 http://url.adtrgt.com popip in firefox, Could be other malware also... |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Dec 26 2008, 04:26 AM
Post
#1
|
|
|
New Member  Group: Members Posts: 1 Joined: 26-December 08 Member No.: 274,108  |
My computer also seems slower in general. DDS (Version 1.1.0) - NTFSx86 Run by Johnathan at 4:21:32.42 on Fri 12/26/2008 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_05 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.938 [GMT -5:00] AV: AVG 7.5.552 *On-access scanning enabled* (Updated) ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\libusbd-nt.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\TVersity\Media Server\MediaServer.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe C:\Program Files\Logitech\Gaming Software\LWEMon.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\SOUNDMAN.EXE D:\Winamp\winampa.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Pro\DTProAgent.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\NETGEAR\WG111T\wlan111t.exe C:\Program Files\MagicDisc\MagicDisc.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\rundll32.exe D:\Winamp\winamp.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Documents and Settings\Johnathan\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ig?hl=en uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {09b51599-1fb4-48e5-a101-f71d2af0c0e1} - c:\windows\system32\voyuvofe.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\geBuVmLF.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll BHO: {d1635746-124b-4675-8000-836a16159a24} - c:\windows\system32\byXPIaAs.dll BHO: {b59c517e-fbb8-00bb-2354-282b1d93d3ee}: {ee3d39d1-b282-4532-bb00-8bbfe715c95b} - c:\windows\system32\muzaci.dll BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - c:\program files\paypal\paypal plug-in\OToolbar.dll uRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033 uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [CurseClient] c:\program files\curse\CurseClient.exe -silent uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTProAgent.exe" -autorun mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [AVG7_CC] c:\progra~1\grisoft\avg7\avgcc.exe /STARTUP mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [SysMetrix] c:\program files\sysmetrix\SysMetrix.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe" mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe" mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [SoundMan] SOUNDMAN.EXE mRun: [WinampAgent] d:\winamp\winampa.exe mRun: [yunawiwepu] Rundll32.exe "c:\windows\system32\gojobeju.dll",s mRun: [682c343a] rundll32.exe "c:\windows\system32\rfafnhxv.dll",b dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe StartupFolder: c:\docume~1\johnat~1\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111t\wlan111t.exe IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll TCP: {C4E16887-1A6C-4613-B218-0BD55880295B} = 205.152.37.23,205.152.132.23 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: geBuVmLF - geBuVmLF.dll Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll Notify: WBSrv - c:\progra~1\stardock\object~1\window~1\wbsrv.dll AppInit_DLLs: wbsys.dll,c:\windows\system32\dokajihe.dll muzaci.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\geBuVmLF.dll SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll LSA: Authentication Packages = msv1_0 c:\windows\system32\byXPIaAs LSA: Notification Packages = scecli c:\windows\system32\dokajihe.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\johnat~1\applic~1\mozilla\firefox\profiles\n992ee2m.default\ FF - component: c:\documents and settings\johnathan\application data\mozilla\firefox\profiles\n992ee2m.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampPlayer.dll FF - component: c:\documents and settings\johnathan\application data\mozilla\firefox\profiles\n992ee2m.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll FF - plugin: c:\program files\panda security\nanoscan\plugins\npnanoscan.dll ============= SERVICES / DRIVERS =============== R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2007-7-13 821856] R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2007-7-13 4224] R1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2007-7-13 27776] R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2007-7-13 10760] R2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe [2007-7-13 418816] R2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe [2007-7-13 49664] R2 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avg7\avgemc.exe [2007-7-13 406528] R2 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2007-7-13 4960] R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe [] R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2007-7-15 33792] S2 NetworkLookOutAgent;Network LookOut Agent;c:\windows\system32\nladm\NLAgentProSvc.exe [] S3 aaudstum;aaudstum;\??\c:\docume~1\johnat~1\locals~1\temp\aaudstum.sys [] S3 ATHFMWDL;NETGEAR WG111T Bootloader driver;c:\windows\system32\drivers\ATHFMWDL.sys [] S3 cmudaxu;C-Media USB Sound Interface;c:\windows\system32\drivers\cmudaxu.sys [2007-7-12 1391296] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\c:\windows\system32\DNINDIS5.SYS [2007-8-25 17149] S3 SetupNTGLM7X;SetupNTGLM7X;\??\E:\NTGLM7X.sys [] =============== Created Last 30 ================ 2008-12-26 01:16 120 ---sh--- c:\windows\system32\vxhnfafr.ini 2008-12-26 01:16 72,704 a------- c:\windows\system32\rfafnhxv.dll 2008-12-26 01:04 129,024 a------- c:\windows\system32\muzaci.dll 2008-12-26 01:04 129,024 a------- c:\windows\system32\rclldfbn.dll 2008-12-25 04:24 120 ---sh--- c:\windows\system32\ijipimiw.ini 2008-12-25 01:13 120 ---sh--- c:\windows\system32\pxmbjuxr.ini 2008-12-25 01:13 72,704 -------- c:\windows\system32\rxujbmxp.dll 2008-12-25 01:04 129,024 a------- c:\windows\system32\traobl.dll 2008-12-25 01:04 129,024 a------- c:\windows\system32\gbejdkxr.dll 2008-12-24 16:24 120 ---sh--- c:\windows\system32\ahamekis.ini 2008-12-24 04:24 120 ---sh--- c:\windows\system32\ahosudew.ini 2008-12-24 03:13 923,001 a--sh--- c:\windows\system32\sAaIPXyb.ini2 2008-12-24 02:15 95 a------- c:\windows\wininit.ini 2008-12-24 01:52 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy) 2008-12-24 01:52 <DIR> --d----- c:\program files\TeaTimer (Spybot - Search & Destroy) 2008-12-24 01:51 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy) 2008-12-24 01:51 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy) 2008-12-24 01:03 129,024 a------- c:\windows\system32\hmzzem.dll 2008-12-24 01:03 129,024 a------- c:\windows\system32\msuqcjki.dll 2008-12-24 01:01 923,001 a--sh--- c:\windows\system32\sAaIPXyb.ini 2008-12-24 01:01 302,592 a------- c:\windows\system32\byXPIaAs.dll 2008-12-24 00:56 34,816 a------- c:\windows\system32\geBuVmLF.dll 2008-12-24 00:56 198,716 a------- c:\windows\system32\wpv031229907513.cpx 2008-12-04 16:21 <DIR> --d----- c:\docume~1\johnat~1\applic~1\Desktopicon 2008-12-04 16:21 <DIR> --d----- c:\program files\Unlocker ==================== Find3M ==================== 2008-12-25 04:24 84,647 -------- c:\windows\system32\wimipiji.dll 2008-12-24 16:24 84,195 -------- c:\windows\system32\sikemaha.dll 2008-12-24 04:23 84,723 -------- c:\windows\system32\wedusoha.dll 2008-10-30 06:23 107,888 a------- c:\windows\system32\CmdLineExt.dll 2008-10-30 06:16 717,296 a------- c:\windows\system32\drivers\sptd.sys 2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll 2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll 2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll 2008-10-15 20:00 666,112 a------- c:\windows\system32\wininet.dll 2008-10-03 05:02 247,326 a------- c:\windows\system32\strmdll.dll 2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll 2008-04-18 02:04 22,328 a------- c:\docume~1\johnat~1\applic~1\PnkBstrK.sys ============= FINISH: 4:22:18.76 =============== This post has been edited by Orange Blossom: Dec 26 2008, 09:01 PM
Reason for edit: Deactivate link. ~ OB
Attached File(s)
|
 |
 
|
|
Jan 6 2009, 10:45 PM
Post
#2
|
|
 Forum Deity Group: HJT Team Posts: 257 Joined: 18-June 05 Member No.: 23,930 |
Hello and welcome to Bleeping Computer
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far. Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware. Thanks and again sorry for the delay. I am reviewing your log. In the meantime, please address the following: * Have you have posted this issue on another forum? If so, please provide a link to the topic. * If you are an employee and this system is owned by your employer, do you have permission to make changes to it? * If you are using any cracked (illegal) software, please uninstall that. * If you are using any P2P (file sharing) programs, please remove them before we clean your computer. The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. That includes BitTorrent, uTorrent, and similar programs. There is a list here: http://spywarehammer.com/simplemachinesfor...php?topic=110.0 * Please understand it is very important that you follow the instructions given to you during the cleaning of malware. This can sometimes be a tricky process and often requires things be done in a certain sequence to be effective. Please do not wait days between steps in this process. It is requested you respond at least within 48 hours. Any longer and it becomes necessary to update all information and start over. Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. * After we begin working, please print or copy all instructions to Notepad in order to assist you when carrying out procedures. Please follow all instructions in sequence. Do not, on your own, install/re-install any programs or run any fixes or scanners that you have not been instructed to use because this may cause conflicts with the tools that I am using. * If your replies do not fit in one post while we are handling your issue, please reply to yourself until all text is submitted. It may take several posts. I look forward to your reply so we can begin removing the malware. --------------------  Microsoft MVP - Consumer Security |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 21st November 2009 - 02:25 AM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.