Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet explorer and firefox popups


  • This topic is locked This topic is locked
2 replies to this topic

#1 shashelia

shashelia

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 19 April 2009 - 03:57 AM

internet explorer opens up unexpectedly and frequently. Firefox has ads popping up (when popup blocker is turned on). When I try to download any antivirus software, the "virus"(?) wont let me go through with the download. When I try going to a virus scan website, such as housecall or pctools, the website wont open up. Something is stopping me from trying to get rid of the problem.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Cecilia Coles at 1:31:33.82 on Sun 04/19/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.268 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\sttray.exe
svchost.exe C:\WINDOWS\TEMP\VRT1.tmp
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
svchost.exe
svchost.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
svchost.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Documents and Settings\Cecilia Coles\reader_s.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\prunnet.exe
C:\DOCUME~1\CECILI~1\LOCALS~1\Temp\v8dfbi.exe
C:\DOCUME~1\CECILI~1\LOCALS~1\Temp\v8dfbi.exe
C:\Documents and Settings\Cecilia Coles\reader_s.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\DOCUME~1\CECILI~1\LOCALS~1\Temp\v8dfbi.exe
C:\DOCUME~1\CECILI~1\LOCALS~1\Temp\v8dfbi.exe
C:\DOCUME~1\CECILI~1\LOCALS~1\Temp\v8dfbi.exe
C:\DOCUME~1\CECILI~1\LOCALS~1\Temp\v8dfbi.exe
C:\DOCUME~1\CECILI~1\LOCALS~1\Temp\v8dfbi.exe
C:\DOCUME~1\CECILI~1\LOCALS~1\Temp\v8dfbi.exe
C:\DOCUME~1\CECILI~1\LOCALS~1\Temp\v8dfbi.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\CECILI~1\LOCALS~1\Temp\1996708204.exe
C:\DOCUME~1\CECILI~1\LOCALS~1\Temp\1996083316.exe
C:\Program Files\Microsoft Works\WksWP.exe
C:\PROGRA~1\MICROS~2\WkDStore.exe
C:\PROGRA~1\MICROS~2\wkgdcach.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Cecilia Coles\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.Yahoo.com
uDefault_Page_URL = hxxp://www.Yahoo.com
mDefault_Page_URL = hxxp://www.Yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\ntos.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: {c4442bf6-fd3a-4892-9e5f-04a963628710} - c:\windows\system32\yefezari.dll
BHO: c:\windows\system32\jh9fgo4ksdgf.dll: {d7bf4552-94f1-42bd-f434-3604812c856d} - c:\windows\system32\jh9fgo4ksdgf.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [prunnet] "c:\windows\system32\prunnet.exe"
uRun: [pidle] "c:\documents and settings\cecilia coles\application data\pidle\pidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
uRun: [<NO NAME>] c:\docume~1\cecili~1\locals~1\temp\v8dfbi.exe
uRun: [Windows Resurections] c:\docume~1\cecili~1\locals~1\temp\v8dfbi.exe
uRun: [reader_s] c:\documents and settings\cecilia coles\reader_s.exe
uRun: [Diagnostic Manager] c:\docume~1\cecili~1\locals~1\temp\1996083316.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IDTSysTrayApp] sttray.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Mobile Broadband] c:\swsetup\hpqwwan\HPMobileBroadband.exe /TrayMode
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [prunnet] "c:\windows\system32\prunnet.exe"
mRun: [bidabekudo] Rundll32.exe "c:\windows\system32\vikamegu.dll",s
mRun: [reader_s] c:\windows\system32\reader_s.exe
mRun: [Dyuwo] rundll32.exe "c:\windows\Nporupehu.dat",e
mRun: [CPM0b5dcd65] Rundll32.exe "c:\windows\system32\fumabube.dll",a
mRun: [086efef9] rundll32.exe "c:\windows\system32\dinipuro.dll",b
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [000000af] rundll32.exe "c:\windows\system32\dinipuro.dll",b
mRunOnce: [NSSInstallation] c:\windows\system32\adobe\shockwave 11\nssstub.exe /RunOnce
dRun: [<NO NAME>] c:\windows\temp\u4vka.exe
dRun: [Windows Resurections] c:\windows\temp\u4vka.exe
dRun: [Diagnostic Manager] c:\windows\temp\954912769.exe
dRun: [reader_s] c:\documents and settings\cecilia coles\reader_s.exe
dRun: [prunnet] "c:\windows\system32\prunnet.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\lowiyiyi.dll c:\windows\system32\fumabube.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fumabube.dll
STS: c:\windows\system32\sdfgerfgf3f.dll: {e2ba40a2-74f3-42bd-f434-2604812c8953} - c:\windows\system32\sdfgerfgf3f.dll
STS: c:\windows\system32\yaubfh983ind.dll: {a5af42a3-94f3-42bd-f634-0604832c897d} - c:\windows\system32\yaubfh983ind.dll
STS: c:\windows\system32\jh9fgo4ksdgf.dll: {d7bf4552-94f1-42bd-f434-3604812c856d} - c:\windows\system32\jh9fgo4ksdgf.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\fumabube.dll
LSA: Notification Packages = scecli lphalet.dll c:\windows\system32\lowiyiyi.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\cecili~1\applic~1\mozilla\firefox\profiles\a4ivd7se.default\
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {B00BB5EB-BE7D-452A-B946-73D33372B4CC} - c:\documents and settings\cecilia coles\local settings\application data\{B00BB5EB-BE7D-452A-B946-73D33372B4CC}
FF - HiddenExtension: XUL Cache: {79D6CEBC-1A4F-4EC9-A475-432FEAFFF3B8} - c:\documents and settings\localservice\local settings\application data\{79d6cebc-1a4f-4ec9-a475-432feafff3b8}\

============= SERVICES / DRIVERS ===============

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-2-21 24652]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2008-12-19 112128]
S3 restore;restore;\??\c:\windows\system32\drivers\restore.sys --> c:\windows\system32\drivers\restore.sys [?]

=============== Created Last 30 ================

2009-04-19 01:08 <DIR> --d----- c:\program files\Trend Micro
2009-04-19 00:04 36,352 a------- c:\windows\system32\6.tm_
2009-04-19 00:04 0 a------- c:\windows\system32\3.tmp
2009-04-19 00:04 84 a------- c:\windows\system32\2.tmp
2009-04-18 16:06 0 a------- c:\windows\system32\5.tmp
2009-04-18 16:06 84 a------- c:\windows\system32\4.tmp
2009-04-18 15:39 38 a------- C:\C.tmp
2009-04-18 15:39 0 a------- C:\B.tmp
2009-04-18 15:39 0 a------- C:\A.tmp
2009-04-18 15:39 0 a------- C:\9.tmp
2009-04-18 15:39 0 a------- C:\8.tmp
2009-04-18 15:39 0 a------- C:\7.tmp
2009-04-18 15:39 0 a------- C:\6.tmp
2009-04-18 15:39 38 a------- C:\5.tmp
2009-04-18 15:39 52,736 a------- C:\4.tmp
2009-04-18 15:39 15,000 a------- c:\windows\system32\yaubfh983ind.dll
2009-04-18 15:14 1,409,122 ---sh--- c:\windows\system32\orupinid.ini
2009-04-16 14:17 46 a------- c:\windows\system32\p2hhr.bat
2009-04-16 14:16 15,000 a------- c:\windows\system32\jh9fgo4ksdgf.dll
2009-04-16 14:16 16 a------- c:\windows\Rjexedo.bin
2009-04-16 14:16 158,208 a------- c:\windows\Nporupehu.dat
2009-04-16 14:16 23,040 a------- c:\windows\system32\ak1.exe
2009-04-16 14:04 36,352 a------- c:\documents and settings\cecilia coles\reader_s.exe
2009-04-16 14:04 50,176 a------- c:\windows\system32\reader_s.exe
2009-04-16 14:04 102,126 a------- c:\windows\system32\drivers\230f871c.sys
2009-04-16 14:04 22,528 a------- C:\ptrf.exe
2009-04-16 14:03 2 a------- C:\141491798
2009-04-16 14:03 7,168 a------- C:\feyadtq.exe
2009-04-16 14:03 15,000 a------- c:\windows\system32\sdfgerfgf3f.dll
2009-04-16 14:03 44,544 a------- C:\tbbek.exe
2009-04-16 14:03 9,216 a------- c:\windows\instsp2.exe
2009-04-16 01:41 155 a------- c:\windows\system32\SelfDel.bat
2009-04-16 01:41 84,045 a------- c:\windows\system32\ftp_non_crp.exe
2009-04-16 01:41 <DIR> --d----- c:\docume~1\cecili~1\applic~1\pidle
2009-04-16 01:31 1,410,654 ---sh--- c:\windows\system32\ililisij.ini
2009-04-16 01:25 96,687 a------- c:\windows\system32\prunnet.exe

==================== Find3M ====================

2009-04-19 01:02 794 a------- c:\docume~1\cecili~1\applic~1\wklnhst.dat
2009-04-18 15:14 79,360 a--sh--- c:\windows\system32\dinipuro.dll
2009-04-18 15:14 52,224 a--sh--- c:\windows\system32\fehisedu.exe
2009-04-18 15:14 87,040 a--sh--- c:\windows\system32\fumabube.dll
2009-04-16 14:05 182,656 a------- c:\windows\system32\drivers\ndis.sys
2009-04-16 14:05 182,656 a------- c:\windows\system32\dllcache\ndis.sys
2009-04-16 14:03 49,152 a--sh--- c:\windows\system32\nimelaru.dll
2009-04-16 14:03 79,872 a--sh--- c:\windows\system32\mozokufo.dll
2009-04-16 14:03 87,552 a--sh--- c:\windows\system32\nogorobo.dll
2009-04-16 01:31 79,872 -------- c:\windows\system32\jisilili.dll
2009-04-16 01:31 87,552 a--sh--- c:\windows\system32\tinodezi.dll.vir
2009-02-22 00:32 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-21 23:16 41,776 a---h--- c:\windows\system32\mlfcache.dat
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 04:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-01-16 14:04 49,152 a--sh--- c:\windows\system32\lowiyiyi.dll
2009-01-16 14:04 49,152 a--sh--- c:\windows\system32\vikamegu.dll
2009-01-16 14:04 49,152 a--sh--- c:\windows\system32\yefezari.dll

============= FINISH: 1:44:25.13 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Rodav

Rodav

  • Members
  • 388 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 19 April 2009 - 07:31 AM

Hi,

I have bad news for you :thumbup2:

I see you're dealing with Virut on top of the other nasty malware you are dealing with. In that case, it's unfortunately a lost case - Game over situation and a format and reinstall is the fastest and especially the safest solution.

You may want to read this why: Virut and other File infectors - Throwing in the Towel?

So, I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files...
This because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again.

Read here for instructions how to format and reinstall Windows: http://web.mit.edu/ist/products/winxp/adva...all-format.html

#3 Rodav

Rodav

  • Members
  • 388 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 24 April 2009 - 07:39 AM

This Topic is now closed.

If you need this topic reopened, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users