Very persistent virus causing multiple problems

Posted 12/27/2009 4:35 AM
#81360
User avatar

Alric Member

Date Joined Nov 2016
Total Posts: 9
I have a virus(Or likely many?) that I just can't seem to get rid of. I am running windows XP. It first disabled system restore and regedit, but I was able to get both working again. Though I lost all the system restore points I had. I was getting a lot of popups but I stopped most of that. At one point the virus changed my desktop to one of them anti spyware desktop images but I was able to fix that, and it was back to normal for a while but now I have a new problem in that regard, with the active desktop recovery error there. <br/> <br/> <br/>Currently, I can not log into safe mode at all. When I try, it just restarts the computer and goes to option where you select the mode again. I am having a google redirect problem, where if I use google I keep getting directed to other sites. Though the searches on altavista seemed to work fine. The google redirect problem happens on both firefox and IE. I normally use maleware bytes but I have been unable to run it since I got the virus. I even tried changing its name, and redownloading it with a different name, neither helped. Orginally the virus was blocking other programs as well but I was able to fix that, though maleware bytes still will not work. <br/> <br/> <br/> <br/>I have run windows live Onecare, adaware, goored, avira, unhackme, bullguard and a few other programs(and some clean up stuff as well) trying to get rid of it but nothing seems to help. Most of them did find things and got rid of them, but I am still having problems. Most recently I was having avira running a search at each start up and it keeps finding one unknown file each time I restart my computer but it always has a different name. The other all find a couple of problems each time I run them, even if I run them twice in a row and hadn't done anything else. Some times there is a couple files that can not be deleted. <br/> <br/> <br/> <br/>I ran DDS. <br/> <br/>DDS (Ver_09-12-01.01) - NTFSx86 <br/>Run by Owner at 20:02:11.18 on Sat 12/26/2009 <br/>Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17 <br/>Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.382.111 [GMT -8:00] <br/> <br/>AV: BullGuard Antivirus *On-access scanning enabled* (Outdated) {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913} <br/>AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} <br/>FW: BullGuard Firewall *disabled* {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1} <br/> <br/>============== Running Processes =============== <br/> <br/>C:\WINDOWS\system32\Ati2evxx.exe <br/>C:\WINDOWS\system32\svchost -k DcomLaunch <br/>svchost.exe <br/>C:\WINDOWS\System32\svchost.exe -k netsvcs <br/>svchost.exe <br/>svchost.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\Program Files\Avira\AntiVir Desktop\sched.exe <br/>svchost.exe <br/>C:\Program Files\Avira\AntiVir Desktop\avguard.exe <br/>C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe <br/>C:\WINDOWS\System32\svchost.exe -k BullGuard <br/>C:\Program Files\Java\jre6\bin\jqs.exe <br/>c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe <br/>c:\program files\mcafee.com\agent\mcdetect.exe <br/>c:\PROGRA~1\mcafee.com\agent\mctskshd.exe <br/>C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe <br/>C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS <br/>C:\Program Files\Avira\AntiVir Desktop\avgnt.exe <br/>C:\Program Files\QuickTime\qttask.exe <br/>C:\Program Files\Java\jre6\bin\jusched.exe <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe <br/>C:\Program Files\Internet Explorer\iexplore.exe <br/>C:\Program Files\Internet Explorer\iexplore.exe <br/>C:\Documents and Settings\Owner\Desktop\dds.scr <br/> <br/>============== Pseudo HJT Report =============== <br/> <br/>uSearch Bar = hxxp://www.google.com/ie <br/>uStart Page = hxxp://www.google.com/ <br/>uSearch Page = hxxp://www.google.com <br/>mDefault_Page_URL = hxxp://www.yahoo.com <br/>mStart Page = hxxp://www.yahoo.com <br/>uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe" <br/>uSearchAssistant = hxxp://www.google.com/ie <br/>uSearchURL,(Default) = hxxp://www.google.com/search?q=%s <br/>mSearchAssistant = hxxp://www.google.com/ie <br/>uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll <br/>mWinlogon: Userinit=Userinit.exe, <br/>BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll <br/>BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll <br/>BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll <br/>BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll <br/>TB: Norton Internet Security: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll <br/>TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll <br/>TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll <br/>TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll <br/>TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll <br/>EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll <br/>uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe <br/>uRun: [UnHackMe Monitor] c:\program files\unhackme\hackmon.exe <br/>uRun: [BullGuard] "c:\program files\bullguard ltd\bullguard\bullguard.exe" <br/>mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto <br/>mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe <br/>mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min <br/>mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime <br/>mRun: [dipepemey] Rundll32.exe "c:\windows\system32\jurumoku.dll",a <br/>mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" <br/>mRun: [BullGuard] "c:\program files\bullguard ltd\bullguard\bullguard.exe" -boot <br/>dRun: [notepad] rundll32.exe \ntload.dll,_IWMPEvents@0 <br/>mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) <br/>mPolicies-explorer: NoSetActiveDesktop = 1 (0x1) <br/>mPolicies-system: EnableLUA = 0 (0x0) <br/>dPolicies-explorer: NoSetActiveDesktop = 1 (0x1) <br/>dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) <br/>dPolicies-explorer: NoFolderOptions = 1 (0x1) <br/>dPolicies-system: DisableTaskMgr = 1 (0x1) <br/>dPolicies-system: DisableRegistryTools = 1 (0x1) <br/>IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 <br/>IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe <br/>IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll <br/>IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL <br/>IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll <br/>LSP: c:\windows\system32\BGLsp.dll <br/>DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab <br/>DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab <br/>DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab <br/>DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab <br/>DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab <br/>TCP: {57E52C6D-B237-4199-82FB-6C10AB4E2CD3} = 193.104.110.38,4.2.2.1 <br/>TCP: {5A075A97-973A-4010-9B1E-3740D4766B1D} = 193.104.110.38,4.2.2.1,192.168.15.1 <br/>Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll <br/>Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll <br/>AppInit_DLLs: system32\jurumoku.dll,revulazo.dll c:\windows\system32\jurumoku.dll <br/>SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll <br/>SSODL: tudanavek - {9caaeb86-d27a-493b-b3d6-0642c4faeaf6} - c:\windows\system32\jurumoku.dll <br/>STS: {A5BF49A2-94F1-42BD-F434-3604812C807D} - No File <br/>STS: kupuhivus: {9caaeb86-d27a-493b-b3d6-0642c4faeaf6} - c:\windows\system32\jurumoku.dll <br/>LSA: Notification Packages = deolg32.dll nimuhoke.dll <br/> <br/>================= FIREFOX =================== <br/> <br/>FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\kttq7cut.default\ <br/>FF - prefs.js: browser.search.selectedEngine - Secure Search <br/>FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ <br/>FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= <br/>FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll <br/>FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll <br/>FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ <br/>FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} <br/> <br/>---- FIREFOX POLICIES ---- <br/>FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); <br/> <br/>============= SERVICES / DRIVERS =============== <br/> <br/>R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-12-26 11608] <br/>R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-12-26 108289] <br/>R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-12-26 185089] <br/>R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-26 55656] <br/>R2 BdFileSpy;BullGuard File Monitor Driver;c:\windows\system32\drivers\BdFileSpy.sys [2009-12-26 55504] <br/>R2 BsFileScan;BullGuard File Scan Service;c:\windows\system32\svchost.exe -k BullGuard [2005-3-23 14336] <br/>R2 BsFire;BullGuard Firewall Service;c:\windows\system32\svchost.exe -k BullGuard [2005-3-23 14336] <br/>R2 BsMailProxy;BullGuard Email Monitoring Service;c:\windows\system32\svchost.exe -k BullGuard [2005-3-23 14336] <br/>R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2009-12-26 93320] <br/>R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2009-11-21 126976] <br/>R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2009-11-21 122368] <br/>R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2009-11-22 583640] <br/>R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2009-3-23 31128] <br/>R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2009-3-23 257304] <br/>S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2009-12-26 34760] <br/>S3 ATICDSDr;ATICDSDr;d:\i386\apps\app16164\bin\atiicdxx.sys [2005-5-19 6144] <br/>S3 BGRaSvc;BGRaSvc;c:\program files\bullguard ltd\bullguard\support\BGRaSvc.exe [2009-6-1 79184] <br/>S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-11-22 13192] <br/>S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-11-22 8456] <br/>S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2009-11-21 245760] <br/>S4 BtwSrv;BtwSrv;c:\windows\system32\svchost.exe -k netsvcs [2005-3-23 14336] <br/>S4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-8-27 197752] <br/>S4 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-8-27 78968] <br/>S4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-8-27 164984] <br/> <br/>=============== Created Last 30 ================ <br/> <br/>2009-12-27 03:48:18 0 d-----w- c:\docume~1\alluse~1\applic~1\BullGuard <br/>2009-12-27 03:48:16 0 d-----w- c:\docume~1\owner\applic~1\BullGuard <br/>2009-12-27 03:46:52 55504 ----a-w- c:\windows\system32\drivers\BdFileSpy.sys <br/>2009-12-27 03:46:11 0 d-----w- c:\program files\BullGuard Ltd <br/>2009-12-27 03:35:28 0 d-----w- c:\program files\Trend Micro <br/>2009-12-27 03:34:21 73728 ----a-w- c:\windows\system32\javacpl.cpl <br/>2009-12-27 03:34:21 411368 ----a-w- c:\windows\system32\deploytk.dll <br/>2009-12-27 03:20:06 0 d-----w- c:\program files\CCleaner <br/>2009-12-27 02:35:30 0 d-----w- C:\RootkitNO <br/>2009-12-27 01:57:44 34760 ----a-w- c:\windows\system32\drivers\Partizan.sys <br/>2009-12-27 01:57:44 32480 ----a-w- c:\windows\system32\Partizan.exe <br/>2009-12-27 01:57:41 2 --shatr- c:\windows\winstart.bat <br/>2009-12-27 01:57:25 12752 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys <br/>2009-12-27 01:57:23 0 d-----w- c:\program files\UnHackMe <br/>2009-12-26 21:13:50 49 ----a-w- c:\windows\NeroDigital.ini <br/>2009-12-26 20:03:09 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys <br/>2009-12-26 20:03:03 0 d-----w- c:\program files\Avira <br/>2009-12-26 20:03:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira <br/>2009-12-26 18:37:01 0 d-----w- c:\program files\Cheese program <br/>2009-12-26 18:36:12 61952 --sh--w- c:\windows\system32\susopaya.dll <br/>2009-12-26 18:36:12 53248 --sh--w- c:\windows\system32\gasowihu.dll <br/>2009-12-26 18:36:11 92672 ----a-w- c:\windows\system32\JURUMOKU.DLL.del <br/>2009-12-26 18:36:10 39424 --sh--w- c:\windows\system32\tebujugu.dll <br/>2009-12-26 18:32:19 0 d-----w- c:\program files\Malwarebytes' Anbbti-Malwareeeere <br/>2009-12-26 18:11:22 0 d-----w- c:\windows\system32\wbem\Repository <br/>2009-12-26 08:19:34 0 dc----w- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} <br/>2009-12-26 08:18:06 0 d-----w- c:\program files\Lavasoft <br/>2009-12-24 18:06:35 0 ----a-w- c:\windows\Ecatobekeyoj.bin <br/>2009-12-24 18:06:34 120 ----a-w- c:\windows\Bfomalebinur.dat <br/>2009-12-24 15:34:40 915968 ----a-w- c:\windows\system32\AVR10.exe <br/>2009-12-24 15:34:28 2854 ----a-w- c:\windows\system32\critical_warning.html <br/>2009-12-24 15:34:15 52736 ----a-w- C:\uwlwfa.exe <br/>2009-12-21 18:04:10 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes <br/>2009-12-21 18:04:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys <br/>2009-12-21 18:04:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes <br/>2009-12-21 18:03:59 19160 ----a-w- c:\windows\system32\drivers\mbam.sys <br/>2009-12-21 18:03:59 0 d-----w- c:\program files\Malwarebytes' Anti-Malware <br/>2009-12-21 17:56:22 707072 ----a-w- c:\windows\system32\drivers\cdhmnnrm.sys <br/>2009-12-21 17:55:55 156160 ----a-w- C:\oqnqso.exe <br/>2009-12-21 07:36:05 764868 -c----w- c:\windows\system32\dllcache\apph_sp.sdb <br/>2009-12-21 07:36:05 217118 -c----w- c:\windows\system32\dllcache\apphelp.sdb <br/>2009-12-21 07:35:26 0 d-----w- c:\program files\Windows Media Connect 2 <br/>2009-12-21 07:33:45 0 d-----w- c:\windows\system32\LogFiles <br/>2009-12-21 07:15:37 0 d-----w- c:\program files\RAGS Suite <br/>2009-12-21 07:09:18 0 d-----w- c:\program files\RAGS Suite(2) <br/>2009-12-05 02:07:55 0 d-----w- c:\program files\Yahoo! <br/>2009-12-03 21:32:13 0 d-----w- c:\program files\GoldenDawn Inc <br/>2009-12-02 22:23:11 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan <br/>2009-12-02 22:23:08 0 d-----w- c:\program files\McAfee Security Scan <br/>2009-12-02 06:04:07 11182 ----a-w- c:\documents and settings\owner\.recently-used.xbel <br/>2009-12-01 19:00:47 1089601 -c----w- c:\windows\system32\dllcache\ntprint.cat <br/>2009-11-30 16:47:33 0 d-----w- c:\windows\system32\XPSViewer <br/>2009-11-30 16:45:56 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll <br/>2009-11-30 16:45:56 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe <br/>2009-11-30 16:45:56 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll <br/>2009-11-30 16:45:56 575488 ------w- c:\windows\system32\xpsshhdr.dll <br/>2009-11-30 16:45:56 117760 ------w- c:\windows\system32\prntvpt.dll <br/>2009-11-30 16:45:55 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll <br/>2009-11-30 16:45:55 1676288 ------w- c:\windows\system32\xpssvcs.dll <br/>2009-11-30 16:45:53 0 d-----w- C:\e1a1810b87e781f79bd0 <br/>2009-11-30 16:39:03 0 d-----w- c:\windows\system32\CatRoot_bak <br/>2009-11-30 16:37:46 0 d-----w- c:\program files\MSXML 6.0 <br/>2009-11-30 09:03:57 0 d-----w- c:\program files\MSXML 4.0 <br/>2009-11-30 08:01:14 0 d-----w- c:\documents and settings\owner\.thumbnails <br/>2009-11-30 08:00:01 0 d-----w- c:\documents and settings\owner\.gimp-2.6 <br/>2009-11-29 20:41:49 202752 -c----w- c:\windows\system32\dllcache\rmcast.sys <br/>2009-11-29 20:41:43 333184 -c----w- c:\windows\system32\dllcache\srv.sys <br/>2009-11-29 20:41:36 331776 -c----w- c:\windows\system32\dllcache\msadce.dll <br/>2009-11-29 20:41:30 683520 -c----w- c:\windows\system32\dllcache\inetcomm.dll <br/>2009-11-29 20:40:38 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll <br/>2009-11-29 20:40:15 153088 -c----w- c:\windows\system32\dllcache\triedit.dll <br/>2009-11-29 20:39:59 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll <br/>2009-11-29 20:39:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll <br/>2009-11-29 20:39:59 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll <br/>2009-11-29 20:39:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll <br/>2009-11-29 20:39:58 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll <br/>2009-11-29 20:39:55 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll <br/>2009-11-29 20:38:03 2136064 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe <br/>2009-11-29 20:38:02 2180352 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe <br/>2009-11-29 20:38:02 2015744 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe <br/>2009-11-29 20:38:01 2057728 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe <br/>2009-11-29 20:37:25 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx <br/>2009-11-29 20:37:09 60416 -c----w- c:\windows\system32\dllcache\colbact.dll <br/>2009-11-29 20:37:09 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll <br/>2009-11-29 20:37:09 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll <br/>2009-11-29 20:37:09 399360 -c----w- c:\windows\system32\dllcache\rpcss.dll <br/>2009-11-29 20:37:09 35328 -c----w- c:\windows\system32\dllcache\sc.exe <br/>2009-11-29 20:37:09 283648 -c----w- c:\windows\system32\dllcache\pdh.dll <br/>2009-11-29 20:37:09 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe <br/>2009-11-29 20:37:09 110592 -c----w- c:\windows\system32\dllcache\services.exe <br/>2009-11-29 20:37:08 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll <br/>2009-11-29 20:37:08 616960 -c----w- c:\windows\system32\dllcache\advapi32.dll <br/>2009-11-29 20:36:34 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll <br/>2009-11-29 20:36:25 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll <br/>2009-11-29 20:36:13 332800 -c----w- c:\windows\system32\dllcache\netapi32.dll <br/>2009-11-29 20:35:20 1193414 -c----w- c:\windows\system32\dllcache\sysmain.sdb <br/>2009-11-29 20:35:19 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe <br/>2009-11-29 20:34:29 272128 -c----w- c:\windows\system32\dllcache\bthport.sys <br/>2009-11-29 20:34:29 272128 ------w- c:\windows\system32\drivers\bthport.sys <br/>2009-11-29 08:46:59 0 d-----w- c:\windows\system32\PreInstall <br/>2009-11-28 17:22:29 0 d-----w- c:\windows\system32\SoftwareDistribution <br/>2009-11-27 05:01:13 65536 ----a-w- c:\windows\TADSUINS.EXE <br/>2009-11-27 05:01:10 0 d-----w- c:\program files\TADS <br/> <br/>==================== Find3M ==================== <br/> <br/>2009-12-26 22:02:08 95360 ----a-w- c:\windows\system32\drivers\atapi.sys <br/>2009-12-03 00:06:57 952 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys <br/>2009-12-03 00:06:57 88 --sh--r- c:\docume~1\alluse~1\applic~1\0A0ADA7801.sys <br/>2009-11-22 01:30:45 8552 ----a-w- c:\windows\system32\drivers\asctrm.sys <br/>2009-11-06 00:38:46 1669120 ----a-w- c:\windows\system32\BootMan.exe <br/>2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll <br/>2009-10-21 06:00:55 75776 ----a-w- c:\windows\system32\strmfilt.dll <br/>2009-10-21 06:00:55 25088 ----a-w- c:\windows\system32\httpapi.dll <br/>2009-10-13 10:53:29 266752 ----a-w- c:\windows\system32\oakley.dll <br/>2009-10-12 13:54:17 69632 ----a-w- c:\windows\system32\raschap.dll <br/>2009-10-12 13:54:17 112128 ----a-w- c:\windows\system32\rastls.dll <br/>2009-09-25 18:35:33 43008 --sha-w- c:\windows\system32\baborefe.dll <br/>2009-09-25 18:35:32 45568 --sha-w- c:\windows\system32\biserano.dll <br/>2009-09-26 18:36:02 45568 --sha-w- c:\windows\system32\hujepaka.dll <br/>2009-09-26 18:36:48 53248 --sha-w- c:\windows\system32\jirohowu.dll <br/>2009-09-26 18:36:02 38912 --sha-w- c:\windows\system32\legadaza.dll <br/>2009-09-26 18:36:48 53248 --sha-w- c:\windows\system32\nimuhoke.dll <br/>2009-09-26 18:36:03 4096 --sha-w- c:\windows\system32\pubegadi.dll <br/>2009-09-25 18:35:32 39424 --sha-w- c:\windows\system32\torajigu.dll <br/> <br/>============= FINISH: 20:04:01.03 =============== <br/> <br/> <br/>And hijack <br/> <br/> <br/> <br/>Logfile of Trend Micro HijackThis v2.0.2 <br/>Scan saved at 8:06:08 PM, on 12/26/2009 <br/>Platform: Windows XP SP2 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v8.00 (8.00.6001.18702) <br/>Boot mode: Normal <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\Ati2evxx.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\Program Files\Avira\AntiVir Desktop\sched.exe <br/>C:\Program Files\Avira\AntiVir Desktop\avguard.exe <br/>C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\Program Files\Java\jre6\bin\jqs.exe <br/>c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe <br/>c:\program files\mcafee.com\agent\mcdetect.exe <br/>c:\PROGRA~1\mcafee.com\agent\mctskshd.exe <br/>C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe <br/>C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS <br/>C:\Program Files\Avira\AntiVir Desktop\avgnt.exe <br/>C:\Program Files\QuickTime\qttask.exe <br/>C:\Program Files\Java\jre6\bin\jusched.exe <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe <br/>C:\Program Files\Internet Explorer\iexplore.exe <br/>C:\Program Files\Internet Explorer\iexplore.exe <br/>C:\Program Files\Trend Micro\HijackThis\HijackThis.exe <br/> <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com <br/>R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" <br/>R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll <br/>F2 - REG:system.ini: UserInit=Userinit.exe, <br/>O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll <br/>O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll <br/>O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll <br/>O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll <br/>O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll <br/>O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll <br/>O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll <br/>O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll <br/>O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll <br/>O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto <br/>O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe <br/>O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime <br/>O4 - HKLM\..\Run: [dipepemey] Rundll32.exe "c:\windows\system32\jurumoku.dll",a <br/>O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" <br/>O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot <br/>O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe <br/>O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe <br/>O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" <br/>O4 - HKUS\S-1-5-18\..\Run: [notepad] rundll32.exe \ntload.dll,_IWMPEvents@0 (User 'SYSTEM') <br/>O4 - HKUS\.DEFAULT\..\Run: [notepad] rundll32.exe \ntload.dll,_IWMPEvents@0 (User 'Default user') <br/>O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present <br/>O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 <br/>O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll <br/>O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll <br/>O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL <br/>O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab <br/>O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab <br/>O17 - HKLM\System\CCS\Services\Tcpip\..\{57E52C6D-B237-4199-82FB-6C10AB4E2CD3}: NameServer = 193.104.110.38,4.2.2.1 <br/>O17 - HKLM\System\CCS\Services\Tcpip\..\{5A075A97-973A-4010-9B1E-3740D4766B1D}: NameServer = 193.104.110.38,4.2.2.1,192.168.15.1 <br/>O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll <br/>O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll <br/>O20 - AppInit_DLLs: system32\jurumoku.dll,revulazo.dll c:\windows\system32\jurumoku.dll <br/>O21 - SSODL: tudanavek - {9caaeb86-d27a-493b-b3d6-0642c4faeaf6} - c:\windows\system32\jurumoku.dll (file missing) <br/>O22 - SharedTaskScheduler: ujhsf879fiosdfhgs98fudifmnddfdfd - {A5BF49A2-94F1-42BD-F434-3604812C807D} - (no file) <br/>O22 - SharedTaskScheduler: kupuhivus - {9caaeb86-d27a-493b-b3d6-0642c4faeaf6} - c:\windows\system32\jurumoku.dll (file missing) <br/>O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe <br/>O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe <br/>O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe <br/>O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe <br/>O23 - Service: BGRaSvc - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\support\bgrasvc.exe <br/>O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe <br/>O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe <br/>O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe <br/>O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe <br/>O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe <br/>O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe <br/>O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS <br/> <br/>-- <br/>End of file - 8919 bytes
Posted 12/28/2009 1:57 AM
#81373
User avatar

Alric Member

Date Joined Nov 2016
Total Posts: 9
Never mind, I don't need help anymore. It got worse again, and disabled all my programs and task manger. I got so sick of this stupid virus I did the one thing I knew would get rid of it, and reformated my hardrive.
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Monday, December 5, 2016, 3:48 PM (GMT +1)
There are a total of 61,160 posts in 13,449 threads.
In the last 3 days there were 2 new threads and 3 reply posts.

Who's online

This forum has 37,965 registered members. Please welcome our newest member, Old shape.
There are currently no users on-line.