Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Badly infected with all kinds of viruses


  • This topic is locked This topic is locked
2 replies to this topic

#1 Giuliana

Giuliana

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 31 March 2009 - 01:30 PM

My pc was horribly infected...the pc was acting extremely slow on everything...downloading, opening Word, everything was extremely slow...then I started getting pop-ups everywhere, so I ran sybot and it found tons of errors. It tried to fix most of it but for some it asked to re-boot in order to remove them...the pc is more responsive but it's still infected, and when I logg in I get lots of pops-up of a black box (trying to run cmd of some sort).

Here's my log and the attach.zip file. THANK YOU if you can help me clean it all up!!


DDS (Ver_09-03-16.01) - NTFSx86
Run by Giampiero at 14:16:55.59 on 31/03/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.81 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Giampiero\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.dell.ca/myway
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\BackWeb-8876480.exe
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [inter poke] c:\docume~1\giampi~1\applic~1\safema~1\Site Dash.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_02\bin\jusched.exe"
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [DLCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCGtime.dll,_RunDLLEntry@16
mRun: [dlcgmon.exe] "c:\program files\dell aio 810\dlcgmon.exe"
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ROAD ITCH AMOK PING] c:\documents and settings\all users\application data\long slow road itch\FILE PING.exe
mRun: [letajejupe] Rundll32.exe "c:\windows\system32\dawusere.dll",s
mRun: [0cde27ca] rundll32.exe "c:\windows\system32\wavenimu.dll",b
mRun: [CPM0fed1456] Rundll32.exe "c:\windows\system32\huhevita.dll",a
mRunOnce: [Spybot - Search & Destroy] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
uPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
uPolicies-system: Wallpaper =
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
IE: &Search - ?p=ZKfox000(2)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Open in new background tab - c:\program files\windows live toolbar\components\en-ca\msntabres.dll.mui/229?2bca9ac6ac164c9ca7c6a0ed3481747e
IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-ca\msntabres.dll.mui/230?2bca9ac6ac164c9ca7c6a0ed3481747e
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: zubfvo.dll c:\windows\system32\wuholove.dll c:\windows\system32\huhevita.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\huhevita.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\huhevita.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli c:\windows\system32\wuholove.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\giampi~1\applic~1\mozilla\firefox\profiles\3dycek8v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\mozilla firefox\components\SABFF20.DLL
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 55024]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-8-27 566616]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-9-3 47640]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\superadblocker.com\super ad blocker\sabkutil.sys --> c:\program files\superadblocker.com\super ad blocker\SABKUTIL.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-03-31 08:17 2,502,032 ---sh--- c:\windows\system32\uminevaw.ini
2009-03-30 19:17 2,502,298 ---sh--- c:\windows\system32\ujobevel.ini
2009-03-30 18:22 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-03-30 18:22 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-03-30 18:22 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-03-30 18:19 <DIR> --d----- c:\program files\SafeMapi01
2009-03-30 18:00 <DIR> --d----- c:\program files\Corel Corporation
2009-03-30 18:00 <DIR> --d----- c:\program files\common files\ODBC
2009-03-30 18:00 <DIR> --d----- c:\program files\MSXML 4.0
2009-03-30 17:59 <DIR> --d----- c:\program files\SuperAdBlocker.com
2009-03-30 17:59 <DIR> --d----- c:\program files\MyWaySA
2009-03-30 17:59 <DIR> --d----- c:\program files\Your Company Name
2009-03-30 17:59 <DIR> --d----- c:\program files\MyWebSearch
2009-03-29 19:33 121,344 a------- c:\windows\system32\dllcache\OLD90F.tmp
2009-03-29 19:33 19,840 a------- c:\windows\system32\dllcache\OLD90B.tmp
2009-03-29 19:33 92,416 a------- c:\windows\system32\dllcache\OLD907.tmp
2009-03-29 19:33 173,696 a------- c:\windows\system32\dllcache\OLD903.tmp
2009-03-29 19:31 28,032 a------- c:\windows\system32\dllcache\OLD8A3.tmp
2009-03-29 19:30 7,552 a------- c:\windows\system32\dllcache\OLD868.tmp
2009-03-29 19:29 52,255 a------- c:\windows\system32\dllcache\OLD824.tmp
2009-03-29 19:28 35,200 a------- c:\windows\system32\dllcache\OLD7DE.tmp
2009-03-29 19:27 7,424 a------- c:\windows\system32\dllcache\OLD79E.tmp
2009-03-29 19:26 19,016 a------- c:\windows\system32\dllcache\OLD741.tmp
2009-03-29 19:25 35,328 a------- c:\windows\system32\dllcache\OLD6C5.tmp
2009-03-29 19:24 100,936 a------- c:\windows\system32\dllcache\OLD686.tmp
2009-03-29 19:23 67,167 a------- c:\windows\system32\dllcache\OLD62E.tmp
2009-03-29 19:22 28,288 a------- c:\windows\system32\dllcache\OLD5CB.tmp
2009-03-29 19:21 22,090 a------- c:\windows\system32\dllcache\OLD567.tmp
2009-03-29 19:20 6,400 a------- c:\windows\system32\dllcache\OLD4E2.tmp
2009-03-29 19:19 29,696 a------- c:\windows\system32\dllcache\OLD469.tmp
2009-03-29 19:18 117,760 a------- c:\windows\system32\dllcache\OLD3D1.tmp
2009-03-29 19:17 45,696 a------- c:\windows\system32\dllcache\OLD346.tmp
2009-03-29 19:16 66,082 a------- c:\windows\system32\dllcache\OLD250.tmp
2009-03-29 19:15 9,728 a------- c:\windows\system32\dllcache\OLD15E.tmp
2009-03-29 19:14 4,255 a------- c:\windows\system32\dllcache\OLD69.tmp
2009-03-29 19:13 2,185,984 a------- c:\windows\system32\dllcache\OLD5.tmp
2009-03-29 18:01 22,090 a------- c:\windows\system32\dllcache\OLD2A1.tmp
2009-03-29 18:01 22,090 a------- c:\windows\system32\dllcache\OLD29E.tmp
2009-03-29 17:59 19,996 a------- c:\windows\system32\dllcache\OLD257.tmp
2009-03-29 17:59 19,996 a------- c:\windows\system32\dllcache\OLD254.tmp
2009-03-29 17:50 2,185,984 a------- c:\windows\system32\dllcache\OLD6.tmp
2009-03-26 22:54 3,285,347 ---sh--- c:\windows\system32\idumomab.tmp
2009-03-22 18:45 <DIR> --ds---- C:\Microsoft
2009-03-22 10:48 102,380 a------- c:\windows\system32\drivers\46ed4e5f.sys
2009-03-21 14:51 1,394 a------- c:\windows\system32\ahtn.htm
2009-03-21 14:51 315 a------- c:\windows\system32\win32hlp.cnf
2009-03-21 14:48 2 a------- C:\215885669

==================== Find3M ====================

2009-03-31 08:17 61,440 a--sh--- c:\windows\system32\mayosare.exe
2009-03-30 19:16 61,440 a--sh--- c:\windows\system32\popukalu.exe
2009-03-21 14:49 14,336 a------- c:\windows\system32\svchost.exe
2009-03-21 14:42 109,762 a--sh--- c:\windows\system32\gukejibu.dll.vir
2009-01-15 13:23 127,828 a--sh--- c:\windows\system32\fihiwono.dll
2009-01-11 12:20 101,020 a--sh--- c:\windows\system32\zosusewa.dll
2009-01-11 00:20 100,982 a--sh--- c:\windows\system32\devajusi.dll
2009-01-10 10:42 103,564 a--sh--- c:\windows\system32\bolanefi.dll
2009-01-05 23:02 89,392 -------- c:\windows\system32\yizobejo.dll
2009-01-05 09:47 103,203 a--sh--- c:\windows\system32\torazovi.dll
2009-01-05 09:47 92,391 a--sh--- c:\windows\system32\bikusono.dll
2009-01-02 08:43 89,218 a--sh--- c:\windows\system32\fasesosu.dll
2006-08-09 22:58 149 a------- c:\program files\INSTALL.LOG
2002-06-04 05:06 65,536 -------- c:\windows\inf\copyinf.exe
2007-09-07 14:13 88 ---shr-- c:\windows\system32\2528975A52.sys
2007-12-29 00:46 56 ---shr-- c:\windows\system32\525A972825.sys
2007-12-29 00:46 4,236 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-12-28 14:40 95,806 a--sh--- c:\windows\system32\tawukosi.dll
0000-00-00 00:00 36,864 a--sh--- c:\windows\system32\zapekoge.dll

============= FINISH: 14:17:22.57 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Giuliana

Giuliana
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 03 April 2009 - 08:36 AM

I ran Spybot, Cureit, Superantivirus and seems the problem is gone.

Please close.
Thanks

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:11:28 PM

Posted 08 April 2009 - 04:04 PM

Thank you for letting us know.

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users