Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Eee Netbook Possible Trojan?

  • This topic is locked This topic is locked
6 replies to this topic

#1 Hawgit


  • Members
  • 10 posts
  • Gender:Male
  • Location:Texas
  • Local time:04:48 PM

Posted 25 August 2009 - 11:03 AM

I have this Eee PC Netbook that has a built in wireless WIFI. As long as the WIFI is off, everything runs ok. When I enable the WIFI, after about 5 minutes, the hard drive ill run continuously and anything I run will run super slow. Click on a item and it will take about 2-3 minutes before it does anything. The only way out is to hold down the power switch and kill it.
I did run a few Trojan software packages and each found something. I used A-squared, Trojan Hunter, and Trojan Remover. I wish I wrote the trojan names down but I didn't. Each program did quarantine the trojans. After all of the cleaning from the software packages, there seems to be no more trojans. The problem is still here. Also if there are no WIFI's in the area and the WIFI is enabled, the hard drive will run great. Just when the WIFI is on and there is a signal and connected to it. The WIFI icon is flashing on and off slowly.

I would apreciate any help with this.
Sorry for my screw up before.

DDS (Ver_09-07-30.01) - NTFSx86
Run by Joe Reed at 10:38:10.98 on Tue 08/25/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.614 [GMT -5:00]

AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: a-squared Anti-Malware *On-access scanning enabled* (Updated) {0F8591BB-342B-4493-91C3-4E948ED21255}

============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch
C:WINDOWSSystem32svchost.exe -k netsvcs
C:Program Filesa-squared Anti-Malwarea2service.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesNorton AntiVirusEngine16.5.0.134ccSvcHst.exe
C:Program FilesCyberLinkShared FilesRichVideo.exe
C:WINDOWSsystem32svchost.exe -k imgsvc
C:Program FilesElantechETDCtrl.exe
C:Program FilesEeePCACPIAsTray.exe
C:Program FilesEeePCACPIAsAcpiSvr.exe
C:Program FilesEeePCACPIAsEPCMon.exe
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesASUSEeePCSuper Hybrid EngineSuperHybridEngine.exe
C:Program FilesNorton AntiVirusEngine16.5.0.134ccSvcHst.exe
C:Documents and SettingsJoe ReedDesktopdds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://renewalcenter.symantec.com/storefront/user/home.jsp?NOS=kTuW6oYah4ku8F%2FhBgiQjCMhxWMC%2BOBaJ5CDuEdynCCCnOYMOCBCzbBWCDQ6ZyGCJsaCqgJOugdC3R9DP73G432CF&SASSERVER=lcsitemain.symantec.com&TRANSID=%2F10097711%2FAepzjq43866E54D3125D9&GUID=F038B27226A111DE9D8800248C277D0E&SSLT=4096&oslang=iso:ENG&oslocale=iso:USA&vendid=0&vendtag=&epid={f038b272-26a1-11de-9d88-00248c277d0e}
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:program filescommon filesadobeacrobatactivexAcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:program filesaskbardisbarbinaskBar.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:program filesskypetoolbarsinternet explorerSkypeIEPlugin.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:program filesnorton antivirusengine16.5.0.134IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:program filescommon filesmicrosoft sharedwindows liveWindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:program fileswindows live toolbarmsntb.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:program filesaskbardisbarbinaskBar.dll
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:windowssystem32igfxtray.exe
mRun: [HotKeysCmds] c:windowssystem32hkcmd.exe
mRun: [Persistence] c:windowssystem32igfxpers.exe
mRun: [ETDWare] c:program fileselantechETDCtrl.exe
mRun: [AsusTray] c:program fileseeepcacpiAsTray.exe
mRun: [AsusACPIServer] c:program fileseeepcacpiAsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:program fileseeepcacpiAsEPCMon.exe
mRun: [IMJPMIG8.1] "c:windowsimeimjp8_1IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:windowssystem32imepintlgntImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:windowssystem32imetintlgntTINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:windowssystem32imetintlgntTINTSETP.EXE /IMEName
mRun: [Adobe Reader Speed Launcher] "c:program filesadobereader 8.0readerReader_sl.exe"
mRun: [RemoteControl] "c:program filescyberlinkpowerdvdPDVDServ.exe"
mRun: [LanguageShortcut] "c:program filescyberlinkpowerdvdlanguageLanguage.exe"
mRun: [a-squared] "c:program filesa-squared anti-malwarea2guard.exe"
mRun: [SunJavaUpdateSched] "c:program filesjavajre6binjusched.exe"
mRun: [TrojanScanner] c:program filestrojan removerTrjscan.exe /boot
StartupFolder: c:docume~1alluse~1startm~1programsstartupsuperh~1.lnk - c:program filesasuseeepcsuper hybrid engineSuperHybridEngine.exe
IE: &Windows Live Search - c:program fileswindows live toolbarmsntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:progra~1micros~4office12EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:program fileswidcommbluetooth softwarebtsendto_ie_ctx.htm
IE: Send To Bluetooth - c:program fileswidcommbluetooth softwarebtsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:program fileswindows livewriterWriterBrowserExtension.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:program filesskypetoolbarsinternet explorerSkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~4office12REFIEBAR.DLL
DPF: {115B1886-2AE0-4259-9FE4-E32A5DEE5451} - hxxp://www.wowweesupport.com/download/rovio/WebSee_4.0.cab
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://
DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} - hxxp://
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240070101968
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1240070089437
DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} - hxxp://
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:progra~1common~1skypeSKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsmicrosoft.netframeworkv3.5windows presentation foundationdotnetassistantextension
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:windowssystem32driversnav1005000.086SymEFA.sys [2009-5-16 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:windowssystem32driversnav1005000.086BHDrvx86.sys [2009-5-16 258608]
R1 ccHP;Symantec Hash Provider;c:windowssystem32driversnav1005000.086cchpx86.sys [2009-5-16 482352]
R1 IDSxpx86;IDSxpx86;c:documents and settingsall usersapplication datanorton{0c55c096-0f1d-4f28-aaa2-85ef591126e7}nortondefinitionsipsdefs20090810.001IDSXpx86.sys [2009-8-12 276344]
R2 a2AntiMalware;a-squared Anti-Malware Service;c:program filesa-squared anti-malwarea2service.exe [2009-8-20 1864824]
R2 Norton AntiVirus;Norton AntiVirus;c:program filesnorton antivirusengine16.5.0.134ccSvcHst.exe [2009-5-16 115560]
R3 AsusACPI;ASUS ACPI Driver;c:windowssystem32driversASUSACPI.SYS [2009-1-22 10752]
R3 Ktp;Elantech Smart-Pad;c:windowssystem32driversETD.sys [2009-1-22 25216]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:windowssystem32driversl1e51x86.sys [2009-1-22 38400]
R3 NAVENG;NAVENG;c:documents and settingsall usersapplication datanorton{0c55c096-0f1d-4f28-aaa2-85ef591126e7}nortondefinitionsvirusdefs20090814.033NAVENG.SYS [2009-8-14 87888]
R3 NAVEX15;NAVEX15;c:documents and settingsall usersapplication datanorton{0c55c096-0f1d-4f28-aaa2-85ef591126e7}nortondefinitionsvirusdefs20090814.033NAVEX15.SYS [2009-8-14 875728]

=============== Created Last 30 ================

2009-08-23 19:14 162,304 a------- c:windowssystem32ztvunrar36.dll
2009-08-23 19:14 153,088 a------- c:windowssystem32UNRAR3.dll
2009-08-23 19:14 77,312 a------- c:windowssystem32ztvunace26.dll
2009-08-23 19:14 75,264 a------- c:windowssystem32unacev2.dll
2009-08-23 19:14 69,632 a------- c:windowssystem32ztvcabinet.dll
2009-08-23 19:14 <DIR> --d----- c:program filesTrojan Remover
2009-08-23 19:14 <DIR> --d----- c:docume~1joeree~1applic~1Simply Super Software
2009-08-23 19:14 <DIR> --d----- c:docume~1alluse~1applic~1Simply Super Software
2009-08-20 20:17 <DIR> --d----- c:docume~1joeree~1applic~1TrojanHunter
2009-08-20 19:21 <DIR> --d----- c:program filesTrojanHunter 5.0
2009-08-20 19:14 <DIR> --d----- c:program filesa-squared Anti-Malware
2009-08-20 19:11 <DIR> --d----- c:program filesTrend Micro
2009-08-20 19:08 <DIR> --d----- C:Trojan Files
2009-08-14 21:05 221,184 a------- c:windowssystem32wmpns.dll

==================== Find3M ====================

2009-08-05 04:01 204,800 a------- c:windowssystem32mswebdvd.dll
2009-08-03 13:36 38,160 a------- c:windowssystem32driversmbamswissarmy.sys
2009-08-03 13:36 19,096 a------- c:windowssystem32driversmbam.sys
2009-07-25 05:23 411,368 a------- c:windowssystem32deploytk.dll
2009-07-17 14:01 58,880 a------- c:windowssystem32atl.dll
2009-07-13 23:43 286,208 a------- c:windowssystem32wmpdxm.dll
2009-06-29 11:12 827,392 a------- c:windowssystem32wininet.dll
2009-06-29 11:12 78,336 a------- c:windowssystem32ieencode.dll
2009-06-29 11:12 17,408 a------- c:windowssystem32corpol.dll
2009-06-25 03:25 730,112 a------- c:windowssystem32lsasrv.dll
2009-06-25 03:25 301,568 a------- c:windowssystem32kerberos.dll
2009-06-25 03:25 147,456 a------- c:windowssystem32schannel.dll
2009-06-25 03:25 136,192 a------- c:windowssystem32msv1_0.dll
2009-06-25 03:25 56,832 a------- c:windowssystem32secur32.dll
2009-06-25 03:25 54,272 a------- c:windowssystem32wdigest.dll
2009-06-23 18:56 7,168 a------- c:windowssystem32vcomclass.dll
2009-06-23 18:56 4,096 a------- c:windowssystem32vcomco.dll
2009-06-16 09:36 119,808 a------- c:windowssystem32t2embed.dll
2009-06-16 09:36 81,920 a------- c:windowssystem32fontsub.dll
2009-06-12 07:31 76,288 a------- c:windowssystem32telnet.exe
2009-06-10 09:19 2,066,432 a------- c:windowssystem32mstscax.dll
2009-06-10 09:13 84,992 a------- c:windowssystem32avifil32.dll
2009-06-10 01:14 132,096 a------- c:windowssystem32wkssvc.dll
2009-06-03 14:09 1,291,264 a------- c:windowssystem32quartz.dll
2009-05-31 07:48 76,487 a------- c:windowspchealthhelpctrofflinecacheindex.dat
2008-05-07 03:34 15,523,560 a------- c:program filesU1 Setup.exe

============= FINISH: 10:38:48.90 ===============
I hope I did this correctly this time.
Thanks all for your help and understanding.

To give ya'll a bit more info on this....
Because I could not connect using my Eee PC, I ran the programs on the Eee PC and copied the files on a thumb drive, sent it out via my other laptop. Hope that is ok. The DDS, ark, and attach files are from the infected PC and sent out via my other PC. The WIFI on my Eee was turned on with no connect. So the HD ran ok.
After going over the fils sent to you, I can't see anything that would look like a problem. But then again I haven't a clue on what to look for.
Good luck all. I hope you can find my problem.

Merged posts. ~ OB

Attached Files

Edited by Orange Blossom, 25 August 2009 - 03:39 PM.

BC AdBot (Login to Remove)


#2 Hawgit

  • Topic Starter

  • Members
  • 10 posts
  • Gender:Male
  • Location:Texas
  • Local time:04:48 PM

Posted 27 August 2009 - 08:34 AM

WOW! I'm 14 pages deep in just 2 days! Not 14 threads behind.... 14 Full pages!
What's happening out there? Is this normal? Is this a epidemic?
OH Well...
Any help is appreciated.



There are a lot of folks needing assistance.

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Thank you for understanding.

Orange Blossom ~ forum moderator

Edited by Orange Blossom, 04 September 2009 - 12:51 PM.

#3 pwgib


  • Malware Response Team
  • 2,957 posts
  • Gender:Male
  • Location:God's Country
  • Local time:04:48 PM

Posted 08 September 2009 - 08:09 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

#4 Hawgit

  • Topic Starter

  • Members
  • 10 posts
  • Gender:Male
  • Location:Texas
  • Local time:04:48 PM

Posted 08 September 2009 - 10:30 AM

Thanks for the reply back pwgib.
After waiting a while I could not take it anymore and reloaded the factory files back on to the hard drive. I spent many... Many days and nights trying to figure this problem out with very little luck. By doing this, I lost a lot of data but I did save data on another drive from over a month ago. I did bring a lot back.
I am very curious on the DDS file I have on this thread a few weeks ago to see if you see anything there I missed. I undrestand you have others out there who need your help more than I do, but I really want to know what ate up all of those long hours of banging my head on the table. If you don't mind, please take a quick look to see anything strange. Anything. I would really appreciate it and would learn a bit more.

On a good note... I did a lot of reading from this forum and I learned a lot! You have an outstanding forum here. Not to mention the outstanding people willing to give of their time to help others! This forum and people are one of a kind.
Thank you all. I hope to help out here myself. I have much more to learn. :thumbup2:
Thanks all and I will see you all again soon.

#5 pwgib


  • Malware Response Team
  • 2,957 posts
  • Gender:Male
  • Location:God's Country
  • Local time:04:48 PM

Posted 08 September 2009 - 04:29 PM

Hello Hawgit,

As you can tell the forums are quite busy and it takes a lot of time to analyse logs. The time it would take to look at your log only takes away from someone else needing help. I apoligize that we couldn't get to you sooner.

To protect yourself against malware and reduce your chance of reinfection in the future, I strongly recommend you have a look at following links (giving some advice and tips), (Tip of the hat to htv8):If you are interested in learning more and joining the fight against malware please visit the Malware Removal Traing Program thread.

Thanks for your understanding, safe surfing and have a great day.

#6 Hawgit

  • Topic Starter

  • Members
  • 10 posts
  • Gender:Male
  • Location:Texas
  • Local time:04:48 PM

Posted 08 September 2009 - 05:29 PM

No Worries. I totaly understand.
Let's hope I don't need the help of this forum. If I do, I will raise a flag.
Thanks for the additional info.
Take Care.

#7 htv8


  • Members
  • 1,694 posts
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:48 PM

Posted 09 September 2009 - 12:12 PM

As the problem here seems to be resolved, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. If you should have a new issue, please start a new topic. Everyone else with similar problems, please start a new topic.
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users