Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan Horse Agent.4.P


  • Please log in to reply
1 reply to this topic

#1 Rob68

Rob68

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 19 January 2009 - 08:29 AM

DDS (Ver_09-01-18.01) - NTFSx86
Run by Owner at 7:36:40.89 on Mon 01/19/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.77 [GMT -5:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated)
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Tiger Technologies\DeskFlag\deskflag.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\HPOVDX05.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\NAUA17ZE\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bocawoods.net/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: IEToolbarBHO Class: {59279ad0-e6c6-4e0b-bc71-c23dc56ebcfa} - c:\program files\sidestep\ie toolbar\5.0.0.1024\SideStepIEToolbar.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {a635cfb1-472a-404a-8074-6097acb6d7ef} - c:\windows\system32\dmdlgsj.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &SideStep Toolbar: {63132952-a04d-4a7f-be9b-9ff53c07a7de} - c:\program files\sidestep\ie toolbar\5.0.0.1024\SideStepIEToolbar.dll
EB: SideStep Search: {30f4027a-92a1-4571-8c49-564e1fb85a79} - c:\program files\sidestep\ie toolbar\5.0.0.1024\SideStepIEToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [VTTrayp] VTtrayp.exe
mRun: [VTTimer] VTTimer.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [PCMM2007RT] "c:\program files\pc mightymax 2007\pcmm2007.exe" /R
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\deskflag.lnk - c:\program files\tiger technologies\deskflag\deskflag.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoffi~1.lnk - c:\program files\hewlett-packard\hp officejet t series\bin\HPOstr05.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-1-8 12552]
R0 eospsfjf;eospsfjf;c:\windows\system32\drivers\eospsfjf.sys [2004-8-4 23424]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-8 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-8 27656]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-8 107272]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-12-19 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-12-19 54968]
R3 ADM8511;Belkin USB Ethernet Adapter;c:\windows\system32\drivers\NET8511.SYS [2008-4-8 24424]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-9-3 99376]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090114.017\naveng.sys [2009-1-14 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090114.017\navex15.sys [2009-1-14 876112]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-8 298264]
R4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-3-7 192160]
R4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-3-7 169632]
R4 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-3-17 1799408]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-3-17 115952]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

=============== Created Last 30 ================

2009-01-18 18:39 <DIR> --d----- c:\program files\Trend Micro
2009-01-18 18:23 78,240 a------- c:\windows\system32\drivers\FILEM701.SYS
2009-01-18 16:58 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-01-18 16:58 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-18 16:58 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-18 16:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-18 16:58 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-09 22:46 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-01-09 22:46 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-01-09 21:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\2126522174
2009-01-08 11:27 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-08 11:27 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-01-08 11:27 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-01-08 11:27 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-08 11:27 <DIR> --d----- c:\program files\AVG
2009-01-08 11:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-01-07 22:44 <DIR> --d----- c:\program files\PC MightyMax 2007
2009-01-07 20:56 99,840 a------- c:\windows\system32\dmdlgsj.dll
2009-01-02 20:26 <DIR> --d----- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-01-02 20:26 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-01-02 20:26 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-01-02 20:26 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-12-29 21:42 410,984 a------- c:\windows\system32\deploytk.dll

==================== Find3M ====================

2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-11-02 20:57 20,328 a------- c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-09-22 10:22 16,384 a--sh--- c:\windows\system32\config\systemprofile\cookies\index.dat
2008-09-22 10:22 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2008-07-30 17:26 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008073020080731\index.dat
2008-09-22 10:22 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 7:38:42.78 ===============

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:58 PM

Posted 30 January 2009 - 08:02 AM

Hello Rob68

Welcome to BleepingComputer :thumbup2:
========================
If you are still in need of assistance please post a new dds log.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users