Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop Ups, Web Re-directing, Software Crashes, Etc.


  • This topic is locked This topic is locked
5 replies to this topic

#1 JHSII

JHSII

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 09 December 2008 - 01:46 PM

So I have asked several friends about this & have checked tutorials only to find a solution, but no dice. My roomate went on some seedy xxx websites and now my computer is crawling and infested. I have bounced my log against the hijackthis database & it is coming up clean. I am not sure what else to do. The only consistent error i am getting is from "Trojan.zlob.g" on my firewall. Any help would be appreciated!










Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:45:23 PM, on 12/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Labtec\Desktop\V5.1\MOUSE32A.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
C:\Documents and Settings\Owner\Desktop\anti-virus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\Webtools\webtools.dll (file missing)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {79ad48f5-a788-44a2-9b81-bb57417e7a02} - C:\WINDOWS\system32\tizomahu.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [yemivezepu] Rundll32.exe "C:\WINDOWS\system32\bebutepo.dll",s
O4 - HKLM\..\Run: [c82da797] rundll32.exe "C:\WINDOWS\system32\hobavana.dll",b
O4 - HKLM\..\Run: [CPMcb1e940b] Rundll32.exe "c:\windows\system32\bunamige.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [yemivezepu] Rundll32.exe "C:\WINDOWS\system32\bebutepo.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [yemivezepu] Rundll32.exe "C:\WINDOWS\system32\bebutepo.dll",s (User 'NETWORK SERVICE')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1180185552359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1180185535953
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\moyofilu.dll c:\windows\system32\bunamige.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bunamige.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bunamige.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--
End of file - 6402 bytes

BC AdBot (Login to Remove)

 


#2 JHSII

JHSII
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 15 December 2008 - 04:14 PM

This has gotten progressively worse. I am now unable to open/download software (including spywareblaster and others) & my browser will not load most pages I direct it to. All of my google results are re-directed to a "go.google.com/..." address & I have to visit internet security sites through a proxy since firefox crashes when i try to visit one normally. I downloaded ESET and it detected 2 viruses (Including the Trojan.Zlob that was problematic) and i thought that was the end of my problems. Well, it wasn't, so now i realize my computer is far more infected than i believed.

here is my latest HJT log. Hope someone can resolve this sooner than later.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:13:53 PM, on 12/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Labtec\Desktop\V5.1\MOUSE32A.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\Desktop\anti-virus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {79ad48f5-a788-44a2-9b81-bb57417e7a02} - C:\WINDOWS\system32\fidetiga.dll (file missing)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [yemivezepu] Rundll32.exe "C:\WINDOWS\system32\legidonu.dll",s
O4 - HKLM\..\Run: [c82da797] rundll32.exe "C:\WINDOWS\system32\pisiluvu.dll",b
O4 - HKLM\..\Run: [CPMcb1e940b] Rundll32.exe "c:\windows\system32\rudagitu.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Smax4] "C:\Documents and Settings\Owner\Application Data\Google\kjzna1562565.exe"
O4 - HKUS\S-1-5-19\..\Run: [yemivezepu] Rundll32.exe "C:\WINDOWS\system32\legidonu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [yemivezepu] Rundll32.exe "C:\WINDOWS\system32\legidonu.dll",s (User 'NETWORK SERVICE')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1180185552359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1180185535953
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\supilime.dll c:\windows\system32\rudagitu.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\rudagitu.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\rudagitu.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--
End of file - 6097 bytes

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:03:44 AM

Posted 17 December 2008 - 12:30 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE


Please Hold on it may take us a day or so to get back with you.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#4 JHSII

JHSII
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 17 December 2008 - 06:14 PM

Thank you for getting back to me. Take your time, I understand this is out of courtesy & if there is any way to donate to you fine folks, please make me aware of it.

Here is the log as requested:

DDS (Version 1.1.0) - NTFSx86
Run by Owner at 18:10:08.73 on Wed 12/17/2008
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.162 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Labtec\Desktop\V5.1\MOUSE32A.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - c:\progra~1\crawler\toolbar\ctbr.dll
BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {79ad48f5-a788-44a2-9b81-bb57417e7a02} - c:\windows\system32\fidetiga.dll
TB: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - c:\progra~1\crawler\toolbar\ctbr.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Smax4] "c:\documents and settings\owner\application data\google\kjzna1562565.exe"
mRun: [FLMOFFICE4DMOUSE] c:\program files\labtec\desktop\v5.1\moffice.exe
mRun: [OFFICEKB] c:\program files\labtec\desktop\v5.1\kbdap32a.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [yemivezepu] Rundll32.exe "c:\windows\system32\legidonu.dll",s
mRun: [c82da797] rundll32.exe "c:\windows\system32\pisiluvu.dll",b
mRun: [CPMcb1e940b] Rundll32.exe "c:\windows\system32\rudagitu.dll",a
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: {147DD1D9-FD22-4C54-9F18-B12ED78FD789} = 207.69.188.185,207.69.188.186
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\toolbar\ctbr.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\windows\system32\supilime.dll c:\windows\system32\rudagitu.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\rudagitu.dll
STS: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\rudagitu.dll
LSA: Notification Packages = scecli c:\windows\system32\supilime.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\7lrcech0.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.earthlink.net/channel/START

ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\mozilla firefox 3 beta 4\defaults\pref\channel-prefs.js - pref("app.update.channel", "beta");
c:\program files\mozilla firefox 3 beta 4\defaults\pref\firefox.js - pref("browser.rights.version", 3);
c:\program files\mozilla firefox 3 beta 4\defaults\pref\firefox.js - pref("browser.rights.3.shown", false);

============= SERVICES / DRIVERS ===============

R2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-9-10 611664]
R2 ekrn;Eset Service;"c:\program files\eset\eset smart security\ekrn.exe" [2007-12-21 468224]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\ViewpointService.exe" []

=============== Created Last 30 ================

2008-12-17 18:02 <DIR> --d----- c:\docume~1\owner\applic~1\CopyTrans
2008-12-17 18:01 <DIR> --d----- c:\program files\WindSolutions
2008-12-17 18:01 <DIR> --d----- c:\docume~1\owner\applic~1\CopyTransControlCenter
2008-12-17 18:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CopyTransControlCenter
2008-12-14 20:12 <DIR> --d----- c:\program files\SopCast
2008-12-13 18:28 <DIR> --d----- c:\docume~1\owner\applic~1\Digsby
2008-12-13 18:27 <DIR> --d----- c:\program files\Digsby
2008-12-12 01:09 1,613,448 ---sh--- c:\windows\system32\uvulisip.ini
2008-12-11 18:59 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-11 18:59 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-11 18:59 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-11 18:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-11 17:00 <DIR> --d----- c:\docume~1\owner\applic~1\ESET
2008-12-11 16:59 <DIR> --d----- c:\program files\ESET
2008-12-11 13:09 1,564,849 ---sh--- c:\windows\system32\imevupov.ini
2008-12-09 23:21 1,564,089 ---sh--- c:\windows\system32\awedirem.ini
2008-12-09 17:18 <DIR> --d----- c:\program files\SpywareBlaster
2008-12-09 11:21 1,563,281 ---sh--- c:\windows\system32\anavaboh.ini
2008-12-08 17:43 1,543,071 ---sh--- c:\windows\system32\ugumohof.ini
2008-12-08 01:51 1,428,212 ---sh--- c:\windows\system32\unikemof.ini
2008-12-07 13:51 1,428,212 ---sh--- c:\windows\system32\evefapum.ini
2008-12-05 12:53 1,428,212 ---sh--- c:\windows\system32\anosihuy.ini
2008-12-04 11:52 1,430,057 ---sh--- c:\windows\system32\itodetek.ini
2008-12-02 23:35 1,355,509 ---sh--- c:\windows\system32\igidobum.ini
2008-12-02 11:33 1,699,974 ---sh--- c:\windows\system32\asubinov.ini
2008-12-01 13:13 1,669,009 ---sh--- c:\windows\system32\amewokug.ini
2008-11-30 11:09 1,632,016 ---sh--- c:\windows\system32\ulogagew.ini
2008-11-29 11:46 1,632,016 ---sh--- c:\windows\system32\iwuboboj.ini
2008-11-28 10:47 1,632,016 ---sh--- c:\windows\system32\evijolez.ini
2008-11-27 14:34 1,590,546 ---sh--- c:\windows\system32\iziboyow.ini
2008-11-25 09:46 1,584,720 ---sh--- c:\windows\system32\erevakat.ini
2008-11-24 21:46 1,593,394 ---sh--- c:\windows\system32\afofapij.ini
2008-11-24 09:45 1,589,924 ---sh--- c:\windows\system32\udobayos.ini
2008-11-23 18:24 <DIR> --d----- c:\program files\Crawler
2008-11-23 18:24 142,592 a------- c:\windows\system32\drivers\sp_rsdrv2.sys
2008-11-23 18:24 <DIR> --d----- c:\docume~1\owner\applic~1\Spyware Terminator
2008-11-23 18:24 <DIR> --d----- c:\program files\Spyware Terminator
2008-11-23 18:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spyware Terminator
2008-11-23 17:38 <DIR> --d----- c:\windows\pss
2008-11-23 17:08 1,583,621 ---sh--- c:\windows\system32\amowapas.ini
2008-11-23 16:17 <DIR> --d----- c:\program files\Mjcore
2008-11-23 01:30 1,583,621 ---sh--- c:\windows\system32\itowigir.ini
2008-11-22 23:30 73 a------- c:\windows\Sysvxd.exe
2008-11-22 22:54 <DIR> --d----- c:\program files\Lavasoft
2008-11-22 22:53 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-11-22 22:42 <DIR> --d----- c:\program files\CCleaner
2008-11-22 21:48 39,424 a------- c:\windows\system32\drivers\svchost.exe.ren
2008-11-22 15:22 86,068 -------- c:\windows\system32\trz4F.tmp
2008-11-22 15:00 62,464 -------- c:\windows\system32\trz3D.tmp
2008-11-22 15:00 90,164 -------- c:\windows\system32\trz3C.tmp
2008-11-22 15:00 62,464 -------- c:\windows\system32\trz3B.tmp
2008-11-22 13:30 1,583,621 ---sh--- c:\windows\system32\ogemoyom.ini
2008-11-18 20:37 0 a------- C:\LOG4.tmp
2008-11-18 20:22 0 a------- C:\LOGEC.tmp

==================== Find3M ====================

2008-12-12 01:09 91,844 a--sh--- c:\windows\system32\rudagitu.dll
2008-12-12 01:09 85,657 a--sh--- c:\windows\system32\pisiluvu.dll
2008-12-11 13:09 61,086 a--sh--- c:\windows\system32\yizodonu.dll
2008-12-11 13:09 90,698 a--sh--- c:\windows\system32\nonomaso.dll
2008-12-11 13:09 85,650 -------- c:\windows\system32\vopuvemi.dll
2008-12-10 12:22 93,843 a--sh--- c:\windows\system32\jevetedo.dll
2008-12-10 12:22 87,215 a--sh--- c:\windows\system32\mezutilo.dll
2008-12-09 23:21 94,429 a--sh--- c:\windows\system32\wafiguvu.dll
2008-12-09 23:21 87,345 a--sh--- c:\windows\system32\meridewa.dll
2008-12-09 11:21 93,359 a--sh--- c:\windows\system32\bunamige.dll
2008-12-09 11:21 87,200 -------- c:\windows\system32\hobavana.dll
2008-12-08 17:43 93,822 a--sh--- c:\windows\system32\roruhore.dll
2008-12-08 17:43 87,233 -------- c:\windows\system32\fohomugu.dll
2008-12-08 16:43 63,759 a--sh--- c:\windows\system32\wifufulu.dll
2008-12-08 01:51 92,914 a--sh--- c:\windows\system32\vuseyiju.dll
2008-12-08 01:51 88,174 -------- c:\windows\system32\fomekinu.dll
2008-12-07 13:51 94,310 a--sh--- c:\windows\system32\gaduvoma.dll
2008-12-07 13:51 85,591 -------- c:\windows\system32\mupafeve.dll
2008-12-06 11:58 93,439 a--sh--- c:\windows\system32\zepepewa.dll
2008-12-06 11:58 88,362 a--sh--- c:\windows\system32\horijige.dll
2008-12-05 12:53 93,459 a--sh--- c:\windows\system32\kuwotevi.dll
2008-12-05 12:53 87,844 a--sh--- c:\windows\system32\yuhisona.dll
2008-12-05 11:52 94,436 a--sh--- c:\windows\system32\hovolile.dll
2008-12-05 11:52 64,754 a--sh--- c:\windows\system32\lipewedi.dll
2008-12-04 23:52 94,948 a--sh--- c:\windows\system32\bidiyije.dll
2008-12-04 23:52 88,147 a--sh--- c:\windows\system32\fabokulo.dll
2008-12-04 11:52 87,093 a--sh--- c:\windows\system32\ketedoti.dll
2008-12-04 11:52 64,565 a--sh--- c:\windows\system32\kiduruka.dll
2008-12-04 11:52 94,773 a--sh--- c:\windows\system32\vagazodi.dll
2008-12-03 18:19 64,053 a--sh--- c:\windows\system32\punehomi.dll
2008-12-03 18:19 94,773 a--sh--- c:\windows\system32\bidifetu.dll
2008-12-03 18:19 85,557 a--sh--- c:\windows\system32\delidubu.dll
2008-12-02 23:35 86,581 a--sh--- c:\windows\system32\mubodigi.dll
2008-12-02 23:35 93,237 a--sh--- c:\windows\system32\wimesabi.dll
2008-12-02 11:33 93,236 a--sh--- c:\windows\system32\ravezula.dll
2008-12-02 11:33 86,580 a--sh--- c:\windows\system32\vonibusa.dll
2008-12-02 11:33 64,052 a--sh--- c:\windows\system32\hekeyapi.dll
2008-12-01 13:25 94,772 a------- c:\windows\system32\yeyanido.dll
2008-11-30 11:09 95,284 a--sh--- c:\windows\system32\pufuyada.dll
2008-11-29 11:46 95,284 a--sh--- c:\windows\system32\polekove.dll
2008-11-28 10:47 95,284 a--sh--- c:\windows\system32\nukizani.dll
2008-11-27 14:34 93,748 a--sh--- c:\windows\system32\panasoba.dll
2008-11-26 09:46 93,748 a--sh--- c:\windows\system32\lubefije.dll
2008-11-26 09:46 86,580 a--sh--- c:\windows\system32\vejidoyu.dll
2008-11-25 21:46 93,236 a--sh--- c:\windows\system32\fimamile.dll
2008-11-25 21:46 87,092 a--sh--- c:\windows\system32\jonefede.dll
2008-11-25 19:20 2,974 a------- c:\windows\system32\tmp.reg
2008-11-25 09:46 87,092 a--sh--- c:\windows\system32\takavere.dll
2008-11-25 09:46 93,236 a--sh--- c:\windows\system32\hiwumeku.dll
2008-11-24 21:46 93,236 a--sh--- c:\windows\system32\piyadayi.dll
2008-11-24 21:46 87,092 a--sh--- c:\windows\system32\jipafofa.dll
2008-11-24 09:45 90,164 a--sh--- c:\windows\system32\hakurevi.dll
2008-11-23 17:08 90,164 a--sh--- c:\windows\system32\rahuguzi.dll
2008-11-23 01:30 86,068 a--sh--- c:\windows\system32\rigiwoti.dll
2008-11-23 01:30 90,164 a--sh--- c:\windows\system32\monajole.dll
2008-10-24 06:21 455,296 a------- c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-02 11:33 0 a--sh--- c:\windows\system32\gayujoje.dll
2008-09-08 16:43 94,720 a--sh--- c:\windows\system32\jahamure.dll
2008-08-28 11:33 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082820080829\index.dat

============= FINISH: 18:11:26.75 ===============

#5 Tomk_

Tomk_

    Malware Eradicator


  • Malware Response Team
  • 686 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 17 December 2008 - 06:37 PM

Hi JHSII,

Welcome to Bleeping Computers

My name is Tomk_. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.
I apologize for the delay in response. We get overwhelmed at times but we are trying our best to keep up.

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Posted Image

#6 Tomk_

Tomk_

    Malware Eradicator


  • Malware Response Team
  • 686 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 22 December 2008 - 09:16 PM

Due to lack of response, this thread will now be closed.

If you have further issues, please begin a new topic.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users