Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

adtrgt


  • This topic is locked This topic is locked
2 replies to this topic

#1 rockinrandy

rockinrandy

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MEMPHIS TN.
  • Local time:04:23 PM

Posted 14 April 2009 - 09:46 PM

Not sure what is going on, spybot search and destroy box pops up.It says bad url.adtragt.com I hit deny. Then IE opens with pop ups,while im surfing with fire fox. I have dds.text and attach.txt too.McAfee does not see it or can't find it. Spybot does not see it when i run it.But tells me it is trying to access the internet.Might be time to reload windows? Gonna build a new computer in june.
Thanks Ya'll
DDS (Ver_09-03-16.01) - NTFSx86
Run by Administrator at 21:25:59.03 on Tue 04/14/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.1023.504 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\System32\rundll32.exe
C:\DOCUME~1\ADMINI~1.RAN\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {40869bf2-934d-4cbd-b276-8089758d96da} - c:\windows\system32\noyusoda.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {A20854FD-DDB5-4931-8F76-D11EA2364D94} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [d86389d0] rundll32.exe "c:\windows\system32\gataviva.dll",b
mRun: [marofamona] Rundll32.exe "c:\windows\system32\kahowuhi.dll",s
mRun: [YMailAdvisor] "c:\program files\yahoo!\common\YMailAdvisor.exe"
mRun: [CPMdb50ba4c] Rundll32.exe "c:\windows\system32\limereju.dll",a
StartupFolder: c:\documents and settings\all users.windows\start menu\programs\startup\Adobe Reader Speed Launch.lnk.disabled
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\sataraid.lnk - c:\program files\silicon image\siisataraid\SATARaid.exe
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\MSMSGS.EXE
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {31435657-9980-0010-8000-00AA00389B71}
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237078503687
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237078474328
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {F1591385-3BEA-4A7F-8601-AFA53DB85357} = 127.0.0.0
AppInit_DLLs: c:\windows\system32\yoduseya.dll c:\windows\system32\limereju.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\limereju.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\limereju.dll
LSA: Notification Packages = :\windows\system32\srrstr.dll cecli scecli scecli scecli c:\windows\system32\yoduseya.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1.ran\applic~1\mozilla\firefox\profiles\4si3g0xa.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npitunes.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

============= SERVICES / DRIVERS ===============

R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2008-2-26 97408]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2005-10-23 4224]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-6-27 201320]
R2 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2005-10-23 4960]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-1-7 572776]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-1-7 572776]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-6-27 359248]
R2 McShield;McAfee Real-time Scanner;c:\program files\mcafee\virusscan\Mcshield.exe [2008-6-27 144704]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-6-27 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-6-27 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-6-27 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-6-27 40488]
S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [2005-11-11 2816]
S1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2006-5-24 820928]
S1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2006-3-14 27776]
S2 Avg7Alrt;AVG7 Alert Manager Server; [x]
S2 Avg7UpdSvc;AVG7 Update Service; [x]
S3 DCamUSBKodak;Kodak DVC323 Digital Video Camera;c:\windows\system32\drivers\dvc323.sys [2008-5-3 112272]
S3 krdpdre;krdpdre;\??\c:\docume~1\admini~1.ran\locals~1\temp\krdpdre.sys --> c:\docume~1\admini~1.ran\locals~1\temp\krdpdre.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-6-27 33832]
S3 RivaTunerEx;RivaTunerEx;\??\d:\program files\rivatuner v2.0 rc 15.5\rivatunerex.sys --> d:\program files\rivatuner v2.0 rc 15.5\RivaTunerEx.sys [?]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
regfile=NOTEPAD.EXE %1
scrfile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-04-10 08:39 153 a------- c:\windows\wininit.ini

==================== Find3M ====================

2009-04-14 20:29 89,088 a--sh--- c:\windows\system32\limereju.dll
2009-04-14 08:29 50,688 a--sh--- c:\windows\system32\pinigalo.dll
2009-04-14 08:29 109,568 a--sh--- c:\windows\system32\puwisuro.dll
2009-04-13 20:28 108,544 a--sh--- c:\windows\system32\rakiyilu.dll
2009-04-13 20:28 63,488 a--sh--- c:\windows\system32\pulemebo.exe
2009-04-13 08:28 109,056 a--sh--- c:\windows\system32\refobaju.dll
2009-04-13 08:28 63,488 a--sh--- c:\windows\system32\bupudofa.exe
2009-04-12 20:28 109,056 a--sh--- c:\windows\system32\jakegetu.dll
2009-04-12 20:28 62,976 a--sh--- c:\windows\system32\wiludubu.exe
2009-04-12 08:28 64,000 a--sh--- c:\windows\system32\velefusi.exe
2009-04-12 08:28 109,056 a--sh--- c:\windows\system32\sopakowo.dll
2009-04-11 20:27 109,568 a--sh--- c:\windows\system32\tobuvuzi.dll
2009-04-11 20:27 62,976 a--sh--- c:\windows\system32\bidifetu.exe
2009-04-11 08:27 108,544 a--sh--- c:\windows\system32\dojisino.dll
2009-04-11 08:27 62,464 a--sh--- c:\windows\system32\kalomawu.exe
2009-04-10 20:17 109,568 a--sh--- c:\windows\system32\yusifabo.dll
2009-04-10 20:17 61,952 a--sh--- c:\windows\system32\zititohu.exe
2009-04-10 20:17 100,864 a--sh--- c:\windows\system32\gataviva.dll
2009-04-10 08:17 63,488 a--sh--- c:\windows\system32\dazeneho.exe
2009-04-09 20:17 71,680 a--sh--- c:\windows\system32\hepoyaba.dll
2009-04-09 20:17 109,056 a--sh--- c:\windows\system32\veyesera.dll
2009-04-09 20:17 61,952 a--sh--- c:\windows\system32\yegejoso.exe
2009-04-09 08:16 61,440 a--sh--- c:\windows\system32\lehebofi.exe
2009-04-09 08:16 108,032 a--sh--- c:\windows\system32\vamegeye.dll
2009-03-18 13:51 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2008-12-17 12:29 152 a------- c:\documents and settings\administrator.randy\brdgInst.bat
2008-10-06 16:03 1,060 a------- c:\program files\INSTALL.LOG
2003-12-18 11:33 20,102 a------- c:\program files\Readme.txt
2003-09-03 07:46 10,960 a------- c:\program files\EULA.txt

============= FINISH: 21:27:09.60 ===============

BC AdBot (Login to Remove)

 


#2 rockinrandy

rockinrandy
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MEMPHIS TN.
  • Local time:04:23 PM

Posted 20 April 2009 - 05:46 PM

Thanks ya'll. ended up being vundo.hgo. got it removed.

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:05:23 PM

Posted 21 April 2009 - 05:49 PM

Thanks for informing us.
Good luck.

This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users