Tech Support Forum banner
Status
Not open for further replies.
1 - 3 of 3 Posts

·
Registered
Joined
·
1 Posts
Discussion Starter · #1 ·
Hello!

Last night while browsing the site Failblog . com I suddenly noticed several new Firefox (3.0.5) windows opening. At one point an internet explorer window opened up with a warning about trojans. Since firefox is my default browser I assumed something was up!

Sometimes the windows contained advertisements and other times were simply blank. The problem has persisted into today.

The pages open often two to three minutes apart; however, I have gone up to 20 minutes without seeing one.

Perhaps unrelated- but today I stated to get TXT messages on my cellphone which resemble junk mail.

My ark.zip file is attached as per forum instructions.

Thank you in advance for any help I may receive!

Here is my DDS log:

DDS (Ver_09-01-07.01) - NTFSx86 NETWORK
Run by Michael Pallante at 19:41:23.20 on Fri 01/09/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.722 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Michael Pallante\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/?src=aim
uInternet Connection Wizard,ShellNext = hxxp://eeepc.asus.com/global
BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program files\stopzilla!\SZSG.dll
BHO: {18b463a4-015c-4e4f-8aaa-1d5b104c2d15} - c:\windows\system32\jkkhhGaX.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
BHO: {ce67d7a1-f35d-aa3b-0194-8425284a4a7c}: {c7a4a482-5248-4910-b3aa-d53f1a7d76ec} - c:\windows\system32\nljhpy.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files\stopzilla!\SZSG.dll
uRun: [Aim6]
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [ETDWare] c:\program files\elantech\ETDCtrl.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [dc6e26f2] rundll32.exe "c:\windows\system32\frnrdhjj.dll",b
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
StartupFolder: c:\docume~1\michae~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
LSP: c:\program files\common files\is3\anti-spyware\iS3lsp.dll
Trusted Zone: antimalwareguard.com
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: nljhpy.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\jkkhhGaX

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\michae~1\applic~1\mozilla\firefox\profiles\qimd7pui.default\
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [2008-12-2 54656]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [2008-8-8 11264]
R3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [2008-7-31 25088]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-7-31 36864]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-11-25 24652]

=============== Created Last 30 ================

2009-01-09 19:25 <DIR> --d----- c:\program files\Trend Micro
2009-01-09 19:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard
2009-01-09 19:11 <DIR> --d----- c:\program files\STOPzilla!
2009-01-09 19:11 <DIR> --d----- c:\program files\common files\iS3
2009-01-09 19:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-01-09 01:38 <DIR> --d----- C:\VundoFix Backups
2009-01-09 01:11 <DIR> --d----- c:\program files\Lavasoft
2009-01-09 01:10 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-01-09 01:09 1,250,178 ---sh--- c:\windows\system32\jjhdrnrf.ini
2009-01-09 01:09 90,624 a------- c:\windows\system32\frnrdhjj.dll
2009-01-09 01:07 <DIR> --d----- c:\windows\system32\LogFiles
2009-01-09 00:56 57,856 a------- c:\windows\system32\vtUkkijg.dll
2009-01-09 00:54 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-01-09 00:54 139,264 a------- c:\windows\system32\nljhpy.dll
2009-01-09 00:54 139,264 a------- c:\windows\system32\otngnypd.dll
2009-01-09 00:53 <DIR> --d----- c:\documents and settings\michael pallante\.housecall6.6
2009-01-09 00:53 722,158 a--sh--- c:\windows\system32\XaGhhkkj.ini2
2009-01-09 00:53 722,158 a--sh--- c:\windows\system32\XaGhhkkj.ini
2009-01-09 00:53 297,984 a------- c:\windows\system32\jkkhhGaX.dll
2009-01-09 00:48 46,080 a------- c:\windows\system32\mlJaaARl.dll
2009-01-09 00:47 57,856 a------- c:\windows\system32\efcAPhhH.dll.vir
2009-01-09 00:47 38,400 a------- c:\windows\system32\prunnet.exe
2008-12-23 23:39 200 a------- c:\windows\AUDC80UI.dat
2008-12-19 19:04 412,739 a------- C:\Betty Page.JPG
2008-12-18 23:53 <DIR> --d----- C:\VST
2008-12-18 23:49 <DIR> --d----- c:\program files\ASIO4ALL v2
2008-12-18 18:25 <DIR> --ds---- c:\documents and settings\michael pallante\UserData
2008-12-17 23:25 <DIR> --d----- c:\documents and settings\michael pallante\Contacts
2008-12-17 17:26 17,408 a----r-- c:\windows\system32\SZIO5.dll
2008-12-17 17:25 282,624 a----r-- c:\windows\system32\SZBase5.dll
2008-12-17 17:24 540,672 a----r-- c:\windows\system32\SZComp5.dll
2008-12-17 03:49 153,404 a------- C:\04.jpg
2008-12-17 00:24 <DIR> --d----- c:\docume~1\michae~1\applic~1\uTorrent
2008-12-15 18:30 26,586 a------- C:\historylesson.htm
2008-12-15 18:29 64,915 a------- C:\halpoint9.htm
2008-12-15 18:29 242,427 a------- C:\guysnightout.htm
2008-12-15 18:29 52,127 a------- C:\thegirlwho.htm
2008-12-15 18:29 87,080 a------- C:\everyhour.html
2008-12-15 18:28 11,642 a------- C:\easya.htm
2008-12-15 18:28 494,466 a------- C:\deathtakes.htm
2008-12-14 04:53 <DIR> --d----- c:\program files\mIRC
2008-12-14 04:53 <DIR> --d----- c:\docume~1\michae~1\applic~1\mIRC
2008-12-12 16:06 18,357 a------- C:\Dwightmail.odt
2008-12-12 04:04 8,560 a------- C:\To Do Friday.odt

==================== Find3M ====================

2008-12-22 05:05 1,918 a------- c:\docume~1\michae~1\applic~1\wklnhst.dat
2008-12-03 16:14 5,607 a------- c:\windows\~GLH0002.TMP
2008-12-03 16:14 140,288 a------- c:\windows\~GLC0002.TMP
2008-12-03 16:12 5,607 a------- c:\windows\~GLH0001.TMP
2008-12-03 16:12 140,288 a------- c:\windows\~GLC0001.TMP
2008-12-03 16:08 5,607 a------- c:\windows\~GLH0000.TMP
2008-12-03 16:08 140,288 a------- c:\windows\~GLC0000.TMP
2008-12-02 15:20 54,656 a----r-- c:\windows\system32\drivers\SZKG.sys
2008-11-28 19:06 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-11-24 16:19 126,976 a----r-- c:\windows\system32\IS3HTUI5.dll
2008-11-24 16:19 364,544 a----r-- c:\windows\system32\IS3DBA5.dll
2008-11-24 16:18 372,736 a----r-- c:\windows\system32\IS3UI5.dll
2008-11-24 16:18 61,440 a----r-- c:\windows\system32\IS3Hks5.dll
2008-11-24 16:18 23,040 a----r-- c:\windows\system32\IS3XDat5.dll
2008-11-24 16:17 212,992 a----r-- c:\windows\system32\IS3Win325.dll
2008-11-24 16:17 94,208 a----r-- c:\windows\system32\IS3Inet5.dll
2008-11-24 16:17 90,112 a----r-- c:\windows\system32\IS3Svc5.dll
2008-11-24 16:14 708,608 a----r-- c:\windows\system32\IS3Base5.dll
2008-05-07 03:34 15,523,560 a------- c:\program files\U1 Setup.exe

============= FINISH: 19:42:28.28 ===============
 

Attachments

·
Registered
Joined
·
4,582 Posts
Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Note: Please rename combofix.exe to cfix.exe

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
 

·
Registered
Joined
·
4,582 Posts
1 - 3 of 3 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Status
Not open for further replies.
Top