Infected With Trojan (may Be Bifrost?)

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Infected With Trojan (may Be Bifrost?), Do not know how to remove it - please help

Options

Shyguy52 View Member Profile	Aug 17 2008, 03:53 PM Post #1
Member Group: Members Posts: 29 Joined: 10-August 08 From: New York Member No.: 229,014	I think I downloaded a trojan that is causing my computer and programs to freeze. The screen often goes blank for two seconds at a time (usually when opening a file/program), and graphics are significantly messed up, leaving permanent trails. I have run Zone Alarm (which has identified "Kazaa Lite goop 28" and "P2P-Worm.Win32.Logpole.c..."), AVG, and AOL anti-virus (stating that there is an infection of "Bifrost"). Below is my Hijack this log; I followed the steps listed on bleepingcomputer and the problem was not resolved. Please help, the graphic problems appear to be getting worse. Thanks in advance. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:43:48 PM, on 8/17/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\system32\LxrSII1s.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe c:\Program Files\Citrix\ICA Client\ssonsvr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\AOL\1140500856\ee\AOLSoftware.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe C:\Program Files\Steinberg\MI4\MI4tray.exe C:\WINDOWS\system32\MAFWTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Citrix\ICA Client\pnagent.exe c:\program files\common files\aol\1140500856\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140500856\ee\AOLSoftware.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup O4 - HKLM\..\Run: [MI4Tray] C:\Program Files\Steinberg\MI4\MI4tray.exe O4 - HKLM\..\Run: [MAFWTaskbarApp] C:\WINDOWS\system32\MAFWTray.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetup Control) - https://rc1.oft.state.ny.us/dana-cached/set...uniperSetup.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 8630 bytes

Posts in this topic

Shyguy52 Infected With Trojan (may Be Bifrost?) Aug 17 2008, 03:53 PM

SNOWHITE Hello and welcome to BC Apologize for the delay ... Aug 30 2008, 04:10 PM

Shyguy52 No worries about the wait, Snowhite, am happy to g... Sep 2 2008, 11:12 PM

thewall Hello Shyguy52 :) Welcome to the BC HijackThis ... Sep 3 2008, 08:09 PM

Shyguy52 Ok, no problem. Appreciate the help. Sep 4 2008, 06:29 PM

thewall According to your log you are using both AVG7 and ... Sep 6 2008, 12:53 PM

Shyguy52 Here is the ComboFix log. ComboFix 08-09-05.... Sep 9 2008, 01:55 AM

thewall ComboFix did not show up much so let's try som... Sep 9 2008, 10:22 AM

Shyguy52 While performing the Malwarebytes scan, I got anot... Sep 10 2008, 01:55 AM

thewall What did you do with relation to the Zone Alarm Se... Sep 10 2008, 06:54 AM

Shyguy52 I did update it after uninstalling AVG. ZoneAlarm... Sep 10 2008, 07:24 PM

thewall Can you look to see if these two files are in quar... Sep 10 2008, 08:32 PM

Shyguy52 Yes, both files are quarantined in Zonealarm. How... Sep 11 2008, 02:07 AM

thewall Open up your Zone Alarm and delete the two progra... Sep 11 2008, 11:42 AM

Shyguy52 I deleted the two files on Zonealarm and went to t... Sep 12 2008, 01:27 AM

thewall Give this one a try: Please run the [color=red]... Sep 12 2008, 06:29 AM

Shyguy52 I think I got the BitDefender scan to work (I down... Sep 13 2008, 06:53 PM

thewall See if you can do this: You may have overlooked it... Sep 13 2008, 07:41 PM

Shyguy52 These are the two new RIST logs. info.txt lo... Sep 14 2008, 09:51 PM

thewall OK, that was what I was looking for. While I am st... Sep 15 2008, 09:00 AM

Shyguy52 Ok... I uninstalled BitDefender and Firefox and I... Sep 16 2008, 01:49 AM

thewall First go here in Internet Explorer: Tools->Inte... Sep 16 2008, 07:37 AM

Shyguy52 Scan didn't exactly follow the steps listed, h... Sep 18 2008, 11:52 AM

thewall Let's go a little deeper and see if something ... Sep 18 2008, 02:01 PM

Shyguy52 GMER 1.0.14.14536 - http://www.gmer.net Rootkit sc... Sep 18 2008, 10:54 PM

thewall I would like you to run your AVG again or open it ... Sep 19 2008, 09:49 AM

Shyguy52 I actually deleted AVG, but I can reinstall it, I ... Sep 19 2008, 07:02 PM

thewall I'm sorry, I had forgotten that you uninstalle... Sep 19 2008, 07:47 PM

Shyguy52 I tried updating my zonealarm (free version), the ... Sep 21 2008, 06:51 PM

thewall We'll leave it blocked for now. I have also d... Sep 21 2008, 07:39 PM

Shyguy52 Here is the Dr. Web log. BTW, will anybody else b... Sep 22 2008, 07:12 AM

thewall DrWeb found a few things, not a lot. Is there any ... Sep 22 2008, 08:21 AM

Shyguy52 I haven't tried running the machine since the ... Sep 22 2008, 06:13 PM

thewall It identified and deleted some things which were i... Sep 22 2008, 07:02 PM

PropagandaPanda Hello Shyguy52. thewall will be away for a few da... Sep 23 2008, 03:01 PM

Shyguy52 Thanks Panda- Just so you know, the computer has ... Sep 23 2008, 09:43 PM

PropagandaPanda Hello Shyguy52. Since it's been awhile, pleas... Sep 24 2008, 07:24 AM

Shyguy52 Panda- Still having the same problems as before. ... Sep 26 2008, 02:40 AM

PropagandaPanda Hello Shyguy52. From what I see, you problems are... Sep 26 2008, 10:51 AM

Shyguy52 All done regarding the Java. Here's the new R... Sep 27 2008, 05:27 PM

PropagandaPanda Hello Shyguy52. You are good to go. For your non-... Sep 28 2008, 08:38 AM

Shyguy52 Thanks for your help, Panda. I am curious, though... Sep 28 2008, 06:51 PM

PropagandaPanda Hello Shyguy52. From skimming over what thewall w... Sep 29 2008, 07:19 AM

Shaba Since this issue appears resolved ... this Topic i... Oct 1 2008, 02:21 PM

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Switch to: Standard · Switch to: Linear+ · Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 21st November 2009 - 09:30 PM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides