Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Join the Team

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » Antispywaremaster popups - SLOW web browsing

[Fixed] Hijackthis! Logs - Antispywaremaster popups - SLOW web browsing posted in the Security & Safety forums; Below is my HJT log... Please help. I am getting several pop ups and web browsing in slow to non existant. Thanks in advance for the assistance. Logfile of Trend ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 1 of 2 1 2 >
  #1  
Old 06-29-2008
Bronze Member
  
Join Date: Jun 2008
Posts: 7
PC Experience: Experienced
kbower090 - See this Members User comments on their Profile page
Default Antispywaremaster popups - SLOW web browsing
Below is my HJT log... Please help. I am getting several pop ups and web browsing in slow to non existant. Thanks in advance for the assistance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:55 PM, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\WINDOWS\system32\Brmfrmps.exe
E:\Program Files\Symantec AntiVirus\DefWatch.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\System32\tcpsvcs.exe
E:\Program Files\Utilities\Alcohol 120\Alcohol 120\StarWind\StarWindService.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Symantec AntiVirus\Rtvscan.exe
E:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
E:\WINDOWS\system32\BRMFRSMG.EXE
E:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
E:\WINDOWS\system32\wscntfy.exe
E:\PROGRA~1\SYMANT~1\VPTray.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {0684F96B-8C9E-4346-A9DF-AF29FE51E593} - E:\WINDOWS\system32\ddcBTklI.dll
O2 - BHO: {11085620-e4ff-5f3a-ab94-d3b7a5067c73} - {37c7605a-7b3d-49ba-a3f5-ff4e02658011} - E:\WINDOWS\system32\wbmucb.dll
O2 - BHO: (no name) - {487C9905-26A8-42C8-8033-C58AD3D2AEC3} - E:\WINDOWS\system32\cbXRICut.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [vptray] E:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [devenv] E:\WINDOWS\system\smvss.exe /w
O4 - HKLM\..\Run: [BM9777dec1] Rundll32.exe "E:\WINDOWS\system32\bykgmleu.dll",s
O4 - HKLM\..\Run: [58bfa32a] rundll32.exe "E:\WINDOWS\system32\fklsmncd.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: ..Welcome MySodexho PrePortal Page
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1187659092953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1187659088109
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - Winlogon Notify: cbXRICut - E:\WINDOWS\SYSTEM32\cbXRICut.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - E:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - E:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SAVRoam (SavRoam) - symantec - E:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Program Files\Utilities\Alcohol 120\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - E:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - E:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
--
End of file - 5779 bytes
  #2  
Old 06-29-2008
ih8bills's Avatar
Tech Team Leader
My PC
 
Join Date: Feb 2006
Location: coastal Rhode Island
Posts: 4,317
PC Experience: More Stubborn than any PC
ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page
Default Re: Antispywaremaster popups - SLOW web browsing
Hi... Welcome to PCHF.

Forum Rules require that HJT logs must be analyzed by experienced Security Team Analysts. This is for your protection... and to give you our best service.

Our Security Team is always very busy-- and as we live all over the Earth...
Time-Zones are also an important factor.

Your patience is greatly appreciated.

Thank You


__________________


Without music, life would be a mistake
Friedrich Nietzsche
  #3  
Old 06-29-2008
Bronze Member
  
Join Date: Jun 2008
Posts: 7
PC Experience: Experienced
kbower090 - See this Members User comments on their Profile page
Default Re: Antispywaremaster popups - SLOW web browsing
Here is an updated HJT log, I have run ad aware twice and have (tried to) remove different Trojans/problems it detected. Thanks for the help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:45:29 PM, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\WINDOWS\system32\Brmfrmps.exe
E:\Program Files\Symantec AntiVirus\DefWatch.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\System32\tcpsvcs.exe
E:\Program Files\Utilities\Alcohol 120\Alcohol 120\StarWind\StarWindService.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Symantec AntiVirus\Rtvscan.exe
E:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
E:\WINDOWS\system32\BRMFRSMG.EXE
E:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
E:\WINDOWS\system32\wscntfy.exe
E:\PROGRA~1\SYMANT~1\VPTray.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\PROGRA~1\MOZILL~1\FIREFOX.EXE
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O2 - BHO: (no name) - {0684F96B-8C9E-4346-A9DF-AF29FE51E593} - E:\WINDOWS\system32\ddcBTklI.dll
O2 - BHO: {11085620-e4ff-5f3a-ab94-d3b7a5067c73} - {37c7605a-7b3d-49ba-a3f5-ff4e02658011} - E:\WINDOWS\system32\wbmucb.dll
O2 - BHO: (no name) - {487C9905-26A8-42C8-8033-C58AD3D2AEC3} - E:\WINDOWS\system32\cbXRICut.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [vptray] E:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [devenv] E:\WINDOWS\system\smvss.exe /w
O4 - HKLM\..\Run: [BM9777dec1] Rundll32.exe "E:\WINDOWS\system32\bykgmleu.dll",s
O4 - HKLM\..\Run: [58bfa32a] rundll32.exe "E:\WINDOWS\system32\fklsmncd.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: .Welcome MySodexho PrePortal Page
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1187659092953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1187659088109
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - Winlogon Notify: cbXRICut - E:\WINDOWS\SYSTEM32\cbXRICut.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - E:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - E:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SAVRoam (SavRoam) - symantec - E:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Program Files\Utilities\Alcohol 120\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - E:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - E:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 5858 bytes
  #4  
Old 06-30-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,057
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Antispywaremaster popups - SLOW web browsing
You still have infections...

Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for downloading and instructions for running the tool:

Go here ======> A guide and tutorial on using ComboFix <====== Go here

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use SP2

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should get a prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

=======================================

Please download SDFix from here and save it to your desktop

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Please copy and paste that log in your next reply.


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #5  
Old 06-30-2008
Bronze Member
  
Join Date: Jun 2008
Posts: 7
PC Experience: Experienced
kbower090 - See this Members User comments on their Profile page
Default Re: Antispywaremaster popups - SLOW web browsing
Both files were run... Here are thier logs. Thanks for the help!

ComboFix 08-06-20.4 - Kevin 2008-06-29 21:10:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.406 [GMT -4:00]
Running from: E:\Documents and Settings\Kevin\Desktop\ComboFix.exe
Command switches used :: E:\Documents and Settings\Kevin\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\WINDOWS\BM9777dec1.xml
E:\WINDOWS\cookies.ini
E:\WINDOWS\pskt.ini
E:\WINDOWS\system\smvss.exe
E:\WINDOWS\system32\cbXRICut.dll
E:\WINDOWS\system32\cwxoqwrv.ini
E:\WINDOWS\system32\dcnmslkf.ini
E:\WINDOWS\system32\ddcBTklI.dll
E:\WINDOWS\system32\euybajuv.ini
E:\WINDOWS\system32\ifljabsb.ini
E:\WINDOWS\system32\IlkTBcdd.ini
E:\WINDOWS\system32\IlkTBcdd.ini2
E:\WINDOWS\system32\rugvqhag.ini
E:\WINDOWS\system32\rwhnplum.ini
K:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IPRIP
-------\Service_Iprip

((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-30 )))))))))))))))))))))))))))))))
.
2008-06-29 21:14 . 2008-06-29 21:14 294 ---hs---- E:\WINDOWS\system32\dcnmslkf.ini
2008-06-29 21:14 . 2008-06-29 21:14 22 --a------ E:\WINDOWS\pskt.ini
2008-06-29 21:13 . 2008-06-29 21:13 0 --a------ E:\WINDOWS\BM9777dec1.xml
2008-06-29 21:00 . 2008-06-28 03:49 <DIR> d-------- E:\SDFix
2008-06-29 13:02 . 2008-06-29 13:02 54,156 --ah----- E:\WINDOWS\QTFont.qfn
2008-06-29 13:02 . 2008-06-29 13:02 1,409 --a------ E:\WINDOWS\QTFont.for
2008-06-29 12:27 . 2008-06-29 12:27 103,424 --a------ E:\WINDOWS\system32\wbmucb.dll
2008-06-29 12:27 . 2008-06-29 12:27 103,424 --a------ E:\WINDOWS\system32\ncynqwec.dll
2008-06-29 12:24 . 2008-06-29 12:24 82,432 --a------ E:\WINDOWS\system32\fklsmncd.dll
2008-06-29 12:22 . 2008-06-29 12:22 90,624 --a------ E:\WINDOWS\system32\bykgmleu.dll
2008-06-28 14:28 . 2008-06-28 14:28 <DIR> d-------- E:\Program Files\Trend Micro
2008-06-28 09:21 . 2008-06-28 09:21 103,424 --a------ E:\WINDOWS\system32\wcigqpbq.dll
2008-06-28 09:21 . 2008-06-28 09:21 103,424 --a------ E:\WINDOWS\system32\jesopc.dll
2008-06-28 09:16 . 2008-06-28 09:16 90,624 --a------ E:\WINDOWS\system32\gnopcfmd.dll
2008-06-24 21:43 . 2008-06-24 21:43 99,840 --a------ E:\WINDOWS\system32\nyuljxcv.dll
2008-06-20 22:00 . 2008-06-20 22:00 <DIR> d-------- E:\Program Files\Lavasoft
2008-06-20 22:00 . 2008-06-20 22:00 <DIR> d-------- E:\Program Files\Common Files\Wise Installation Wizard
2008-06-20 22:00 . 2008-06-20 22:00 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-17 20:48 . 2008-06-17 20:48 <DIR> d-------- E:\Program Files\Guitar Pro 5
2008-05-31 15:09 . 2008-05-31 15:09 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\ATI
2008-05-29 21:37 . 2008-05-29 21:38 <DIR> d-------- E:\WINDOWS\system32\NtmsData
2008-05-27 21:40 . 2008-05-29 20:06 <DIR> d-------- E:\Program Files\Microsoft Money Plus
2008-05-18 13:11 . 2008-05-18 13:11 <DIR> d-------- E:\Program Files\iPod
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ E:\WINDOWS\system32\lsdelete.exe
2008-05-12 11:03 . 2008-05-12 11:03 19,968 --a------ E:\WINDOWS\system32\atiadlxx.dll
.


b]SDFix: Version 1.198 [/b]
Run by Kevin on Sun 06/29/2008 at 09:21 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: E:\SDFix
Checking Services :

Restoring Default Security Values
Restoring Default Hosts File
Rebooting

Checking Files :
No Trojan Files Found



Removing Temp Files
ADS Check :


Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 21:26:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Vax347s\Config\jdgg40]
"ujdew"=hex:20,02,00,00,25,6d,6d,5d,57,9c,d6,17,1d ,70,f3,5d,9e,ab,34,a7,f1,..
"ljej40"=hex:f6,8e,28,b0,b2,2d,e5,29,58,e7,23,d3,6 1,57,6b,23,37,15,33,0b,26,..
"ljej41"=hex:2b,8e,28,b0,ca,2d,e5,29,59,e7,22,d3,6 0,57,6b,23,37,15,33,0b,e6,..
"ljej42"=hex:2b,8e,28,b0,ca,2d,e5,29,59,e7,22,d3,6 0,57,6b,23,37,15,33,0b,e6,..
"ljej43"=hex:2b,8e,28,b0,ca,2d,e5,29,59,e7,22,d3,6 0,57,6b,23,37,15,33,0b,e6,..
"ljej44"=hex:2b,8e,28,b0,ca,2d,e5,29,59,e7,22,d3,6 0,57,6b,23,37,15,33,0b,e6,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120%"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000004d
"TracesSuccessful"=dword:00000004
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :


Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\\Program Files\\Music\\BitTorrent\\bittorrent.exe"="E:\\Pro gram Files\\Music\\BitTorrent\\bittorrent.exe:*:Enabled :BitTorrent"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :

Files with Hidden Attributes :
Thu 23 Aug 2001 10,912 A.SH. --- "E:\WINDOWS\system32\Proxy.Dll"
Sat 10 Nov 2007 4,348 A.SH. --- "E:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 20 Aug 2007 0 A.SH. --- "E:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 6 May 2008 0 A..H. --- "E:\WINDOWS\SoftwareDistribution\Download\fd026484 9c01086f3c6b505dc02dbd44\BIT3.tmp"
Tue 8 May 2007 4,348 A..H. --- "E:\Documents and Settings\Kevin\My Documents\My Music\License Backup\drmv1key.bak"
Tue 8 May 2007 20 A..H. --- "E:\Documents and Settings\Kevin\My Documents\My Music\License Backup\drmv1lic.bak"
Tue 8 May 2007 9,655 A.SH. --- "E:\Documents and Settings\Kevin\My Documents\My Music\License Backup\drmv2key.bak"
Finished!
  #6  
Old 06-30-2008
Bronze Member
  
Join Date: Jun 2008
Posts: 7
PC Experience: Experienced
kbower090 - See this Members User comments on their Profile page
Default Re: Antispywaremaster popups - SLOW web browsing
Here is my HJT log after running files too...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:07 PM, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\WINDOWS\system32\Brmfrmps.exe
E:\Program Files\Symantec AntiVirus\DefWatch.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\System32\tcpsvcs.exe
E:\Program Files\Utilities\Alcohol 120\Alcohol 120\StarWind\StarWindService.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Symantec AntiVirus\Rtvscan.exe
E:\WINDOWS\system32\BRMFRSMG.EXE
E:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
E:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
E:\WINDOWS\system32\WgaTray.exe
E:\WINDOWS\system32\wscntfy.exe
E:\PROGRA~1\SYMANT~1\VPTray.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\system32\Rundll32.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O2 - BHO: {11085620-e4ff-5f3a-ab94-d3b7a5067c73} - {37c7605a-7b3d-49ba-a3f5-ff4e02658011} - E:\WINDOWS\system32\wbmucb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [vptray] E:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [58bfa32a] rundll32.exe "E:\WINDOWS\system32\fklsmncd.dll",b
O4 - HKLM\..\Run: [BM9777dec1] Rundll32.exe "E:\WINDOWS\system32\bykgmleu.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: ..Welcome MySodexho PrePortal Page
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1187659092953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1187659088109
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - E:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - E:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SAVRoam (SavRoam) - symantec - E:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Program Files\Utilities\Alcohol 120\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - E:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - E:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
--
End of file - 5430 bytes

Reply
Satellite TV on your PC - over 3000 Channels! Click Here!
Page 1 of 2 1 2 >

Bookmarks

Tags
antispywaremaster , popups

« Possible Infections | Redirect and jump »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
Help with Slow Internet Browsing kapor1976 [Pending] HJT Logs 2 06-26-2008 02:14 AM
[Pending] Win Anti Spyware 2007??? (really slow, + popups) iidhaegn [Fixed] Hijackthis! Logs 2 08-28-2007 08:35 AM
[Fixed] PopUP's and slow machine. rrcole5103 [Fixed] Hijackthis! Logs 9 10-20-2006 12:37 AM
Thinking about switching to an alternative web browser? What's Out There? merlin Web, Internet and Network Tutorials 0 08-01-2005 06:11 AM

Contact Us - PC Help Forum -