Brinkmann

Hi TSF!

I am a total novice, but this morning my AVG showed me a message saying that my labtop had a Trojan Horse calles HBO.IMS.

I instantly googled it and installed the first programme that I was recommended - MAlwarebytes' Anti Malware.

It deletede the Trojan Horse, but left me with a slow PC and a message when I shut down a browser (Explorer) saying that the session has been shut down abnormally - a runtime error and something about Microsoft Visual C++.

That is all - the DDS is below, and the Attach and ARK file attached - hope you can help me.

RGS

Kenneth BRinkmann - Denmark

DDS:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Kenneth Brinkmann at 15:22:30,34 on 30-04-2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.1535.817 [GMT 2:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmer\Bonjour\mDNSResponder.exe
svchost.exe
C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmer\Fælles filer\InterVideo\RegMgr\iviRegMgr.exe
C:\Programmer\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Fælles filer\Protexis\License Service\PsiService_2.exe
C:\Documents and Settings\All Users\Application Data\SeekappSrch\seekapp137.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmer\SeekappSrch\seekapp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programmer\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmer\Analog Devices\SoundMAX\Smax4.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\bcmntray.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\WIDCOMM\Bluetooth-software\BTTray.exe
C:\Programmer\Secunia\PSI\psi.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programmer\AVG\AVG8\avgcsrvx.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\GItte Juhl\Lokale indstillinger\Temporary Internet Files\Content.IE5\D0T785QK\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.dk/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programmer\fælles filer\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\programmer\avg\avg8\avgssie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programmer\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programmer\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\programmer\google\google toolbar\component\fastsearch_219B3E1547538286.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programmer\google\google toolbar\GoogleToolbar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\programmer\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [SoundMAXPnP] c:\programmer\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\programmer\analog devices\soundmax\Smax4.exe" /tray
mRun: [ATIPTA] c:\programmer\ati technologies\ati control panel\atiptaxx.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\bcmntray
mRun: [QuickTime Task] "c:\programmer\quicktime\qttask.exe" -atboottime
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Adobe Reader Speed Launcher] "c:\programmer\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [iTunesHelper] "c:\programmer\itunes\iTunesHelper.exe"
mRun: [ISUSPM] "c:\programmer\fælles filer\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [TkBellExe] "c:\programmer\fælles filer\real\update_ob\realsched.exe" -osboot
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\gittej~1\menuen~1\progra~1\start\secuni~1.lnk - c:\programmer\secunia\psi\psi.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\bttray.lnk - c:\programmer\widcomm\bluetooth-software\BTTray.exe
IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmer\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\programmer\avg\avg8\avgpp.dll
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-21 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-21 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-21 108552]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys --> c:\windows\system32\drivers\mvstdi5x.sys [?]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-21 298264]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 SeekappSrch Service;SeekappSrch Service;c:\documents and settings\all users\application data\seekappsrch\seekapp137.exe [2009-4-30 54760]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2004-5-3 87936]
R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys --> c:\windows\system32\drivers\naiavf5x.sys [?]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-3-24 7808]
S2 gupdate1c998bafc19c5ba;Tjenesten Google Update (gupdate1c998bafc19c5ba);c:\programmer\google\update\GoogleUpdate.exe [2009-2-27 133104]
S2 McShield;Network Associates McShield;"c:\programmer\network associates\virusscan\mcshield.exe" --> c:\programmer\network associates\virusscan\Mcshield.exe [?]
S2 McTaskManager;Network Associates Task Manager;"c:\programmer\network associates\virusscan\vstskmgr.exe" --> c:\programmer\network associates\virusscan\VsTskMgr.exe [?]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\programmer\nos\bin\getPlus_HelperSvc.exe [2009-1-8 33752]

=============== Created Last 30 ================


==================== Find3M ====================

2009-04-30 14:11 328,232 a------- c:\windows\system32\perfh006.dat
2009-04-30 14:11 48,482 a------- c:\windows\system32\perfc006.dat
2009-03-24 13:03 7,808 a------- c:\windows\system32\drivers\psi_mf.sys
2009-03-16 14:18 517,448 a------- c:\windows\system32\XAudio2_4.dll
2009-03-16 14:18 235,352 a------- c:\windows\system32\xactengine3_4.dll
2009-03-16 14:18 69,448 a------- c:\windows\system32\XAPOFX1_3.dll
2009-03-16 14:18 22,360 a------- c:\windows\system32\X3DAudio1_6.dll
2009-03-09 15:27 4,178,264 a------- c:\windows\system32\D3DX9_41.dll
2009-03-09 15:27 1,846,632 a------- c:\windows\system32\D3DCompiler_41.dll
2009-03-09 15:27 453,456 a------- c:\windows\system32\d3dx10_41.dll
2009-03-06 16:20 284,672 a------- c:\windows\system32\pdh.dll
2009-03-03 02:11 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 19:12 78,336 a------- c:\windows\system32\ieencode.dll
2009-02-10 19:08 2,068,608 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-09 16:07 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 13:26 2,191,616 a------- c:\windows\system32\ntoskrnl.exe
2009-02-09 13:25 110,592 a------- c:\windows\system32\services.exe
2009-02-09 12:53 730,624 a------- c:\windows\system32\lsasrv.dll
2009-02-09 12:53 719,360 a------- c:\windows\system32\ntdll.dll
2009-02-09 12:53 682,496 a------- c:\windows\system32\advapi32.dll
2009-02-09 12:53 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-06 12:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-03 21:58 56,832 a------- c:\windows\system32\secur32.dll
2009-01-08 09:49 16,384 a--sh--- c:\windows\system32\config\systemprofile\cookies\index.dat
2009-01-08 09:49 32,768 a--sh--- c:\windows\system32\config\systemprofile\lokale indstillinger\oversigt\history.ie5\index.dat
2009-01-04 20:52 32,768 a--sh--- c:\windows\system32\config\systemprofile\lokale indstillinger\oversigt\history.ie5\mshist012009010420090105\index.dat
2009-01-08 09:49 32,768 a--sh--- c:\windows\system32\config\systemprofile\lokale indstillinger\temporary internet files\content.ie5\index.dat

============= FINISH: 15:22:54,82 ===============

Attached Files

Attach.zip (3.1 KB, 3 views)

amateur

Hello and welcome to TSF.

Apologies for the late response.

If you still require assistance, we would like to see the latest state of your system. Please provide us with a new set of logs.

New Instructions - Read This Before Posting for Malware Removal Help

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I don’t hear from you in three days this thread will be closed.

amateur

Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

http://www.techsupportforum.com/secu...oval-help.html