I've been infected with some sort of trojan/spyware. Periodically throughout my day using the computer, Internet Explorer would launch bringing to my attention various advertisements like iPhones, Poker etc. I couldn't launch FireFox either. It would also ask me to 'scan' my computer for infected files once and a while to to which I just close the pop up.
OS: WinXP
Thanks in advance
After I used Malwarebytes
Database version _linenums:1645'>Malwarebytes' Anti-Malware 1.32Database version: 1645Windows 5.1.2600 Service Pack 213/01/2009 1:39:09 AMmbam-log-2009-01-13 (01-39-09).txtScan type: Quick ScanObjects scanned: 57974Time elapsed: 3 minute(s), 20 second(s)Memory Processes Infected: 0Memory Modules Infected: 2Registry Keys Infected: 10Registry Values Infected: 3Registry Data Items Infected: 3Folders Infected: 2Files Infected: 19Memory Processes Infected:(No malicious items detected)Memory Modules Infected:C:\WINDOWS\system32\falefigi.dll (Trojan.Vundo) -> Delete on reboot.C:\WINDOWS\system32\wpaiyx.dll (Trojan.Vundo) -> Delete on reboot.Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8e308c5d-26ed-49ba-83b7-f2ac0dde438f} (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{8e308c5d-26ed-49ba-83b7-f2ac0dde438f} (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{da878ea3-1980-47ba-903f-c525b7694fe4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{da878ea3-1980-47ba-903f-c525b7694fe4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8e308c5d-26ed-49ba-83b7-f2ac0dde438f} (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kemarebavu (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: c:\windows\system32\falefigi.dll -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\falefigi.dll -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: system32\falefigi.dll -> Quarantined and deleted successfully.Folders Infected:C:\heap41a (Trojan.Agent) -> Quarantined and deleted successfully.C:\heap41a\offspring (Trojan.Agent) -> Quarantined and deleted successfully.Files Infected:C:\WINDOWS\system32\wpaiyx.dll (Trojan.Vundo.H) -> Delete on reboot.C:\WINDOWS\system32\nukatojo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\ojotakun.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\falefigi.dll (Trojan.Vundo) -> Delete on reboot.C:\WINDOWS\system32\dafirulo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\disowowu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\menuraze.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\ejjjre.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\wutivoba.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\yfpzxk(2).dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\krusqg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\tuneyevi(2).dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\Documents and Settings\Family\Local Settings\Temp\MicrosoftPowerPoint\svchost.exe (Worm.Muha) -> Quarantined and deleted successfully.C:\heap41a\2.mp3 (Trojan.Agent) -> Quarantined and deleted successfully.C:\heap41a\drivelist.txt (Trojan.Agent) -> Quarantined and deleted successfully.C:\heap41a\Icon.ico (Trojan.Agent) -> Quarantined and deleted successfully.C:\heap41a\script1.txt (Trojan.Agent) -> Quarantined and deleted successfully.C:\heap41a\std.txt (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\form.txt (Malware.Trace) -> Quarantined and deleted successfully.
HijackThis Log
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:52:18 AM, on 13/01/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exeC:\Program Files\ABIT\ABIT uGuru\uGuru.exeC:\Program Files\Acronis\TrueImage\TrueImageMonitor.exeC:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exeC:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exeC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\Program Files\UPHClean\uphclean.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Program Files\Java\jre1.5.0_06\bin\jucheck.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dllO3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dllO4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"O4 - HKLM\..\Run: [GuruClock] C:\Program Files\ABIT\ABIT uGuru\GuruClock.exeO4 - HKLM\..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exeO4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exeO4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exeO4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNCO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMENameO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNCO4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [kemarebavu] Rundll32.exe "C:\WINDOWS\system32\maremapa.dll",s (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htmO8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exeO9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exeO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url="http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231771410578"]http://www.update.microsoft.com/windowsupd...b?1231771410578[/url]O20 - AppInit_DLLs: wpaiyx.dll c:\windows\system32\ c:\windows\system32\buwuwati.dllO20 - Winlogon Notify: arprmdg0 - arprmdg0.dll (file missing)O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeO23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe--End of file - 7778 bytesUninstall List
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Office 2003 Web Components
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
mIRC
Mozilla Firefox (3.0.3)
Nero 6 Ultra Edition
Nintenren 1.3
Norton PartitionMagic 8.0
NVIDIA Drivers
NvMixer
OmniPage SE 2.0
QuickTime
Real Alternative 1.52 Lite
Spybot - Search & Destroy
TeamSpeak 2 RC2
Ulead VideoStudio 11
Ultra Video Converter 3.5.1125
User Profile Hive Cleanup Service
Ventrilo Client
VideoLAN VLC media player 0.8.4a
Winamp (remove only)
Windows Live Messenger
WinRAR archiver
World of Warcraft
Xvid 1.1.2 final uninstall
_linenums:0'>3DMark063GP Video Converter 3ABIT uGuruAcronis True ImageAdobe Flash Player ActiveXAdobe Flash Player PluginAdobe Reader 7.0AMH - eAMH 2007 January EditionAoA Audio Extractor 1.0Athlon 64 Processor DriverAVG Free EditionAviSynth 2.5Brother HL-2040Canon MP Navigator 2.0Canon MP150CDisplay 1.8Client Fix 1.9.2Compatibility Pack for the 2007 Office systemDownload Plugin for Mozilla, Opera, NetscapeDrug Receptor Tutorial - Cholinergics v. 1.1DVD Decrypter (Remove Only)DVD Shrink 3.2EasyRecovery ProfessionaleTG complete March 2007ffdshowFinal Fantasy VIIFlashGet(JetCar)G6 U-DISK Manager UninstallHijackThis 2.0.2hott notes 4InterVideo DeviceServiceiPod for Windows 2006-06-28IrfanView (remove only)IsoBuster 1.9.1iTunesJ2SE Runtime Environment 5.0 Update 6LG USB Modem driverLimeWire 4.10.3M3 GAME Manager UninstallMacromedia Shockwave PlayerMalwarebytes' Anti-MalwareMicrosoft .NET Framework 1.1Microsoft .NET Framework 2.0Microsoft Office 2003 Web ComponentsMicrosoft Office Professional Edition 2003Microsoft Visual C++ 2005 RedistributablemIRCMozilla Firefox (3.0.3)Nero 6 Ultra EditionNintenren 1.3Norton PartitionMagic 8.0NVIDIA DriversNvMixerOmniPage SE 2.0QuickTimeReal Alternative 1.52 LiteSpybot - Search & DestroyTeamSpeak 2 RC2Ulead VideoStudio 11Ultra Video Converter 3.5.1125User Profile Hive Cleanup ServiceVentrilo ClientVideoLAN VLC media player 0.8.4aWinamp (remove only)Windows Live MessengerWinRAR archiverWorld of WarcraftXvid 1.1.2 final uninstall
Sign In
Create Account
