Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Orkut "My full album.../Meu álbum completo..."


  • This topic is locked This topic is locked
2 replies to this topic

#1 rcarletti

rcarletti

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 17 March 2009 - 08:40 PM

Hi,

yesterday I was browsing Orkut and clicked on a link that says:

In Portuguese: "Meu album completo está nesse site: <http://www.freewebtown.com/fotos_orkut">
In English: "My complete album is on this site: <http://www.freewebtown.com/fotos_orkut">

An empty browser window appeared, and I realized I did something stupid.

Since then, my browser shows an error every 10 seconds, saying it's trying to connect to something. I managed to stop it by changing my Orkut password. But I can't acess some sites and browsing is extremely slow.

Can someone help me? Here's DDS log. Thanks a lot!!!


DDS (Ver_09-03-16.01) - NTFSx86
Run by user at 22:27:54,64 on ter 17/03/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.55.1046.18.1023.499 [GMT -3:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Microsoft LifeCam\MSCamSvc.exe
C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe
C:\Utilitários\Winamp\winampa.exe
C:\WINDOWS\system32\slserv.exe
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\Explorer66.exe
C:\WINDOWS\system32\or.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Arquivos de programas\Sony Corporation\Image Transfer\SonyTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\ARQUIV~1\MICROS~3\rapimgr.exe
C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
C:\ARQUIV~1\AVG\AVG8\avgrsx.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe
C:\Utilitários\Winamp\winampa.exe
C:\ARQUIV~1\AVG\AVG8\avgtray.exe
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\WINDOWS\vVX3000.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\Explorer66.exe
C:\WINDOWS\system32\or.exe
C:\WINDOWS\system32\Explorer64.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Arquivos de programas\Sony Corporation\Image Transfer\SonyTray.exe
C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Microsoft Office\Office10\OUTLOOK.EXE
C:\UTILIT~1\DOWNLO~1\fdm.exe
C:\Documents and Settings\user\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.uncannyxmen.net/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Facilitador de Leitor de Link Adobe PDF: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\arquivos de programas\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: ssh2 Class: {2e3c3651-b19c-4dd9-a979-901ec3e930af} - c:\arquivos de programas\scpad\scpsssh2.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\arquivos de programas\avg\avg8\avgssie.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\arquivos de programas\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\arquivos de programas\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540008} - c:\arquiv~1\gbplugin\gbiehuni.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\arquivos de programas\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\utilitários\download manager\iefdm2.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\arquivos de programas\google\google toolbar\GoogleToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [swg] c:\arquivos de programas\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Free Download Manager] "c:\utilitários\download manager\fdm.exe" -autorun
uRun: [VD]
uRun: [H/PC Connection Agent] "c:\arquivos de programas\microsoft activesync\wcescomm.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [HP Component Manager] "c:\arquivos de programas\hp\hpcoretech\hpcmpmgr.exe"
mRun: [Adobe Reader Speed Launcher] "c:\desktop publishing\acrobat reader\reader\Reader_sl.exe"
mRun: [WinampAgent] c:\utilitários\winamp\winampa.exe
mRun: [AVG8_TRAY] c:\arquiv~1\avg\avg8\avgtray.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [QuickTime Task] "c:\arquivos de programas\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\arquivos de programas\itunes\iTunesHelper.exe"
mRun: [LifeCam] "c:\arquivos de programas\microsoft lifecam\LifeExp.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [StartCCC] "c:\arquivos de programas\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [TkBellExe] "c:\arquivos de programas\arquivos comuns\real\update_ob\realsched.exe" -osboot
mRun: [Disk Drive Full] c:\windows\system32\diskdrive.exe
mRun: [Sistema de Pesquisa Local] c:\windows\system32\Explorer66.exe
mRun: [Driver Internet Explorer] c:\windows\system32\or.exe
mRun: [Windows Explorer] c:\windows\system32\Explorer64.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\adobeg~1.lnk - c:\arquivos de programas\arquivos comuns\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\imaget~1.lnk - c:\arquivos de programas\sony corporation\image transfer\SonyTray.exe
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\micros~1.lnk - c:\microsoft office\office10\OSA.EXE
IE: Baixar com o FDM - file://c:\utilitários\download manager\dllink.htm
IE: Baixar tudo com o FDM - file://c:\utilitários\download manager\dlall.htm
IE: Download selecionado pelo FDM - file://c:\utilitários\download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\utilitários\download manager\dlfvideo.htm
IE: E&xportar para o Microsoft Excel - c:\micros~1\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\arquiv~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\arquiv~1\micros~3\INetRepl.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\arquivos de programas\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://img4.orkut.com/activex/10036/photouploader.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} - hxxps://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\arquivos de programas\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\arquivos de programas\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL
Notify: GbPluginUni - c:\arquiv~1\gbplugin\gbiehuni.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - c:\arquivos de programas\scpad\scpLIB.dll
STS: compIB Class: {a3717295-941d-416f-9384-ed1736729f1c} - c:\arquivos de programas\scpad\scpLIB.dll
SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399008} - c:\arquiv~1\gbplugin\gbiehuni.dll

============= SERVICES / DRIVERS ===============

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [2008-12-9 31104]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-8 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-6-8 27656]
R2 avg8wd;AVG8 WatchDog;c:\arquiv~1\avg\avg8\avgwdsvc.exe [2008-6-8 298264]
R2 GbpSv;Gbp Service;c:\arquiv~1\gbplugin\GbpSv.exe [2008-7-1 52608]

=============== Created Last 30 ================

2009-03-17 21:13 74 a------- c:\windows\txt.jpg
2009-03-17 07:41 3 a------- c:\windows\inf.jpg
2009-03-17 07:41 883,437 ---sh--- c:\windows\system32\Explorer64.exe
2009-03-17 07:40 424,388 ---sh--- c:\windows\system32\or.exe
2009-03-17 07:39 1,605 a------- c:\windows\system32\autent.jpg
2009-03-17 07:39 808,572 ---sh--- c:\windows\system32\Explorer66.exe
2009-03-17 07:35 236,971 ---sh--- c:\windows\system32\diskdrive.exe

==================== Find3M ====================

2009-02-15 17:17 433,754 a------- c:\windows\system32\perfh016.dat
2009-02-15 17:17 71,140 a------- c:\windows\system32\perfc016.dat
2009-02-09 11:17 1,846,400 a------- c:\windows\system32\win32k.sys
2009-02-04 06:17 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-04 06:17 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-01 21:39 499,712 a------- c:\windows\system32\msvcp71.dll
2009-02-01 21:39 348,160 a------- c:\windows\system32\msvcr71.dll
2008-12-27 16:10 4,608 a------- c:\windows\system32\w95inf32.dll
2008-12-27 16:10 2,272 a------- c:\windows\system32\w95inf16.dll
2008-12-20 19:47 826,368 a------- c:\windows\system32\wininet.dll
2008-08-26 23:40 22,008 a------- c:\docume~1\user\dadosd~1\GDIPFONTCACHEV1.DAT

============= FINISH: 22:28:25,20 ===============

Attached Files


Edited by Orange Blossom, 18 March 2009 - 03:29 PM.
Deactivate links. ~ OB


BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:48 PM

Posted 26 March 2009 - 11:07 AM

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:48 PM

Posted 03 April 2009 - 02:32 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users