Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Doubleclick.net malware?/spyware?


  • This topic is locked This topic is locked
2 replies to this topic

#1 iml

iml

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 04 February 2009 - 11:41 PM

Here is the log from the DDS.


DDS (Ver_09-02-01.01) - NTFSx86
Run by Charles Lewis at 22:35:48.45 on Wed 02/04/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1375 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files\Lexmark 2600 Series\ezprint.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\AnalogX\NetStat Live\nsl.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Charles Lewis\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = google.com/
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: Ask Toolbar: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} -
TB: {2787EA8E-8D87-48AF-88AD-B30246C917AB} - No File
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Copperhead] "c:\program files\razer\copperhead\razerhid.exe"
mRun: [AVG8_TRAY] "c:\progra~1\avg\avg8\avgtray.exe"
mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] "c:\windows\system32\nwiz.exe" /install
mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 2600 series\ezprint.exe"
mRun: [UltraMon] "c:\program files\ultramon\UltraMon.exe" /auto
mRun: [NetStat Live] "c:\program files\analogx\netstat live\nsl.exe"
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli c:\windows\system32\rogujizi.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\charle~1\applic~1\mozilla\firefox\profiles\qvjd68lj.default user\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - HiddenExtension: XUL Cache: {1BB0978C-85D0-4825-BBFC-56E715FAF1CF} - c:\documents and settings\charles lewis\local settings\application data\{1BB0978C-85D0-4825-BBFC-56E715FAF1CF}
FF - HiddenExtension: XUL Cache: {7F38BF24-C95D-4DF2-9273-582675BFA993} - c:\windows\system32\config\systemprofile\local settings\application data\{7f38bf24-c95d-4df2-9273-582675bfa993}\

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-31 28544]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-8-9 29808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-27 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-7-27 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-7-27 107272]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-27 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-27 231704]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2006-9-24 11776]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2008-8-9 3585384]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [2006-9-24 3584]
R3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2008-6-17 11596]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2008-11-12 98984]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\charle~1\locals~1\temp\alsysio.sys --> c:\docume~1\charle~1\locals~1\temp\ALSysIO.sys [?]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys --> c:\windows\system32\drivers\NPF.sys [?]
S3 tapgamerail;GameRail Adapter;c:\windows\system32\drivers\tapgamerail.sys [2008-1-10 32280]
S4 getPlus® Helper;getPlus® Helper; [x]

=============== Created Last 30 ================

2009-02-04 20:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-02-04 20:33 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-02-04 20:33 <DIR> --d----- c:\docume~1\charle~1\applic~1\SUPERAntiSpyware.com
2009-02-04 14:50 <DIR> --d-h--- c:\windows\PIF
2009-02-03 21:50 3,624 a------- c:\windows\system32\ealregsnapshot1.reg
2009-01-22 19:18 42,320 a------- c:\windows\system32\xfcodec.dll
2009-01-22 13:22 <DIR> --d----- c:\program files\Microsoft SQL Server
2009-01-22 13:22 <DIR> --d----- c:\program files\Microsoft Synchronization Services
2009-01-22 13:22 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-01-22 13:16 <DIR> --d----- C:\caa46ac9d363f8d8eac813
2009-01-22 13:16 <DIR> --d----- c:\windows\SxsCaPendDel
2009-01-20 17:30 <DIR> --d----- c:\program files\Eusing Free Registry Cleaner
2009-01-19 15:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Electronic Arts
2009-01-18 14:38 <DIR> --d----- c:\docume~1\charle~1\applic~1\Red Alert 3
2009-01-18 14:27 1,491,992 a------- c:\windows\system32\D3DCompiler_38.dll
2009-01-18 14:27 467,984 a------- c:\windows\system32\d3dx10_38.dll
2009-01-18 14:27 3,850,760 a------- c:\windows\system32\D3DX9_38.dll
2009-01-18 14:26 <DIR> --d----- c:\windows\Logs
2009-01-09 11:15 <DIR> --d----- c:\docume~1\charle~1\applic~1\Realtime Soft
2009-01-09 11:15 <DIR> --d----- c:\program files\UltraMon
2009-01-09 11:15 <DIR> --d----- c:\program files\common files\Realtime Soft
2009-01-09 11:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Realtime Soft
2009-01-07 22:38 <DIR> --d----- c:\docume~1\charle~1\applic~1\Malwarebytes
2009-01-07 22:38 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-07 22:38 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-07 22:38 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-07 22:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-07 19:21 1,538,928 a------- c:\windows\WRSetup.dll
2009-01-07 19:21 <DIR> --d----- c:\program files\Webroot
2009-01-07 19:21 <DIR> --d----- c:\docume~1\charle~1\applic~1\Webroot
2009-01-07 19:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Webroot
2009-01-07 19:17 164 a------- C:\install.dat
2009-01-06 16:47 491 a------- c:\windows\system32\win32hlp.cnf
2009-01-06 01:06 1 a------- c:\windows\system32\test.ttt

==================== Find3M ====================

2009-02-04 21:03 137,688 ac------ c:\windows\system32\drivers\PnkBstrK.sys
2009-02-04 21:02 202,040 a------- c:\windows\system32\PnkBstrB.exe
2009-01-31 14:56 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-31 14:56 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-31 14:56 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-01-25 01:05 66,872 a------- c:\windows\system32\PnkBstrA.exe
2009-01-25 01:03 22,328 ac------ c:\docume~1\charle~1\applic~1\PnkBstrK.sys
2008-12-13 22:12 544 a------- c:\windows\fonts\Installer.log
2008-12-12 22:21 60,744 a------- c:\documents and settings\charles lewis\g2mdlhlpx.exe
2008-12-11 04:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-12-09 20:48 107,888 a------- c:\windows\system32\CmdLineExt.dll

============= FINISH: 22:39:39.09 ===============

BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:10:14 AM

Posted 15 February 2009 - 07:26 AM

Hello Iml and welcome to Bleeping Computer,

1. Please download GooredFix and save it to your Desktop.
  • Select "2. Fix Goored" by typing 2 and pressing Enter.
  • Make sure all instances of Firefox are closed at this point.
  • Type y at the prompt and press Enter again.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.

2. Please read this tutorial carefully to download ComboFix from one of the locations specified, and save it to your Desktop.
Double click the ComboFix icon to run it.
If ComboFix askes you to install the Recovery Console, please do so..
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.
Once the Recovery Console is installed, continue with the malware scan.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbup2:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:10:14 AM

Posted 16 March 2009 - 05:11 PM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users