Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Persistent threat detections and problems with apps


  • This topic is locked This topic is locked
2 replies to this topic

#1 Hazm0

Hazm0

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 09 October 2009 - 11:01 AM

I started receiving threat detections of AVG and a scan removed several files labelled as "Trojan Horse Small.BPR". But I still get threat detections and scans don't seem to find anything. I also scanned with sophos but nothing was found. I installed zone alarm to stop any potential trojans. My computer is starting to mess up. It started with google chrome crashing and other applications not running properly. Now when I load up there is a blank screen and I have to goto task manager and run explorer manually to get it going. My housemate has similar problems with threat detections but no problems with the running applications. We share memory sticks and hard drives and I'm worried the infection is on them. Haven't been able to use my laptop for days now and I'm worried I will have to perform a full format which I really don't want to do.

Thanks for your time guys,

--------------------------------------------------------


DDS (Ver_09-09-29.01) - NTFSx86
Run by Hasnain at 16:21:50.78 on 09/10/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.2038.1035 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: ZoneAlarm Anti-Spyware *enabled* (Outdated) {F245A209-1085-48B4-B927-35D56015EC60}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
svchost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\explorer.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Hasnain\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Hasnain\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Hasnain\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe
mWinlogon: Taskman=c:\recycler\s-1-5-21-9099185055-8575539392-949025517-0811\dllrun32.exe
uWinlogon: Shell=c:\recycler\s-1-5-21-9099185055-8575539392-949025517-0811\dllrun32.exe,explorer.exe "c:\users\hasnain\gollg.exe"
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [BtTray] "c:\program files\ivt corporation\bluesoleil\BtTray.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send by Bluetooth - c:\program files\ivt corporation\bluesoleil\transsend\ie\tsinfo.htm
IE: Send via &Message... - c:\program files\ivt corporation\bluesoleil\transsend\ie\tssms.htm
IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redire...1&site=home
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\windows\system32\skype4com.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll

============= SERVICES / DRIVERS ===============

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-7-31 20616]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-22 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-29 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-6-22 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-6-22 297752]
R2 BsMobileCS;BsMobileCS;c:\program files\ivt corporation\bluesoleil\BsMobileCS.exe [2008-8-1 143467]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-7-2 26248]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347648]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 30088]

=============== Created Last 30 ================

2009-10-08 17:56 14,336 a---h--- c:\users\hasnain\gollg.exe
2009-10-08 17:34 14,336 a---h--- c:\users\hasnain\eqfxu.exe
2009-10-08 17:32 14,336 a---h--- c:\users\hasnain\ffdl.exe
2009-10-08 17:24 14,336 a---h--- c:\users\hasnain\jqfllss.exe
2009-10-08 13:54 14,336 a---h--- c:\users\hasnain\jqeocc.exe
2009-10-08 12:33 14,336 a---h--- c:\users\hasnain\kynyuti.exe
2009-10-07 18:54 170,496 a------- c:\windows\system32\tcpipcfg.dll
2009-10-07 18:54 22,528 a------- c:\windows\system32\netiougc.exe
2009-10-07 18:52 1,221,512 a------- c:\windows\system32\zpeng25.dll
2009-10-07 18:52 <DIR> --d----- c:\program files\Zone Labs
2009-10-07 18:51 350,192 a---h--- c:\windows\system32\drivers\vsconfig.xml
2009-10-07 18:51 293,528 a------- c:\windows\system32\drivers\vsdatant.sys
2009-10-07 18:51 <DIR> --d----- c:\windows\system32\ZoneLabs
2009-10-07 18:50 <DIR> --d----- c:\programdata\CheckPoint
2009-10-07 18:50 <DIR> --d----- c:\progra~2\CheckPoint
2009-10-07 18:50 <DIR> --d----- c:\windows\Internet Logs
2009-10-07 11:00 <DIR> --d----- c:\programdata\Sophos
2009-10-07 11:00 <DIR> --d----- c:\program files\Sophos
2009-10-07 11:00 <DIR> --d----- c:\progra~2\Sophos
2009-10-07 10:58 <DIR> --d----- C:\stdtsa
2009-10-06 19:25 42,496 ----h--- c:\users\hasnain\secupdat.dat
2009-10-03 22:36 <DIR> --d----- c:\users\hasnain\appdata\roaming\Microsoft Games
2009-10-02 21:33 <DIR> --d----- c:\program files\GameSpy Arcade
2009-10-02 18:20 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-10-02 18:14 2,421,760 a------- c:\windows\system32\wucltux.dll
2009-10-02 18:13 87,552 a------- c:\windows\system32\wudriver.dll
2009-10-02 18:13 171,608 a------- c:\windows\system32\wuwebv.dll
2009-10-02 18:13 33,792 a------- c:\windows\system32\wuapp.exe
2009-10-02 13:13 <DIR> --d-h--- c:\windows\PIF
2009-10-02 13:02 53,262 a------- c:\windows\scunin.dat
2009-10-02 13:02 70,656 a------- c:\windows\ScUnin.exe
2009-10-02 13:02 967 a------- c:\windows\ScUnin.pif
2009-10-02 13:02 <DIR> --d----- C:\Starcraft

==================== Find3M ====================

2009-10-07 18:52 143,360 a------- c:\windows\inf\infstrng.dat
2009-10-07 18:52 51,200 a------- c:\windows\inf\infpub.dat
2009-10-07 18:52 86,016 a------- c:\windows\inf\infstor.dat
2009-08-28 13:39 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-28 13:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 13:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 13:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 13:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 11:15 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-20 03:11 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-20 03:11 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-14 18:01 900,168 a------- c:\windows\system32\drivers\tcpip.sys
2009-08-14 18:01 220,232 a------- c:\windows\system32\drivers\netio.sys
2009-08-14 18:01 98,376 a------- c:\windows\system32\drivers\FWPKCLNT.SYS
2009-08-14 17:29 104,960 a------- c:\windows\system32\netiohlp.dll
2009-08-14 17:29 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 17:23 438,272 a------- c:\windows\system32\IKEEXT.DLL
2009-08-14 17:22 595,456 a------- c:\windows\system32\FWPUCLNT.DLL
2009-08-14 17:21 328,704 a------- c:\windows\system32\BFE.DLL
2009-08-14 15:16 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 15:16 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 15:16 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 15:16 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 15:16 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 15:16 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 15:16 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-07-28 23:42 47,104 a------- c:\windows\system32\KMVIDC32.DLL
2009-07-18 17:06 827,904 a------- c:\windows\system32\wininet.dll
2009-07-18 17:01 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-18 10:46 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 15:35 71,680 a------- c:\windows\system32\atl.dll
2009-07-14 14:00 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-14 13:59 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-14 13:58 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-14 11:59 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-07-11 20:32 513,024 a------- c:\windows\system32\wlansvc.dll
2009-07-11 20:32 302,592 a------- c:\windows\system32\wlansec.dll
2009-07-11 20:32 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-07-11 20:29 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-06-19 20:58 22,328 a------- c:\users\hasnain\appdata\roaming\PnkBstrK.sys
2008-10-08 03:27 174 a--sh--- c:\program files\desktop.ini
2008-10-08 03:14 665,600 a------- c:\windows\inf\drvindex.dat
2008-04-11 01:33 188,416 a------- c:\users\hasnain\Vista-ShutdownTimer.exe
2006-11-02 13:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-06-05 18:07 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-06-05 18:07 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-06-05 18:07 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 16:23:40.28 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:52 AM

Posted 22 October 2009 - 03:55 PM

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds.txt log, please.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:52 AM

Posted 29 October 2009 - 11:44 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users