Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Annoying Pop Ups!


  • Please log in to reply
1 reply to this topic

#1 WileE87

WileE87

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 24 December 2008 - 09:22 PM

Hello,
I have ran MalawareBytes, Search and Destroy and Ad-aware and I'm still having a trojan infection. I get annoying popups while on the internet.
Example of one of the popup urls:
<hxxp://url.adtrgt.com/cpv.jsp?p=110219&ip=71.200.223.252&url=this&selectedKeyword=ron&selectedListingId=7388316&default=hxxp://sagipsul.com/go/rfe.php?cmp=vm_mg_fails_juan&uid=39A8B058CED011DD9A01166350CFFFFF&guid=0BF2718BB5E54800888923B3751E4B6A&lid=&url=this&affid=166350&b42=&b42=0.0019&aid=520>
Thank you smile.gif

DDS (Version 1.1.0) - NTFSx86
Run by Jonathan at 21:16:00.68 on Wed 12/24/2008
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.515 [GMT -5:00]

AV: AVG 7.5.552 *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\EloSrvce.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\EloDkMon.exe
C:\WINDOWS\system32\EloTTray.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Documents and Settings\Jonathan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [AVG7_CC] c:\progra~1\grisoft\avg7\avgcc.exe /STARTUP
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: jwhyji.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jonathan\applic~1\mozilla\firefox\profiles\qz3q53pm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-veoh&p=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-veoh&p=

============= SERVICES / DRIVERS ===============

R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2007-12-23 821856]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2007-12-23 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2007-12-23 27776]
R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2007-12-23 10760]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-12-23 394952]
R2 aawservice;Ad-Aware 2007 Service;"c:\program files\lavasoft\ad-aware 2007\aawservice.exe" [2007-10-29 587096]
R2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe [2007-12-23 418816]
R2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe [2007-12-23 49664]
R3 EloBus;Elobus Filter Driver;c:\windows\system32\drivers\EloBus.sys [2007-12-26 14336]
R3 EloSer;Elo Serial Driver;c:\windows\system32\drivers\EloSer.sys [2007-12-26 108672]
S3 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service []

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2008-12-23 15:47 <DIR> --d----- C:\VundoFix Backups
2008-12-22 15:04 <DIR> --d----- c:\program files\Trend Micro
2008-12-20 14:59 57,856 a------- c:\windows\system32\opnkhgEu.dll
2008-12-20 14:59 135,168 a------- c:\windows\system32\jwhyji.dll
2008-12-20 14:59 135,168 a------- c:\windows\system32\dslcunrp.dll
2008-12-18 21:32 87,608 a------- c:\docume~1\jonathan\applic~1\inst.exe
2008-12-18 21:32 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2008-12-18 21:32 47,360 a------- c:\docume~1\jonathan\applic~1\pcouffin.sys
2008-12-18 21:32 <DIR> --d----- c:\program files\DVDFab 5
2008-12-17 16:40 <DIR> --d----- c:\program files\Activision
2008-12-17 03:00 <DIR> --d----- c:\program files\MSXML 6.0
2008-12-15 12:09 3,734,536 a------- c:\windows\system32\d3dx9_36.dll
2008-12-15 12:09 1,374,232 a------- c:\windows\system32\D3DCompiler_36.dll
2008-12-15 12:09 444,776 a------- c:\windows\system32\d3dx10_36.dll
2008-12-15 12:09 267,112 a------- c:\windows\system32\xactengine2_9.dll
2008-12-15 12:09 3,727,720 a------- c:\windows\system32\d3dx9_35.dll
2008-12-15 12:09 1,358,192 a------- c:\windows\system32\D3DCompiler_35.dll
2008-12-15 12:09 444,776 a------- c:\windows\system32\d3dx10_35.dll
2008-12-15 12:09 <DIR> --d----- c:\windows\Logs
2008-12-15 12:05 <DIR> --d----- c:\windows\system32\XPSViewer
2008-12-15 12:04 14,048 a------- c:\windows\system32\spmsg2.dll
2008-12-15 12:01 <DIR> --d----- c:\windows\system32\xlive

==================== Find3M ====================

2008-12-03 19:52 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-03 19:52 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-10-23 08:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-16 15:38 826,368 a------- c:\windows\system32\wininet.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-03 05:15 247,326 a------- c:\windows\system32\strmdll.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-08-15 13:59 41,924,640 a--sh--- c:\windows\system32\drivers\fidbox.dat

============= FINISH: 21:16:37.51 ===============

Attached Files


Edited by Orange Blossom, 11 February 2013 - 02:46 AM.
Deactivate link. ~ OB


BC AdBot (Login to Remove)

 


#2 Bugbatter

Bugbatter

    Forum Deity


  • Malware Response Team
  • 270 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 05 January 2009 - 04:13 PM

Welcome :thumbsup:

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

I am reviewing your logs. In the meantime, please address the following:

* Have you have posted this issue on another forum? If so, please provide a link to the topic.

* If you are an employee and this system is owned by your employer, do you have permission to make changes to it?

* If you are using any cracked (illegal) software, please uninstall that.

* If you are using any P2P (file sharing) programs, please remove them before we clean your computer. The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state.
There is a list here: http://spywarehammer.com/simplemachinesfor...php?topic=110.0

* Please understand it is very important that you follow the instructions given to you during the cleaning of malware. This can sometimes be a tricky process and often requires things be done in a certain sequence to be effective. Please do not wait days between steps in this process. It is requested you respond at least within 48 hours. Any longer and it becomes necessary to update all information and start over. Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

* After we begin working, please print or copy all instructions to Notepad in order to assist you when carrying out procedures.
Please follow all instructions in sequence. Do not, on your own, install/re-install any programs or run any fixes or scanners that you have not been instructed to use because this may cause conflicts with the tools that I am using.

* If your replies do not fit in one post while we are handling your issue, please reply to yourself until all text is submitted. It may take several posts.

I look forward to your reply so we can begin removing the malware.

Thanks and again sorry for the delay.

Edited by Bugbatter, 05 January 2009 - 04:13 PM.

Microsoft MVP - Consumer Security 2006-2016

Microsoft Windows Insider MVP 2016-





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users