Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rundll bad image


  • This topic is locked This topic is locked
2 replies to this topic

#1 funkybunch52

funkybunch52

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 03 June 2009 - 09:30 PM

DDS (Ver_09-05-14.01) - NTFSx86
Run by Administrator at 19:13:08.65 on Wed 06/03/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.254.60 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\userinit.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: globaladsolution browser enhancer: {3cf2e3f1-4966-9d5e-028e-8fff8d5ad1e4} - c:\docume~1\admini~1\locals~1\temp\fvbjohxmoixembmsx.dll
BHO: {d89713b7-ab46-ee7b-cf94-fc7056d0d2e5}: {5e2d0d65-07cf-49fc-b7ee-64ba7b31798d} - c:\windows\system32\fmader.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
TB: Google Web Accelerator: {db87bfa2-a2e3-451e-8e5a-c89982d87cbf} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} -
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [BitTorrent] "c:\program files\bittorrent\bittorrent.exe" --force_start_minimized
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [97289113322950312470749759901519] c:\program files\antivirus 2009\av2009.exe
uRun: [ieupdate] "c:\windows\system32\ieexplorer32.exe"
uRun: [SUPERAntiSpyware] "c:\program files\superantispyware\SUPERAntiSpyware.exe"
uRun: [GetModule37] c:\program files\getmodule\GetModule37.exe
uRun: [SYSDLL] SYSDLL
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [vptray] "c:\program files\symantec_client_security\symantec antivirus\vptray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [tgcmd] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf
mRun: [Xwayirakipejo] rundll32.exe "c:\windows\Dpihevoyoxaj.dll",e
mRun: [Njetekihibazuko] rundll32.exe "c:\windows\exiresoxiwuv.dll",e
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [4c63b320] rundll32.exe "c:\windows\system32\rotawugo.dll",b
mRun: [CPM4f5080bc] Rundll32.exe "c:\windows\system32\pawajinu.dll",a
mRun: [makarilowe] Rundll32.exe "c:\windows\system32\zibigihu.dll",s
StartupFolder: c:\documents and settings\administrator\start menu\programs\startup\userinit.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\rungoo~1.lnk - c:\program files\google\web accelerator\GoogleWebAccWarden.exe
IE: &AIM Search - c:\program files\aim toolbar\AIMBar.dll/aimsearch.htm
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
Trusted Zone: microsoft.com\windowsupdate
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/MyFunCardsInitialSetup1.0.1.1.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190758936500
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: fcccbxxX - fcccbxxX.dll
Notify: igfxcui - igfxsrvc.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: hnmwjt.dll c:\windows\system32\hesomodu.dll fmader.dll c:\windows\system32\wuruteli.dll c:\windows\system32\zalahobe.dll c:\windows\system32\vunakifa.dll c:\windows\system32\vikuzeja.dll c:\windows\system32\horijavu.dll c:\windows\system32\pawajinu.dll,c:\windows\system32\luyenofe.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll, mcenspc.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\awtSlmlm
LSA: Notification Packages = scecli scecli c:\windows\system32\vunakifa.dll c:\windows\system32\luyenofe.dll

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-12-22 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 55024]
R2 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2003-5-2 30208]
R2 Norton AntiVirus Server;Symantec AntiVirus Client;c:\progra~1\symant~1\symant~1\Rtvscan.exe [2003-5-21 610304]
R3 NAVAP;NAVAP;c:\progra~1\symant~1\symant~1\NAVAP.sys [2003-5-2 224256]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20041104.018\NAVENG.sys [2004-11-8 68168]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20041104.018\NAVEX15.sys [2004-11-8 617288]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]
S2 cwzsiblj;CD-ROM Controller;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 websrvx;websrvx;c:\program files\websrvx\websrvx.exe --> c:\program files\websrvx\websrvx.exe [?]
S3 jfdcd;jfdcd;\??\c:\docume~1\admini~1\locals~1\temp\jfdcd.sys --> c:\docume~1\admini~1\locals~1\temp\jfdcd.sys [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys --> c:\windows\system32\drivers\wg111v2.sys [?]

=============== Created Last 30 ================

2009-05-23 13:28 <DIR> --d----- c:\program files\websrvx
2009-05-23 13:28 1 ----h--- c:\windows\tgmark2.dat
2009-05-23 13:28 2 ----h--- c:\windows\sonce123148.dat
2009-05-23 13:28 1 ----h--- c:\windows\msmark2.dat
2009-05-23 13:28 1 ----h--- c:\windows\f23567.dat
2009-05-23 13:28 2 ----h--- c:\windows\sonce122727.dat
2009-05-23 13:28 2 ----h--- c:\windows\sonce122739.dat
2009-05-23 13:28 2 ----h--- c:\windows\sonce122712.dat
2009-05-23 12:49 <DIR> --d----- c:\docume~1\admini~1\applic~1\gtigqnsv
2009-05-23 11:28 1 a------- c:\windows\9g2234wesdf3dfgjf23
2009-05-23 11:27 2 ----h--- c:\windows\sonce122730.dat
2009-05-23 11:27 <DIR> --d----- c:\windows\system32\121973

==================== Find3M ====================

2009-04-23 13:57 7,072 a------- c:\windows\otagogajekum.dll
2009-04-22 08:36 144,384 a------- c:\windows\exiresoxiwuv.dll
2009-04-22 02:58 47,104 a--sh--- c:\windows\system32\wivekogu.exe
2009-04-21 13:21 146,944 a------- c:\windows\utoseyom.dll
2009-04-20 13:09 148,480 a------- c:\windows\oqelifetahefozuj.dll
2009-04-08 05:16 61,440 a--sh--- c:\windows\system32\wuziviba.exe
2009-04-07 17:16 61,440 a--sh--- c:\windows\system32\riturifa.exe
2009-04-07 05:15 61,440 a--sh--- c:\windows\system32\vomurosu.exe
2009-04-05 23:15 61,440 a--sh--- c:\windows\system32\zerajifu.exe
2009-04-05 11:14 61,440 a--sh--- c:\windows\system32\webubano.exe
2009-04-04 23:14 61,440 a--sh--- c:\windows\system32\lodikava.exe
2009-04-04 11:14 61,440 a--sh--- c:\windows\system32\gimujewa.exe
2009-04-03 23:14 61,440 a--sh--- c:\windows\system32\pomijemo.exe
2009-04-03 11:13 61,440 a--sh--- c:\windows\system32\zegajotu.exe
2009-04-02 23:13 61,440 a--sh--- c:\windows\system32\yisiwusu.exe
2009-04-02 11:13 61,440 a--sh--- c:\windows\system32\robekuka.exe
2009-03-31 23:12 61,440 a--sh--- c:\windows\system32\yirotiko.exe
2009-03-31 16:53 61,440 a--sh--- c:\windows\system32\mozulavo.exe
2009-03-31 16:30 61,440 a--sh--- c:\windows\system32\lewabenu.exe
2009-03-31 16:07 61,440 a--sh--- c:\windows\system32\zayomoga.exe
2009-03-31 15:45 61,440 a--sh--- c:\windows\system32\kemifave.exe
2009-03-31 03:32 2,713 ---sh--- c:\windows\system32\jabufufi.dll
2009-03-30 03:32 69,796 a--sh--- c:\windows\system32\famupoda.dll
2009-03-29 15:31 43,516 a--sh--- c:\windows\system32\wiboniza.dll
2009-03-29 03:38 21,616 a--sh--- c:\windows\system32\mejiyuwo.dll
2009-03-28 14:19 61,440 a--sh--- c:\windows\system32\sotisole.exe
2009-03-28 02:18 61,440 a--sh--- c:\windows\system32\kozewepu.exe
2009-03-27 14:18 9,216 a------- c:\windows\instsp2.exe
2009-03-27 14:18 89,600 a--sh--- c:\windows\system32\gomuduyo.dll
2009-03-27 14:18 61,440 a--sh--- c:\windows\system32\roligudo.exe
2009-03-27 02:17 94,208 a--sh--- c:\windows\system32\butobuko.dll.vir
2009-03-27 02:17 61,440 a--sh--- c:\windows\system32\masekaba.exe
2009-03-26 14:17 90,112 a--sh--- c:\windows\system32\lidituhu.dll
2009-03-26 14:17 61,440 a--sh--- c:\windows\system32\kepivuji.exe
2009-03-25 14:16 90,624 a--sh--- c:\windows\system32\mubodigi.dll
2009-03-16 22:16 65,536 a------- c:\windows\system32\UACettsklyi.dll
2009-03-16 22:16 24,576 a------- c:\windows\system32\UACswabibom.dll
2009-03-16 18:29 132,096 a------- c:\windows\umujigokimaki.dll
2009-03-16 16:01 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-14 02:14 55,808 a------- c:\windows\system32\mcenspc.dll
2009-01-03 10:48 22,016 a------- c:\documents and settings\administrator\s.exe
2008-12-27 18:39 22,016 a------- c:\documents and settings\administrator\x.exe
2008-04-13 17:11 23,040 a------- c:\documents and settings\administrator\svchost.exe
2007-10-15 20:45 20,632 ac------ c:\docume~1\admini~1\applic~1\GDIPFONTCACHEV1.DAT
2005-01-30 17:43 2,636,408 ac------ c:\program files\aawsepersonal.exe
2004-11-09 17:33 21,778,872 ac------ c:\program files\iTunesSetup.exe
2009-01-17 00:19 1,684,260 a--sh--- c:\windows\system32\mlmlStwa.ini2

============= FINISH: 19:15:32.03 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:25 PM

Posted 04 June 2009 - 06:56 AM

Hi,

* Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.
  • Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:25 PM

Posted 15 June 2009 - 10:23 AM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users