1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Security Checkup

Discussion in 'Virus & Other Malware Removal' started by JessiesWifey, Dec 17, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. JessiesWifey

    JessiesWifey Thread Starter

    Joined:
    Dec 17, 2013
    Messages:
    4
    I found the core.insightexpress Trojan on my partners Laptop and removed all infections i could find but would like to checkup to make sure everything is clean.

    Little history: Computer was fully restored about 1 week ago and came with several page hijackers pre-installed in the Toshiba OEM software. Removed Norton and enabled Windows Defender then replaced it with AVG Free after cleaning the system. Yesterday however a pop-up appeared whilst i was remote controlling the system via TeamViewer with the title of core.insightexpress*.

    She hasn't downloaded anything except for Skype for windows and Camfrog Video Chat. the only other downloads have been a few security scanners last-night and Mozilla Firefox with the all in one sidebar and download bar plugins & Sisoftware Sandra Lite.

    Any help would be much appreciated

    Thanks in advance

    Nissie

    --------------------------------------------------------------------------------------------------
    --------------------------------------------------------------------------------------------------

    Here is the system specs:
    OS: Microsoft Windows 8/1
    Version: 6.3.9600 N/A Build 9600
    OS Config: Standalone Workstation

    Registered Organization: Toshiba
    System Manufacturer: TOSHIBA
    System Model: Satellite C55-A

    x64
    Dual core Intel64 Family 6 model 58 stepping 9 CPU @ 2.5GHz (Intel(R) Pentium(R) CPU 2020M)

    Bios: Insyde Corp. 1.20. 6/7/2013
    RAM: 6,023MB @ 8000MHz (DDR3 SO-DIMM) (4GB Bank-0 2GB Bank-1)
    Page File: 7,785MB

    --------------------------------------------------------------------------------------------------
    --------------------------------------------------------------------------------------------------

    Here is the latest HiJackThis log done at 04:12AM on 12/17/2013


    Logfile of HijackThis v1.99.1
    Scan saved at 4:13:02 AM, on 12/17/2013
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v11.0 (11.00.9600.16384)

    Running processes:
    C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\AVG\AVG2014\avgui.exe
    C:\WINDOWS\syswow64\wwahost.exe
    C:\Program Files\WindowsApps\Evernote.Evernote_2.1.2.15_x86__q4d96b2w5wcc2\EvernoteMetro.exe
    C:\Program Files\WindowsApps\Vectorform.ToolboxforWindows8_3.0.0.10_neutral__wmy4wg9xnbqkw\Toolbox.exe
    C:\Program Files\WindowsApps\AntaraSoftware.AlarmClockHD_3.0.0.2_neutral__7jhd16s0b93qm\AlarmClockHD.exe
    C:\Program Files (x86)\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
    C:\WINDOWS\SysWOW64\DllHost.exe
    C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
    C:\Program Files (x86)\Anvisoft\Slim Toolbar\ToolbarTray.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
    C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
    C:\Program Files (x86)\Steam\steam.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by TOSHIBA
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
    O4 - HKLM\..\Run: [Anvi AD Blocker] "C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe" -tray
    O4 - HKLM\..\Run: [ToolbarTray] C:\Program Files (x86)\Anvisoft\Slim Toolbar\ToolbarTray.exe
    O4 - HKCU\..\Run: [Camfrog] "C:\Program Files (x86)\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 0 C:\Program Files (x86)\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKCU\..\Run: [AVG-Secure-Search-Update_1113a] C:\Users\Anise\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=9bdefe0854e647d3a1ead1c5bc94f6db-aebdd627cec6f4c2f2c4d3abe91808ed21c1ecfd /CMPID=1113a
    O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O11 - Options group: [INTERNATIONAL] International
    O13 - Gopher Prefix:
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adblocker Monitor Service (AdblockerSrv) - Unknown owner - C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
    O23 - Service: Anvi Smart Defender Realtime Guard Service (asdsrv) - Anvisoft - C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
    O23 - Service: Anvi Slim Toolbar Guard Service (astsvr) - Anvisoft - C:\Program Files (x86)\Anvisoft\Slim Toolbar\ToolBarService.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
    O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: DTS APO Service (dts_apo_service) - Unknown owner - C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
    O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
    O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
    O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
    O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\RpcAgentSrv.exe
    O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Unknown owner - C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService (file missing)
    O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - %ProgramFiles%\Windows Defender\NisSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - %ProgramFiles%\Windows Defender\MsMpEng.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
     
  2. JessiesWifey

    JessiesWifey Thread Starter

    Joined:
    Dec 17, 2013
    Messages:
    4
    Still waiting for a reply here. Had 2 more pop-ups since the 'core.insightexpress'. One (The most recent about 2 days ago) i unfortunately wasn't around to see so no information on it. The other about 2-3 days after the origional post with the sighting of the 'core.insightexpress' pop-up i saw one titled "axp.zedo".

    I havn't taken any actionssince the origional post when i removed what i could find of the 'core.insightexpress' infection. However a few new applications have been installed by my partners brother. (Remote server & Splashtop remote control services).

    Any help would be much appreciated

    Thanks in advance

    -TehEmoGurl-
     
  3. JessiesWifey

    JessiesWifey Thread Starter

    Joined:
    Dec 17, 2013
    Messages:
    4
    Really... is there nobody at all who can help with this matter? :confused:
     
  4. JessiesWifey

    JessiesWifey Thread Starter

    Joined:
    Dec 17, 2013
    Messages:
    4
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1115472