Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ie pop ups w/ firefox


  • This topic is locked This topic is locked
2 replies to this topic

#1 lp4ever_1128

lp4ever_1128

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 05 November 2009 - 07:39 PM

i have been getting pop ups from internet explorer while using firefox for about a week. they pop up at least 20 times an hour. firefox is the only browser i use and it is my default browser. i ran a few scans and am including the logs. all help is greatly appreciated.


DDS (Ver_09-10-26.01) - NTFSx86
Run by Lyndsae ^_^ at 18:06:20.98 on Thu 11/05/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.101 [GMT -6:00]

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
svchost.exe "C:\WINDOWS\system32\acluis.exe"
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\SYS32DLL.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Documents and Settings\Lyndsae ^_^\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig?sourceid=navclient&ie=UTF-8&hl=en
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=localhost:7171
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Windows Services Host] svhostc.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent] "c:\program files\bittorrent\bittorrent.exe" --force_start_minimized
uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_0_0
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [SYS32DLL] SYS32DLL
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunServices: [Windows Services Host] svhostc.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [CTSysVol] c:\program files\creative\sound blaster live! 24-bit\surround mixer\CTSysVol.exe /r
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [Windows Services Host] svhostc.exe
mRun: [WordPerfect Office 1215] c:\program files\wordperfect office 12\programs\Registration.exe /title="WordPerfect Office 12" /date=030708 serial=WA12WRX-0000002-HMD lang=EN
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [tugimebop] Rundll32.exe "c:\windows\system32\kalahavi.dll",a
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunServices: [Windows Services Host] svhostc.exe
StartupFolder: c:\docume~1\lyndsa~1\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: Add to AMV Convert Tool... - c:\program files\mp3 player utilities 3.81\amvconverter\grab.html
IE: Add to Media Manager... - c:\program files\mp3 player utilities 3.81\mediamanager\grab.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: pearsoned.com\www
Trusted Zone: photobucket.com\www
DPF: Photobucket Publisher - hxxp://pic.photobucket.com/plugins/csve/photobucket_publisher.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6A615BCC-676D-41AA-AB4E-C1860690FFB4} - hxxp://www.rocketlifeproduction.com/pixartdesign/RocketLife.cab
DPF: {7530bfb8-7293-4d34-9923-61a11451afc5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8ad9c840-044e-11d1-b3e9-00805f499d93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} - hxxps://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - hxxps://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} - hxxp://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {cafeefac-0016-0000-0017-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {cafeefac-ffff-ffff-ffff-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} - hxxps://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} - hxxp://cvs.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab?
Handler: rlfile - {F541A92B-CDC2-4B7C-BEF1-C7443070F3D8} - c:\windows\downloaded program files\RocketEngine.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\sayobure.dll topupabe.dll c:\windows\system32\najejifo.dll c:\windows\system32\dofodiro.dll c:\windows\system32\bajibuli.dll c:\windows\system32\puvibimo.dll c:\windows\system32\yilefaju.dll c:\windows\system32\kalahavi.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: wiyewanud - {a7786afa-d86b-424c-a42e-249109c44a23} - c:\windows\system32\sayobure.dll
SSODL: kezawovor - {fef64dc9-51ba-4791-9af7-891397930391} - c:\windows\system32\puvibimo.dll
SSODL: vadihonok - {f6f8ba01-b339-4d65-a9bb-c6452a07b44a} - c:\windows\system32\yilefaju.dll
SSODL: bejatanor - {3b6aaa79-cf85-4f4a-b8aa-aacd83fa60c5} - c:\windows\system32\komiwozu.dll
SSODL: zudetevev - {dc2f7769-c6f8-40b6-90d7-f246c897d916} - c:\windows\system32\kalahavi.dll
STS: gahurihor: {a7786afa-d86b-424c-a42e-249109c44a23} - c:\windows\system32\sayobure.dll
STS: mujuzedij: {fef64dc9-51ba-4791-9af7-891397930391} - c:\windows\system32\puvibimo.dll
STS: tokatiluy: {f6f8ba01-b339-4d65-a9bb-c6452a07b44a} - c:\windows\system32\yilefaju.dll
STS: mujuzedij: {3b6aaa79-cf85-4f4a-b8aa-aacd83fa60c5} - c:\windows\system32\komiwozu.dll
STS: kupuhivus: {dc2f7769-c6f8-40b6-90d7-f246c897d916} - c:\windows\system32\kalahavi.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll
LSA: Notification Packages = scecli gawojuso.dll
IFEO: a2service.exe - ntsd -d
IFEO: ArcaCheck.exe - ntsd -d
IFEO: arcavir.exe - ntsd -d
IFEO: ashDisp.exe - ntsd -d
IFEO: ashEnhcd.exe - ntsd -d

Note: multiple IFEO entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\lyndsa~1\applic~1\mozilla\firefox\profiles\k5et27jp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Causes Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en
FF - plugin: c:\documents and settings\lyndsae ^_^\application data\mozilla\firefox\profiles\k5et27jp.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R2 dockloginservice;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
S2 CryptSvcCryptSvc;Cryptographic Services CryptSvcCryptSvc;c:\windows\system32\acluis.exe srv --> c:\windows\system32\acluis.exe srv [?]

=============== Created Last 30 ================

2009-11-05 19:44:10 0 d-----w- c:\program files\ESET
2009-11-05 19:33:03 0 d-----w- c:\docume~1\lyndsa~1\applic~1\Malwarebytes
2009-11-05 19:32:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-05 19:32:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-05 19:32:30 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-05 19:32:30 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-02 18:03:13 0 d-----w- c:\program files\Trend Micro
2009-10-31 02:56:17 1 --sh--w- c:\windows\system32\dikekuro.dll
2009-10-27 17:42:01 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-27 17:14:10 0 d-----w- c:\windows\A589DA2651BD475D8C32E19E34145842.TMP
2009-10-26 22:57:36 0 d-----w- c:\program files\MSECache
2009-10-26 05:02:03 0 d-----w- c:\program files\Solveig Multimedia
2009-10-26 05:02:03 0 d-----w- c:\program files\common files\Solveig Multimedia
2009-10-26 03:56:32 67 ----a-w- c:\windows\swf2avi.INI
2009-10-26 03:53:30 0 d-----w- c:\docume~1\lyndsa~1\applic~1\Smart SWF Converter
2009-10-26 03:32:12 0 d-----w- c:\docume~1\lyndsa~1\applic~1\authorPOINT
2009-10-26 03:00:46 0 d-----w- c:\program files\MikSoftware
2009-10-26 00:46:48 0 d-----w- c:\docume~1\lyndsa~1\applic~1\VisiPPT
2009-10-26 00:42:40 0 d-----w- c:\docume~1\lyndsa~1\applic~1\GeoVid
2009-10-26 00:41:04 0 d-----w- c:\program files\common files\GeoVid
2009-10-26 00:41:02 60416 ----a-w- c:\windows\system32\dsetup.dll
2009-10-25 05:59:12 0 d-----w- c:\docume~1\lyndsa~1\applic~1\iSpring Solutions
2009-10-25 03:42:25 0 d-sh--w- c:\documents and settings\lyndsae ^_^\PrivacIE
2009-10-25 02:35:28 0 d-----w- c:\docume~1\lyndsa~1\applic~1\Moyea
2009-10-25 02:34:16 438272 ----a-w- c:\windows\system32\Mpeg2DecFilter.ax
2009-10-25 02:21:18 6144 ----a-w- c:\windows\system32\ff_acm.acm
2009-10-25 02:21:18 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-10-25 02:21:18 57344 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-25 02:21:18 547 ----a-w- c:\windows\system32\ff_vfw.dll.manifest
2009-10-25 02:21:18 258352 ----a-w- c:\windows\system32\unicows.dll
2009-10-25 02:21:13 0 d-----w- c:\program files\Cucusoft
2009-10-25 01:54:50 107864 ----a-w- c:\windows\system32\tsccvid.dll
2009-10-25 01:54:47 0 d-----w- c:\windows\system32\QuickTime
2009-10-25 01:53:36 0 d-----w- c:\program files\common files\TechSmith Shared
2009-10-24 23:00:29 77 ----a-w- c:\windows\huffyuv.ini
2009-10-24 23:00:29 33280 ----a-w- c:\windows\system32\huffyuv.dll
2009-10-24 22:59:00 0 d-----w- c:\program files\Presentersoft PowerVideoMaker
2009-10-24 15:06:17 577536 ----a-w- c:\windows\system32\ac3filter.ax
2009-10-24 15:06:16 892928 ----a-w- c:\windows\system32\iconv.dll
2009-10-24 15:06:13 0 d-----w- c:\program files\Wondershare

==================== Find3M ====================

2009-11-06 00:06:35 95936 ----a-w- c:\windows\system32\drivers\6579da52.sys
2009-10-11 10:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2006-08-22 10:20:23 774144 -c--a-w- c:\program files\RngInterstitial.dll
2009-05-19 01:36:32 53248 --sh--r- c:\windows\system32\acluis.exe
2009-05-24 18:38:14 20480 --sha-w- c:\windows\system32\AegisE5l.dll
2009-07-27 17:05:14 38400 --sha-w- c:\windows\system32\berateno.dll
2009-07-28 14:55:00 38912 --sha-w- c:\windows\system32\besohaki.dll
2009-08-04 04:58:03 90112 --sha-w- c:\windows\system32\bunamige.dll
2009-07-26 17:40:38 51200 --sha-w- c:\windows\system32\defupabo.dll
2009-07-30 02:55:29 89088 --sha-w- c:\windows\system32\demayoha.dll
2006-03-27 10:38:42 104 --sh--r- c:\windows\system32\F3EC9B26E0.sys
2009-07-26 17:41:12 51200 --sha-w- c:\windows\system32\gawojuso.dll
2009-08-04 16:58:36 89600 --sha-w- c:\windows\system32\gayujoje.dll
2009-08-04 04:58:03 38400 --sha-w- c:\windows\system32\guyewijo.dll
2009-08-03 16:57:35 38400 --sha-w- c:\windows\system32\jesonowe.dll
2009-08-02 02:25:50 37888 --sha-w- c:\windows\system32\jeyuyazo.dll
2009-07-29 02:55:03 38400 --sha-w- c:\windows\system32\kabahigo.dll
2009-07-31 02:55:46 38912 --sha-w- c:\windows\system32\kafuwowu.dll
2009-08-05 18:07:06 89600 --sha-w- c:\windows\system32\kalahavi.dll
2006-03-27 10:38:46 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-08-02 15:55:51 89088 --sha-w- c:\windows\system32\mesekaho.dll
2009-07-28 14:54:58 60928 --sha-w- c:\windows\system32\pufuyada.dll
2009-08-05 18:07:06 37888 --sha-w- c:\windows\system32\rumepopo.dll
2009-08-01 14:25:06 38400 --sha-w- c:\windows\system32\saguzuwi.dll
2009-07-27 17:05:14 90112 --sha-w- c:\windows\system32\sojohehu.dll
2009-07-30 14:55:29 37888 --sha-w- c:\windows\system32\supiyiha.dll
2009-08-02 15:55:51 38912 --sha-w- c:\windows\system32\tahisepi.dll
2009-08-04 16:58:36 38912 --sha-w- c:\windows\system32\tebusuka.dll
2009-07-26 17:41:12 51200 --sha-w- c:\windows\system32\topupabe.dll
2009-08-05 04:58:32 38400 --sha-w- c:\windows\system32\vadalulu.dll
2009-07-26 17:41:12 51200 --sha-w- c:\windows\system32\vivudoma.dll
2009-08-03 03:55:53 38912 --sha-w- c:\windows\system32\wejupaza.dll
2009-07-31 18:03:37 37888 --sha-w- c:\windows\system32\wowijohi.dll
2009-07-25 17:40:16 52224 --sha-w- c:\windows\system32\yedejava.dll
2009-07-29 14:55:20 38912 --sha-w- c:\windows\system32\yuvamifi.dll
2009-07-31 02:55:45 1 --sha-w- c:\windows\system32\zabinose.dll
2009-07-30 02:55:29 38912 --sha-w- c:\windows\system32\zarebeba.dll

============= FINISH: 18:08:24.28 ===============


this scan was from eset or something like that i saw on another forum to use it before i decided to use this forum instead and just thought it might help.

C:\Documents and Settings\Lyndsae ^_^\Application Data\Sun\Java\Deployment\cache\6.0\33\35bfe521-57b20e03 probably a variant of Win32/Agent trojan
C:\Documents and Settings\Lyndsae ^_^\Local Settings\Temp\y.exy a variant of Win32/Kryptik.AJB trojan
C:\I386\GTDownDE_87.ocx probably a variant of Win32/Adware.Agent application
C:\WINDOWS\ld08.exe a variant of Win32/Kryptik.PB trojan
C:\WINDOWS\new_drv.sys Win32/PSW.Papras.AB trojan
C:\WINDOWS\SYSTEM32\AegisE5l.dll Win32/Agent.TZL trojan
C:\WINDOWS\SYSTEM32\berateno.dll a variant of Win32/AntiAV.NDE trojan
C:\WINDOWS\SYSTEM32\besohaki.dll a variant of Win32/AntiAV.NDE trojan
C:\WINDOWS\SYSTEM32\beyamata.dll.tmp a variant of Win32/Kryptik.AYZ trojan
C:\WINDOWS\SYSTEM32\buyetuza.dll.tmp a variant of Win32/Kryptik.AYZ trojan
C:\WINDOWS\SYSTEM32\defupabo.dll a variant of Win32/Adware.SuperJuan.K application
C:\WINDOWS\SYSTEM32\demayoha.dll a variant of Win32/Adware.Virtumonde.NFY application
C:\WINDOWS\SYSTEM32\gawojuso.dll a variant of Win32/Adware.SuperJuan.K application
C:\WINDOWS\SYSTEM32\jeyuyazo.dll a variant of Win32/AntiAV.NDE trojan
C:\WINDOWS\SYSTEM32\kabahigo.dll a variant of Win32/AntiAV.NDE trojan
C:\WINDOWS\SYSTEM32\kafuwowu.dll a variant of Win32/AntiAV.NDE trojan
C:\WINDOWS\SYSTEM32\mesekaho.dll a variant of Win32/Adware.Virtumonde.NFY application
C:\WINDOWS\SYSTEM32\pufuyada.dll a variant of Win32/Kryptik.AYY trojan
C:\WINDOWS\SYSTEM32\saguzuwi.dll a variant of Win32/AntiAV.NDE trojan
C:\WINDOWS\SYSTEM32\sojohehu.dll a variant of Win32/Adware.Virtumonde.NFY application
C:\WINDOWS\SYSTEM32\supiyiha.dll a variant of Win32/AntiAV.NDE trojan
C:\WINDOWS\SYSTEM32\SYS32DLL.exe Win32/Tinxy.AD trojan
C:\WINDOWS\SYSTEM32\tahisepi.dll a variant of Win32/AntiAV.NDE trojan
C:\WINDOWS\SYSTEM32\topupabe.dll a variant of Win32/Adware.SuperJuan.K application
C:\WINDOWS\SYSTEM32\vapiwusa.dll.tmp a variant of Win32/Kryptik.AYZ trojan
C:\WINDOWS\SYSTEM32\vivudoma.dll a variant of Win32/Adware.SuperJuan.K application
C:\WINDOWS\SYSTEM32\wowijohi.dll a variant of Win32/AntiAV.NDE trojan
C:\WINDOWS\SYSTEM32\yedejava.dll a variant of Win32/Kryptik.AYZ trojan
C:\WINDOWS\SYSTEM32\yuvamifi.dll a variant of Win32/AntiAV.NDE trojan
C:\WINDOWS\SYSTEM32\zarebeba.dll a variant of Win32/AntiAV.NDE trojan
Operating memory multiple threats

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:17 AM

Posted 10 November 2009 - 06:49 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:17 AM

Posted 12 November 2009 - 05:52 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :(

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users