Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Error loading zedomoje.dll and berateno.dll message


  • Please log in to reply
3 replies to this topic

#1 madowell

madowell

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 03 January 2009 - 09:52 PM

I used stopzilla to scan my comp and removed what it came up with and now getting "error loading c:\windows\system32\zedomoje.dll" and "error loading c:\windows\system32\berateno.dll" whenever my laptop is restarted. Before all this, I was getting a blank window popup with pantomi.com in title bar. I went to RUN, msconfig, startup and saw new startup items in list: berateno.dll, zedomoje.dll, and lufuyuko.dll. I unchecked these and then restarted my comp. I still had popups and then that is when I downloaded Stopzilla and scanned my comp. I will attach the event log from Stopzilla just in case you need this info because I removed some stuff with that program. Thanks so much for your help.


DDS (Version 1.1.0) - NTFSx86
Run by Melissa Dowell at 19:45:24.21 on Sat 01/03/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1399 [GMT -6:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Documents and Settings\Melissa Dowell\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080418
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program files\stopzilla!\SZSG.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: {7963e926-0e9a-4b88-8251-b9c7420a8c76} - c:\windows\system32\sugefeso.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
BHO: ZoneAlarm Spy Blocker BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: ZoneAlarm Spy Blocker: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files\stopzilla!\SZSG.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [EPSON Stylus Photo R220 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [kunuwijajo] Rundll32.exe "c:\windows\system32\berateno.dll",s
mRun: [CPM9f86355f] Rundll32.exe "c:\windows\system32\zedomoje.dll",a
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\common files\microsoft shared\works shared\wkcalrem.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\program files\common files\is3\anti-spyware\iS3lsp.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\zedomoje.dll,c:\windows\system32\nufeduta.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli c:\windows\system32\nufeduta.dll

============= SERVICES / DRIVERS ===============

R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [2008-12-2 54656]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-3-13 33800]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-8-1 127768]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-4-24 394952]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R4 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\drivers\datunidr.sys [2007-8-23 5376]
R4 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-3-13 472320]
R4 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R4 WinRT;WinRT Toolkit Generic Driver;c:\windows\system32\drivers\WinRT.sys [2008-4-23 99360]

=============== Created Last 30 ================

2009-01-03 19:35 2,632 a------- c:\windows\system32\drivers\kgpcpy.cfg
2009-01-03 15:51 16 a------- c:\windows\system32\drivers\fidbox.dat.szfi
2009-01-03 15:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard
2009-01-03 15:33 <DIR> --d----- c:\program files\STOPzilla!
2009-01-03 15:33 <DIR> --d----- c:\program files\common files\iS3
2009-01-03 15:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-01-03 11:41 1,262,129 ---sh--- c:\windows\system32\okuyuful.ini
2009-01-02 21:03 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-01-02 21:02 <DIR> --d----- c:\documents and settings\melissa dowell\.housecall6.6
2009-01-02 20:49 <DIR> --d----- c:\program files\Lavasoft
2009-01-02 20:49 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-01-02 20:16 1,262,147 ---sh--- c:\windows\system32\olutakam.ini
2008-12-28 15:54 107,368 a------- c:\windows\system32\GEARAspi.dll
2008-12-28 15:54 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-28 15:53 <DIR> --d----- c:\program files\iPod
2008-12-28 15:53 <DIR> --d----- c:\program files\iTunes
2008-12-28 15:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-28 15:53 <DIR> --d----- c:\program files\Bonjour
2008-12-28 15:51 32,000 a------- c:\windows\system32\drivers\usbaapl.sys
2008-12-17 17:26 17,408 a----r-- c:\windows\system32\SZIO5.dll
2008-12-17 17:25 282,624 a----r-- c:\windows\system32\SZBase5.dll
2008-12-17 17:24 540,672 a----r-- c:\windows\system32\SZComp5.dll
2008-12-13 22:07 65,536 a------- c:\windows\system32\E_S00RP1.EXE
2008-12-09 19:06 268 a---h--- C:\sqmdata00.sqm
2008-12-09 19:06 244 a---h--- C:\sqmnoopt00.sqm

==================== Find3M ====================

2009-01-03 19:45 56,279,072 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-01-03 19:34 660,404 a--sh--- c:\windows\system32\drivers\fidbox.idx
2008-12-22 22:58 3,278 a------- c:\docume~1\meliss~1\applic~1\wklnhst.dat
2008-12-13 00:40 3,593,216 -------- c:\windows\system32\dllcache\mshtml.dll
2008-12-02 15:20 54,656 a----r-- c:\windows\system32\drivers\SZKG.sys
2008-11-24 16:19 126,976 a----r-- c:\windows\system32\IS3HTUI5.dll
2008-11-24 16:19 364,544 a----r-- c:\windows\system32\IS3DBA5.dll
2008-11-24 16:18 372,736 a----r-- c:\windows\system32\IS3UI5.dll
2008-11-24 16:18 61,440 a----r-- c:\windows\system32\IS3Hks5.dll
2008-11-24 16:18 23,040 a----r-- c:\windows\system32\IS3XDat5.dll
2008-11-24 16:17 212,992 a----r-- c:\windows\system32\IS3Win325.dll
2008-11-24 16:17 94,208 a----r-- c:\windows\system32\IS3Inet5.dll
2008-11-24 16:17 90,112 a----r-- c:\windows\system32\IS3Svc5.dll
2008-11-24 16:14 708,608 a----r-- c:\windows\system32\IS3Base5.dll
2008-10-24 05:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 06:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 06:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 07:11 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 07:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 10:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 01:06 633,632 -------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 01:04 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-10-10 22:50 61,224 a------- c:\documents and settings\melissa dowell\GoToAssistDownloadHelper.exe
2008-09-19 02:06 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091920080920\index.dat

============= FINISH: 19:46:04.84 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:09 AM

Posted 16 January 2009 - 08:10 AM

Hello madowell

Welcome to BleepingComputer :thumbsup:
========================
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 madowell

madowell
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 19 January 2009 - 09:05 AM

I save RSIT to my desktop and then go to open it and click on run and then see the screen where I would click continue and very quickly it disappears and the icon on my desktop goes away also. I disabled stopzilla, zonealarm and my nod antivirus protection and the same thing still happens. I'm not sure what else to do. Any suggestions would be helpful.

Thanks, Melissa

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:09 AM

Posted 19 January 2009 - 09:06 AM

Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.
---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.
===========
Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users