Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constant Ad Pop-ups / Trojan Vundo


  • This topic is locked This topic is locked
4 replies to this topic

#1 goportis26

goportis26

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 27 April 2009 - 09:12 PM

Constant pop-ups causing computer to run extremely slow, almost to the point that I cannot use the computer do anything (including surf the internet). I had to restart multiple times to register on this site and to create this topic. Sometimes computer will completely freeze. I have run spybot search and destroy and superantispyware and this is a short term fix, but problems continually get worse. Any help will be greatly appreciated!

DDS (Ver_09-03-16.01) - NTFSx86
Run by Roxanne at 21:48:50.76 on Mon 04/27/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.1023.297 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\3361\SVCHOST.exe -sysrun
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\dhcp\svchost.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\BacsTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Apoint\Apntex.exe
C:\DOCUME~1\Roxanne\LOCALS~1\Temp\3083678710.exe
C:\Documents and Settings\Roxanne\reader_s.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\sopidkc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TEMP\gvg73v.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\TEMP\gvg73v.exe
C:\WINDOWS\System32\3361\SVCHOST.exe -sysrun
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Documents and Settings\Roxanne\reader_s.exe
C:\WINDOWS\TEMP\2631822368.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM6\anotify.exe
C:\Documents and Settings\Roxanne\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.dell4me.com/myway
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uInternet Connection Wizard,ShellNext = iexplore
BHO: {919914c0-4c70-a4ab-18d1-86b3dc0686a6} - c:\windows\ezizewugo.dll
BHO: c:\windows\system32\kjsdiowq8oikf.dll: {b2ba40a2-74f0-42bd-f434-12345a2c8953} - c:\windows\system32\kjsdiowq8oikf.dll
BHO: {c9404381-cf01-4351-b197-8af44a184b5e} - c:\windows\system32\mabigeku.dll
TB: Web assistant: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ViewSonic Explorer V5.3] c:\windows\msdtcsw32.exe
uRun: [AcerVGA Drivers V1.2] c:\windows\initview32.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Diagnostic Manager] c:\docume~1\roxanne\locals~1\temp\3083678710.exe
uRun: [reader_s] c:\documents and settings\roxanne\reader_s.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9f.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [bacstray] BacsTray.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [URLLSTCK.exe] c:\program files\norton internet security\UrlLstCk.exe
mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [svchost.exe] "c:\windows\system32\3361\SVCHOST.exe"
mRun: [reader_s] c:\windows\system32\reader_s.exe
mRun: [Axovucegaqa] rundll32.exe "c:\windows\ezizewugo.dll",e
mRun: [tutopogive] Rundll32.exe "c:\windows\system32\fenufebo.dll",s
mRun: [CPMafc7daf2] Rundll32.exe "c:\windows\system32\pakiguwu.dll",a
mRun: [acf4e96e] rundll32.exe "c:\windows\system32\yuwehosu.dll",b
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRunOnce: [svchost.exe] "c:\windows\system32\3361\SVCHOST.exe"
mRunOnce: [Spybot - Search & Destroy] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck
dRun: [reader_s] c:\documents and settings\localservice\reader_s.exe
dRun: [VRT11] c:\windows\temp\VRT11.exe
dRun: [<NO NAME>] c:\windows\temp\gvg73v.exe
dRun: [Windows Resurections] c:\windows\temp\gvg73v.exe
dRun: [Diagnostic Manager] c:\windows\temp\2631822368.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\MSMSGS.EXE
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
Notify: c00B5724 - c00B5724.mat
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: sys32 - sys32.dll
AppInit_DLLs: gaf.dll c:\windows\system32\rahurite.dll c:\windows\system32\koloturi.dll c:\windows\system32\hozekopo.dll c:\windows\system32\wapozevo.dll c:\windows\system32\yukojuni.dll c:\windows\system32\womovagu.dll c:\windows\system32\pakiguwu.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pakiguwu.dll
STS: c:\windows\system32\kjsdiowq8oikf.dll: {b2ba40a2-74f0-42bd-f434-12345a2c8953} - c:\windows\system32\kjsdiowq8oikf.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\pakiguwu.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 c:\windows\system32\iifcBtUl
LSA: Notification Packages = cli dfyckesi.dll c:\windows\system32\womovagu.dll

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: XUL Cache: {76C148B1-03FB-403D-B8E8-0A3D55EFB932} - c:\documents and settings\roxanne\local settings\application data\{76C148B1-03FB-403D-B8E8-0A3D55EFB932}
FF - HiddenExtension: XUL Cache: {94270FA5-BA1E-4292-8D8E-91BF7AEA1EC6} - c:\windows\system32\config\systemprofile\local settings\application data\{94270FA5-BA1E-4292-8D8E-91BF7AEA1EC6}
FF - HiddenExtension: XUL Cache: {FDDB1F2B-2A86-42B5-8A87-C309D82ADAAE} - c:\windows\system32\config\systemprofile\local settings\application data\{fddb1f2b-2a86-42b5-8a87-c309d82adaae}\

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-2-17 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024]
R1 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2003-11-21 300736]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2003-11-21 35008]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2003-11-21 255136]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2003-11-21 218272]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2003-11-21 234656]
R2 DhcpSrv;Dhcp server;c:\windows\dhcp\svchost.exe [2009-4-19 256512]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-7-17 161064]
R2 msncache;msncache;c:\windows\system32\svchost.exe -k netsvcs [2003-7-16 12800]
R2 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton internet security\norton antivirus\navapsvc.exe [2003-11-21 158376]
R2 sopidkc;sopidkc Service;c:\windows\system32\sopidkc.exe [2003-7-16 194560]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20071205.009\NAVENG.Sys [2007-12-9 81232]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20071205.009\NavEx15.Sys [2007-12-9 865904]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]
S1 d036bc16;d036bc16;c:\windows\system32\drivers\d036bc16.sys --> c:\windows\system32\drivers\d036bc16.sys [?]
S1 khae22a;khae22a;c:\windows\system32\drivers\khae22a.sys --> c:\windows\system32\drivers\khae22a.sys [?]
S1 mkc41e0;mkc41e0;c:\windows\system32\drivers\mkc41e0.sys --> c:\windows\system32\drivers\mkc41e0.sys [?]
S1 nfd8da2;nfd8da2;c:\windows\system32\drivers\nfd8da2.sys --> c:\windows\system32\drivers\nfd8da2.sys [?]
S1 rjg6919;rjg6919;c:\windows\system32\drivers\rjg6919.sys --> c:\windows\system32\drivers\rjg6919.sys [?]
S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2003-6-24 66784]
S3 at1394;at1394;c:\windows\system32\at1394.sys [2003-7-16 2304]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2003-11-21 87200]
S3 protect;protect;c:\windows\system32\drivers\protect.sys --> c:\windows\system32\drivers\protect.sys [?]
S3 restore;restore;\??\c:\windows\system32\drivers\restore.sys --> c:\windows\system32\drivers\restore.sys [?]
S3 SAVScan;SAVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2003-11-21 193816]

=============== Created Last 30 ================

2009-04-27 21:45 0 a------- C:\55.tmp
2009-04-27 21:43 0 a------- C:\2B.tmp
2009-04-27 21:43 0 a------- C:\28.tmp
2009-04-27 21:43 0 a------- C:\25.tmp
2009-04-27 21:18 1,407,256 ---sh--- c:\windows\system32\usohewuy.ini
2009-04-24 23:00 61,440 a------- c:\windows\system32\21.tmp
2009-04-24 22:57 1,407,256 ---sh--- c:\windows\system32\usuwisiy.ini
2009-04-24 22:57 231,424 a------- c:\windows\system32\tpsaxyd.exe
2009-04-24 22:56 67,584 a--sh--- c:\windows\system32\wirubifa.dll
2009-04-24 22:56 152,064 a------- c:\windows\system32\10.tmp
2009-04-24 22:56 124 a------- c:\windows\system32\F.tmp
2009-04-24 22:56 15,000 a------- c:\windows\system32\jksahfo93wjfkd.dll
2009-04-22 22:57 0 a------- c:\windows\Twekupili.bin
2009-04-22 22:53 1,408,480 ---sh--- c:\windows\system32\esakafod.ini
2009-04-22 22:52 44 a------- c:\windows\system32\C.tmp
2009-04-21 18:35 19,420 a------- c:\windows\system32\17.tm_
2009-04-20 22:04 1,410,019 ---sh--- c:\windows\system32\eleheled.ini
2009-04-20 21:54 19,420 a------- c:\windows\system32\14.tmp
2009-04-20 21:53 80 a------- c:\windows\system32\12.tmp
2009-04-20 19:22 300 a------- c:\windows\Blagiyerezuqahi.dat
2009-04-20 19:19 19,420 a------- c:\windows\system32\8.tmp
2009-04-20 19:19 80 a------- c:\windows\system32\7.tmp
2009-04-20 19:03 196,096 a------- c:\windows\system32\afisicx.exe
2009-04-20 19:03 36,864 a------- c:\windows\system32\dpcxool64.sys
2009-04-20 19:03 8 a------- c:\windows\system32\comsa32.sys
2009-04-20 19:02 2,098 ---sh--- c:\windows\system32\rabasobu.dll
2009-04-20 19:01 0 a------- c:\windows\system32\13.tmp
2009-04-20 19:01 66,760 a------- c:\windows\system32\w.exe
2009-04-20 19:01 40,960 a------- c:\windows\system32\xz.exe
2009-04-19 21:53 83,968 a--sh--- c:\windows\system32\yabavidu.exe
2009-04-19 21:53 74,128 a--sh--- c:\windows\system32\nufatoze.dll
2009-04-19 20:49 <DIR> --d----- c:\program files\LanqiEngine
2009-04-19 20:40 19,420 a------- c:\windows\system32\E.tmp
2009-04-19 20:40 80 a------- c:\windows\system32\D.tmp
2009-04-19 11:43 735,232 a------- c:\windows\system32\AdvOcr.dll
2009-04-19 11:43 94,208 a------- c:\windows\system32\TRSOCR.dll
2009-04-19 11:43 1,308 a------- c:\windows\system32\TRSOCR.dat
2009-04-19 11:34 44 a------- c:\windows\system32\B.tmp
2009-04-19 09:53 36,352 a------- c:\windows\system32\reader_s.exe
2009-04-19 09:53 36,352 a------- c:\documents and settings\roxanne\reader_s.exe
2009-04-19 09:53 0 a------- c:\windows\system32\8E.tmp
2009-04-19 09:53 44 a------- c:\windows\system32\8C.tmp
2009-04-19 09:53 91,724 a--sh--- c:\windows\system32\gukinema.dll
2009-04-19 09:53 83,968 a--sh--- c:\windows\system32\wenifalo.exe
2009-04-18 16:48 1,308 a------- c:\windows\system32\TRSOCR.ini
2009-04-18 16:47 3 a------- c:\windows\system32\bversion.dll
2009-04-18 16:46 565,248 a------- c:\windows\system32\IPHACTION.dll
2009-04-18 16:25 0 a------- c:\windows\system32\IpSvchostF.dll
2009-04-18 15:26 61,440 a------- c:\windows\system32\tcpd.exe
2009-04-18 15:25 22,016 a------- c:\windows\system32\AUTMGR.EXE
2009-04-18 15:25 930,304 a------- c:\windows\system32\kernel32_check.dll
2009-04-18 15:25 172,032 a------- c:\windows\system32\tcpcon.dll
2009-04-18 15:25 10,240 a------- c:\windows\system32\Packer.dll
2009-04-18 15:25 9 a------- c:\windows\system32\riphy.dll
2009-04-18 15:25 9 a------- c:\windows\system32\iphy.dll
2009-04-18 15:25 3 a------- c:\windows\system32\fhpatch.dll
2009-04-18 15:19 <DIR> --d----- c:\windows\system32\3361
2009-04-18 15:19 108,336 a------- c:\windows\system32\MSWINSCK.OCX
2009-04-18 15:19 <DIR> --d----- c:\windows\dhcp
2009-04-18 15:18 50,688 a------- C:\xpsm.exe
2009-04-18 15:18 43,520 a------- C:\ptrf.exe
2009-04-18 15:18 2 a------- C:\-1393235519
2009-04-18 15:17 99,328 a--sh--- c:\windows\system32\fonasito.dll
2009-04-18 15:17 83,968 a--sh--- c:\windows\system32\ripagupa.exe
2009-04-15 19:00 1,422,040 ---sh--- c:\windows\system32\uribiguz.ini
2009-04-14 20:48 71,168 a--sh--- c:\windows\system32\hivunote.dll
2009-04-13 19:36 84,480 a--sh--- c:\windows\system32\wilawibe.exe
2009-04-08 19:56 1,407,814 ---sh--- c:\windows\system32\ofegenif.ini
2009-04-08 19:56 70,144 a--sh--- c:\windows\system32\bupodaze.dll
2009-04-08 19:50 108,544 a------- c:\windows\system32\kidohili.dll
2009-04-07 22:10 1,406,414 ---sh--- c:\windows\system32\omijuzas.ini
2009-04-07 22:00 105,472 a------- c:\windows\system32\kakijigu.dll
2009-04-07 22:00 100,864 -------- c:\windows\system32\sazujimo.dll

==================== Find3M ====================

2009-04-27 21:42 15,000 a------- c:\windows\system32\kjsdiowq8oikf.dll
2009-04-27 21:08 11,383 a------- c:\windows\system32\nvModes.dat
2009-04-27 20:58 98,816 -------- c:\windows\system32\yuwehosu.dll
2009-04-27 20:58 105,472 a--sh--- c:\windows\system32\pakiguwu.dll
2009-04-27 20:58 80,384 a--sh--- c:\windows\system32\jinuwayi.exe
2009-04-24 23:21 65,536 a------- c:\windows\NCUNINST.EXE
2009-04-24 22:56 60,416 a--sh--- c:\windows\system32\ledanozo.exe
2009-04-22 22:52 70,656 a--sh--- c:\windows\system32\vivodiha.dll
2009-04-22 22:52 100,352 a--sh--- c:\windows\system32\dofakase.dll
2009-04-22 22:52 108,544 a--sh--- c:\windows\system32\harizepu.dll
2009-04-22 22:52 64,000 a--sh--- c:\windows\system32\nasijuye.exe
2009-04-20 19:02 109,056 a--sh--- c:\windows\system32\kapefupa.dll
2009-04-20 19:01 99,328 a--sh--- c:\windows\system32\delehele.dll
2009-04-20 19:01 83,968 a--sh--- c:\windows\system32\bitanazo.exe
2009-04-20 19:01 109,056 a--sh--- c:\windows\system32\kevupavo.dll
2009-04-19 09:55 162,432 a------- c:\windows\system32\drivers\ndis.sys
2009-04-09 19:35 82,432 a--sh--- c:\windows\system32\jifipanu.exe
2009-04-08 20:02 84,768 a------- c:\windows\system32\petolahu.exe
2009-04-07 22:10 84,768 a------- c:\windows\system32\zimizapa.exe
2009-04-07 22:05 70,473 a------- c:\windows\system32\tejonubo.dll
2009-03-30 21:20 6,866 a--sh--- c:\windows\system32\lUtBcfii.ini2
2008-05-28 14:55 61,224 a------- c:\documents and settings\roxanne\GoToAssistDownloadHelper.exe
2008-09-26 21:49 97,280 a--sh--- c:\windows\system32\begajetu.dll
2009-01-19 21:53 99,328 a--sh--- c:\windows\system32\dafabogi.dll
2009-01-18 15:17 109,056 a--sh--- c:\windows\system32\dezubebo.dll
2009-01-19 21:53 63,488 a--sh--- c:\windows\system32\feketigu.exe
2009-01-24 22:57 67,584 a--sh--- c:\windows\system32\fenufebo.dll
2009-01-13 19:36 107,520 a--sh--- c:\windows\system32\fiyunegu.dll
2009-01-08 19:56 102,912 a--sh--- c:\windows\system32\gebuhobo.dll
2009-01-18 15:17 83,968 a--sh--- c:\windows\system32\gijiyeli.exe
2009-01-04 15:48 152 a--sh--- c:\windows\system32\guvodudi.dll
2009-01-14 20:48 71,168 a--sh--- c:\windows\system32\hapejulu.dll
2009-01-08 19:56 70,144 a--sh--- c:\windows\system32\hawalupe.dll
2009-01-15 19:00 107,520 a--sh--- c:\windows\system32\jevetedo.dll
2009-01-08 19:56 84,768 a--sh--- c:\windows\system32\lehebofi.exe
2009-01-13 19:36 84,480 a--sh--- c:\windows\system32\luhuvoyu.exe
2009-01-08 19:56 108,544 a--sh--- c:\windows\system32\lulakodu.dll
2009-01-24 22:57 67,584 a--sh--- c:\windows\system32\mabigeku.dll
2009-01-18 15:17 99,328 a--sh--- c:\windows\system32\mosoraza.dll
2009-01-07 22:00 70,144 a--sh--- c:\windows\system32\numonuji.dll
2009-01-19 09:53 99,328 a--sh--- c:\windows\system32\poviwumi.dll
2009-01-10 19:39 83,968 a--sh--- c:\windows\system32\redivegi.exe
2009-01-07 22:05 100,864 a--sh--- c:\windows\system32\reposoku.dll
0000-00-00 00:00 20,003 a--sh--- c:\windows\system32\sonuleme.dll
2008-09-05 19:57 64,000 a--sh--- c:\windows\system32\tanovivo.dll
2009-01-15 19:00 100,352 a--sh--- c:\windows\system32\vonowiya.dll
2009-01-10 19:39 109,568 a--sh--- c:\windows\system32\wehatuhi.dll
2009-01-19 09:53 109,056 a--sh--- c:\windows\system32\welemige.dll
2009-01-19 09:53 83,968 a--sh--- c:\windows\system32\wihomeki.exe
2009-01-07 22:05 84,768 a--sh--- c:\windows\system32\wolijuke.exe
2009-01-24 22:57 67,584 a--sh--- c:\windows\system32\womovagu.dll
2009-01-19 21:53 109,056 a--sh--- c:\windows\system32\woyelova.dll
2008-09-20 12:56 82,944 a--sh--- c:\windows\system32\zupakoko.dll

============= FINISH: 21:51:30.23 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:47 AM

Posted 28 April 2009 - 03:49 AM

Ok.. Looking at log, I would advised you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installer and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar/.pif/.asp/.php/.iso files... We are looking for possible Virut or Sality infection, and if it is.. Then you might have to wipe the machine clean..

Make sure you back-up everything ONLY via CD or DVD (non-rewritable).. If you need to backup into external hard drive or thumbdrive, make sure it is EMPTY.. Meaning NO FILE inside it.. Format the external drive first before attach it to the infected computer.. A single .exe file inside the external drive may infected other computers as well


Lets see whether this one is Virut/Sality or not...


Please download Dr.Web CureIt to the Desktop:
  • Double-click the launch.exe or cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, just let it cure whatever it finds...
    • Now, go to Settings >> Change Settings
    • Go to Actions tab >> under Objects section, change the settings to below
      • Infected objects - Cure
        Incurable objects - Report
        Suspicious objects - Report
    • Don't change any other settings
  • Start the scan again. This time, choose Complete Scan
  • Click the green arrow button at the right, and the scan will start.
  • After the scan finished, click Select all
  • Click on Cure and choose Report incurable (means take no actions.. Don't "move", or "rename" or "delete")
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your Desktop. The report will be called DrWeb.csv
  • Post DrWeb.csv in your next reply (Open it as Notepad).. Do NOT reboot the computer yet..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 goportis26

goportis26
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 02 May 2009 - 12:50 PM

Was unable to download dr.webcureit. It says that the web address is incorrect?? Any suggestions? Thanks.

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:47 AM

Posted 02 May 2009 - 07:09 PM

Please show hidden files and folders
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
    • C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\rundll32.exe
      C:\WINDOWS\System32\ctfmon.exe
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
If VirScan.org server is too busy, please submit the file to VirusTotal instead.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:47 AM

Posted 08 May 2009 - 06:33 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users