Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Specific problem unknown


  • Please log in to reply
1 reply to this topic

#1 Yuri Hyuga

Yuri Hyuga

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:53 AM

Posted 24 December 2008 - 06:17 AM

I'm not entirely sure as to the extent of the problem either. However, two things are invariably happening: I can't open filepickers (as are provided at such sites as imageshack.us and sendspace.com), and I get a number of pop-ups that I can't seem to block. I tried sdfix to no avail.

Edit: I'm told to attach attach.txt to the post, but the filepicker not opening kind of stops me from doing this.


DDS (Version 1.1.0) - NTFSx86
Run by Poweruser at 5:14:32.92 on Wed 12/24/2008
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.159 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\Poweruser\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\StartupMonitor.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\WHidePro\whpro.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\Poweruser\Desktop\dds.scr

============== Pseudo HJT Report ===============

uWindow Title = Microsoft Internet Explorer provided by Insight Broadband
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://ww.insightbb.com
mStart Page = hxxp://ww.insightbb.com
mSearch Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
Yahoo! Toolbar
BHO: XBTP05231 Class: {031F120A-BBAF-45d8-B306-375F2A6B9398} - c:\progra~1\alcoho~1\alcoho~2\a120_tb.dll
BHO: CEffBarBHO Object: {2E4136F6-A927-4337-8178-B7EBC309EFC4} - c:\program files\dittosidebar\Dsb.dll
BHO: N/A: {4BF04F49-4242-41C8-8953-FA55AEC00DAF} - c:\windows\system32\wvUkLETM.dll
BHO: N/A: {9346F705-CAA1-4156-84DC-4C610AF04AE7} - c:\windows\servicepackfiles\cmsm.dll
BHO: AVG Security Toolbar: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Viewpoint Toolbar BHO: {A7327C09-B521-4EDB-8509-7D2660C9EC98} - c:\program files\viewpoint\viewpoint toolbar\3.8.0\ViewBarBHO.dll
TB: Alcohol Soft - Alcohol 120% Toolbar: {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - c:\program files\alcohol soft\alcohol 120% toolbar\a120_tb.dll
TB: Viewpoint Toolbar: {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - c:\program files\common files\viewpoint\toolbar runtime\3.8.0\IEViewBar.dll
TB: AVG Security Toolbar: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
Yahoo! Toolbar
uRun: [WindowsHiderPro] c:\program files\whidepro\whpro.exe
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
uRun: [EPSON Stylus CX5400] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /M "Stylus CX5400" /EF "HKCU"
uRun: [Google Update] "c:\documents and settings\poweruser\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe
mRun: [Microsoft Works Portfolio] c:\program files\microsoft works\WksSb.exe /AllUsers
mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [AceGain LiveUpdate] c:\program files\acegain\liveupdate\LiveUpdate.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [Run StartupMonitor] StartupMonitor.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [EPSON Stylus CX5400] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB002" /M "Stylus CX5400"
mRun: [EPSON Stylus CX5400 (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2G1.EXE /P28 "EPSON Stylus CX5400 (Copy 1)" /O6 "USB001" /M "Stylus CX5400"
mRun: [DeviceDiscovery] c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\documents and settings\poweruser\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
uPolicies-system: NoDispAppearancePage = 0 (0x0)
IE: Download Using &BitSpirit - c:\program files\bitspirit\bsurl.htm
IE: 用比特精灵下载(&:thumbsup:
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: imageservr.com
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: cmsm - c:\windows\servicepackfiles\cmsm.dll
Notify: winmxw32 - winmxw32.dll
Notify: WRNotifier - WRLogonNTF.dll
AppInit_DLLs: avgrsstx.dll zdxdyf.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\wvUkLETM

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\poweru~1\applic~1\mozilla\firefox\profiles\qlym1v7o.default\
FF - prefs.js: browser.startup.homepage - www.insightbb.com
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\poweruser\local settings\application data\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin2.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin3.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin4.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin5.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 fasttrak;fasttrak;c:\windows\system32\drivers\fasttrak.sys [2002-5-22 73600]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-1 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-2-20 26824]
R2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-9-10 611664]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-5 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-5 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-7-1 76040]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\ViewpointService.exe" [2007-1-10 24652]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2008-7-12 6016]
S3 XLPINIT;XLPINIT;c:\windows\system32\drivers\xromlp.sys [2003-12-6 69148]
S3 XLPWRITER;XLPWRITER;c:\windows\system32\drivers\xromio.sys [2001-1-28 170508]
S3 XPAD910;XPADFilter Service 910;c:\windows\system32\drivers\xpad910.sys []

=============== Created Last 30 ================

2008-12-24 03:15 578,560 a------- c:\windows\system32\dllcache\user32.dll
2008-12-24 03:01 <DIR> --d----- c:\windows\ERUNT
2008-12-24 02:51 <DIR> --d----- C:\SDFix
2008-12-24 02:03 <DIR> --d----- c:\program files\Trend Micro
2008-12-24 00:13 <DIR> --d----- c:\program files\XoftSpySE
2008-12-23 17:58 <DIR> --d----- c:\docume~1\poweru~1\applic~1\AVGTOOLBAR
2008-12-23 13:15 1,661,209 ---sh--- c:\windows\system32\thaxmxpj.ini
2008-12-23 13:15 92,160 a------- c:\windows\system32\jpxmxaht.dll
2008-12-23 13:12 58,368 a------- c:\windows\system32\ddcCSIbb.dll
2008-12-23 13:04 130,048 a------- c:\windows\system32\zdxdyf.dll
2008-12-23 13:04 130,048 a------- c:\windows\system32\mlyhroyb.dll
2008-12-23 13:03 950,899 a--sh--- c:\windows\system32\MTELkUvw.ini2
2008-12-23 13:03 950,899 a--sh--- c:\windows\system32\MTELkUvw.ini
2008-12-23 13:02 292,864 a------- c:\windows\system32\wvUkLETM.dll
2008-12-23 12:57 45,056 a------- c:\windows\system32\ljJARHWP.dll
2008-12-21 00:45 <DIR> --d----- C:\sysreset
2008-12-15 19:57 <DIR> --d----- c:\program files\Overland
2008-12-15 19:17 <DIR> --d----- c:\program files\Lavasoft
2008-12-14 19:45 800 a------- c:\windows\hpinfo.lnk
2008-12-14 19:44 <DIR> --d----- c:\program files\hp deskjet 930c series
2008-12-14 19:43 53,248 a------- c:\windows\system32\hpfinsta.exe
2008-12-14 19:43 274,432 -------- c:\windows\system32\hpfinst.dll
2008-12-14 19:43 262,144 a------- c:\windows\system32\hpzcon04.dll
2008-12-14 19:43 200,704 a------- c:\windows\system32\hpzcoi04.dll
2008-12-14 19:43 114,744 a------- c:\windows\system32\hpzlnt04.dll
2008-12-09 15:46 52,736 a------- c:\windows\ipuninst.exe
2008-12-09 15:46 <DIR> --d----- c:\program files\BlackIsle
2008-12-06 14:51 107,368 a------- c:\windows\system32\GEARAspi.dll
2008-12-06 14:51 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-06 14:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-06 03:09 <DIR> --d----- c:\windows\system32\Ldresb
2008-12-06 01:13 <DIR> --d----- c:\program files\SUPERAntiSpyware
2008-12-05 17:27 <DIR> --d----- c:\program files\iPod
2008-12-05 10:32 333,824 -------- c:\windows\system32\dllcache\srv.sys
2008-12-05 10:32 1,846,400 -------- c:\windows\system32\dllcache\win32k.sys
2008-12-05 10:31 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-05 10:31 2,189,184 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-05 10:31 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-05 10:31 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-05 10:31 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-05 10:31 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-12-05 10:31 1,106,944 -------- c:\windows\system32\dllcache\msxml3.dll
2008-11-25 19:32 <DIR> --d----- c:\program files\The Dreamworld

==================== Find3M ====================

2008-12-18 18:50 31 ac------ c:\documents and settings\poweruser\jagex_runescape_preferences.dat
2008-12-13 00:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-11-07 14:23 32,000 a------- c:\windows\system32\drivers\usbaapl.sys
2008-10-23 06:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 06:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 07:11 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 07:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 01:06 633,632 -------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 01:04 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2008-10-10 17:41 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2008-10-10 17:25 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-10-03 04:02 247,326 a------- c:\windows\system32\strmdll.dll
2008-10-03 04:02 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2006-06-10 11:09 774,144 a------- c:\program files\RngInterstitial.dll
2006-10-12 22:38 1,219,668 a--sh--- c:\windows\servicepackfiles\msmc.bak1
2006-10-19 05:19 1,241,812 a--sh--- c:\windows\servicepackfiles\msmc.bak2
2006-10-19 08:08 1,246,849 a--sh--- c:\windows\servicepackfiles\msmc.ini2
2007-06-06 23:01 1,836,461 ---sh--- c:\windows\system32\kjkmp.bak1

============= FINISH: 5:17:12.31 ===============

Edited by Yuri Hyuga, 24 December 2008 - 06:18 AM.


BC AdBot (Login to Remove)

 


#2 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 05 January 2009 - 05:54 AM

Hi,

sorry for the delay in getting back to you.
If you still needs help, please do next:

Click here to download HijackThis.
Save HJTInstall.exe to your Desktop.
Double click on the HJTInstall.exe icon to start the program.
By default it will install to C:\Program Files\Trend Micro\HijackThis
After the final dialogue box it will launch HijackThis.

Click on the scan button. It will scan and then ask you to save the log.
Save the log, and post me it in your next reply.
Posted Image
Proud member of ASAP since 2007




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users