Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

googleupdate.exe Trojan


  • This topic is locked This topic is locked
3 replies to this topic

#1 Rico24

Rico24

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 04 November 2013 - 08:28 PM

My parents have a Trojan on their laptop, and now there is no more access to the internet from it sometimes.

 

I have been unable to remove the trojan... I need your help.

 

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.21.2
Run by Admin at 20:02:46 on 2013-11-04
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1015.605 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\ServicepointService.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://search.coupons.com/
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: TBSB07898 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} -
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} -
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://kitchenplanner.ikea.com/CA/Core/Player/2020PlayerAX_Win32.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 64.71.255.204 64.71.255.198
TCP: Interfaces\{21EF4944-0204-4F2E-B9DF-5F2F7A9E6BD5} : DHCPNameServer = 64.71.255.204 64.71.255.198
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-10-28 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-10-28 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-10-28 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-10-28 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-10-28 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-10-28 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-10-28 46808]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-5-5 54752]
R2 ServicepointService;ServicepointService;c:\program files\rogers online protection\rogers servicepoint agent\ServicepointService.exe [2013-2-4 689464]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-4-27 38912]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-5-5 1684736]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2009-5-5 232872]
S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [2009-3-16 39040]
.
=============== Created Last 30 ================
.
2013-10-29 06:48:59    110592    ----a-w-    c:\documents and settings\admin\application data\verison.dll
2013-10-29 03:37:55    770344    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-10-29 03:37:54    49376    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-10-29 03:37:54    175176    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-10-29 03:37:53    66336    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-10-29 03:36:36    41664    ----a-w-    c:\windows\avastSS.scr
2013-10-29 03:35:52    --------    d-----w-    c:\program files\AVAST Software
2013-10-29 03:31:07    --------    d-----w-    c:\documents and settings\all users\application data\AVAST Software
2013-10-27 14:20:09    0    ----a-w-    c:\documents and settings\admin\7565642.exe
2013-10-27 14:20:07    0    ----a-w-    c:\documents and settings\admin\4739816.exe
2013-10-27 14:20:07    0    ----a-w-    c:\documents and settings\admin\2050665.exe
2013-10-09 19:39:25    25088    -c----w-    c:\windows\system32\dllcache\hidparse.sys
2013-10-09 19:38:18    60160    -c----w-    c:\windows\system32\dllcache\usbaudio.sys
2013-10-09 19:38:18    123008    -c----w-    c:\windows\system32\dllcache\usbvideo.sys
2013-10-09 19:37:12    5376    -c----w-    c:\windows\system32\dllcache\usbd.sys
2013-10-09 19:37:12    32384    -c----w-    c:\windows\system32\dllcache\usbccgp.sys
.
==================== Find3M  ====================
.
2013-10-09 14:19:18    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-10-09 14:19:17    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-23 18:33:58    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-09-23 18:33:57    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-09-23 18:33:57    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-09-23 18:33:56    18944    ----a-w-    c:\windows\system32\corpol.dll
2013-09-23 18:06:48    385024    ----a-w-    c:\windows\system32\html.iec
2013-08-29 01:31:44    1878656    ----a-w-    c:\windows\system32\win32k.sys
2013-08-09 01:56:45    386560    ----a-w-    c:\windows\system32\themeui.dll
2013-08-09 00:55:08    144128    ----a-w-    c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55:07    32384    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55:06    5376    ----a-w-    c:\windows\system32\drivers\usbd.sys
.
============= FINISH: 20:04:06.20 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:11 AM

Posted 07 November 2013 - 01:56 PM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
---------- 
 
weVCzW0.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------
 
 
81mYIKe.jpgAdwCleaner
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:11 AM

Posted 09 November 2013 - 12:11 PM

Still need help?  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:11 AM

Posted 10 November 2013 - 02:54 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users