jvizoso

Hello , I hope you can help ..
Bit defender stopped multiple trojans from a FPS skins website about a month ago , I'm afraid it didn't catch all of them. I'm seeing constant network activity when I click on my network status icon in the toolbar .. even with my browser off , also I can't disable the network connection when this is happening , it tells me either the system or another user are using it.

Turning on my xp firewall stops this.
I hope you can help .. I've tried scanning with Bit-defender , Spybot , Malwarebytes .. and so far no result , but the behaviour goes on.
Yours hopefully .. jvizoso

Here's the DDS txt log


DDS (Ver_09-07-30.01) - NTFSx86
Run by JVizoso at 17:11:47.46 on 14/08/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1385 [GMT 1:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
D:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
F:\Program Files\iRacing\iRacingService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\RTHDCPL.EXE
D:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\JVizoso\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - d:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - d:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [BDAgent] "d:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "d:\program files\bitdefender\bitdefender 2009\IEShow.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ZoneAlarm Client] "d:\program files\zone labs\zonealarm\zlclient.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - d:\program files\logitech\setpoint\SetPoint.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - d:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: microsoft.com\*.update
Trusted Zone: windowsupdate.com\download
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1216590136748
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1216590532593
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jvizoso\applic~1\mozilla\firefox\profiles\iic9isvd.default\
FF - plugin: c:\program files\itiva\itiva media accelerator\npima.dll
FF - plugin: c:\program files\photosynth\npPhotosynthMozilla.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin7.dll
FF - plugin: d:\program files\real alternative\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\real alternative\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
d:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
d:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
d:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
d:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
d:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
d:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
d:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-7-20 150568]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-8-14 353672]
R2 iRacingService;iRacing helper service;f:\program files\iracing\iRacingService.exe [2008-7-21 472664]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-2-28 10384]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-7-20 84992]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-9-18 111112]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-7-20 36864]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2009-1-20 172032]
S3 chttp;chttp;\??\c:\docume~1\jvizoso\locals~1\temp\chttp.sys --> c:\docume~1\jvizoso\locals~1\temp\chttp.sys [?]
S3 kmtlmnt5;kmtlmnt5;\??\c:\docume~1\jvizoso\locals~1\temp\kmtlmnt5.sys --> c:\docume~1\jvizoso\locals~1\temp\kmtlmnt5.sys [?]
S3 mhsfbs2s;mhsfbs2s;\??\c:\docume~1\jvizoso\locals~1\temp\mhsfbs2s.sys --> c:\docume~1\jvizoso\locals~1\temp\mhsfbs2s.sys [?]
S3 o1394bul;o1394bul;\??\c:\docume~1\jvizoso\locals~1\temp\o1394bul.sys --> c:\docume~1\jvizoso\locals~1\temp\o1394bul.sys [?]
S3 op3;op3;\??\c:\docume~1\jvizoso\locals~1\temp\op3.sys --> c:\docume~1\jvizoso\locals~1\temp\op3.sys [?]
S3 papycpu;papycpu;c:\windows\system32\drivers\papycpu.sys [2008-8-6 1984]
S3 rtdpipe;rtdpipe;\??\c:\docume~1\jvizoso\locals~1\temp\rtdpipe.sys --> c:\docume~1\jvizoso\locals~1\temp\rtdpipe.sys [?]
S3 upapycpu;upapycpu;\??\c:\docume~1\jvizoso\locals~1\temp\upapycpu.sys --> c:\docume~1\jvizoso\locals~1\temp\upapycpu.sys [?]
S3 UwmFilte;UwmFilte;\??\c:\docume~1\jvizoso\locals~1\temp\uwmfilte.sys --> c:\docume~1\jvizoso\locals~1\temp\UwmFilte.sys [?]
S3 vnull;vnull;\??\c:\docume~1\jvizoso\locals~1\temp\vnull.sys --> c:\docume~1\jvizoso\locals~1\temp\vnull.sys [?]
S3 vsrv;vsrv;\??\c:\docume~1\jvizoso\locals~1\temp\vsrv.sys --> c:\docume~1\jvizoso\locals~1\temp\vsrv.sys [?]
S3 ybthpan;ybthpan;\??\c:\docume~1\jvizoso\locals~1\temp\ybthpan.sys --> c:\docume~1\jvizoso\locals~1\temp\ybthpan.sys [?]

=============== Created Last 30 ================

2009-08-14 16:38 54,272 -c------ c:\windows\system32\dllcache\wdigest.dll
2009-08-14 16:38 136,192 -c------ c:\windows\system32\dllcache\msv1_0.dll
2009-08-14 16:38 92,928 -c------ c:\windows\system32\dllcache\ksecdd.sys
2009-08-14 16:38 301,568 -c------ c:\windows\system32\dllcache\kerberos.dll
2009-08-14 15:51 <DIR> --d----- c:\docume~1\jvizoso\applic~1\GetRightToGo
2009-08-14 15:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SecTaskMan
2009-08-14 14:04 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-08-14 14:04 1,221,512 a------- c:\windows\system32\zpeng25.dll
2009-08-14 14:04 <DIR> --d----- c:\windows\system32\ZoneLabs
2009-08-14 14:04 350,192 a------- c:\windows\system32\vsconfig.xml
2009-08-14 14:02 <DIR> --d----- c:\windows\Internet Logs
2009-08-12 20:00 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-08-12 20:00 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
2009-08-12 16:27 <DIR> --d----- c:\program files\NCH Software
2009-08-12 16:25 <DIR> --d----- c:\program files\NCH Swift Sound
2009-08-11 15:45 <DIR> --d----- c:\program files\Trend Micro
2009-08-11 14:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-08-11 14:11 <DIR> --d----- c:\docume~1\jvizoso\applic~1\SUPERAntiSpyware.com
2009-08-11 12:50 <DIR> --d----- c:\documents and settings\jvizoso\SecurityScans
2009-08-11 11:51 <DIR> --d----- c:\documents and settings\jvizoso\.housecall6.6
2009-07-26 16:12 <DIR> --d----- c:\docume~1\jvizoso\applic~1\Malwarebytes
2009-07-26 16:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-17 20:01 58,880 -c------ c:\windows\system32\dllcache\atl.dll
2009-07-17 15:26 43,520 a------- c:\windows\system32\CmdLineExt03.dll

==================== Find3M ====================

2009-08-14 16:40 81,984 a------- c:\windows\system32\bdod.bin
2009-08-05 10:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-17 20:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 -------- c:\windows\system32\wmpdxm.dll
2009-07-06 19:57 444,952 a------- c:\windows\system32\wrap_oal.dll
2009-07-06 19:57 109,080 a------- c:\windows\system32\OpenAL32.dll
2009-07-03 18:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-25 09:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 09:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 09:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 09:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 09:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 09:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-24 12:18 92,928 a------- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 15:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 15:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-12 13:31 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 13:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 15:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 07:14 132,096 -------- c:\windows\system32\wkssvc.dll
2009-06-03 20:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-01-09 19:07 60,744 a------- c:\documents and settings\jvizoso\g2mdlhlpx.exe
2006-06-24 07:48 32,768 a----r-- c:\windows\inf\UpdateUSB.exe

============= FINISH: 17:12:42.62 ===============

Attached Files

Attach.zip (3.0 KB, 2 views)

jvizoso

Bump please.