Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Here is my log... WHAT'S WRONG?


  • This topic is locked This topic is locked
7 replies to this topic

#1 poolgirl95

poolgirl95

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 22 February 2009 - 04:42 PM

OK, I hope I am doing this correctly. We have been trying to fix our computer for the last 2 monbths. Everytime I try to use the internet from this computer, pop-ups take over. First, there were endless pop-ups. Various virus programs seemed to help as well as spyware scans.

Most recently I tried to eliminate programs in the start up and that seems to have helped. I am still getting popups for various spyware and malware programs (oh, and a fitness trainer) When there is a pop-up, the active window automatically changes to the pop-up.

Here is the DDS log:


DDS (Ver_09-02-01.01) - NTFSx86
Run by Carrie at 15:33:07.44 on Sun 02/22/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.52 [GMT -6:00]

AV: Norton AntiVirus *On-access scanning disabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\2Wire Wireless Manager\2Wire.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Documents and Settings\Carrie\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AutorunsDisabled - No File
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\opnlLcyv.dll
BHO: {609536ee-cc96-d4b9-4af4-761e9ce50e68}: {86e05ec9-e167-4fa4-9b4d-69ccee635906} - c:\windows\system32\eiedyo.dll
BHO: {c55103a2-9d7c-4337-9fe5-ef63cab21ea8} - c:\windows\system32\tuvUKAsP.dll
BHO: {fa40e299-05a1-48dd-b6c3-4a8078ac529e} - c:\windows\system32\awtqrqrP.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\opnlLcyv.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Viewpoint Toolbar BHO: {a7327c09-b521-4edb-8509-7d2660c9ec98} - c:\program files\viewpoint\viewpoint toolbar\3.8.0\ViewBarBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar5.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton systemworks\norton antivirus\NavShExt.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton systemworks\norton antivirus\NavShExt.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: WeatherBug Browser Bar - powered by MyWebSearch: {8eab99c9-f9ec-4b64-a4ba-d9bcae8779c2} -
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar5.dll
TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\common files\viewpoint\toolbar runtime\3.8.0\IEViewBar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [GetModule31] c:\program files\getmodule\GetModule31.exe
mRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe
mRun: [ccRegVfy] c:\program files\common files\symantec shared\ccRegVfy.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [2Wire Wireless Manager] "c:\program files\2wire wireless manager\2Wire.exe" -a
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://www.livingnaturally.com/common/e_coupons/smsx.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director/cabs/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144266552680
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {94B82441-A413-4E43-8422-D49930E69764} - hxxps://usa1chat.tupperware.com/Media/VisitorChat/TLIEFlash.CAB
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://216.162.199.11:82/activex/AMC.cab
Notify: AutorunsDisabled - opnlLcyv.dll
Notify: klogon - c:\windows\system32\klogon.dll
Notify: opnlLcyv - opnlLcyv.dll
AppInit_DLLs: ,eiedyo.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\opnlLcyv.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\tuvUKAsP

============= SERVICES / DRIVERS ===============

R2 SAVRTPEL;SAVRTPEL;c:\windows\system32\drivers\SAVRTPEL.SYS [2006-4-5 35552]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-4-4 24344]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20070404.032\NAVENG.Sys [2007-4-4 77688]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20070404.032\NavEx15.Sys [2007-4-4 852824]
R3 SAVRT;SAVRT;c:\windows\system32\drivers\SAVRT.SYS [2006-4-5 235744]
S3 ECnvtBox;Embroidery Conversion Box Plus;c:\windows\system32\drivers\ECnvtBox.sys [2006-4-8 37818]

=============== Created Last 30 ================

2009-02-22 13:47 129,024 a------- c:\windows\system32\eiedyo.dll
2009-02-22 13:47 129,024 a------- c:\windows\system32\mpnddwwf.dll
2009-02-22 13:47 1,607,797 ---sh--- c:\windows\system32\fsygqcov.ini
2009-02-22 13:47 72,704 a------- c:\windows\system32\vocqgysf.dll
2009-02-21 09:08 1,607,797 ---sh--- c:\windows\system32\sobmwvva.ini
2009-02-21 09:05 129,024 a------- c:\windows\system32\xeqxjj.dll
2009-02-21 09:05 129,024 a------- c:\windows\system32\wtxpvgfv.dll
2009-02-20 21:05 129,024 a------- c:\windows\system32\hrzrqg.dll
2009-02-20 21:05 129,024 a------- c:\windows\system32\fxdmpapy.dll
2009-02-20 21:02 1,607,788 ---sh--- c:\windows\system32\rkjavtxa.ini
2009-02-20 21:02 72,704 a------- c:\windows\system32\axtvajkr.dll
2009-02-20 20:13 <DIR> --d----- c:\program files\VnrPack
2009-01-25 17:04 120 ---sh--- c:\windows\system32\ouhkumgx.ini
2009-01-25 16:46 120 ---sh--- c:\windows\system32\hmujdkvh.ini
2009-01-25 13:45 120 ---sh--- c:\windows\system32\mgigfxdk.ini
2009-01-25 13:43 129,024 a------- c:\windows\system32\gmvpaj.dll
2009-01-25 13:43 129,024 a------- c:\windows\system32\frdgvjux.dll
2009-01-25 11:33 129,024 a------- c:\windows\system32\xqjcuj.dll
2009-01-25 11:33 129,024 a------- c:\windows\system32\grdtqrvj.dll
2009-01-25 11:21 120 ---sh--- c:\windows\system32\mfsarxeq.ini
2009-01-25 11:21 72,704 a------- c:\windows\system32\qexrasfm.dll
2009-01-25 11:18 129,024 a------- c:\windows\system32\papfij.dll
2009-01-25 11:18 129,024 a------- c:\windows\system32\gdxsurog.dll
2009-01-24 18:36 120 ---sh--- c:\windows\system32\httsblxr.ini

==================== Find3M ====================

2009-02-22 15:32 9,115 a--sh--- c:\windows\system32\PsAKUvut.ini2
2009-01-23 13:32 129,024 a------- c:\windows\system32\rzqcnc.dll
2009-01-23 13:32 129,024 a------- c:\windows\system32\jkmqvvqi.dll
2009-01-23 13:32 72,704 a------- c:\windows\system32\kspwsjuj.dll
2009-01-22 17:14 129,024 a------- c:\windows\system32\ohmadsni.dll
2009-01-22 17:14 129,024 a------- c:\windows\system32\cdumvw.dll
2009-01-20 21:20 129,024 a------- c:\windows\system32\kbwesa.dll
2009-01-20 21:20 129,024 a------- c:\windows\system32\hubihiad.dll
2009-01-20 17:51 129,024 a------- c:\windows\system32\lyxpegwo.dll
2009-01-20 17:51 129,024 a------- c:\windows\system32\jquadf.dll
2009-01-20 16:08 129,024 a------- c:\windows\system32\yicetj.dll
2009-01-20 16:08 129,024 a------- c:\windows\system32\tqirwyqb.dll
2009-01-19 17:34 129,024 a------- c:\windows\system32\enlneu.dll
2009-01-19 17:34 129,024 a------- c:\windows\system32\bjsxwbwo.dll
2009-01-19 16:39 129,024 a------- c:\windows\system32\ybzrtp.dll
2009-01-19 16:39 129,024 a------- c:\windows\system32\xbaiuhfu.dll
2009-01-19 15:49 129,024 a------- c:\windows\system32\xnrdwkoi.dll
2009-01-19 15:49 129,024 a------- c:\windows\system32\nqubtq.dll
2009-01-19 12:29 129,024 a------- c:\windows\system32\piqlhc.dll
2009-01-19 12:29 129,024 a------- c:\windows\system32\ojlfbtbe.dll
2009-01-18 13:29 129,024 a------- c:\windows\system32\svfwbwvo.dll
2009-01-18 13:29 129,024 a------- c:\windows\system32\grheel.dll
2009-01-18 13:19 72,704 a------- c:\windows\system32\skvqjsih.dll
2009-01-16 18:15 129,024 a------- c:\windows\system32\vggnsg.dll
2009-01-16 18:15 129,024 a------- c:\windows\system32\oyqnmxgr.dll
2009-01-16 17:07 129,024 a------- c:\windows\system32\ucgqey.dll
2009-01-16 17:07 129,024 a------- c:\windows\system32\tptmyiwr.dll
2009-01-12 17:20 129,024 a------- c:\windows\system32\ldpldsgn.dll
2009-01-12 17:20 129,024 a------- c:\windows\system32\iqjpac.dll
2009-01-12 16:08 129,024 a------- c:\windows\system32\iuwxjk.dll
2009-01-12 16:08 129,024 a------- c:\windows\system32\caiwkkbh.dll
2009-01-12 15:14 129,024 a------- c:\windows\system32\gnjiev.dll
2009-01-12 15:14 129,024 a------- c:\windows\system32\bjrhbqyi.dll
2009-01-12 14:05 129,024 a------- c:\windows\system32\nykycfey.dll
2009-01-12 14:05 129,024 a------- c:\windows\system32\guzdpw.dll
2009-01-12 12:59 129,024 a------- c:\windows\system32\spfsvx.dll
2009-01-12 12:59 129,024 a------- c:\windows\system32\ffaoleoc.dll
2009-01-12 12:02 129,024 a------- c:\windows\system32\rytvtp.dll
2009-01-12 12:02 129,024 a------- c:\windows\system32\bordhsdm.dll
2009-01-12 10:50 129,024 a------- c:\windows\system32\tlmnjmyk.dll
2009-01-12 10:50 129,024 a------- c:\windows\system32\jlvfsy.dll
2009-01-12 10:02 129,024 a------- c:\windows\system32\wrnfpxpn.dll
2009-01-12 10:02 129,024 a------- c:\windows\system32\wnhecb.dll
2009-01-12 08:59 129,024 a------- c:\windows\system32\wregllwb.dll
2009-01-12 08:59 129,024 a------- c:\windows\system32\uerntm.dll
2009-01-12 07:56 129,024 a------- c:\windows\system32\lnumwtyx.dll
2009-01-12 07:56 129,024 a------- c:\windows\system32\hzqgmg.dll
2009-01-12 06:53 129,024 a------- c:\windows\system32\vtugpuai.dll
2009-01-12 06:53 129,024 a------- c:\windows\system32\vcnsqy.dll
2009-01-12 06:41 129,024 a------- c:\windows\system32\lsuqkw.dll
2009-01-12 06:41 129,024 a------- c:\windows\system32\iiiiovrn.dll
2009-01-12 05:41 129,024 a------- c:\windows\system32\mcdiohmm.dll
2009-01-12 05:41 129,024 a------- c:\windows\system32\lgtiwp.dll
2009-01-12 04:38 129,024 a------- c:\windows\system32\zejvha.dll
2009-01-12 04:38 129,024 a------- c:\windows\system32\pbjsifox.dll
2009-01-12 03:41 129,024 a------- c:\windows\system32\xsiqkc.dll
2009-01-12 03:41 129,024 a------- c:\windows\system32\kmnnqpsl.dll
2009-01-12 03:35 129,024 a------- c:\windows\system32\uabrea.dll
2009-01-12 03:35 129,024 a------- c:\windows\system32\ctxplwdw.dll
2009-01-12 02:38 129,024 a------- c:\windows\system32\huncge.dll
2009-01-12 02:38 129,024 a------- c:\windows\system32\amammotj.dll
2009-01-12 01:32 129,024 a------- c:\windows\system32\jgikjsjh.dll
2009-01-12 01:32 129,024 a------- c:\windows\system32\imyebd.dll
2009-01-12 00:38 129,024 a------- c:\windows\system32\oeqalg.dll
2009-01-12 00:38 129,024 a------- c:\windows\system32\lokwsxqj.dll
2009-01-11 23:32 129,024 a------- c:\windows\system32\wwbcgg.dll
2009-01-11 23:32 129,024 a------- c:\windows\system32\jcjsludf.dll
2009-01-11 23:26 129,024 a------- c:\windows\system32\nygsmsgn.dll
2009-01-11 23:26 129,024 a------- c:\windows\system32\ldikji.dll
2009-01-11 22:29 129,024 a------- c:\windows\system32\uoiqficy.dll
2009-01-11 22:29 129,024 a------- c:\windows\system32\eqsihm.dll
2009-01-11 21:26 129,024 a------- c:\windows\system32\xcglnods.dll
2009-01-11 21:26 129,024 a------- c:\windows\system32\frtyrk.dll
2009-01-11 20:35 129,024 a------- c:\windows\system32\lzvhta.dll
2009-01-11 20:35 129,024 a------- c:\windows\system32\ejumdjap.dll
2009-01-11 20:20 129,024 a------- c:\windows\system32\ybwdcgbc.dll
2009-01-11 20:20 129,024 a------- c:\windows\system32\kmcvfr.dll
2009-01-11 19:25 129,024 a------- c:\windows\system32\sixbvjfh.dll
2009-01-11 19:25 129,024 a------- c:\windows\system32\cwmmru.dll
2009-01-11 18:25 129,024 a------- c:\windows\system32\yhsjqp.dll
2009-01-11 18:25 129,024 a------- c:\windows\system32\xmdxrixw.dll
2009-01-11 15:03 129,024 a------- c:\windows\system32\xacoswhf.dll
2009-01-11 15:03 129,024 a------- c:\windows\system32\mfzjry.dll
2009-01-11 14:06 129,024 a------- c:\windows\system32\irntgyyc.dll
2009-01-11 14:06 129,024 a------- c:\windows\system32\hunmgl.dll
2009-01-11 13:00 129,024 a------- c:\windows\system32\umbytnqg.dll
2009-01-11 13:00 129,024 a------- c:\windows\system32\bkhfac.dll
2009-01-11 11:55 72,704 a------- c:\windows\system32\fmjctnby.dll
2009-01-11 11:52 129,024 a------- c:\windows\system32\hbaszn.dll
2009-01-11 11:52 129,024 a------- c:\windows\system32\eeffnlec.dll
2009-01-09 14:00 129,024 a------- c:\windows\system32\pugidx.dll
2009-01-09 14:00 129,024 a------- c:\windows\system32\kjtycdwt.dll
2009-01-09 12:55 129,024 a------- c:\windows\system32\rirpflww.dll
2009-01-09 12:55 129,024 a------- c:\windows\system32\pitutr.dll
2009-01-09 12:46 129,024 a------- c:\windows\system32\mvfyqceq.dll
2009-01-09 12:46 129,024 a------- c:\windows\system32\hujdna.dll
2009-01-06 21:46 129,024 a------- c:\windows\system32\pltnximn.dll
2009-01-06 21:46 129,024 a------- c:\windows\system32\djazcv.dll
2009-01-06 21:26 129,024 a------- c:\windows\system32\rkhsxvak.dll
2009-01-06 21:26:29 A------- 129,024 c:\windows\system32\pfawow.dll
2006-04-05 12:52 32 a--sh--- c:\windows\{FDE81C32-A20C-4A12-833F-BF52992F87A4}.dat
2006-04-05 12:52 32 a--sh--- c:\windows\{FE95DC10-8495-4EAB-B791-7D0E139568B2}.dat
2006-04-05 12:52 32 a--sh--- c:\windows\system32\{225E07C3-B205-4F0B-860F-C209AD76E263}.dat
2006-04-05 12:52 32 a--sh--- c:\windows\system32\{4230E2F0-F982-4937-ACDD-C8BECFD49A05}.dat

============= FINISH: 15:34:27.45 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:30 PM

Posted 23 February 2009 - 06:18 AM

Hi,

Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

Actually, this doesn't suprise me at all, because your version of Norton is outdated and disabled. How are you supposed to prevent malware if the Antivirus you have installed doesn't work?
That's why I suggest you to uninstall your Norton Antivirus since it's most probably an expired trial.
I also see leftovers from an older Kaspersky version as well, so please uninstall that one too.
Reboot after uninstalling.

In case you're having problems with uninstalling Norton in the normal way...

* To fully remove Norton AntiVirus or other Symantec related products, select the product you want to uninstall from this list in order to download the removal tool.
Please read the instructions first before you use it.

For older versions of Norton (2000, 2001, 2002), choose this link.

Then, after you have uninstalled Norton and rebooted, * Please install Avira Antivirus: http://www.free-av.com/

Perform a full scan with Avira and let it delete everything it is finding.
Then reboot.
After reboot, open your Avira and select "reports".
There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply together with a new DDS log. Then we'll start from there.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 poolgirl95

poolgirl95
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 23 February 2009 - 08:12 AM

Thanks for taking on my case! :)

To answer a few of your comments and update my situation:

- I disabled Norton to run the DSS log as it would not allow the DDS log to be created.
- I have not used Norton since the trial ran out. I had been using AVG, but removed it to install Kaspersky at someones recomendation when my computer first started acting up with the pop-ups. (the program would not install Kaspersky with AVG installed)
- my computer became so badly infected... I could not go online to download malwarebytes or any other program to combat the malware so I was in a catch 22 unable to go back to AVG. Kaspersky was a nightmare for me and Norton was all that was left.
- following the AWESOME info on this site. I was able to remove running processes that looked suspicious, which provided enough relief to actually go to online and to bleepingcomputer from that computer. I could then disable malware that was in the start-up, create a DSS log, AND hooray download and run malwarebytes.
- running Malwarebytes removed over 300 infected items!
- I do not have the discs to just reinstall wondows XP.. so I am HOPING to just clean-up the computer.

THANKS SO MUCH for the help so far, I will go ahead an uninstall Norton and Kaspersky (which I was having trouble doing before). I will install Avira and post the log when done.

Again, Thanks! I realize there are limitations but appreciate the effort!

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:30 PM

Posted 23 February 2009 - 08:44 AM

Ok,

I read you later with the new logs. Fingers crossed, because with the huge amount of malware you're dealing here, I'm actually suprised that your Windows still boots...
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 poolgirl95

poolgirl95
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 23 February 2009 - 07:41 PM

should I run a DDS log again?

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:30 PM

Posted 23 February 2009 - 08:11 PM

Yes, because your previous log won't make sense anymore after you have installed Avira and performed a full scan with it.
Also post the Avira log as requested.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:30 PM

Posted 01 March 2009 - 12:44 PM

Still with us?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:30 PM

Posted 06 March 2009 - 07:15 AM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users