2011-06-27 19:32:09 0 ----a-w- c:\windows\Pxuvifigocixaf.bin
2011-06-04 19:20:22 77824 --sha-r- c:\windows\system32\ntkrnlpal.dll
2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-02 15:31:52 692736 ------w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ------w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ------w- c:\windows\system32\drivers\mup.sys
2009-09-09 19:02:21 15107 ----a-w- c:\program files\common files\ituxy.reg
2009-09-09 19:02:21 13809 ----a-w- c:\program files\common files\lepozy.sys
2008-11-23 18:25:26 17336 ----a-w- c:\program files\common files\ojipadyz.com
2008-11-23 18:25:26 16440 ----a-w- c:\program files\common files\ozobereme.dll
2008-11-23 18:25:26 16425 ----a-w- c:\program files\common files\kizel.pif
2008-11-19 22:07:53 14062 ----a-w- c:\program files\common files\yxab.com
2008-11-19 22:07:53 11596 ----a-w- c:\program files\common files\idulifoda.bat
.
============= FINISH: 18:47:03.95 ===============

mbam-log-2011-07-16 (16-36-26).txt:


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7164

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/16/2011 4:36:26 PM
mbam-log-2011-07-16 (16-36-26).txt

Scan type: Quick scan
Objects scanned: 270911
Time elapsed: 5 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\localservice\application data\020000005cf797a21385c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\020000005cf797a21385o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\020000005cf797a21385p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\020000005cf797a21385s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\020000005cf797a21385c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\020000005cf797a21385o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\020000005cf797a21385p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\020000005cf797a21385s.manifest (Malware.Trace) -> Quarantined and deleted successfully.

DDS/GMER log zipped and attached here: Attach.zip

Thanks in advance,

Anthony

Link to post
Share on other sites

How's it running after the MBAM scan?

No change; every MBAM scan (full or quick) shows 1 or 2 instances of C:\Windows\System32\atmpvcno32.exe and several Malware.trace files.

Just started a new scan to post its results.

Hooray! Some recent update seems to have finally killed this one!

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7164

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/19/2011 6:04:41 AM
mbam-log-2011-07-19 (06-04-41).txt

Scan type: Quick scan
Objects scanned: 270589
Time elapsed: 4 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I had started a Full Scan last night, but it must've run the scheduled Quick Scan this morning & I grabbed the wrong (latest) log. Only difference this time (besides the MBAM update) was I disabled the network interface on the machine.

Thanks again, okay to close this thread.

Anthony

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.