Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus 360 2009 ad and other popups


  • This topic is locked This topic is locked
2 replies to this topic

#1 danthecan

danthecan

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 28 December 2008 - 12:10 AM

Firefox spontaneously opens to random web sites. Explorer also opens up on its own. Sometimes ads for Antivirus 360 2009 open up. Thanks a lot for your help. I have a degree in Information Systems, having took 4 classes of C++, Java, Assembly, ASP, Visual Basic... and am the techie in my family, but I don't have a lot of experience battling bugs. Usually I just format, but this is my Mom's computer and she has a lot of stuff that I don't want to lose.


DDS (Version 1.1.0) - NTFSx86
Run by Daniel Jacobson at 23:58:15.35 on Sat 12/27/2008
Internet Explorer: 6.0.2800.1106 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.1535.902 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Daniel Jacobson\Desktop\dds.scr

============== Pseudo HJT Report ===============

uLocal Page = c:\windows\system\blank.htm
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://start.earthlink.net
uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.dellnet.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {7e4a82db-ca5e-cc1b-cb74-071b43c1d780}: {087d1c34-b170-47bc-b1cc-e5acbd28a4e7} - c:\windows\system32\ydnjdd.dll
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\jkkLeBTL.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar5.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: {d111d236-7c19-40bd-91e2-503e7fcde045} - c:\windows\system32\awtttqrs.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar5.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [googletalk] "c:\program files\google\google talk\googletalk.exe" /autostart
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [AdaptecDirectCD] c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe
mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe
mRun: [nwiz] nwiz.exe /install
mRun: [AVG7_CC] c:\progra~1\grisoft\avgfre~1\avgcc.exe /STARTUP
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [c484afc4] rundll32.exe "c:\windows\system32\oslwvseg.dll",b
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
dRun: [AVG7_Run] c:\progra~1\grisoft\avgfre~1\avgw.exe /RUNONCE
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hposol08.exe
mPolicies-explorer: <NO NAME> =
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm088YYUS
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\MSMSGS.EXE
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
Notify: jkkLeBTL - jkkLeBTL.dll
Notify: LMIinit - LMIinit.dll
AppInit_DLLs: ydnjdd.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\jkkLeBTL.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\awtttqrs

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\daniel~1\applic~1\mozilla\firefox\profiles\am17twaj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

============= SERVICES / DRIVERS ===============

R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2006-5-24 821856]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2005-10-23 4224]
R1 Avg7RsXP;AVG7 Rezident Driver;c:\windows\system32\drivers\avg7rsxp.sys [2006-3-14 27776]
R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2007-2-1 10760]
R2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avgfre~1\avgamsvr.exe [2007-10-25 418816]
R2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avgfre~1\avgupsvc.exe [2005-10-23 49664]
R2 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avgfre~1\avgemc.exe [2007-10-25 406528]
R2 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2005-10-23 4960]
R2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\RaInfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\c:\windows\system32\drivers\LMIRfsDriver.sys [2008-10-26 47640]
S3 NPF;Netgroup Packet Filter;\??\c:\windows\system32\drivers\packet.sys [2003-8-13 13203]
S3 W8100PCI;D-Link AirPlus G Wireless Driver;c:\windows\system32\drivers\mrv8k51.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; []

=============== Created Last 30 ================

2008-12-27 22:32 1,755,117 ---sh--- c:\windows\system32\gesvwlso.ini
2008-12-27 22:32 72,704 a------- c:\windows\system32\oslwvseg.dll
2008-12-27 20:00 <DIR> --d----- c:\program files\Trend Micro
2008-12-27 19:55 129,024 a------- c:\windows\system32\ydnjdd.dll
2008-12-27 19:55 129,024 a------- c:\windows\system32\lcwhuxmu.dll
2008-12-25 22:03 1,755,117 ---sh--- c:\windows\system32\ekeyihel.ini
2008-12-25 22:03 72,704 -------- c:\windows\system32\lehiyeke.dll
2008-12-25 22:00 129,024 a------- c:\windows\system32\vrcqbi.dll
2008-12-25 22:00 129,024 a------- c:\windows\system32\ejlgnufk.dll
2008-12-25 21:52 143 a------- c:\windows\system32\mcrh.tmp
2008-12-25 21:51 34,816 a------- c:\windows\system32\cbXNfdAp.dll
2008-12-25 21:51 198,716 a------- c:\windows\system32\wpv401229907513.cpx
2008-12-25 21:50 708,640 a--sh--- c:\windows\system32\srqtttwa.ini2
2008-12-25 21:50 708,640 a--sh--- c:\windows\system32\srqtttwa.ini
2008-12-25 21:49 302,592 a------- c:\windows\system32\awtttqrs.dll
2008-12-25 21:44 34,816 a------- c:\windows\system32\jkkLeBTL.dll
2008-12-25 21:44 <DIR> --d----- c:\program files\GetModule
2008-12-25 21:44 198,716 a------- c:\windows\system32\wpv331229907513.cpx

==================== Find3M ====================

2008-10-26 11:06 724,984 a------- c:\documents and settings\daniel jacobson\gotomypc_437.exe
2008-10-16 20:35 83,288 a------- c:\windows\system32\LMIRfsClientNP.dll
2008-10-16 20:35 28,984 a------- c:\windows\system32\LMIport.dll
2008-10-16 20:35 10,040 a------- c:\windows\system32\lmimirr2.dll
2008-10-16 20:35 23,736 a------- c:\windows\system32\lmimirr.dll
2008-10-16 20:35 87,352 a------- c:\windows\system32\LMIinit.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-03-11 18:11 87,472 a------- c:\docume~1\daniel~1\applic~1\GDIPFONTCACHEV1.DAT
2005-04-12 19:52 3,454 a------- c:\program files\DeIsL1.isu
2004-06-20 09:55 164 a---h--- c:\documents and settings\all users\hpothb07.dat
1999-04-23 10:04 37,966 a------- c:\program files\Readme.wri
1999-03-31 07:33 579,602 a------- c:\program files\MScience.png
1999-03-31 06:54 151,040 a------- c:\program files\mScience.DLL
1999-03-31 06:54 16,384 a------- c:\program files\DKShRes.DLL
1999-03-05 13:11 1,933,312 a------- c:\program files\MScience.exe
1999-03-05 12:31 779,776 a------- c:\program files\PinGame.dll
1999-03-05 12:26 146,944 a------- c:\program files\PinDB.dll
1999-03-05 12:22 232,448 a------- c:\program files\DKStore.dll
1999-03-05 12:20 301,568 a------- c:\program files\DKKernel.dll
1999-01-25 13:47 24,320 a------- c:\program files\Order.wri
1998-06-23 10:43 193,633 a------- c:\program files\QUIZQS.DBT
1998-01-16 11:56 114,221 a------- c:\program files\village5mix.WAV
1998-01-16 11:56 152,269 a------- c:\program files\village4mix.WAV
1998-01-16 11:56 152,269 a------- c:\program files\village3mix.WAV
1998-01-16 11:56 76,207 a------- c:\program files\village2mix.WAV
1998-01-16 11:55 76,152 a------- c:\program files\village1mix.WAV
1998-01-16 10:30 129,989 a------- c:\program files\moon5mix.WAV
1998-01-16 10:30 129,989 a------- c:\program files\moon4mix.WAV
1998-01-16 10:30 129,989 a------- c:\program files\moon3mix.WAV
1998-01-16 10:30 129,989 a------- c:\program files\moon2mix.WAV
1998-01-16 10:30 129,989 a------- c:\program files\moon1mix.WAV
1998-01-16 08:00 61,952 a------- c:\program files\Uninst.dll
1998-01-06 10:47 247,348 a------- c:\program files\island4mix.WAV
1998-01-06 10:47 247,348 a------- c:\program files\island3mix.WAV
1998-01-06 10:47 247,348 a------- c:\program files\island2mix.WAV
1998-01-06 10:47 247,348 a------- c:\program files\island1mix.WAV
1997-12-12 07:05 156 a------- c:\program files\Uninst.ini

============= FINISH: 0:02:47.37 ===============

Edited by danthecan, 28 December 2008 - 12:11 AM.


BC AdBot (Login to Remove)

 


#2 danthecan

danthecan
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 30 December 2008 - 02:20 AM

Never mind. I've installed and ran Malware. Thanks.

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:12:23 AM

Posted 07 January 2009 - 11:13 PM

Thanks for informing us. Good luck.

If you find other problems please start a new topic.

This thread is closed.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users