Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


I get random pop-ups in IE and Firefox while using Firefox...

  • This topic is locked This topic is locked
2 replies to this topic

#1 cbumgar1


  • Members
  • 1 posts
  • Gender:Male
  • Location:26505
  • Local time:04:33 AM

Posted 07 December 2009 - 01:22 AM

I get random pop-ups in IE and Firefox while using Firefox. Also, when using a search engine I will click on a link after a search and it will redirect me to a random page.

I have deleted all old programs that I don't use anymore and have ran Ad-Aware, but come up with nothing and the problem persists.

It is dramatically slowing my computer down because the pop-ups open almost every minute.

*** I don't see where I am supposed to click to attach a file to this message so I didn't attach the Attach.txt file. If you need it please let me know how to attach it. Thanks

Here is the DDS.txt log:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Chad at 10:41:35.75 on Mon 12/07/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1013.397 [GMT -5:00]

AV: Active Security *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=W3615
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=W3615
uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100
uInternet Settings,ProxyOverride = cdn;<local>
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=W3615
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [LXCYCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCYtime.dll,_RunDLLEntry@16
mRun: [samahedus] Rundll32.exe "c:\windows\system32\jasosise.dll",a
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
Trusted Zone: audible.com\www
Trusted Zone: hotmail.com\www
Trusted Zone: wvu.edu\ecampus
Trusted Zone: wvu.edu\gold
Trusted Zone: yahoo.com\.www
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://www.phgenit.com/plugin/awarewebplayer/download/smart/cab/awswaxf.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} - hxxps://fixit.support.microsoft.com/ActiveX/FixItClient.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: wuyeligo.dll c:\windows\system32\jasosise.dll
SSODL: wusezokog - {c2a3553a-e103-4b7d-91d8-d463841e5020} - c:\windows\system32\jasosise.dll
STS: kupuhivus: {c2a3553a-e103-4b7d-91d8-d463841e5020} - c:\windows\system32\jasosise.dll
LSA: Notification Packages = scecli jevayeyi.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\chad\appdata\roaming\mozilla\firefox\profiles\funzjv99.default\
FF - prefs.js: browser.startup.homepage -
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npoji610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R2 dlbk_device;dlbk_device;c:\windows\system32\dlbkcoms.exe -service --> c:\windows\system32\dlbkcoms.exe -service [?]
R2 Pervasive.SQL Workgroup Engine;Pervasive.SQL Workgroup Engine;c:\windows\system32\srvany.exe [2008-11-9 13864]
S2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2009-2-17 449536]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]

=============== Created Last 30 ================

2009-11-30 01:50:21 0 d-----w- c:\programdata\WEBREG
2009-11-30 01:35:45 0 d-----w- c:\program files\common files\Hewlett-Packard
2009-11-30 01:29:16 0 d-----w- c:\program files\HP
2009-11-30 01:26:05 162854 ----a-w- c:\windows\hpoins44.dat
2009-11-30 01:25:07 0 d-----w- c:\programdata\HP
2009-11-11 14:55:38 2035712 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 14:55:14 351232 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-11 04:42:38 0 d-----w- c:\users\chad\appdata\roaming\UltimateBet
2009-11-09 19:33:31 0 d-----w- c:\program files\WeFi
2009-11-09 19:32:02 0 d-----w- c:\program files\Protection System

==================== Find3M ====================

2009-11-03 21:18:09 737280 ----a-w- c:\windows\iun6002.exe
2009-11-03 01:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-28 01:59:51 292600 ----a-w- c:\windows\system32\gasfkywlvprpgf.dat
2009-09-10 17:30:12 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 15:21:53 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-09-10 15:21:07 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-07-21 04:05:34 51200 ----a-w- c:\windows\inf\infpub.dat
2009-07-21 04:05:33 86016 ----a-w- c:\windows\inf\infstrng.dat
2009-07-21 04:05:23 86016 ----a-w- c:\windows\inf\infstor.dat
2008-10-02 19:28:45 174 --sha-w- c:\program files\desktop.ini
2008-10-02 19:19:58 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-09-07 17:49:16 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-09-07 17:49:16 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-09-07 17:49:16 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2007-12-04 04:55:04 88 --sha-r- c:\windows\system32\24C44532F3.sys
2009-08-16 00:09:13 37888 --sha-w- c:\windows\system32\binufuso.dll
2009-08-17 00:09:29 37888 --sha-w- c:\windows\system32\bubipine.dll
2009-08-15 00:08:37 89600 --sha-w- c:\windows\system32\dahihiwi.dll
2009-08-19 00:09:59 37888 --sha-w- c:\windows\system32\dikukavi.dll
2009-08-19 13:10:42 91648 --sha-w- c:\windows\system32\fuvuyako.dll
2009-08-29 23:41:41 61952 --sha-w- c:\windows\system32\gafemawe.dll
2009-08-18 00:09:43 37888 --sha-w- c:\windows\system32\gilizofo.dll
2009-08-15 00:08:37 37888 --sha-w- c:\windows\system32\hiniripa.dll
2009-08-13 23:07:44 91648 --sha-w- c:\windows\system32\hivezuto.dll
2009-08-29 23:43:01 52224 --sha-w- c:\windows\system32\hutijezu.dll
2009-09-07 11:51:23 91648 --sha-w- c:\windows\system32\jasosise.dll
2009-08-29 23:43:01 52224 --sha-w- c:\windows\system32\jevayeyi.dll
2007-12-04 04:55:11 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-08-19 13:10:42 38400 --sha-w- c:\windows\system32\kidutazu.dll
2009-08-29 23:41:41 52224 --sha-w- c:\windows\system32\kizevati.dll
2009-08-29 23:41:41 38400 --sha-w- c:\windows\system32\kodatewe.dll
2009-08-16 12:09:21 37888 --sha-w- c:\windows\system32\kumisilu.dll
2009-08-16 00:09:13 89088 --sha-w- c:\windows\system32\kusagudi.dll
2009-08-18 12:09:51 91136 --sha-w- c:\windows\system32\mawedate.dll
2009-08-14 12:08:22 91648 --sha-w- c:\windows\system32\nemehuma.dll
2009-08-15 12:08:53 37888 --sha-w- c:\windows\system32\pawarife.dll
2009-08-14 00:08:10 39424 --sha-w- c:\windows\system32\pepimude.dll
2009-09-06 23:52:27 91648 --sha-w- c:\windows\system32\piralume.dll
2009-08-14 12:08:22 51200 --sha-w- c:\windows\system32\rahuziti.dll
2009-09-07 11:51:23 38912 --sha-w- c:\windows\system32\renigeta.dll
2009-09-07 11:51:23 61952 --sha-w- c:\windows\system32\rorabetu.dll
2009-08-17 12:09:40 91648 --sha-w- c:\windows\system32\sadujoka.dll
2009-08-15 12:08:53 89088 --sha-w- c:\windows\system32\selulisa.dll
2009-08-14 12:08:22 39424 --sha-w- c:\windows\system32\soyozisu.dll
2009-08-19 00:09:59 52224 --sha-w- c:\windows\system32\vadetoza.dll
2009-08-19 01:10:16 38912 --sha-w- c:\windows\system32\vakajeyu.dll
2009-08-16 12:09:21 89088 --sha-w- c:\windows\system32\vamufoho.dll
2009-08-17 12:09:40 38400 --sha-w- c:\windows\system32\venimole.dll
2009-08-13 23:07:44 39424 --sha-w- c:\windows\system32\wuleketo.dll
2009-08-19 00:10:00 36864 --sha-w- c:\windows\system32\wusiduno.dll
2009-08-29 23:43:01 52224 --sha-w- c:\windows\system32\wuyeligo.dll
2009-08-18 00:09:43 91136 --sha-w- c:\windows\system32\yepidata.dll
2009-08-18 12:09:51 37888 --sha-w- c:\windows\system32\yolonibu.dll
2009-08-17 00:09:29 91648 --sha-w- c:\windows\system32\yujejozi.dll
2009-09-06 23:52:27 38912 --sha-w- c:\windows\system32\zedomoje.dll
2009-08-14 00:08:10 91648 --sha-w- c:\windows\system32\zuragiwu.dll
2008-02-18 22:55:33 16384 --sha-w- c:\windows\temp\cookies\index.dat
2008-02-18 22:55:33 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2008-02-18 22:55:33 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 10:44:06.80 ===============

Edited by cbumgar1, 07 December 2009 - 11:30 AM.

BC AdBot (Login to Remove)


#2 Elise


    Bleepin' Blonde

  • Malware Study Hall Admin
  • 61,583 posts
  • Gender:Female
  • Location:Romania
  • Local time:11:33 AM

Posted 20 December 2009 - 03:18 AM

Hello ,
And :( to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results. Post both logs (no need to zip attach.txt).
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

Please be patient and I'd be grateful if you would note the following
  • The cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)
  • GMER log
Please do NOT post logs as attachments, unless you are unable to copy/paste a log directly in the reply box.

Thanks and again sorry for the delay.

regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."


Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome


Malware analyst @ Emsisoft



#3 Elise


    Bleepin' Blonde

  • Malware Study Hall Admin
  • 61,583 posts
  • Gender:Female
  • Location:Romania
  • Local time:11:33 AM

Posted 25 December 2009 - 06:57 AM

Due to lack of feedback, this topic is now closed.

If you are the original topic starter and you need this topic reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."


Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome


Malware analyst @ Emsisoft



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users