Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with unknown browser hijacker please help


  • This topic is locked This topic is locked
2 replies to this topic

#1 cuddyhillside

cuddyhillside

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:29 PM

Posted 12 July 2009 - 04:00 PM

I am infected with something that prompted me to download from zocleaner.com which I did not do. I notice a Rundll file called MODUBELO.DLL that keeps loading on startup. My entire mouse and keyboard functionality ceased and when I restarted, I could not browse with Firefox or IE without being redirected. My computer is running very slow, shutting down randomly and freezing up. I ran AVG and now have limited browser functionality. Nothing related to antivirus or malware protection will load so I cannot see what is wrong. I cannot install anything without getting an error message. Malwarebytes, Drweb, etc willl not load even in safe mode. Any help is appreciated. I seem to notice a WUHOMURO.DLL file as well. Below are the log files from DDS requested:

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/16/2006 10:56:34 PM
System Uptime: 7/12/2009 4:27:57 PM (0 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | 945GM-S2
Processor: Intel® Pentium® D CPU 3.40GHz | Socket 775 | 3391/200mhz
Processor: Intel® Pentium® D CPU 3.40GHz | Socket 775 | 3391/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 171.3 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
G: is FIXED (NTFS) - 466 GiB total, 19.129 GiB free.
H: is FIXED (NTFS) - 233 GiB total, 27.75 GiB free.
I: is FIXED (NTFS) - 932 GiB total, 687.082 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP964: 7/12/2009 2:14:47 AM - System Checkpoint
RP965: 7/12/2009 2:14:47 AM - System Checkpoint
RP966: 7/12/2009 2:14:47 AM - System Checkpoint
RP967: 7/12/2009 2:14:47 AM - System Checkpoint
RP968: 7/12/2009 2:14:47 AM - System Checkpoint
RP969: 7/12/2009 2:14:47 AM - Software Distribution Service 3.0
RP970: 7/12/2009 2:14:47 AM - System Checkpoint
RP971: 7/12/2009 2:14:47 AM - System Checkpoint
RP972: 7/12/2009 2:14:47 AM - System Checkpoint
RP973: 7/12/2009 2:14:47 AM - System Checkpoint
RP974: 7/12/2009 2:14:47 AM - System Checkpoint
RP975: 7/12/2009 2:14:47 AM - System Checkpoint
RP976: 7/12/2009 2:14:47 AM - System Checkpoint
RP977: 7/12/2009 2:14:47 AM - System Checkpoint
RP978: 7/12/2009 2:14:47 AM - Software Distribution Service 3.0
RP979: 7/12/2009 2:14:47 AM - System Checkpoint
RP980: 7/12/2009 2:14:47 AM - System Checkpoint
RP981: 7/12/2009 2:14:48 AM - System Checkpoint
RP982: 7/12/2009 2:14:48 AM - System Checkpoint
RP983: 7/12/2009 2:14:48 AM - System Checkpoint
RP984: 7/12/2009 2:14:48 AM - System Checkpoint
RP985: 7/12/2009 2:14:48 AM - System Checkpoint
RP986: 7/12/2009 2:14:48 AM - System Checkpoint
RP987: 7/12/2009 2:14:48 AM - System Checkpoint
RP988: 7/12/2009 2:14:48 AM - System Checkpoint
RP989: 7/12/2009 2:14:48 AM - System Checkpoint
RP990: 7/12/2009 2:14:48 AM - Removed Microsoft Visual C++ 2005 Redistributable
RP991: 7/12/2009 2:14:48 AM - Installed Microsoft Visual C++ 2005 Redistributable
RP992: 7/12/2009 2:14:48 AM - Installed Tunebite
RP993: 7/12/2009 2:14:48 AM - System Checkpoint
RP994: 7/12/2009 2:14:48 AM - System Checkpoint
RP995: 7/12/2009 2:14:49 AM - System Checkpoint
RP996: 7/12/2009 2:14:49 AM - System Checkpoint
RP997: 7/12/2009 2:14:49 AM - System Checkpoint
RP998: 7/12/2009 2:14:49 AM - System Checkpoint
RP999: 7/12/2009 2:14:49 AM - System Checkpoint
RP1000: 7/12/2009 2:14:49 AM - System Checkpoint
RP1001: 7/12/2009 2:14:49 AM - Removed HD Writer 2.0E for SX/SD
RP1002: 7/12/2009 2:14:49 AM - Installed HD Writer 2.0E for SX/SD
RP1003: 7/12/2009 2:14:49 AM - System Checkpoint
RP1004: 7/12/2009 2:14:49 AM - System Checkpoint
RP1005: 7/12/2009 2:14:49 AM - System Checkpoint
RP1006: 7/12/2009 2:14:49 AM - System Checkpoint
RP1007: 7/12/2009 2:14:49 AM - System Checkpoint
RP1008: 7/12/2009 2:14:49 AM - System Checkpoint
RP1009: 7/12/2009 2:14:49 AM - Installed AVG Free 8.5

==== Installed Programs ======================

µTorrent
a-squared HiJackFree 3.1
ACDSee 6.0 PowerPack Trial
ACDSee Photo Editor
Ad-Aware
Adobe Acrobat 7.0 Professional
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Shockwave Player 11.5
Allok Video Joiner 2.2.0
Allok Video Splitter 2.2.0
AoA MP4 Converter
Apple Mobile Device Support
Apple Software Update
Audible Download Manager
AudibleManager
AutoUpdate
AVG Free 8.5
Best Case Bankruptcy
BitPim 1.0.5
BL2003 Registration
Bonjour
Broderbund Business Lawyer 2003
Brother MFL-Pro Suite
Bulk Rename Utility 2.7.1.1
CCleaner (remove only)
CloneDVD2
CodeStuff Starter
ConvertHelper 2.2
Coupon Printer for Windows
Defraggler (remove only)
DirectXInstallService
Diskeeper 2008 Pro Premier
DivX Content Uploader
DivX Player
DivX Web Player
DVD Decrypter (Remove Only)
E.M. Total Video Player 1.31
ESPN Java Check
ffdshow [rev 2732] [2009-02-26]
FILE and MP3 Renamer 2006
Flickr Uploadr 2.5.0.15
FlickrDown
GetDataBack for FAT
Google Deskbar
Google Gears
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Updater
HD Writer
HD Writer 2.0E for SX/SD
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
IEimage
Imagicon
Indeo® Software
IrfanView (remove only)
iTunes
Java™ SE Runtime Environment 6 Update 1
JGoodies JDiskReport 1.3.1
K-Lite Codec Pack 3.1.0 Full
LG GSM PC Components
LG USB Modem Driver
LogonStudio
Malwarebytes' Anti-Malware
MasterSplitter Program
Meda MP3 Joiner 1.2
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft IntelliPoint 5.2
Microsoft IntelliType Pro 5.2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Standard
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C Runtime
Microsoft Visual C++ 2005 Redistributable
MINOLTA-QMS PagePro 1250W
MobileMe Control Panel
Mozilla Firefox (3.0.11)
MP3 Sound Cutter 1.40
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
Nero 7 Ultra Edition
NVIDIA Drivers
ObjectBar
OLYMPUS Master 2
Paint.NET v3.22
PaperPort
PDF2Word v1.4
PeerGuardian 2.0
Perfect Attorney
PerfectDisk
Picasa 3
PixiePack Codec Pack
PIXresizer 2.0.2
QuickPar 0.9
QuickTime
Real Alternative 1.51
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
ReGet Deluxe 4.2
Roxio Activation Module
Roxio BackOnTrack
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio CinePlayer Decoder Pack
Roxio Disc Gallery
Roxio Easy Media Creator 10 Suite
Roxio File Backup
Roxio MediaShare
Roxio Update Manager
Safari
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
SkinStudio
SmartSound Quicktracks Plugin
SMPlayer 0.6.6
SnagIt 7
Spyware Doctor 6.0
StartupMonitor
StorageSync Backup Software
SUPER © Version 2008.bld.30 (Mar 22, 2008)
Super Clone DVD 5.0
SUPERAntiSpyware Free Edition
SureThing CD Labeler Deluxe 4
ThreatFire 3.5
TrueCrypt
Tunebite
U3Launcher
Ultra Flash Video FLV Converter 3.2.0607
Unlocker 1.8.5
Update for Windows Internet Explorer 8 (KB971180)
VideoLAN VLC media player 0.8.6c
Vista Start Menu
Vista Transformation Pack 8.0
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Live installer
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player Firefox Plugin
WinRAR archiver
WinZip
XML Paper Specification Shared Components Pack 1.0
Xvid 1.1.3 final uninstall
Yahoo! Install Manager
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

7/7/2009 12:43:21 AM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/7/2009 12:40:11 AM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/5/2009 2:03:46 AM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
7/5/2009 2:01:25 AM, error: Service Control Manager [7034] - The B's Recorder GOLD Library General Service service terminated unexpectedly. It has done this 1 time(s).
7/12/2009 4:37:50 PM, error: Service Control Manager [7034] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s).
7/12/2009 4:22:45 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 c2scsi ElbyCDIO Fips intelppm SASDIFSV SASKUTIL truecrypt
7/12/2009 3:00:00 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
7/12/2009 2:40:15 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
7/12/2009 2:39:19 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 c2scsi ElbyCDIO Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip truecrypt
7/12/2009 2:39:19 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
7/12/2009 2:39:19 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/12/2009 2:39:19 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/12/2009 2:39:19 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
7/12/2009 2:39:19 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/12/2009 2:39:19 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/12/2009 2:39:05 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
7/12/2009 2:38:58 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/12/2009 2:24:09 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.

==== End Of File ===========================


DDS (Ver_09-03-16.01) - NTFSx86
Run by bill at 16:50:55.09 on Sun 07/12/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_01
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1495 [GMT -4:00]

AV: ThreatFire *On-access scanning disabled* (Updated)
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: COMODO Firewall Pro *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\ggviewer81-87.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\bill\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mWinlogon: UIHost=vistaui.exe
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 7\SnagItBHO.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {0A87E45F-537A-40B4-B812-E2544C21A09F} - No File
BHO: ClickCatcher MSIE handler: {16664845-0e00-11d2-8059-000000000000} - c:\program files\common files\reget shared\Catcher.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: {7b050a18-170f-4489-ad8e-f70c199b20df} - c:\windows\system32\lehelojo.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Tunebite_WebRipPlugin Class: {aa102584-3b97-47e7-b9bc-75d54c110a7d} - c:\program files\rapidsolution\tunebite\plugins\ie\TB_WebRipIePlugin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: ReGet Bar: {17939a30-18e2-471e-9d3a-56dd725f1215} - c:\program files\regetdx\iebar.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 7\SnagItIEAddin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [LClock] c:\program files\lclock\LClock.exe
uRun: [ViOrb] c:\program files\viorb\ViOrb.exe
uRun: [ViStart] c:\program files\vistart\ViStart.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SetDefPrt] c:\program files\brother\brmfl04g\BrStDvPt.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [SetDefPrt2] c:\program files\brother\brmfl05c\BrStDvPt.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [rijizelojo] Rundll32.exe "c:\windows\system32\nazuroko.dll",s
mRun: [CPMcb550d7e] Rundll32.exe "c:\windows\system32\modubelo.dll",a
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Do&wnload by ReGet Deluxe - c:\program files\common files\reget shared\CC_Link.htm
IE: Download A&ll by ReGet Deluxe - c:\program files\common files\reget shared\CC_All.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: Linked Ima&ges - c:\program files\ieimage\IEimage.htm
IE: {D8980DE8-9D4C-4fb0-8FB4-95B1FA4125AD} - c:\program files\ieimage\IEimage.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: MCPClient - c:\progra~1\common~1\stardock\mcpstub.dll
AppInit_DLLs: secuload.dll c:\windows\system32\rowopapo.dll c:\windows\system32\zusidebi.dll c:\windows\system32\modubelo.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\progra~1\common~1\stardock\MCPCore.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\modubelo.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\modubelo.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli c:\windows\system32\zusidebi.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bill\applic~1\mozilla\firefox\profiles\2t2ed3q3.sinistermister2\
FF - component: c:\program files\rapidsolution\tunebite\plugins\geckobased\tunebite-firefox-surf-and-catch-extension@audials.com\components\TB_WebRipFFPlugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\rapidsolution\tunebite\plugins\geckobased\tunebite-firefox-surf-and-catch-extension@audials.com\plugins\np_TB_OgloPlugin.dll

============= SERVICES / DRIVERS ===============

R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-6-7 42376]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-12 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-5-15 130936]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2008-5-18 51520]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2008-5-18 38208]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-11 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-2-14 27784]
R1 c2scsi;c2scsi;c:\windows\system32\drivers\c2scsi.sys [2007-12-17 244736]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-6-7 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-6-7 81288]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 MLPTDR_C;MLPTDR_C;c:\windows\system32\MLPTDR_C.SYS [2002-9-3 19296]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-11 298776]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2007-8-24 309744]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\pavsrk.sys --> c:\windows\system32\PavSRK.sys [?]
S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\pavtpk.sys --> c:\windows\system32\PavTPK.sys [?]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2007-8-24 72176]
S3 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2007-8-24 362992]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2007-8-24 1083888]
S3 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2007-8-24 166384]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-10-12 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-10-12 1095560]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2008-5-18 33088]
S3 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
S4 SessionLauncher;SessionLauncher;c:\docume~1\bill\locals~1\temp\dx9\sessionlauncher.exe --> c:\docume~1\bill\locals~1\temp\dx9\SessionLauncher.exe [?]

=============== Created Last 30 ================

2009-07-12 12:00 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-07-12 02:15 30,208 a------- c:\windows\system32\UACewlgyfjhvjaovtqsy.dll
2009-07-12 02:15 1,110,399 a------- c:\windows\system32\UAChfbmbkgsetilqhrhg.db
2009-07-12 02:15 19,456 a------- c:\windows\system32\UACtmswrkmovmsbwrvsf.dll
2009-07-12 02:15 18,432 a------- c:\windows\system32\UACskdnlqgxfunvjspep.dll
2009-07-12 02:15 310 a------- c:\windows\system32\UACnartdwrlfoxtqlvbr.dat
2009-07-12 02:15 6,219 a------- c:\windows\system32\uacinit.dll
2009-07-12 02:15 69,120 a------- c:\windows\system32\UACbmqxfubqekvxaguiy.dll
2009-07-12 02:14 56,320 a------- c:\windows\system32\drivers\UACooyouirjiktpbwupq.sys
2009-07-12 02:14 28,672 a------- c:\windows\system32\UAClxmtmwbardlfrklxj.dll
2009-07-12 02:09 1,046,884 a------- c:\windows\system32\rn.tmp
2009-07-11 01:04 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-11 01:04 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-07-11 01:04 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-07-11 01:04 <DIR> --d----- c:\program files\AVG
2009-07-11 01:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-07-04 03:39 122,512 a------- c:\windows\system32\bgsvcgen.exe
2009-07-04 03:39 56,976 a------- c:\windows\system32\GenSvcInst.exe
2009-07-04 03:39 49,152 a------- c:\windows\system32\setupsvc.dll
2009-07-04 03:39 33,408 a------- c:\windows\system32\drivers\cdrbsdrv.sys
2009-07-04 03:39 8,704 a------- c:\windows\system32\BHARegister.dll
2009-06-26 15:55 <DIR> --d----- c:\docume~1\bill\applic~1\Meda MP3 Joiner 1.2
2009-06-26 15:55 <DIR> --d----- c:\program files\Meda MP3 Joiner
2009-06-25 01:48 <DIR> --d----- c:\program files\PixiePack Codec Pack
2009-06-25 01:45 <DIR> --d----- c:\program files\RapidSolution
2009-06-25 01:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\RapidSolution

==================== Find3M ====================

2009-07-12 14:34 83,968 a--sh--- c:\windows\system32\modubelo.dll
2009-07-12 02:34 49,152 a--sh--- c:\windows\system32\yopalimi.dll
2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-05 11:42 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 11:44 344,064 a------- c:\windows\system32\localspl.dll
2009-05-01 14:30 3,366,912 a------- c:\windows\system32\GPhotos.scr
2009-04-17 05:58 1,846,656 a------- c:\windows\system32\win32k.sys
2009-04-15 11:26 583,168 a------- c:\windows\system32\rpcrt4.dll
2007-02-12 19:10 2,682,880 a------- c:\documents and settings\all users\VCREDI~3.EXE
2006-05-03 06:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2006-12-18 02:10 4,704 a--sh--- c:\windows\system32\KGyGaAvL.sys
2007-02-21 07:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2009-04-12 02:34 49,152 a--sh--- c:\windows\system32\nazuroko.dll
2007-12-17 09:43 27,648 ---sh--- c:\windows\system32\Smab0.dll
2009-04-12 02:34 49,152 a--sh--- c:\windows\system32\zusidebi.dll

============= FINISH: 16:52:37.73 ===============

BC AdBot (Login to Remove)

 


#2 cuddyhillside

cuddyhillside
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:29 PM

Posted 14 July 2009 - 05:10 PM

Moderator please delete my topic post as I have successfully cleaned my computer using the steps and programs in this post:
http://www.bleepingcomputer.com/forums/t/239658/virus-protection-wont-startfirefox-crashes-moved/
The same problem was happening to that bloke as well. Thank you.

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:29 PM

Posted 17 July 2009 - 06:11 PM

Thanks for letting us know. :thumbup2:

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users