Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus is causing various problems...


  • This topic is locked This topic is locked
2 replies to this topic

#1 elementcs13

elementcs13

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:08 AM

Posted 30 March 2009 - 02:06 PM

I've had this PC for a few years and have never had a problem as bad as this one. It's Windows XP.

1. When I'm on the computer, I sometimes get a bunch of popups.
2. When I run some applications, they randomly close.
3. I can't get into my registry without a script that I downloaded.
4. I can't get into my hidden folders option.
5. It won't let me do a system restore.
6. It won't let me use my recovery disk to completely reboot the pc.
7. There's a few things that are running in my task manager that shouldn't be running. If I close them, they come back.
8. I can open msconfig, but I can't use it. (Disabled by administrator?)
9. I can't get into safemode. When I try, it always just restarts my pc before I can get into safemode.

I've tried AVG Antivirus, ESET NOD32, CCleaner, Regcure, and the virus doesn't let me open Spybot, Malwarebytes, or a few other programs.

Any ideas on what I can do? Here is my DDS.txt


DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 14:49:15.21 on Mon 03/30/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_01
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.451 [GMT -4:00]

AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\2752134256.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
\\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com/web?o=1369
uSearch Bar = hxxp://www.google.com/ie
uWindow Title = Windows Internet Explorer provided by Comcast
mDefault_Page_URL = hxxp://www.emachines.com
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Shell=Explorer.exe c:\windows\config\lsass.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {a8ae4fb4-2f34-4ace-8738-87f29eb56f4e} - c:\windows\system32\gopuvuja.dll
BHO: c:\windows\system32\nhser43uhjnefr.dll: {c2ba40a2-74f3-42bd-f434-2604812c8954} - c:\windows\system32\nhser43uhjnefr.dll
TB: {35065594-9169-4A34-B167-FC4865038E53} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Diagnostic Manager] c:\docume~1\owner\locals~1\temp\2752134256.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [Vyutazaqes] rundll32.exe "c:\windows\odogupid.dll",e
mRun: [68935640] rundll32.exe "c:\windows\system32\mulirowo.dll",b
mRun: [CPM6ba065dc] Rundll32.exe "c:\windows\system32\fiyobubi.dll",a
mRun: [velomaruvi] Rundll32.exe "c:\windows\system32\fisalunu.dll",s
uPolicies-explorer: NoSMBalloonTip = 1 (0x1)
uPolicies-explorer: MemCheckBoxInRunDlg = 0 (0x0)
uPolicies-explorer: NoResolveTrack = 0 (0x0)
uPolicies-explorer: NoWelcomeScreen = 1 (0x1)
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-explorer: NoSMMyPictures = 0 (0x0)
uPolicies-explorer: NoStartMenuMyMusic = 0 (0x0)
uPolicies-explorer: NoRecentDocsNetHood = 0 (0x0)
uPolicies-explorer: NoInstrumentation = 0 (0x0)
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-explorer: NoStrCmpLogical = 1 (0x1)
mPolicies-explorer: NoSMMyPictures = 0 (0x0)
mPolicies-explorer: NoStartMenuMyMusic = 0 (0x0)
mPolicies-explorer: NoRecentDocsNetHood = 0 (0x0)
mPolicies-explorer: NoInstrumentation = 0 (0x0)
mPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: &Search - ?p=ZUfox000
IE: Download with GetRight
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Open with GetRight Browser
IE: {ccf00e14-7c5e-4420-9bf3-aa4809cfaa13} - c:\program files\clickclean\ClickClean.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: mathxl.com\www
DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - hxxps://setup.bellsouth.net/wizlet/PWReset/static/controls/WebflowActiveXInstaller_6-1-2.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds\wbsrv.dll
AppInit_DLLs: wbsys.dll c:\windows\system32\lawakuwi.dll c:\windows\system32\fiyobubi.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fiyobubi.dll
STS: c:\windows\system32\nhser43uhjnefr.dll: {c2ba40a2-74f3-42bd-f434-2604812c8954} - c:\windows\system32\nhser43uhjnefr.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\fiyobubi.dll
SEH: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - SABShellExecuteHook Class
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Notification Packages = :\window c:\windows\system32\lawakuwi.dll moradx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\g5w4obx4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFFab&query=
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\g5w4obx4.default\extensions\solidstateion@solidstatenetworks.com\plugins\npssn.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npoctoshape.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npWebLaunch.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {887B87DA-99BF-4DE0-9DA9-37BA3DCD14F3} - c:\documents and settings\owner\local settings\application data\{887B87DA-99BF-4DE0-9DA9-37BA3DCD14F3}

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-2-6 93336]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-2-6 727720]
R3 botdrv;botdrv;\??\c:\windows\system32\driver.sys --> c:\windows\system32\driver.sys [?]
S0 NVStrap;NVStrap; [x]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\sasdifsv.sys --> c:\program files\superantispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-8-19 42376]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-8-19 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-8-19 81288]
S3 restore;restore;\??\c:\windows\system32\drivers\restore.sys --> c:\windows\system32\drivers\restore.sys [?]
S3 SASENUM;SASENUM;\??\c:\program files\superantispyware\sasenum.sys --> c:\program files\superantispyware\SASENUM.SYS [?]
S3 tapgamerail;GameRail Adapter;c:\windows\system32\drivers\tapgamerail.sys [2007-7-2 25216]
S4 CacheBoost Service;CacheBoost Performance Optimizer and Tuner Service;c:\program files\cacheboost\CBSrv.exe [2003-6-24 77312]
S4 MyWebSearchService;My Web Search Service; [x]
S4 WUSB54GSCSVC;WUSB54GSCSVC;c:\program files\compact wireless-g usb network adapter with speedbooster\WLService.exe [2009-3-14 53307]

=============== Created Last 30 ================

2009-03-30 13:08 2,510,811 ---sh--- c:\windows\system32\oworilum.ini
2009-03-30 13:04 121 ---sh--- c:\windows\system32\ifidokej.ini
2009-03-30 10:08 <DIR> --d----- c:\program files\ESET
2009-03-30 01:27 54,156 a---h--- c:\windows\QTFont.qfn
2009-03-30 01:27 1,409 a------- c:\windows\QTFont.for
2009-03-29 23:29 10,520 -------- c:\windows\system32\avgrsstx.dll.install_backup_2
2009-03-29 20:35 <DIR> --d----- c:\program files\ClickClean
2009-03-29 20:25 <DIR> --d----- c:\program files\MSXML 6.0
2009-03-29 20:08 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-03-29 20:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-03-29 20:00 <DIR> --d----- c:\program files\NortonInstaller
2009-03-29 20:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-03-29 19:51 43 a------- c:\windows\system32\ovfsthlbfefaeaxfuqysmnomwbbtcahochnbru.dat
2009-03-29 19:50 9,766,528 a------- c:\documents and settings\owner\lsPEIRCMY.exe
2009-03-29 19:50 1,686,016 a------- c:\windows\system32\clinetsuitex6.ocx
2009-03-29 19:50 427,864 a------- c:\windows\system32\XceedZip.dll
2009-03-29 19:49 <DIR> --d----- c:\program files\Driver-Soft
2009-03-29 19:49 37,888 a------- c:\windows\system32\cbXrsSMf.dll
2009-03-29 19:49 2,270 a------- c:\windows\system32\ovfsthkkymsntjequrublnsryxiuxxxhudbdwk.dat
2009-03-29 19:49 9,766,528 a------- c:\documents and settings\owner\muQFJSENZ.exe
2009-03-29 19:26 <DIR> --d----- c:\program files\Windows Resource Kits
2009-03-29 13:50 10,520 -------- c:\windows\system32\avgrsstx.dll.install_backup_1
2009-03-29 13:04 101,998 a------- c:\windows\system32\drivers\806787e2.sys
2009-03-29 13:03 15,000 a------- c:\windows\system32\nhser43uhjnefr.dll
2009-03-25 22:30 212,711 a------- c:\windows\system32\nvapps.nvb
2009-03-25 22:30 <DIR> --d----- c:\windows\nview
2009-03-19 12:11 <DIR> --d----- c:\docume~1\owner\applic~1\Uniblue
2009-03-19 12:10 <DIR> --d----- c:\program files\Uniblue
2009-03-17 03:03 <DIR> --d----- c:\program files\OpenAL
2009-03-14 19:38 189,072 a------- c:\windows\system32\PnkBstrB.xtr
2009-03-14 15:29 17,801 a------- c:\windows\system32\drivers\AegisP.sys
2009-03-14 15:29 94,208 a------- c:\windows\system32\GTW32N50.dll
2009-03-14 15:29 31,930 a------- c:\windows\system32\GTNDIS3.VXD
2009-03-14 15:29 17,992 a------- c:\windows\system32\bcm42rly.sys
2009-03-14 15:29 15,872 a------- c:\windows\system32\GTNDIS5.sys
2009-03-14 15:29 <DIR> --d----- c:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster
2009-03-14 15:29 609 a------- c:\windows\system32\WLAN.INI
2009-03-13 01:15 <DIR> --d----- c:\program files\Silent Hill Homecoming

==================== Find3M ====================

2009-03-30 13:08 89,088 a--sh--- c:\windows\system32\fiyobubi.dll
2009-03-30 13:08 80,896 a--sh--- c:\windows\system32\mulirowo.dll
2009-03-30 13:08 61,440 a--sh--- c:\windows\system32\pamukuhu.exe
2009-03-29 19:05 145,408 a------- c:\windows\pchealth\helpctr\binaries\msconfig.exe.tmp
2009-03-29 13:04 182,912 a------- c:\windows\system32\drivers\ndis.sys
2009-03-29 13:04 182,912 a------- c:\windows\system32\dllcache\ndis.sys
2009-03-29 13:03 89,088 a--sh--- c:\windows\system32\madujeri.dll
2009-03-29 13:03 61,440 a--sh--- c:\windows\system32\zahatahe.exe
2009-03-28 17:30 89,088 a--sh--- c:\windows\system32\migunugo.dll.vir
2009-03-28 17:30 61,440 a--sh--- c:\windows\system32\yudegoku.exe
2009-03-28 17:30 81,408 -------- c:\windows\system32\jekodifi.dll
2009-03-14 19:38 189,072 a------- c:\windows\system32\PnkBstrB.exe
2009-03-14 18:34 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-03-13 14:13 1,984 a------- c:\windows\system32\d3d9caps.dat
2009-02-26 14:46 42,320 a------- c:\windows\system32\xfcodec.dll
2009-02-22 22:22 91,900 ac--h--- c:\windows\system32\mlfcache.dat
2009-02-22 16:37 4,096 a------- c:\windows\d3dx.dat
2009-02-18 14:44 6,185,088 a------- c:\windows\system32\nv4_disp(2).dll
2009-02-09 06:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-02-06 14:24 93,336 a------- c:\windows\system32\drivers\epfwtdir.sys
2009-02-06 14:23 106,208 a------- c:\windows\system32\drivers\ehdrv.sys
2009-02-06 14:19 113,448 a------- c:\windows\system32\drivers\eamon.sys
2009-02-05 17:09 6,180 a------- c:\docume~1\owner\applic~1\wklnhst.dat
2009-01-03 03:02 674,600 a------- c:\windows\system32\pbsvc.exe
2008-06-14 21:49 22,328 a------- c:\docume~1\owner\applic~1\PnkBstrK.sys
2007-08-16 04:44 56 ac-shr-- c:\windows\system32\9623F1C531.sys
0000-00-00 00:00 49,152 a--sh--- c:\windows\system32\fisalunu.dll
0000-00-00 00:00 49,152 a--sh--- c:\windows\system32\gopuvuja.dll
0000-00-00 00:00 49,152 a--sh--- c:\windows\system32\lawakuwi.dll

============= FINISH: 14:50:49.12 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:06:08 AM

Posted 08 April 2009 - 08:13 AM

Hello,

I apologize for the delay in response, we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know. As its been a while since you posted your log, I will need an updated one.

Please take a look at the Preparation Guide for a download link to DDS and instructions on how you should ask for help.

Thanks and again sorry for the delay.
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#3 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:06:08 AM

Posted 12 April 2009 - 05:29 AM

Due to Lack of feedback, this topic is now Closed.

If you need this topic reopened, please send me a message. In your message please include the address of this thread in your request.

This applies only to the original topic starter.

Everyone else please start a new topic.
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users