Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with pop ups that say : ad : microsoft windows explorer


  • This topic is locked This topic is locked
4 replies to this topic

#1 pastortozer

pastortozer

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 04 May 2009 - 07:03 PM

When signing on to the internet lately most pages take a long time to load. Usually after waiting for awhile a pop-up screen appears and it says : ad : Microsoft internet explorer. This has happened when I have used both mozilla and explorer.

I have downloaded the lava soft ad-aware & I also have trend microcillin. Nothing seems to be detected.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Rebekah Johnson at 18:43:48.35 on Mon 05/04/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.110 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
AV: Trend Micro Internet Security *On-access scanning enabled* (Updated)
FW: Trend Micro Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ContentWatch\Internet Protection\cwtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
svchost.exe
C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\Rebekah Johnson\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2061014
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {7ea9ae45-2588-49cd-bf0c-5f507c58020f} - c:\windows\system32\wudepuve.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [cwcptray] c:\program files\contentwatch\internet protection\cwtray.exe
mRun: [709b0d88] rundll32.exe "c:\windows\system32\kopudoro.dll",b
mRun: [CPM73a83e14] Rundll32.exe "c:\windows\system32\fagometo.dll",a
mRun: [yovofuvebo] Rundll32.exe "c:\windows\system32\punehomi.dll",s
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
dRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\windows\system32\cwalsp.dll
Trusted Zone: turbotax.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} - hxxp://www.candystand.com/assets/activex/virtools/CacheManager.CAB
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: karina.dat c:\windows\system32\fagometo.dll,c:\windows\system32\fefiyiri.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fagometo.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\fagometo.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = scecli c:\windows\system32\fefiyiri.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rebeka~1\applic~1\mozilla\firefox\profiles\7ee2k4te.default\
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 CwAltaService20;ContentWatch;c:\program files\contentwatch\internet protection\cwsvc.exe [2008-12-4 1288512]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-4-30 49680]
R2 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2009-4-30 497008]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-7-30 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-4-30 677128]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-7-30 335376]
S2 network;network;c:\windows\system32\svchost.exe -k network [2004-8-10 14336]

=============== Created Last 30 ================

2009-05-01 10:43 2,713 ---sh--- c:\windows\system32\yewihoro.dll
2009-05-01 10:43 2,713 ---sh--- c:\windows\system32\siyokume.dll
2009-04-30 12:42 144,912 a------- c:\windows\system32\drivers\tmcomm.sys
2009-04-30 12:42 50,192 a------- c:\windows\system32\drivers\tmactmon.sys
2009-04-30 12:42 49,680 a------- c:\windows\system32\drivers\tmevtmgr.sys
2009-04-30 12:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trend Micro
2009-04-30 12:38 <DIR> --d----- c:\program files\Trend Micro
2009-04-29 10:43 1,427,803 ---sh--- c:\windows\system32\opivider.ini
2009-04-28 11:50 104,960 a------- c:\windows\system32\bivayuye.dll
2009-04-28 11:50 97,792 a------- c:\windows\system32\milutafu.dll
2009-04-27 17:25 <DIR> --d----- c:\program files\Trend Micro™ Internet Security
2009-04-26 23:49 1,434,346 ---sh--- c:\windows\system32\orodupok.ini
2009-04-26 11:50 1,407,024 ---sh--- c:\windows\system32\agujibab.ini
2009-04-25 19:16 1,407,024 ---sh--- c:\windows\system32\eyawapos.ini
2009-04-15 23:05 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-04-15 23:05 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-04-15 23:05 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-04-15 23:05 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 23:05 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 23:05 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 23:05 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-04-15 23:04 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-15 23:04 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb

==================== Find3M ====================

2009-05-04 10:44 6,004 a--sh--- c:\windows\system32\luliwedo.dll
2009-05-04 10:44 6,004 a--sh--- c:\windows\system32\bebuviza.dll
2009-05-03 22:44 6,004 a--sh--- c:\windows\system32\lehazapi.dll
2009-05-03 22:44 6,004 a--sh--- c:\windows\system32\bubozozi.dll
2009-05-03 10:43 6,004 a--sh--- c:\windows\system32\fudoneze.dll
2009-05-03 10:43 6,004 a--sh--- c:\windows\system32\bipesaga.dll
2009-05-02 22:44 6,000 a--sh--- c:\windows\system32\webogori.dll
2009-05-02 22:43 6,004 a--sh--- c:\windows\system32\kubiwipi.dll
2009-05-02 22:43 6,004 a--sh--- c:\windows\system32\jofopobu.dll
2009-05-02 10:44 6,000 a--sh--- c:\windows\system32\sirifiwi.dll
2009-05-02 10:44 6,004 a--sh--- c:\windows\system32\tasurizo.dll
2009-05-02 10:44 6,004 a--sh--- c:\windows\system32\sekisahi.dll
2009-05-01 22:43 6,000 a--sh--- c:\windows\system32\bazoveza.dll
2009-05-01 22:43 6,004 a--sh--- c:\windows\system32\wisobifa.dll
2009-05-01 22:43 6,004 a--sh--- c:\windows\system32\rolijugu.exe
2009-05-01 22:43 6,004 a--sh--- c:\windows\system32\movasagu.dll
2009-05-01 10:43 6,000 a--sh--- c:\windows\system32\lekupeyi.dll
2009-04-30 22:42 6,004 a--sh--- c:\windows\system32\kiviyehi.dll
2009-04-30 22:42 6,004 a--sh--- c:\windows\system32\tozewala.exe
2009-04-30 22:42 6,004 a--sh--- c:\windows\system32\bujiwofi.dll
2009-04-30 10:42 6,004 a--sh--- c:\windows\system32\novutele.exe
2009-04-30 10:42 6,004 a--sh--- c:\windows\system32\jesamude.dll
2009-04-30 10:42 6,004 a--sh--- c:\windows\system32\fofitifa.dll
2009-04-29 22:44 6,004 a--sh--- c:\windows\system32\yiyawefo.dll
2009-04-29 22:44 6,004 a--sh--- c:\windows\system32\yabohoyu.dll
2009-04-29 22:44 6,004 a--sh--- c:\windows\system32\vigavifu.exe
2009-04-29 10:43 65,536 a--sh--- c:\windows\system32\vetaweyo.dll
2009-04-29 10:43 98,304 a--sh--- c:\windows\system32\redivipo.dll
2009-04-29 10:43 104,960 a--sh--- c:\windows\system32\fagometo.dll
2009-04-27 23:49 105,472 a--sh--- c:\windows\system32\babonasi.dll
2009-04-27 23:49 98,816 a--sh--- c:\windows\system32\tuhuduta.dll
2009-04-27 23:49 59,904 a--sh--- c:\windows\system32\larayuka.exe
2009-04-26 23:48 98,816 -------- c:\windows\system32\kopudoro.dll
2009-04-26 23:48 104,960 a--sh--- c:\windows\system32\dorerake.dll
2009-04-26 23:48 60,928 a--sh--- c:\windows\system32\leniweye.exe
2009-04-26 16:20 38,136 a------- c:\docume~1\rebeka~1\applic~1\wklnhst.dat
2009-04-26 11:49 59,904 a--sh--- c:\windows\system32\pegafege.exe
2009-04-26 11:49 98,304 -------- c:\windows\system32\babijuga.dll
2009-04-26 11:49 106,496 a--sh--- c:\windows\system32\begakipu.dll
2009-04-25 19:16 98,816 -------- c:\windows\system32\sopawaye.dll
2009-04-25 19:16 103,936 a--sh--- c:\windows\system32\simageme.dll
2009-04-25 19:16 60,928 a--sh--- c:\windows\system32\zawomebe.exe
2009-04-23 20:55 991,232 a------- c:\windows\system32\wxcode_msw28u_wxcurl_CW.dll
2009-04-23 20:55 81,920 a------- c:\windows\system32\wxcode_msw28u_wxjson_CW.dll
2009-04-23 20:54 1,863,680 a------- c:\windows\system32\AltaRecovery.exe
2009-04-23 20:54 970,240 a------- c:\windows\system32\libxml2_CW.dll
2009-04-23 20:54 247,616 a------- c:\windows\system32\wxIE.dll
2009-04-23 20:54 151,552 a------- c:\windows\system32\libexpat.dll
2009-04-23 20:54 610,304 a------- c:\windows\system32\cwalsp.dll
2009-03-21 09:06 989,696 a------- c:\windows\system32\dllcache\kernel32.dll
2009-03-13 17:26 12,496 ac------ c:\windows\MSPuzzle.dat
2009-03-06 09:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-05 21:17 1,195,512 a------- c:\windows\system32\drivers\vsapint.sys
2009-03-05 21:17 205,328 a------- c:\windows\system32\drivers\tmxpflt.sys
2009-03-05 21:17 36,368 a------- c:\windows\system32\drivers\tmpreflt.sys
2009-03-02 19:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 19:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-27 23:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2009-02-21 13:43 4,096 a------- c:\windows\d3dx.dat
2009-02-20 05:20 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 00:14 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-02-09 07:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 07:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 07:10 714,752 a------- c:\windows\system32\dllcache\ntdll.dll
2009-02-09 07:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 07:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\dllcache\win32k.sys
2009-02-07 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-07 19:02 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 06:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 06:11 110,592 a------- c:\windows\system32\dllcache\services.exe
2009-02-06 06:08 2,189,056 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 06:08 2,189,056 a------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 06:06 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 05:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 05:39 35,328 a------- c:\windows\system32\dllcache\sc.exe
2009-02-06 05:32 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-02-17 18:24 57,432 ac------ c:\docume~1\rebeka~1\applic~1\GDIPFONTCACHEV1.DAT
2009-01-29 10:43 65,536 a--sh--- c:\windows\system32\fefiyiri.dll
2009-01-29 10:43 65,536 a--sh--- c:\windows\system32\punehomi.dll
2009-01-29 10:43 65,536 a--sh--- c:\windows\system32\wudepuve.dll
2008-08-18 07:28 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081820080819\index.dat
2008-02-16 15:31 81,920 ac-sh--- c:\windows\temp\history\history.ie5\mshist012008021620080217\index.dat
2008-02-24 23:17 32,768 ac-sh--- c:\windows\temp\history\history.ie5\mshist012008022420080225\index.dat
2008-03-01 00:32 49,152 ac-sh--- c:\windows\temp\history\history.ie5\mshist012008022920080301\index.dat
2008-03-12 03:08 49,152 ac-sh--- c:\windows\temp\history\history.ie5\mshist012008031220080313\index.dat

============= FINISH: 18:48:09.65 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:33 AM

Posted 05 May 2009 - 02:32 AM

Hi,

* Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.
  • Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh DDS log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Edited by miekiemoes, 05 May 2009 - 02:32 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 pastortozer

pastortozer
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 05 May 2009 - 08:06 PM

I don't know how to submit a fresh DDS log.

This is what I cut and pasted from the Mbam log.

Thanks for your help. I really appreciate this. What do I do next?

-Tozer


Malwarebytes' Anti-Malware 1.36
Database version: 2079
Windows 5.1.2600 Service Pack 3

5/5/2009 7:48:56 PM
mbam-log-2009-05-05 (19-48-56).txt

Scan type: Quick Scan
Objects scanned: 85580
Time elapsed: 16 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 5
Registry Keys Infected: 8
Registry Values Infected: 6
Registry Data Items Infected: 7
Folders Infected: 0
Files Infected: 19

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\kopudoro.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fefiyiri.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\punehomi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wudepuve.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\fagometo.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7ea9ae45-2588-49cd-bf0c-5f507c58020f} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7ea9ae45-2588-49cd-bf0c-5f507c58020f} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7ea9ae45-2588-49cd-bf0c-5f507c58020f} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\709b0d88 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm73a83e14 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yovofuvebo (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhc9j7j0en0p (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\fefiyiri.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fefiyiri.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\fagometo.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\babijuga.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\agujibab.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kopudoro.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\orodupok.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\redivipo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opivider.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sopawaye.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eyawapos.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\fagometo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\punehomi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wudepuve.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fefiyiri.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pegafege.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vetaweyo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cpnprt2.cid (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\begakipu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sirifiwi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fudoneze.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jesamude.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:33 AM

Posted 06 May 2009 - 12:57 AM

Hi,

I don't know how to submit a fresh DDS log.

Just copy and paste as you did in your first post :thumbup2:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:33 AM

Posted 16 May 2009 - 05:15 PM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users