BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Very persistent virus causing multiple problems
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Very persistent virus causing multiple problems  
Forum Quick Jump
 
New Topic Post reply to : Very persistent virus causing multiple problems Printable version of : Very persistent virus causing multiple problems
[ << Previous Thread | Next Thread >> ]

Alric
New Member


Date Joined Dec 2009
Total Posts : 9
 
   Posted 12/27/2009 7:35 AM (GMT +3)    Quote: Very persistent virus causing multiple problemsAlert an admin about: Very persistent virus causing multiple problems
I have a virus(Or likely many?) that I just can't seem to get rid of. I am running windows XP. It first disabled system restore and regedit, but I was able to get both working again. Though I lost all the system restore points I had. I was getting a lot of popups but I stopped most of that. At one point the virus changed my desktop to one of them anti spyware desktop images but I was able to fix that, and it was back to normal for a while but now I have a new problem in that regard, with the active desktop recovery error there.
 
Currently, I can not log into safe mode at all. When I try, it just restarts the computer and goes to option where you select the mode again. I am having a google redirect problem, where if I use google I keep getting directed to other sites. Though the searches on altavista seemed to work fine. The google redirect problem happens on both firefox and IE. I normally use maleware bytes but I have been unable to run it since I got the virus. I even tried changing its name, and redownloading it with a different name, neither helped. Orginally the virus was blocking other programs as well but I was able to fix that, though maleware bytes still will not work.
 
I have run windows live Onecare, adaware, goored, avira, unhackme, bullguard and a few other programs(and some clean up stuff as well) trying to get rid of it but nothing seems to help. Most of them did find things and got rid of them, but I am still having problems. Most recently I was having avira running a search at each start up and it keeps finding one unknown file each time I restart my computer but it always has a different name. The other all find a couple of problems each time I run them, even if I run them twice in a row and hadn't done anything else. Some times there is a  couple files that can not be deleted.
 
I ran DDS.
DDS (Ver_09-12-01.01) - NTFSx86 
Run by Owner at 20:02:11.18 on Sat 12/26/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.382.111 [GMT -8:00]
AV: BullGuard Antivirus *On-access scanning enabled* (Outdated)   {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913}
AV: AntiVir Desktop *On-access scanning disabled* (Outdated)   {AD166499-45F9-482A-A743-FDD3350758C7}
FW: BullGuard Firewall *disabled*   {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe -k BullGuard
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
============== Pseudo HJT Report ===============
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mWinlogon: Userinit=Userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Internet Security: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [UnHackMe Monitor] c:\program files\unhackme\hackmon.exe
uRun: [BullGuard] "c:\program files\bullguard ltd\bullguard\bullguard.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [dipepemey] Rundll32.exe "c:\windows\system32\jurumoku.dll",a
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [BullGuard] "c:\program files\bullguard ltd\bullguard\bullguard.exe" -boot
dRun: [notepad] rundll32.exe \ntload.dll,_IWMPEvents@0
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\windows\system32\BGLsp.dll
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {57E52C6D-B237-4199-82FB-6C10AB4E2CD3} = 193.104.110.38,4.2.2.1
TCP: {5A075A97-973A-4010-9B1E-3740D4766B1D} = 193.104.110.38,4.2.2.1,192.168.15.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
AppInit_DLLs: system32\jurumoku.dll,revulazo.dll c:\windows\system32\jurumoku.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: tudanavek - {9caaeb86-d27a-493b-b3d6-0642c4faeaf6} - c:\windows\system32\jurumoku.dll
STS: {A5BF49A2-94F1-42BD-F434-3604812C807D} - No File
STS: kupuhivus: {9caaeb86-d27a-493b-b3d6-0642c4faeaf6} - c:\windows\system32\jurumoku.dll
LSA: Notification Packages = deolg32.dll nimuhoke.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\kttq7cut.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-12-26 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-12-26 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-12-26 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-26 55656]
R2 BdFileSpy;BullGuard File Monitor Driver;c:\windows\system32\drivers\BdFileSpy.sys [2009-12-26 55504]
R2 BsFileScan;BullGuard File Scan Service;c:\windows\system32\svchost.exe -k BullGuard [2005-3-23 14336]
R2 BsFire;BullGuard Firewall Service;c:\windows\system32\svchost.exe -k BullGuard [2005-3-23 14336]
R2 BsMailProxy;BullGuard Email Monitoring Service;c:\windows\system32\svchost.exe -k BullGuard [2005-3-23 14336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2009-12-26 93320]
R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2009-11-21 126976]
R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2009-11-21 122368]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2009-11-22 583640]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2009-3-23 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2009-3-23 257304]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2009-12-26 34760]
S3 ATICDSDr;ATICDSDr;d:\i386\apps\app16164\bin\atiicdxx.sys [2005-5-19 6144]
S3 BGRaSvc;BGRaSvc;c:\program files\bullguard ltd\bullguard\support\BGRaSvc.exe [2009-6-1 79184]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-11-22 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-11-22 8456]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2009-11-21 245760]
S4 BtwSrv;BtwSrv;c:\windows\system32\svchost.exe -k netsvcs [2005-3-23 14336]
S4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-8-27 197752]
S4 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-8-27 78968]
S4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-8-27 164984]
=============== Created Last 30 ================
2009-12-27 03:48:18 0 d-----w- c:\docume~1\alluse~1\applic~1\BullGuard
2009-12-27 03:48:16 0 d-----w- c:\docume~1\owner\applic~1\BullGuard
2009-12-27 03:46:52 55504 ----a-w- c:\windows\system32\drivers\BdFileSpy.sys
2009-12-27 03:46:11 0 d-----w- c:\program files\BullGuard Ltd
2009-12-27 03:35:28 0 d-----w- c:\program files\Trend Micro
2009-12-27 03:34:21 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-12-27 03:34:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-27 03:20:06 0 d-----w- c:\program files\CCleaner
2009-12-27 02:35:30 0 d-----w- C:\RootkitNO
2009-12-27 01:57:44 34760 ----a-w- c:\windows\system32\drivers\Partizan.sys
2009-12-27 01:57:44 32480 ----a-w- c:\windows\system32\Partizan.exe
2009-12-27 01:57:41 2 --shatr- c:\windows\winstart.bat
2009-12-27 01:57:25 12752 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2009-12-27 01:57:23 0 d-----w- c:\program files\UnHackMe
2009-12-26 21:13:50 49 ----a-w- c:\windows\NeroDigital.ini
2009-12-26 20:03:09 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-26 20:03:03 0 d-----w- c:\program files\Avira
2009-12-26 20:03:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2009-12-26 18:37:01 0 d-----w- c:\program files\Cheese program
2009-12-26 18:36:12 61952 --sh--w- c:\windows\system32\susopaya.dll
2009-12-26 18:36:12 53248 --sh--w- c:\windows\system32\gasowihu.dll
2009-12-26 18:36:11 92672 ----a-w- c:\windows\system32\JURUMOKU.DLL.del
2009-12-26 18:36:10 39424 --sh--w- c:\windows\system32\tebujugu.dll
2009-12-26 18:32:19 0 d-----w- c:\program files\Malwarebytes' Anbbti-Malwareeeere
2009-12-26 18:11:22 0 d-----w- c:\windows\system32\wbem\Repository
2009-12-26 08:19:34 0 dc----w- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2009-12-26 08:18:06 0 d-----w- c:\program files\Lavasoft
2009-12-24 18:06:35 0 ----a-w- c:\windows\Ecatobekeyoj.bin
2009-12-24 18:06:34 120 ----a-w- c:\windows\Bfomalebinur.dat
2009-12-24 15:34:40 915968 ----a-w- c:\windows\system32\AVR10.exe
2009-12-24 15:34:28 2854 ----a-w- c:\windows\system32\critical_warning.html
2009-12-24 15:34:15 52736 ----a-w- C:\uwlwfa.exe
2009-12-21 18:04:10 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2009-12-21 18:04:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-21 18:04:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-21 18:03:59 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-21 18:03:59 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-21 17:56:22 707072 ----a-w- c:\windows\system32\drivers\cdhmnnrm.sys
2009-12-21 17:55:55 156160 ----a-w- C:\oqnqso.exe
2009-12-21 07:36:05 764868 -c----w- c:\windows\system32\dllcache\apph_sp.sdb
2009-12-21 07:36:05 217118 -c----w- c:\windows\system32\dllcache\apphelp.sdb
2009-12-21 07:35:26 0 d-----w- c:\program files\Windows Media Connect 2
2009-12-21 07:33:45 0 d-----w- c:\windows\system32\LogFiles
2009-12-21 07:15:37 0 d-----w- c:\program files\RAGS Suite
2009-12-21 07:09:18 0 d-----w- c:\program files\RAGS Suite(2)
2009-12-05 02:07:55 0 d-----w- c:\program files\Yahoo!
2009-12-03 21:32:13 0 d-----w- c:\program files\GoldenDawn Inc
2009-12-02 22:23:11 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2009-12-02 22:23:08 0 d-----w- c:\program files\McAfee Security Scan
2009-12-02 06:04:07 11182 ----a-w- c:\documents and settings\owner\.recently-used.xbel
2009-12-01 19:00:47 1089601 -c----w- c:\windows\system32\dllcache\ntprint.cat
2009-11-30 16:47:33 0 d-----w- c:\windows\system32\XPSViewer
2009-11-30 16:45:56 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-11-30 16:45:56 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-11-30 16:45:56 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-11-30 16:45:56 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-11-30 16:45:56 117760 ------w- c:\windows\system32\prntvpt.dll
2009-11-30 16:45:55 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-11-30 16:45:55 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-11-30 16:45:53 0 d-----w- C:\e1a1810b87e781f79bd0
2009-11-30 16:39:03 0 d-----w- c:\windows\system32\CatRoot_bak
2009-11-30 16:37:46 0 d-----w- c:\program files\MSXML 6.0
2009-11-30 09:03:57 0 d-----w- c:\program files\MSXML 4.0
2009-11-30 08:01:14 0 d-----w- c:\documents and settings\owner\.thumbnails
2009-11-30 08:00:01 0 d-----w- c:\documents and settings\owner\.gimp-2.6
2009-11-29 20:41:49 202752 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-11-29 20:41:43 333184 -c----w- c:\windows\system32\dllcache\srv.sys
2009-11-29 20:41:36 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-11-29 20:41:30 683520 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-11-29 20:40:38 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-11-29 20:40:15 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-11-29 20:39:59 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-11-29 20:39:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-11-29 20:39:59 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-11-29 20:39:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-11-29 20:39:58 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-11-29 20:39:55 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-11-29 20:38:03 2136064 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-11-29 20:38:02 2180352 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-11-29 20:38:02 2015744 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-11-29 20:38:01 2057728 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-11-29 20:37:25 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2009-11-29 20:37:09 60416 -c----w- c:\windows\system32\dllcache\colbact.dll
2009-11-29 20:37:09 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-11-29 20:37:09 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-11-29 20:37:09 399360 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-11-29 20:37:09 35328 -c----w- c:\windows\system32\dllcache\sc.exe
2009-11-29 20:37:09 283648 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-11-29 20:37:09 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-11-29 20:37:09 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-11-29 20:37:08 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-11-29 20:37:08 616960 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-11-29 20:36:34 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2009-11-29 20:36:25 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-11-29 20:36:13 332800 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-11-29 20:35:20 1193414 -c----w- c:\windows\system32\dllcache\sysmain.sdb
2009-11-29 20:35:19 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-11-29 20:34:29 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-11-29 20:34:29 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-11-29 08:46:59 0 d-----w- c:\windows\system32\PreInstall
2009-11-28 17:22:29 0 d-----w- c:\windows\system32\SoftwareDistribution
2009-11-27 05:01:13 65536 ----a-w- c:\windows\TADSUINS.EXE
2009-11-27 05:01:10 0 d-----w- c:\program files\TADS
==================== Find3M  ====================
2009-12-26 22:02:08 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-03 00:06:57 952 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2009-12-03 00:06:57 88 --sh--r- c:\docume~1\alluse~1\applic~1\0A0ADA7801.sys
2009-11-22 01:30:45 8552 ----a-w- c:\windows\system32\drivers\asctrm.sys
2009-11-06 00:38:46 1669120 ----a-w- c:\windows\system32\BootMan.exe
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 06:00:55 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00:55 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-13 10:53:29 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54:17 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54:17 112128 ----a-w- c:\windows\system32\rastls.dll
2009-09-25 18:35:33 43008 --sha-w- c:\windows\system32\baborefe.dll
2009-09-25 18:35:32 45568 --sha-w- c:\windows\system32\biserano.dll
2009-09-26 18:36:02 45568 --sha-w- c:\windows\system32\hujepaka.dll
2009-09-26 18:36:48 53248 --sha-w- c:\windows\system32\jirohowu.dll
2009-09-26 18:36:02 38912 --sha-w- c:\windows\system32\legadaza.dll
2009-09-26 18:36:48 53248 --sha-w- c:\windows\system32\nimuhoke.dll
2009-09-26 18:36:03 4096 --sha-w- c:\windows\system32\pubegadi.dll
2009-09-25 18:35:32 39424 --sha-w- c:\windows\system32\torajigu.dll
============= FINISH: 20:04:01.03 ===============
And hijack
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:06:08 PM, on 12/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
F2 - REG:system.ini: UserInit=Userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dipepemey] Rundll32.exe "c:\windows\system32\jurumoku.dll",a
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe"
O4 - HKUS\S-1-5-18\..\Run: [notepad] rundll32.exe \ntload.dll,_IWMPEvents@0 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [notepad] rundll32.exe \ntload.dll,_IWMPEvents@0 (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{57E52C6D-B237-4199-82FB-6C10AB4E2CD3}: NameServer = 193.104.110.38,4.2.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A075A97-973A-4010-9B1E-3740D4766B1D}: NameServer = 193.104.110.38,4.2.2.1,192.168.15.1
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: system32\jurumoku.dll,revulazo.dll c:\windows\system32\jurumoku.dll
O21 - SSODL: tudanavek - {9caaeb86-d27a-493b-b3d6-0642c4faeaf6} - c:\windows\system32\jurumoku.dll (file missing)
O22 - SharedTaskScheduler: ujhsf879fiosdfhgs98fudifmnddfdfd - {A5BF49A2-94F1-42BD-F434-3604812C807D} - (no file)
O22 - SharedTaskScheduler: kupuhivus - {9caaeb86-d27a-493b-b3d6-0642c4faeaf6} - c:\windows\system32\jurumoku.dll (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: BGRaSvc - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\support\bgrasvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
--
End of file - 8919 bytes
Back to Top
 

Alric
New Member


Date Joined Dec 2009
Total Posts : 9
 
   Posted 12/28/2009 4:57 AM (GMT +3)    Quote: Very persistent virus causing multiple problemsAlert an admin about: Very persistent virus causing multiple problems
Never mind, I don't need help anymore. It got worse again, and disabled all my programs and task manger. I got so sick of this stupid virus I did the one thing I knew would get rid of it, and reformated my hardrive.
Back to Top
 
New Topic Post reply to : Very persistent virus causing multiple problems Printable version of : Very persistent virus causing multiple problems
 
Forum Information
Currently it is Friday, October 24, 2014 4:30 PM (GMT +3)
There are a total of 60,693 posts in 13,332 threads.
In the last 3 days there were 1 new threads and 28 reply posts. View Active Threads
Who's Online
This forum has 36551 registered members. Please welcome our newest member, 270bajigur.
3 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Bullguard firewall blocks dns requests for virtual machine clients (3)10/24/2014 11:55:39 AM (leok)
Errors, warnings, infections, trojans and junk (25)10/24/2014 7:49:17 AM (Touch)