Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not sure of cause of inefection


  • This topic is locked This topic is locked
2 replies to this topic

#1 Sickle Cell

Sickle Cell

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 21 May 2009 - 04:38 PM

Hello, I am new to the forums here and I'm not quite sure what I am infected with.

I have been getting frequent pop-ups and my PC has slowed down quite a bit.

When i browse the internet some links i left click on will open a tab regardless if i use a right click or not. I am using FireFox by the way. Also when i click links it will not take me to the link i clicked originally.


DDS (Ver_09-05-14.01) - NTFSx86
Run by Austin Page at 14:24:03.70 on Thu 05/21/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.81 [GMT -7:00]

AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\WINDOWS\System32\AshEvtSvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\program files\steam\steam.exe
C:\Program Files\DNA\btdna.exe
C:\DOCUME~1\AUSTIN~1\LOCALS~1\Temp\2117957202.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
\\?\globalroot\systemroot\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program Files\ThunMail\testabd.exe
C:\Documents and Settings\Austin Page\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uDefault_Page_URL = hxxp://www.dell4me.com/myway
BHO: {7e925362-1600-4913-93f1-ede2f7ac4935} - c:\windows\system32\siguhafe.dll
BHO: c:\windows\system32\afnoinkdsfe.dll: {c2ba40a1-74f3-42bd-f434-12345a2c8953} - c:\windows\system32\afnoinkdsfe.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.0\UIBHO.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No File
TB: {F5735C15-1FB2-41FE-BA12-242757E69DDE} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [Diagnostic Manager] c:\docume~1\austin~1\locals~1\temp\2117957202.exe
uRun: [autochk] rundll32.exe c:\docume~1\austin~1\protect.dll,_IWMPEvents@16
uRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Malware Doctor] c:\documents and settings\localservice\application data\916653139.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [WorksFUD] c:\program files\microsoft works\wkfud.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe
mRun: [numakutuvu] Rundll32.exe "c:\windows\system32\nimusofa.dll",s
mRun: [autochk] rundll32.exe c:\windows\system32\autochk.dll,_IWMPEvents@16
mRun: [Malware Doctor] c:\documents and settings\localservice\application data\916653139.exe
mRun: [CPM539a3f38] Rundll32.exe "c:\windows\system32\hilozepi.dll",a
mRun: [50a90ca4] rundll32.exe "c:\windows\system32\tebudati.dll",b
dRun: [<NO NAME>] c:\windows\temp\sd0gw009.exe
dRun: [Diagnostic Manager] c:\windows\temp\2978082568.exe
dRun: [uidenhiufgsduiazghs] c:\windows\temp\sd0gw009.exe
dRun: [svc] c:\program files\thunmail\testabd.exe
mExplorerRun: [rare] c:\program files\video activex access\imsmain.exe
StartupFolder: c:\documents and settings\austin page\start menu\programs\startup\ChkDisk.dll
StartupFolder: c:\docume~1\austin~1\startm~1\programs\startup\chkdisk.lnk - c:\windows\system32\rundll32.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B49C4597-8721-4789-9250-315DFBD9F525} - hxxp://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/games/popcaploader_v6.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LMIinit - LMIinit.dll
Notify: __c0014AD2 - c:\windows\system32\__c0014AD2.dat
AppInit_DLLs: c:\windows\system32\hudiyili.dll c:\windows\system32\hilozepi.dll,c:\progra~1\thunmail\testabd.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hilozepi.dll
STS: c:\windows\system32\afnoinkdsfe.dll: {c2ba40a1-74f3-42bd-f434-12345a2c8953} - c:\windows\system32\afnoinkdsfe.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\hilozepi.dll
LSA: Notification Packages = scecli c:\windows\system32\hudiyili.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\austin~1\applic~1\mozilla\firefox\profiles\s81ourmm.default\
FF - prefs.js: browser.startup.homepage - hxxp://tf2.com/
FF - plugin: c:\documents and settings\austin page\application data\mozilla\firefox\profiles\s81ourmm.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll

============= SERVICES / DRIVERS ===============

R2 AshEvtSvc;AshEvtSvc;c:\windows\system32\ashevtsvc.exe -k netsvcs --> c:\windows\system32\AshEvtSvc.exe -k netsvcs [?]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2006-9-3 108648]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-6-16 45848]
R3 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2006-9-3 108648]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-3-16 109616]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2008-4-25 33792]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20080316.002\NAVENG.SYS [2008-3-16 82256]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20080316.002\NAVEX15.SYS [2008-3-16 895408]
R3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-4-21 1252232]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [2007-2-10 50048]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-05-21 13:42 <DIR> --d----- c:\program files\Trend Micro
2009-05-21 13:37 <DIR> --d----- c:\windows\system32\NtmsData
2009-05-21 13:28 136 a------- c:\windows\system32\vp_setup.exe.bat
2009-05-21 13:28 <DIR> --dshr-- c:\program files\ThunMail
2009-05-21 13:28 61,440 a------- c:\windows\system32\vp_setup.exe
2009-05-21 12:58 1,433,106 ---sh--- c:\windows\system32\itadubet.ini
2009-05-20 07:35 708 a------- c:\windows\system32\sft.res
2009-05-20 07:35 29,184 a------- c:\windows\system32\stfa.dll
2009-05-20 07:34 32,768 a------- c:\windows\system32\AshEvtSvc.exe
2009-05-20 07:34 32,768 a------- c:\windows\system32\service-466.exe
2009-05-19 19:29 1,433,106 ---sh--- c:\windows\system32\upijeval.ini
2009-05-18 18:49 28,160 a------- c:\windows\system32\__c00AF5E4.dat
2009-05-18 18:48 37,376 a------- c:\windows\system32\glsetup.exe
2009-05-18 18:34 1,433,106 ---sh--- c:\windows\system32\obirotig.ini
2009-05-17 03:56 1,433,119 ---sh--- c:\windows\system32\ebajejim.ini
2009-05-13 17:19 <DIR> --d----- C:\VundoFix Backups
2009-05-13 14:54 1,433,128 ---sh--- c:\windows\system32\ozepolet.ini
2009-05-12 08:59 1,406,496 ---sh--- c:\windows\system32\esujofij.ini
2009-05-11 16:48 1,433,115 ---sh--- c:\windows\system32\ehuhewap.ini
2009-05-10 03:07 1,406,527 ---sh--- c:\windows\system32\itinivoh.ini
2009-05-08 16:37 1,406,509 ---sh--- c:\windows\system32\utodejey.ini
2009-05-07 20:05 28,672 a------- c:\windows\system32\lmn_setup.exe
2009-05-06 17:44 112 a------- C:\xcrashdump.dat
2009-05-06 15:46 24,064 a--sh--- c:\windows\system32\autochk.dll
2009-05-06 15:46 24,064 a--sh--- c:\documents and settings\austin page\protect.dll
2009-05-06 15:31 27,136 a------- c:\windows\system32\__c0014AD2.dat
2009-05-06 15:17 8,704 a------- c:\windows\instsp2.exe
2009-05-04 15:29 1,433,831 ---sh--- c:\windows\system32\ulikujag.ini
2009-05-03 14:18 46 a------- c:\windows\system32\p2hhr.bat
2009-05-03 14:18 15,000 a------- c:\windows\system32\afnoinkdsfe.dll
2009-05-03 14:18 23,040 a------- c:\windows\system32\ak1.exe
2009-05-03 14:04 1,433,106 ---sh--- c:\windows\system32\erilerot.ini
2009-05-02 13:55 1,433,119 ---sh--- c:\windows\system32\asehamaj.ini
2009-05-02 02:05 1 a------- c:\windows\system32\uniq.tll
2009-05-02 02:05 28,672 a------- c:\windows\system32\loader49.exe
2009-05-02 01:57 1,433,119 ---sh--- c:\windows\system32\ojopimot.ini
2009-04-26 01:27 0 a------- c:\windows\ativpsrm.bin
2009-04-26 01:19 593,920 -------- c:\windows\system32\ati2sgag.exe
2009-04-26 01:17 <DIR> --d----- C:\ATI

==================== Find3M ====================

2009-05-21 12:58 78,848 a--sh--- c:\windows\system32\tebudati.dll
2009-05-21 12:58 81,920 a--sh--- c:\windows\system32\hilozepi.dll
2009-05-20 09:57 81,920 a--sh--- c:\windows\system32\sobamehu.dll
2009-05-20 09:57 78,848 a--sh--- c:\windows\system32\zayuluha.dll
2009-05-20 08:52 81,920 a--sh--- c:\windows\system32\tobuvuzi.dll
2009-05-20 08:52 78,848 a--sh--- c:\windows\system32\vobuturi.dll
2009-05-20 07:47 81,920 a--sh--- c:\windows\system32\hitakire.dll
2009-05-20 07:47 78,848 a--sh--- c:\windows\system32\dofoferu.dll
2009-05-19 19:29 81,920 a--sh--- c:\windows\system32\defarewo.dll
2009-05-19 19:29 78,848 a--sh--- c:\windows\system32\lavejipu.dll
2009-05-18 18:34 81,920 a--sh--- c:\windows\system32\wolizapa.dll
2009-05-18 18:34 78,848 a--sh--- c:\windows\system32\gitoribo.dll
2009-05-17 21:34 81,920 a--sh--- c:\windows\system32\devopaha.dll
2009-05-17 21:34 78,848 a--sh--- c:\windows\system32\vetajume.dll
2009-05-17 03:56 81,920 a--sh--- c:\windows\system32\tukideka.dll
2009-05-17 03:56 78,848 a--sh--- c:\windows\system32\mijejabe.dll
2009-05-15 15:03 80,384 a--sh--- c:\windows\system32\wutivoba.dll
2009-05-15 15:03 79,872 a--sh--- c:\windows\system32\lehelojo.dll
2009-05-13 14:54 80,896 a--sh--- c:\windows\system32\bamukitu.dll
2009-05-13 14:54 79,872 a--sh--- c:\windows\system32\telopezo.dll
2009-05-12 08:59 80,384 a--sh--- c:\windows\system32\pehuraba.dll
2009-05-12 08:59 80,384 a--sh--- c:\windows\system32\jifojuse.dll
2009-05-11 16:48 80,384 a--sh--- c:\windows\system32\pawehuhe.dll
2009-05-11 16:48 80,384 a--sh--- c:\windows\system32\muhodogu.dll
2009-05-10 03:07 81,408 a--sh--- c:\windows\system32\tekijuze.dll
2009-05-10 03:07 79,872 a--sh--- c:\windows\system32\hoviniti.dll
2009-05-09 15:07 81,408 a--sh--- c:\windows\system32\junefare.dll.vir
2009-05-09 15:07 80,384 a--sh--- c:\windows\system32\lipewedi.dll
2009-05-08 16:36 80,384 a--sh--- c:\windows\system32\mohasobi.dll
2009-05-08 16:36 78,848 -------- c:\windows\system32\yejedotu.dll
2009-05-07 16:19 80,384 a--sh--- c:\windows\system32\nunoloje.dll
2009-05-07 16:19 79,360 a--sh--- c:\windows\system32\kanolalo.dll
2009-05-06 15:18 48,640 a--sh--- c:\windows\system32\zitajalu.dll
2009-05-06 15:17 80,896 a--sh--- c:\windows\system32\roruhore.dll
2009-05-06 15:17 79,872 a--sh--- c:\windows\system32\fenoyoyu.dll
2009-05-05 15:01 79,872 a--sh--- c:\windows\system32\rahuziti.dll
2009-05-05 15:01 81,408 a--sh--- c:\windows\system32\muhoyawa.dll.vir
2009-05-05 15:01 51,712 a--sh--- c:\windows\system32\yikujode.exe
2009-05-04 15:29 79,872 a--sh--- c:\windows\system32\gajukilu.dll
2009-05-04 15:29 80,896 a--sh--- c:\windows\system32\fugudipi.dll.vir
2009-05-04 15:29 51,200 a--sh--- c:\windows\system32\sebajuyo.exe
2009-05-03 14:04 52,224 a--sh--- c:\windows\system32\kenahapu.exe
2009-05-03 14:04 79,872 a--sh--- c:\windows\system32\torelire.dll
2009-05-03 14:04 81,920 a--sh--- c:\windows\system32\kagavuva.dll
2009-05-02 13:56 49,152 a--sh--- c:\windows\system32\subapade.dll
2009-05-02 13:55 79,872 a--sh--- c:\windows\system32\jamahesa.dll
2009-05-02 13:55 80,896 a--sh--- c:\windows\system32\tijojepe.dll
2009-05-02 13:55 50,688 a--sh--- c:\windows\system32\zugeyale.exe
2009-05-02 01:56 82,432 a--sh--- c:\windows\system32\sonuleme.dll
2009-05-02 01:56 52,224 a--sh--- c:\windows\system32\nazesuna.exe
2009-04-15 17:05 21,840 ac-----t c:\windows\system32\SIntfNT.dll
2009-04-15 17:05 17,212 ac-----t c:\windows\system32\SIntf32.dll
2009-04-15 17:05 12,067 ac-----t c:\windows\system32\SIntf16.dll
2009-03-21 20:00 0 a----r-- C:\logwmemory.bin
2009-03-21 07:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 07:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 07:22 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-03-03 14:52 212,992 a------- c:\windows\system32\ReWire.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-27 21:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2009-02-25 15:58 3,565,568 a------- c:\windows\system32\dllcache\ati2mtag.sys
2009-02-25 14:42 442,368 a------- c:\windows\system32\ATIDEMGX.dll
2009-02-25 14:41 325,120 a------- c:\windows\system32\ati2dvag.dll
2009-02-25 14:30 11,841,536 a------- c:\windows\system32\atioglxx.dll
2009-02-25 14:30 204,800 a------- c:\windows\system32\atipdlxx.dll
2009-02-25 14:29 155,648 a------- c:\windows\system32\Oemdspif.dll
2009-02-25 14:29 26,112 a------- c:\windows\system32\Ati2mdxx.exe
2009-02-25 14:29 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-02-25 14:29 155,648 a------- c:\windows\system32\ati2evxx.dll
2009-02-25 14:27 602,112 a------- c:\windows\system32\ati2evxx.exe
2009-02-25 14:26 53,248 a------- c:\windows\system32\ATIDDC.DLL
2009-02-25 14:16 3,817,984 a------- c:\windows\system32\ati3duag.dll
2009-02-25 14:09 307,200 a------- c:\windows\system32\atiiiexx.dll
2009-02-25 13:59 2,670,080 a------- c:\windows\system32\ativvaxx.dll
2009-02-25 13:58 3,107,788 a------- c:\windows\system32\ativva5x.dat
2009-02-25 13:58 887,724 a------- c:\windows\system32\ativva6x.dat
2009-02-25 13:44 49,664 a------- c:\windows\system32\amdpcom32.dll
2009-02-25 13:40 475,136 a------- c:\windows\system32\atikvmag.dll
2009-02-25 13:38 126,976 a------- c:\windows\system32\atiadlxx.dll
2009-02-25 13:38 17,408 a------- c:\windows\system32\atitvo32.dll
2009-02-25 13:35 290,816 a------- c:\windows\system32\atiok3x2.dll
2009-02-25 13:32 45,056 a------- c:\windows\system32\aticalrt.dll
2009-02-25 13:32 45,056 a------- c:\windows\system32\aticalcl.dll
2009-02-25 13:32 626,688 a------- c:\windows\system32\ati2cqag.dll
2009-02-25 13:30 3,227,648 a------- c:\windows\system32\aticaldd.dll
2008-06-18 11:31 60,128 a------- c:\docume~1\austin~1\applic~1\GDIPFONTCACHEV1.DAT
2007-03-30 23:56 0 -c--h--- c:\program files\AppUpdate.log
2007-03-04 21:36 56 -c-shr-- c:\windows\system32\B01E1EF609.sys
2009-02-06 15:18 48,640 a--sh--- c:\windows\system32\hudiyili.dll
2007-03-04 21:36 1,682 ac-sh--- c:\windows\system32\KGyGaAvL.sys
2009-02-06 15:18 48,640 a--sh--- c:\windows\system32\nimusofa.dll
2009-02-06 15:18 48,640 a--sh--- c:\windows\system32\siguhafe.dll

============= FINISH: 14:25:30.43 ===============

Attached Files


Edited by Sickle Cell, 21 May 2009 - 08:20 PM.


BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:07 AM

Posted 22 May 2009 - 09:41 PM

Hi Sickle Cell,

Is your Norton Internet Security outdated? :thumbup2:


Uninstall Ad-Aware SE Personal as that is outdated.
The latest is Ad-Aware Free

*****************


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 13.
  • Click the "Download" button to the right.
  • At the Select Platform and Language for your download drop down box
    Select Windows and Mult-Language
  • Check the box that says: "Accept License Agreement" then press Continue ( Selecting Windows will give you the 32 bit version. )
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language jre-6u13-windows-i586-p.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 8
    Jasc Paint Shop Photo Album 5
    Java 2 Runtime Environment, SE v1.4.2_03
    Java™ 6 Update 2
    Java™ 6 Update 3
    Java™ 6 Update 5
    Java™ SE Runtime Environment 6 Update 1
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version.
*****************

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

*****************

Please download Malwarebytes' Anti-Malware from one of these places:
http://download.cnet.com/Malwarebytes-Anti...&tag=button
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/mbam/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Edited by SifuMike, 22 May 2009 - 09:52 PM.
typo

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:07 AM

Posted 30 May 2009 - 01:29 PM

This thread will now be closed due to lack of feedback.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users