Need helping with jumping virus on computer repost

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Need helping with jumping virus on computer repost, Have tried to remove jumping virus can't

Options

e.brown View Member Profile	Jun 23 2009, 10:04 PM Post #1
New Member Group: Members Posts: 3 Joined: 20-June 09 Member No.: 343,993	So I am posting again. Thank You OrangeBlossom for all the helpful information!! So as my other post said I am trying to remove a jumping virus from my computer. It was jumping me just to google but it has started using rightbulkselect.com and bestwebchoices.com to jump me. I have performed a malwarebytes scan, and a threatfire scan, they both turned up nothing. I have done the DDS scan and the log is below along with the attachment .. any help you can give would be great. DDS (Ver_09-05-14.01) - NTFSx86 Run by Irene at 19:53:11.16 on Tue 06/23/2009 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.122 [GMT -7:00] AV: ThreatFire On-access scanning enabled (Updated) {67B2B9A1-25C8-4057-962D-807958FFC9E3} AV: CyberDefender Internet Security On-access scanning enabled (Updated) {EC9A22DA-DA43-4AA7-B111-5BBDDF7BC73C} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\ThreatFire\TFService.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Network Associates\VirusScan\VsStat.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Network Associates\VirusScan\Avconsol.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ThreatFire\TFTray.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MySpace\IM\MySpaceIM.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe C:\WINDOWS\system32\svchost.exe -k driver C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\msdtc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Irene\Desktop\dds.scr C:\WINDOWS\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe, BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn1\YTSingleInstance.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe uRun: [CyberDefender Early Detection Center] "c:\program files\cyberdefender\cdinstx.exe" -cfgwizard uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe" mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe uPolicies-explorer: ForceClassicControlPanel = 1 (0x1) uPolicies-system: EnableProfileQuota = 1 (0x1) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl.sun.com/webapps/download/AutoDL?BundleId=23100 DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: Sebring - c:\windows\system32\LgNotify.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R0 NaiFsRec;NaiFsRec;c:\windows\system32\drivers\naifsrec.sys [2001-4-30 4512] R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2008-10-2 51472] R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2008-10-2 39184] R1 driverdrv;driverdrv;c:\program files\driver\driver.sys [2009-6-20 9472] R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664] R2 AvSynMgr;AVSync Manager;c:\program files\network associates\virusscan\Avsynmgr.exe [2001-4-30 155665] R2 driver;driver;c:\windows\system32\svchost.exe -k driver [2004-8-4 14336] R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?] R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392] R3 NaiFiltr;NaiFiltr;c:\program files\common files\network associates\mcshield\naifiltr.sys [2001-4-30 24480] R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2008-10-2 33040] S3 McShield;McShield;c:\program files\common files\network associates\mcshield\Mcshield.exe [2001-4-30 229499] S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [2008-11-24 27904] =============== Created Last 30 ================ 2009-06-21 13:39 <DIR> --d----- c:\windows\system32\NtmsData 2009-06-20 19:48 <DIR> --d----- C:\fixwareout 2009-06-20 00:17 <DIR> --d----- c:\program files\driver 2009-06-12 10:17 <DIR> --dsh--- c:\documents and settings\irene\PrivacIE 2009-06-11 21:33 <DIR> --dsh--- c:\documents and settings\irene\IETldCache 2009-06-11 21:25 <DIR> --d----- c:\windows\ie8updates 2009-06-11 21:20 <DIR> -cd-h--- c:\windows\ie8 2009-06-11 21:14 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll 2009-06-11 21:14 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll 2009-06-11 21:14 1,985,024 -c------ c:\windows\system32\dllcache\iertutil.dll 2009-06-11 21:13 11,064,832 -c------ c:\windows\system32\dllcache\ieframe.dll 2009-06-11 21:12 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll 2009-06-11 19:29 169 a------- C:\d45.bat 2009-06-11 19:29 15,360 ----h--- c:\windows\ld09.exe 2009-06-11 18:32 262,144 a------- C:\ntuser.dat 2009-05-25 21:02 <DIR> --d----- c:\program files\common files\DivX Shared 2009-05-25 21:02 <DIR> --d----- c:\program files\DivX ==================== Find3M ==================== 2009-05-19 22:27 6,144 a------- c:\windows\system32\iehelper.dll 2009-05-12 22:15 915,456 a------- c:\windows\system32\wininet.dll 2009-05-07 08:44 344,064 a------- c:\windows\system32\localspl.dll 2009-04-17 02:58 1,846,656 a------- c:\windows\system32\win32k.sys 2009-04-15 08:11 584,192 a------- c:\windows\system32\rpcrt4.dll 2008-09-02 00:16 12,580 -------- c:\docume~1\alluse~1.win\applic~1\isybi.sys 2008-09-02 00:16 16,311 -------- c:\docume~1\irene\applic~1\ilyseko.pif 2008-09-02 00:16 11,644 -------- c:\docume~1\alluse~1.win\applic~1\ywyruvuju.bat 2008-08-31 16:42 19,552 -------- c:\docume~1\irene\applic~1\GDIPFONTCACHEV1.DAT 2008-08-20 23:31 12,815 a------- c:\program files\common files\lujozyfuq.com 2008-08-13 13:49 17,718 a------- c:\program files\common files\doxi.reg 2008-08-12 01:15 13,216 -------- c:\docume~1\irene\applic~1\yvowyfeke.pif 2008-08-12 01:15 11,265 -------- c:\docume~1\alluse~1.win\applic~1\toto.vbs 2008-08-12 01:15 18,810 a------- c:\program files\common files\otyhysud.scr 2008-08-12 01:15 15,227 a------- c:\program files\common files\acewebona.vbs 2008-08-12 01:15 13,098 a------- c:\program files\common files\ugawi._sy 2008-08-12 01:15 11,041 -------- c:\docume~1\irene\applic~1\komuf.reg 2008-08-05 11:50 14,228 -------- c:\docume~1\irene\applic~1\fiwificur.exe 2008-07-31 14:21 16,384 -------- c:\docume~1\irene\applic~1\nipori.com 2008-07-25 00:36 15,736 a------- c:\program files\common files\wahiby.pif 2008-07-25 00:36 15,221 a------- c:\program files\common files\tukimyzev.reg 2008-07-25 00:36 13,281 a------- c:\program files\common files\inodifuwo.bin 2008-07-25 00:36 15,758 -------- c:\docume~1\irene\applic~1\lyjedeluro.pif 2008-07-25 00:36 13,252 -------- c:\docume~1\irene\applic~1\fago.reg 2008-07-25 00:36 11,369 -------- c:\docume~1\alluse~1.win\applic~1\ynoty.com 2008-07-25 00:36 10,630 -------- c:\docume~1\alluse~1.win\applic~1\olifeh.vbs 2008-07-23 11:24 18,173 -------- c:\docume~1\irene\applic~1\mica.bat 2008-07-23 11:24 10,802 a------- c:\program files\common files\quwefele.dat 2008-07-23 11:24 14,888 -------- c:\docume~1\irene\applic~1\vidobuqu.dat 2008-07-21 00:14 374 -------- c:\docume~1\irene\applic~1\internaldb6334.dat 2008-07-21 00:14 18,432 -------- c:\docume~1\irene\applic~1\internaldb41.dat 2008-07-21 00:09 555 -------- c:\docume~1\irene\applic~1\internaldb8467.dat 2008-12-15 19:13 65,782 a--sh--- c:\windows\system32\pijavobe.dll ============= FINISH: 19:54:33.27 =============== Attached File(s)* Attach.txt ( 14.2k ) Number of downloads: 0

sempai View Member Profile	Jun 27 2009, 02:04 PM Post #2
Bleepin Pinoy Group: HJT Senior Classmen Posts: 1,417 Joined: 30-June 06 From: 3 Stars and the Sun Member No.: 74,094	Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan: Download DDS by sUBs from one of the following links. Save it to your desktop. DDS.scr DDS.pif Double click on the DDS icon, allow it to run. A small box will open, with an explaination about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop. Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE -------------------- He that can have PATIENCE can have what he will. - Benjamin Franklin Please don't PM asking for support. Post on the Forums instead.

teacup61 View Member Profile	Jul 4 2009, 03:33 AM Post #3
Bleepin' Texan! Group: HJT Team Coach Posts: 13,829 Joined: 5-April 06 From: Planet Texas! Member No.: 62,846	Due to the lack of feedback this Topic is closed. If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic -------------------- Please make a donation so I can keep helping people just like you. Every little bit helps! :) You can even use your credit card! Thank you! Error reading poptart in Drive A: Delete kids y/n? PopTartFixIt2 ============= POPTART ================ Poptart successfully found and removed. ================ KIDS ================ Kid ... Maxwell O'Neal deleted successfully. Kid ... Billy O'Neal deleted successfully. ========== FINISHED! TERMINATE! ========== Tool by Billy3

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 8th November 2009 - 02:38 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides