Trojan - Agent3.bwsf (AVG) Win32.tevb (Kaspersky)

Post your HijackThis! Log here for spyware removal

Moderators: Admin Team, Moderators

Forum rules
ATTN:!! Only users pre-approved by TeMerc may offer help and assistance in malware removal. Any and all unauthorized posts will be removed without notice. Please read this thread for proper HijackThis! installation.
User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: Trojan - Agent3.bwsf (AVG) Win32.tevb (Kaspersky)

Postby TeMerc » Wed Oct 03, 2012 1:00 pm

dakota wrote:sorry about response delay. Please don't close thread.

No worries, we won't close it
Image

dakota
Posts: 23
Joined: Thu Aug 30, 2012 9:10 am
Contact:

Re: Trojan - Agent3.bwsf (AVG) Win32.tevb (Kaspersky)

Postby dakota » Fri Oct 19, 2012 7:27 pm

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.4.1
Run by Owner at 1:38:11 on 2012-09-01
.
============== Running Processes ===============
.
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ABBYY Screenshot Reader\ScreenShotReader.exe
C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\AVG\AVG2012\avgscanx.exe
\??\C:\Program Files\AVG\AVG2012\avgcsrvx.exe
M:\dds.com
.
============== Pseudo HJT Report ===============
.
uStart Page = https://isearch.avg.com/?cid={A64B4D35-DB01-4E17-960C-ADBB8D72331C}&mid=583babddc9176445b7e8af8ba5304d10-06ce4fc639803a2e3563922518183d8e94088cb9&lang=en&ds=pp011&pr=sa&d=2012-08-05 15:08:32&v=12.1.0.21&sap=hp
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://red.clientapps.yahoo.com/customi ... ch/ie.html
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customi ... .yahoo.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.1.0.21\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.1.0.21\AVG Secure Search_toolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [Yahoo! Pager] 1
uRun: [SansaDispatch] "c:\documents and settings\owner\application data\sandisk\sansa updater\SansaDispatch.exe"
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
uRun: [ABBYY Screenshot Reader Retail] "c:\program files\abbyy screenshot reader\ScreenShotReader.exe" -autorun
mRun: [SunKistEM] "c:\program files\digital media reader\shwiconem.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [Recguard] "c:\windows\sminst\RECGUARD.EXE"
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [SoundMan] "c:\windows\SOUNDMAN.EXE"
mRun: [Motive SmartBridge] "c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ABBYY Screenshot Reader Retail] "c:\program files\abbyy screenshot reader\ScreenShotReader.exe" -autorun
mRun: [Seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/produ ... wsdc32.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/200 ... oader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdat ... /opuc3.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/Fac ... oader3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/Fac ... loader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 4147723953
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v5.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microso ... 9426213984
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan ... asinst.cab
DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} - hxxp://simcity.ea.com/play/classic/SimCityX.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/fl ... wflash.cab
TCP: DhcpNameServer = 192.168.0.1 68.94.156.1
TCP: Interfaces\{B3268E8D-D689-47C5-8C07-C370B716AF16} : DhcpNameServer = 192.168.0.1 68.94.156.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.1.5\ViProtocol.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R? ABBYY.Licensing.FineReader.ScreenshotReader.9.0;ABBYY.Licensing.FineReader.ScreenshotReader.9.0
R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service
R? AVGIDSAgent;AVGIDSAgent
R? FXDRV;FXDRV
R? HIDKbFlt;HIDKbFlt.SvcDesc%
R? RegGuard;RegGuard
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSFilter;AVGIDSFilter
S? AVGIDSHX;AVGIDSHX
S? AVGIDSShim;AVGIDSShim
S? Avgldx86;AVG AVI Loader Driver
S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx86;AVG Anti-Rootkit Driver
S? Avgtdix;AVG TDI Driver
S? avgtp;avgtp
S? avgwd;AVG WatchDog
S? DwProt;DrWeb Protection
S? MBAMSwissArmy;MBAMSwissArmy
S? SeagateDashboardService;Seagate Dashboard Service
S? vToolbarUpdater12.1.5;vToolbarUpdater12.1.5
S? WRkrn;WRkrn
.
=============== Created Last 30 ================
.
2012-09-01 06:29:14 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-09-01 06:29:12 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2012-09-01 06:28:31 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-09-01 06:28:27 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-01 06:28:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-31 04:41:50 109248 ----a-w- c:\windows\system32\Mswinsck.ocx
2012-08-31 04:41:50 -------- d-----w- c:\program files\Camtech
2012-08-29 05:37:30 14664 ----a-w- c:\windows\stinger.sys
2012-08-29 05:36:55 -------- d-----w- c:\program files\stinger
2012-08-27 08:38:01 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-08-25 03:38:52 98816 ----a-w- c:\windows\sed.exe
2012-08-25 03:38:52 518144 ----a-w- c:\windows\SWREG.exe
2012-08-25 03:38:52 256000 ----a-w- c:\windows\PEV.exe
2012-08-25 03:38:52 208896 ----a-w- c:\windows\MBR.exe
2012-08-22 01:13:15 149272 ----a-w- c:\windows\system32\drivers\dwprot.sys
2012-08-05 20:08:29 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-05 20:08:17 -------- d-----w- c:\program files\AVG Secure Search
.
==================== Find3M ====================
.
2012-08-25 03:53:27 544768 ----a-w- c:\windows\system32\winlogon.exe
2012-07-28 07:47:42 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-28 07:47:42 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-03-07 11:13:40 451 ----a-w- c:\program files\030720125134026.bat
.
============= FINISH: 1:38:35.10 ===============

dakota
Posts: 23
Joined: Thu Aug 30, 2012 9:10 am
Contact:

Re: Trojan - Agent3.bwsf (AVG) Win32.tevb (Kaspersky)

Postby dakota » Fri Oct 19, 2012 7:27 pm

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.4.1
Run by Owner at 9:46:12 on 2012-10-20
.
============== Running Processes ===============
.
\??\C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
\??\C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\ABBYY Screenshot Reader\ScreenShotReader.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
M:\dds.com
.
============== Pseudo HJT Report ===============
.
uStart Page = https://isearch.avg.com/?cid={A64B4D35-DB01-4E17-960C-ADBB8D72331C}&mid=583babddc9176445b7e8af8ba5304d10-06ce4fc639803a2e3563922518183d8e94088cb9&lang=en&ds=pp011&pr=sa&d=2012-08-05 15:08:32&v=12.1.0.21&sap=hp
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://red.clientapps.yahoo.com/customi ... ch/ie.html
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customi ... .yahoo.com
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.1.0.21\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.1.0.21\AVG Secure Search_toolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [Yahoo! Pager] 1
uRun: [SansaDispatch] "c:\documents and settings\owner\application data\sandisk\sansa updater\SansaDispatch.exe"
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
uRun: [ABBYY Screenshot Reader Retail] "c:\program files\abbyy screenshot reader\ScreenShotReader.exe" -autorun
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SunKistEM] "c:\program files\digital media reader\shwiconem.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [Recguard] "c:\windows\sminst\RECGUARD.EXE"
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [SoundMan] "c:\windows\SOUNDMAN.EXE"
mRun: [Motive SmartBridge] "c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [emsisoft anti-malware] "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/produ ... wsdc32.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/200 ... oader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdat ... /opuc3.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/Fac ... oader3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/Fac ... loader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 4147723953
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v5.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microso ... 9426213984
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan ... asinst.cab
DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} - hxxp://simcity.ea.com/play/classic/SimCityX.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/fl ... wflash.cab
TCP: DhcpNameServer = 192.168.0.1 68.94.156.1
TCP: Interfaces\{B3268E8D-D689-47C5-8C07-C370B716AF16} : DhcpNameServer = 192.168.0.1 68.94.156.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.1.5\ViProtocol.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R? a2acc;a2acc
R? ABBYY.Licensing.FineReader.ScreenshotReader.9.0;ABBYY.Licensing.FineReader.ScreenshotReader.9.0
R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service
R? FXDRV;FXDRV
R? HIDKbFlt;HIDKbFlt.SvcDesc%
R? RegGuard;RegGuard
S? !SASCORE;SAS Core Service
S? a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service
S? A2DDA;A2 Direct Disk Access Support Driver
S? AVGIDSAgent;AVGIDSAgent
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSFilter;AVGIDSFilter
S? AVGIDSHX;AVGIDSHX
S? AVGIDSShim;AVGIDSShim
S? Avgldx86;AVG AVI Loader Driver
S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx86;AVG Anti-Rootkit Driver
S? Avgtdix;AVG TDI Driver
S? avgtp;avgtp
S? avgwd;AVG WatchDog
S? DwProt;DrWeb Protection
S? MBAMSwissArmy;MBAMSwissArmy
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? SeagateDashboardService;Seagate Dashboard Service
S? vToolbarUpdater12.1.5;vToolbarUpdater12.1.5
S? WRkrn;WRkrn
.
=============== Created Last 30 ================
.
2012-09-20 16:39:17 -------- d-----w- c:\documents and settings\owner\application data\Simply Super Software
2012-09-20 16:37:33 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2012-09-20 16:37:33 605968 ----a-w- c:\windows\system32\ztv7z.dll
2012-09-20 16:37:33 185616 ----a-w- c:\windows\system32\ztvunrar39.dll
2012-09-20 16:37:33 169744 ----a-w- c:\windows\system32\ztvunrar36.dll
2012-09-20 16:37:32 77072 ----a-w- c:\windows\system32\ztvcabinet.dll
2012-09-20 16:37:32 75264 ----a-w- c:\windows\system32\unacev2.dll
2012-09-20 16:37:32 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2012-09-20 16:37:23 -------- d-----w- c:\program files\Trojan Remover
2012-09-20 16:37:23 -------- d-----w- c:\documents and settings\all users\application data\Simply Super Software
2012-09-20 16:35:39 -------- d-----w- c:\documents and settings\owner\application data\EurekaLog
2012-09-20 16:29:26 -------- d-----w- c:\program files\Emsisoft Anti-Malware
.
==================== Find3M ====================
.
2012-10-20 14:43:30 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-09-07 11:59:52 3512159 ----a-w- C:\ComboFix-new.exe
2012-09-04 10:58:49 17789456 ----a-w- C:\Firefox Setup 15.0.exe
2012-08-29 05:37:30 14664 ----a-w- c:\windows\stinger.sys
2012-08-27 08:37:54 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-08-22 01:17:31 149272 ----a-w- c:\windows\system32\drivers\dwprot.sys
2012-08-05 20:08:29 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-07-28 07:47:42 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-28 07:47:42 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-07 11:13:40 451 ----a-w- c:\program files\030720125134026.bat
.
============= FINISH: 9:49:19.85 ===============

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: Trojan - Agent3.bwsf (AVG) Win32.tevb (Kaspersky)

Postby TeMerc » Wed Oct 24, 2012 12:38 am

Thanks for the log Dakota

Not seeing anything out of the ordinary here.

Altho, with not much RAM, and XP, there may be an issue with MBAM, SAS, Emsisoft.

Not sure about your versions of any of them do they have any realtime active monitors that load with Windows?
Image

dakota
Posts: 23
Joined: Thu Aug 30, 2012 9:10 am
Contact:

Re: Trojan - Agent3.bwsf (AVG) Win32.tevb (Kaspersky)

Postby dakota » Wed Dec 26, 2012 9:33 am

I dont know about real time monitors-i'm going to have to get refreshed on where i was on this.
This is an nemachine that has a recovery partition if i can figure out how to use it. I have also heard of an overlay install that doesn't delete any files.
I would prefer not to have to go through the hard drive and analyze file by file what I want to keep.
Is there an online guide to the overlay install process you would recommend?
If this restores microsoft settings, will it wipe out the access to the emachines recovery process?
Thanks.

additional comment-my emachines cd has no repair option so I think I am out of luck for anything except a complete windows reinstallation from that cd.

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: Trojan - Agent3.bwsf (AVG) Win32.tevb (Kaspersky)

Postby TeMerc » Wed Dec 26, 2012 4:23 pm

dakota wrote:I dont know about real time monitors-i'm going to have to get refreshed on where i was on this.
This is an nemachine that has a recovery partition if i can figure out how to use it. I have also heard of an overlay install that doesn't delete any files.
I would prefer not to have to go through the hard drive and analyze file by file what I want to keep.
Is there an online guide to the overlay install process you would recommend?
If this restores microsoft settings, will it wipe out the access to the emachines recovery process?
Thanks.

additional comment-my emachines cd has no repair option so I think I am out of luck for anything except a complete windows reinstallation from that cd.

I'm assuming the 'overlay' you mean is actually Windows 'repair'?

And many OEM disks didn't have repair options, some had 'restore' options, but that just resets the system to OEM delivered state, meaning you lose all data.

The best route would be a new system really, it does not pay to upgrade with a slow system, it won't run much better because newer systems require more RAM and processors
Image


Return to “Countermeasures: HijackThis! Spyware Help”

Who is online

Users browsing this forum: No registered users and 2 guests