Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

[bleep] malware! Ugh!

Started by Adrenalin , Jun 04 2008 10:10 AM

  • Please log in to reply

#1
Adrenalin
Posted 04 June 2008 - 10:10 AM

Adrenalin

    Member

  • Member
  • PipPipPip
  • 451 posts
Hello guys & girls...

That time again when I can't seem to find anything on google about my issue, so here i am. Everytime i open firefox --> refer to attached pic for what happens.

I have also attached a HJT Log because I believe the problem is malware...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:08:57 PM, on 2008/06/04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
E:\Security\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
E:\Various\UltraVNC\WinVNC.exe
E:\Internet\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\WINDOWS\Explorer.EXE
E:\Various\UltraVNC\WinVNC.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
E:\Security\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
E:\Microsoft Office 2007\Office12\GrooveMonitor.exe
E:\Burning\Daemon Tools\daemon.exe
E:\Nokia\SimpleCenter\bin\win\sclauncher.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
E:\Various\Dimension Clock 4 v5.0\D4.exe
E:\Internet\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Security\Spybot - Search & Destroy\TeaTimer.exe
E:\Security\SUPERAntiSpyware\SUPERAntiSpyware.exe
E:\Internet\Vodafone\Vodafone Mobile Connect\Bin\ConAppM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
E:\Security\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 61.166.68.74:80
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - E:\Various\PHONE-~1\IEPlugin\SKYPEI~1.DLL
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Internet\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\Security\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - E:\Internet\FlashFXP\IEFlash.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Internet\FlashGet\getflash.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "E:\Security\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Microsoft Office 2007\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Burning\Daemon Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [sclauncher] E:\Nokia\SimpleCenter\bin\win\sclauncher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [Dimension4] E:\Various\Dimension Clock 4 v5.0\D4.exe
O4 - HKLM\..\Run: [MobileConnect] E:\Internet\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "E:\Burning\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Security\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Security\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - E:\Internet\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - E:\Internet\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - E:\Editing\Advanced JPEG Compressor\ajcieex.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Security\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - E:\Various\PHONE-~1\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Internet\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Internet\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Security\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Security\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: SmartWhois - {FD9DE2B4-C926-4460-81C4-FC58C6F1062E} - E:\Various\SmartWhois\swmsie.exe
O9 - Extra button: (no name) - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - E:\Various\SmartWhois\swmsie.exe
O9 - Extra 'Tools' menuitem: SmartWhois - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - E:\Various\SmartWhois\swmsie.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BE1D54B-F449-42DF-96FA-87798DF70125}: NameServer = 196.207.35.29 196.207.35.30
O17 - HKLM\System\CS1\Services\Tcpip\..\{8BE1D54B-F449-42DF-96FA-87798DF70125}: NameServer = 196.207.35.29 196.207.35.30
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - E:\Security\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - E:\Security\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: uvnc_service - UltraVNC - E:\Various\UltraVNC\WinVNC.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - E:\Internet\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

--
End of file - 8209 bytes


Thanks guys, appreciate the time you have taken to have a look at this :)

Attached Thumbnails

  • Damn_malware_edited.JPG

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP