Thread: Possible malware infection
View Single Post
Old 06-18-2009, 09:57 AM   #1 (permalink)
Ditrik
Registered User
 
Join Date: Jun 2009
Posts: 6
OS: XP SP3


Possible malware infection
Problem Description:

My problem is that my downloads keep pausing.No matter what I try to download they inevitably stop.Sometimes they stop right at the beginning other times they stop in the middle or near end.

My problem started only recently.I have a stable internet connection and I tried to fix my problem using 3rd party software(e.g. Internet Download Manager) but the problem remained.

After browsing these forums I found a user that had a similar problem like me and the cause of his downloads freezing was malware.

LOG:

DDS (Ver_09-05-14.01) - NTFSx86
Run by d13k at 17:31:57,78 on cet 18.06.2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1205 [GMT 2:00]

AV: avast! antivirus 4.8.1335 [VPS 090617-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
svchost.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Documents and Settings\d13k\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\d13k\Desktop\Security\Malware removal tools\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = local
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot - search & destroy\SDHelper.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll
BHO: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 9.0 Helper: {e31ce47f-c268-41ba-897b-b415e613947d} - c:\program files\microsoft visual studio 9.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
EB: Web Test Recorder 9.0: {3c7adade-d1e8-45d2-bdcd-7f8d8b99b2a2} - mscoree.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [i8kfangui] c:\program files\i8kfangui\I8kfanGUI.exe /startup
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [AtiPTA] atiptaxx.exe
mRun: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [avast!] "c:\program files\alwil software\avast4\ashDisp.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\microsoft office\office11\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot - search & destroy\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F}
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1245210648531
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {D19B6B02-E641-41D5-B538-78807C785C5D} = 212.91.97.3 212.91.97.4
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\siteadvisor\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\d13k\applic~1\mozilla\firefox\profiles\oejxwxxc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\documents and settings\d13k\application data\idm\idmmzcc2\components\idmmzcc.dll
FF - component: c:\documents and settings\d13k\application data\mozilla\firefox\profiles\oejxwxxc.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\d13k\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\opera\program\plugins\NP_IDM1.dll
FF - plugin: c:\program files\opera\program\plugins\NP_IDM2.dll
FF - plugin: c:\program files\opera\program\plugins\NP_IDM3.dll
FF - plugin: c:\program files\opera\program\plugins\NP_IDM5.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-13 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-6-13 114768]
R1 atitray;atitray;c:\program files\radeon omega drivers\v4.8.442\ati tray tools\atitray.sys [2008-7-1 17952]
R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2008-7-1 14464]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-6-18 353672]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-13 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-6-13 138680]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1005904]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-6-17 210216]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2008-3-13 24576]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-6-13 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-6-13 352920]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\hotspot shield\bin\hsstrayservice.exe --> c:\program files\hotspot shield\bin\HssTrayService.EXE [?]
S3 mbr;mbr;\??\c:\docume~1\d13k\locals~1\temp\mbr.sys --> c:\docume~1\d13k\locals~1\temp\mbr.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-3-24 7808]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2009-6-13 37440]
S3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\microsoft visual studio 9.0\team tools\performance tools\VSPerfDrv90.sys [2007-9-4 55664]

=============== Created Last 30 ================

2009-06-18 06:34 362 a---h--- C:\aaw7boot.cmd
2009-06-18 03:58 <DIR> --dsh--- c:\documents and settings\d13k\IECompatCache
2009-06-18 03:56 <DIR> --dsh--- c:\documents and settings\d13k\PrivacIE
2009-06-18 03:46 <DIR> --dsh--- c:\documents and settings\d13k\IETldCache
2009-06-18 02:08 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-18 02:08 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-18 02:08 <DIR> --d----- c:\windows\ie8updates
2009-06-18 02:08 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-06-18 02:05 <DIR> -cd-h--- c:\windows\ie8
2009-06-18 02:02 <DIR> --d----- c:\windows\system32\KB905474
2009-06-18 02:01 221,184 a------- c:\windows\system32\wmpns.dll
2009-06-18 01:10 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-06-18 01:10 1,221,512 a------- c:\windows\system32\zpeng25.dll
2009-06-18 01:10 <DIR> --d----- c:\windows\system32\ZoneLabs
2009-06-18 01:10 <DIR> --d----- c:\program files\Zone Labs
2009-06-18 01:10 350,192 a------- c:\windows\system32\vsconfig.xml
2009-06-18 01:09 <DIR> --d----- c:\windows\Internet Logs
2009-06-18 00:45 <DIR> --d----- c:\docume~1\d13k\applic~1\Comodo
2009-06-18 00:45 <DIR> --d----- c:\program files\COMODO
2009-06-17 15:57 36,352 -------- C:\WGASetup.exe
2009-06-17 15:37 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-17 14:49 <DIR> --d----- c:\program files\common files\McAfee
2009-06-17 14:49 <DIR> --d----- c:\program files\McAfee
2009-06-17 10:55 <DIR> --d----- c:\program files\Secunia
2009-06-17 06:29 <DIR> --d-h--- c:\windows\PIF
2009-06-17 06:17 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-06-17 06:17 2,189,056 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-06-17 06:17 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-06-17 06:10 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-06-17 06:09 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-06-17 05:58 361,600 a------- c:\windows\system32\drivers\tcpip.sys.old
2009-06-17 05:50 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-06-15 20:48 31,232 a------- c:\windows\system\vdremote.dll
2009-06-15 20:48 25,088 a------- c:\windows\system\vdsvrlnk.dll
2009-06-13 06:51 <DIR> --d----- c:\program files\File Shredder
2009-06-13 01:36 1,024 a------- C:\.rnd
2009-06-13 01:36 37,440 a------- c:\windows\system32\drivers\pssdk41.sys
2009-06-13 01:20 15,688 a------- c:\windows\system32\lsdelete.exe
2009-06-13 01:15 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-06-13 01:12 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-13 01:12 <DIR> --d----- c:\program files\Lavasoft
2009-06-13 01:08 <DIR> --d----- c:\program files\Trend Micro
2009-06-13 00:50 <DIR> --d----- c:\program files\Tenable
2009-06-13 00:50 <DIR> --d----- c:\docume~1\d13k\applic~1\MailWasherFree
2009-06-13 00:48 <DIR> --d----- c:\program files\Free Offers from Freeze.com
2009-06-12 00:50 <DIR> --d----- c:\program files\mIRC
2009-06-12 00:50 <DIR> --d----- c:\docume~1\d13k\applic~1\mIRC
2009-06-11 03:33 <DIR> --d----- c:\docume~1\d13k\applic~1\X-Chat 2
2009-06-10 07:31 <DIR> --d----- c:\docume~1\d13k\applic~1\KeePass
2009-06-10 05:44 <DIR> --d----- c:\program files\KeePass Password Safe 2
2009-05-23 08:35 <DIR> --d----- c:\documents and settings\d13k\dwhelper

==================== Find3M ====================

2009-05-13 07:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 17:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-29 06:55 78,336 -------- c:\windows\system32\ieencode.dll
2009-04-17 14:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 16:51 585,216 a------- c:\windows\system32\rpcrt4.dll

============= FINISH: 17:32:36,50 ===============
Attached Files
File Type: rar Logs.rar (5.4 KB, 2 views)
Ditrik is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here