Tech Support Forum - View Single Post

Brinkmann · 04-30-2009, 09:21 AM

Hi TSF!

I am a total novice, but this morning my AVG showed me a message saying that my labtop had a Trojan Horse calles HBO.IMS.

I instantly googled it and installed the first programme that I was recommended - MAlwarebytes' Anti Malware.

It deletede the Trojan Horse, but left me with a slow PC and a message when I shut down a browser (Explorer) saying that the session has been shut down abnormally - a runtime error and something about Microsoft Visual C++.

That is all - the DDS is below, and the Attach and ARK file attached - hope you can help me.

RGS

Kenneth BRinkmann - Denmark

DDS:

DDS (Ver_09-03-16.01) - NTFSx86
Run by Kenneth Brinkmann at 15:22:30,34 on 30-04-2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.1535.817 [GMT 2:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmer\Bonjour\mDNSResponder.exe
svchost.exe
C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmer\Fælles filer\InterVideo\RegMgr\iviRegMgr.exe
C:\Programmer\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Fælles filer\Protexis\License Service\PsiService_2.exe
C:\Documents and Settings\All Users\Application Data\SeekappSrch\seekapp137.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmer\SeekappSrch\seekapp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programmer\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmer\Analog Devices\SoundMAX\Smax4.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\bcmntray.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\WIDCOMM\Bluetooth-software\BTTray.exe
C:\Programmer\Secunia\PSI\psi.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programmer\AVG\AVG8\avgcsrvx.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\GItte Juhl\Lokale indstillinger\Temporary Internet Files\Content.IE5\D0T785QK\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.dk/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programmer\fælles filer\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\programmer\avg\avg8\avgssie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programmer\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programmer\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\programmer\google\google toolbar\component\fastsearch_219B3E1547538286.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programmer\google\google toolbar\GoogleToolbar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\programmer\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [SoundMAXPnP] c:\programmer\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\programmer\analog devices\soundmax\Smax4.exe" /tray
mRun: [ATIPTA] c:\programmer\ati technologies\ati control panel\atiptaxx.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\bcmntray
mRun: [QuickTime Task] "c:\programmer\quicktime\qttask.exe" -atboottime
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Adobe Reader Speed Launcher] "c:\programmer\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [iTunesHelper] "c:\programmer\itunes\iTunesHelper.exe"
mRun: [ISUSPM] "c:\programmer\fælles filer\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [TkBellExe] "c:\programmer\fælles filer\real\update_ob\realsched.exe" -osboot
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\gittej~1\menuen~1\progra~1\start\secuni~1.lnk - c:\programmer\secunia\psi\psi.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\bttray.lnk - c:\programmer\widcomm\bluetooth-software\BTTray.exe
IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmer\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\programmer\avg\avg8\avgpp.dll
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-21 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-21 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-21 108552]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys --> c:\windows\system32\drivers\mvstdi5x.sys [?]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-21 298264]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 SeekappSrch Service;SeekappSrch Service;c:\documents and settings\all users\application data\seekappsrch\seekapp137.exe [2009-4-30 54760]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2004-5-3 87936]
R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys --> c:\windows\system32\drivers\naiavf5x.sys [?]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-3-24 7808]
S2 gupdate1c998bafc19c5ba;Tjenesten Google Update (gupdate1c998bafc19c5ba);c:\programmer\google\update\GoogleUpdate.exe [2009-2-27 133104]
S2 McShield;Network Associates McShield;"c:\programmer\network associates\virusscan\mcshield.exe" --> c:\programmer\network associates\virusscan\Mcshield.exe [?]
S2 McTaskManager;Network Associates Task Manager;"c:\programmer\network associates\virusscan\vstskmgr.exe" --> c:\programmer\network associates\virusscan\VsTskMgr.exe [?]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\programmer\nos\bin\getPlus_HelperSvc.exe [2009-1-8 33752]

=============== Created Last 30 ================

==================== Find3M ====================

2009-04-30 14:11 328,232 a------- c:\windows\system32\perfh006.dat
2009-04-30 14:11 48,482 a------- c:\windows\system32\perfc006.dat
2009-03-24 13:03 7,808 a------- c:\windows\system32\drivers\psi_mf.sys
2009-03-16 14:18 517,448 a------- c:\windows\system32\XAudio2_4.dll
2009-03-16 14:18 235,352 a------- c:\windows\system32\xactengine3_4.dll
2009-03-16 14:18 69,448 a------- c:\windows\system32\XAPOFX1_3.dll
2009-03-16 14:18 22,360 a------- c:\windows\system32\X3DAudio1_6.dll
2009-03-09 15:27 4,178,264 a------- c:\windows\system32\D3DX9_41.dll
2009-03-09 15:27 1,846,632 a------- c:\windows\system32\D3DCompiler_41.dll
2009-03-09 15:27 453,456 a------- c:\windows\system32\d3dx10_41.dll
2009-03-06 16:20 284,672 a------- c:\windows\system32\pdh.dll
2009-03-03 02:11 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 19:12 78,336 a------- c:\windows\system32\ieencode.dll
2009-02-10 19:08 2,068,608 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-09 16:07 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 13:26 2,191,616 a------- c:\windows\system32\ntoskrnl.exe
2009-02-09 13:25 110,592 a------- c:\windows\system32\services.exe
2009-02-09 12:53 730,624 a------- c:\windows\system32\lsasrv.dll
2009-02-09 12:53 719,360 a------- c:\windows\system32\ntdll.dll
2009-02-09 12:53 682,496 a------- c:\windows\system32\advapi32.dll
2009-02-09 12:53 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-06 12:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-03 21:58 56,832 a------- c:\windows\system32\secur32.dll
2009-01-08 09:49 16,384 a--sh--- c:\windows\system32\config\systemprofile\cookies\index.dat
2009-01-08 09:49 32,768 a--sh--- c:\windows\system32\config\systemprofile\lokale indstillinger\oversigt\history.ie5\index.dat
2009-01-04 20:52 32,768 a--sh--- c:\windows\system32\config\systemprofile\lokale indstillinger\oversigt\history.ie5\mshist012009010420090105\index.dat
2009-01-08 09:49 32,768 a--sh--- c:\windows\system32\config\systemprofile\lokale indstillinger\temporary internet files\content.ie5\index.dat

============= FINISH: 15:22:54,82 ===============