Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Desktop Infection, don't know virus name


  • This topic is locked This topic is locked
2 replies to this topic

#1 Fast99

Fast99

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 12 April 2009 - 12:15 PM

My dads computer is not working properly. Some times the start up will not work, it will show the desktop, the most will move and the keyboards lites will work but We cannot click on anything or open any programs. I tried to installed Kaspersky on it like I have on my home computer and this Laptop but it took alot of tries to get it installed but it will not scan or enable protection. It looks like the Restore points have been deleted as well. and at times the computer will keep running at 100% PC usage. Thanks in advance for your help of me and other.

Regards
Mike



DDS (Ver_09-03-16.01) - NTFSx86
Run by Algene Edwards at 12:27:38.31 on Sun 04/12/2009
Internet Explorer: 8.0.6001.18372
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.139 [GMT -4:00]

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Sony\Giga Pocket\shwserv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Sony\Giga Pocket\RM_SV.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Algene Edwards\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - d:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - d:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: c:\windows\system32\nhser43uhjnefr.dll: {c2ba40a2-74f3-42bd-f434-2604812c8954} - c:\windows\system32\nhser43uhjnefr.dll
TB: Pop-Up Blocker: {d7f30b62-8269-41af-9539-b2697fa7d77e} - d:\program files\earthlink totalaccess\PnEL.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - d:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
uRun: [reader_s] c:\documents and settings\algene edwards\reader_s.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [reader_s] c:\windows\system32\reader_s.exe
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [Jlayatiqefame] rundll32.exe "c:\windows\ihusudih.dll",e
mRun: [CPM4798d2e4] Rundll32.exe "c:\windows\system32\widujuda.dll",a
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
IE: &Yahoo! Search - file:///d:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///d:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///d:\program files\yahoo!\Common/ycmap.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - d:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {1f460357-8a94-4d71-9ca3-aa4acf32ed8e} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: blackplanet.com\www
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/EN/mdldetect/VaioInfo.CAB
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
DPF: {11001001-A15C-11D4-97A4-0050BF0FBE67} - hxxp://www.wildcannon.com/common/cjiastarter/WCGameLauncher.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204
DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - d:\program files\yahoo!\common\yinsthelper.dll
DPF: {33363249-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/i263_32.cab
DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://moneycentral.msn.com/cabs/pmupd806.exe
DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} - hxxps://www.e-games.com.my/com/EGamesPlugin.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} - hxxp://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-150-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} - hxxp://www.systemrequirementslab.com/sysreqlab.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-150-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D670D0B3-05AB-4115-9F87-D983EF1AC747} - hxxp://pak04.pictures.aol.com/ygp/aol/plugin/download/YGPPicDownload.en-US.9.1.6.18.cab
DPF: {E2739AFF-FA40-4527-9A19-DE81795C2C03} - hxxp://moneycentral.msn.com/cabs/ticker.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\windows\system32\hididofu.dll c:\windows\system32\widujuda.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\adialhk.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\widujuda.dll
STS: c:\windows\system32\nhser43uhjnefr.dll: {c2ba40a2-74f3-42bd-f434-2604812c8954} - c:\windows\system32\nhser43uhjnefr.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\widujuda.dll
SEH: {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - No File
LSA: Notification Packages = scecli c:\windows\system32\hididofu.dll cnmspien.dll

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-1 64160]
R1 klif;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-3-29 213520]
R2 avp;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe [2008-7-29 206088]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 951632]
R3 klfltdev;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592]
S1 e7a6fb9a;e7a6fb9a;c:\windows\system32\drivers\e7a6fb9a.sys [2009-3-29 0]
S1 glaide32;glaide32;c:\windows\system32\drivers\glaide32.sys [2009-3-29 0]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-8-2 24652]
S3 botdrv;botdrv;\??\c:\documents and settings\algene edwards\driver.sys --> c:\documents and settings\algene edwards\driver.sys [?]
S3 NTProcDrv;Process creation detector for NT.;\??\c:\documents and settings\algene edwards\desktop\new folder (2)\ntprocdrv.sys --> c:\documents and settings\algene edwards\desktop\new folder (2)\NtProcDrv.sys [?]

=============== Created Last 30 ================

2009-03-29 23:12 22,238 a------- c:\windows\system32\AAWService_2009_03_29_23_12_18.dmp
2009-03-29 22:29 21,814 a------- c:\windows\system32\AAWService_2009_03_29_22_29_32.dmp
2009-03-29 20:51 101,287 a------- c:\windows\system32\drivers\klin.dat
2009-03-29 20:51 89,601 a------- c:\windows\system32\drivers\klick.dat
2009-03-29 20:50 <DIR> --d----- c:\program files\Kaspersky Lab
2009-03-29 20:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2009-03-29 20:20 20,743 a------- c:\windows\system32\AAWService_2009_03_29_20_20_48.dmp
2009-03-29 19:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-03-29 19:15 22,642 a------- c:\windows\system32\AAWService_2009_03_29_19_15_32.dmp
2009-03-29 14:41 0 a------- c:\windows\system32\drivers\glaide32.sys
2009-03-29 14:41 0 a------- c:\windows\system32\drivers\e7a6fb9a.sys
2009-03-29 14:39 30,208 a------- c:\windows\system32\reader_s.exe
2009-03-29 14:39 43,008 a------- C:\aoqckrns.exe
2009-03-29 14:39 128,512 a------- C:\gldmo.exe
2009-03-29 14:39 2 a------- C:\1152115159
2009-03-29 14:39 7,680 a------- C:\wicnin.exe
2009-03-29 14:39 15,000 a------- c:\windows\system32\nhser43uhjnefr.dll
2009-03-29 14:38 45,056 a------- C:\dmsiacq.exe
2009-03-29 14:38 9,216 a------- c:\windows\instsp2.exe
2009-03-28 12:26 56 a---h--- c:\windows\system32\ezsidmv.dat

==================== Find3M ====================

2009-03-29 23:27 33,808 a------- c:\windows\system32\drivers\klbg.sys
2009-03-29 14:38 88,576 a--sh--- c:\windows\system32\widujuda.dll
2009-03-29 14:38 81,408 a--sh--- c:\windows\system32\zavomoru.dll
2009-03-29 14:38 61,440 a--sh--- c:\windows\system32\gewaliya.exe
2009-03-08 18:50 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-08 18:50 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-19 17:56 34,816 a------- c:\program files\common files\file.exe
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-01-15 03:05 911,872 a------- c:\windows\system32\wininet.dll
2009-01-15 03:05 43,008 a------- c:\windows\system32\licmgr10.dll
2009-01-15 03:04 18,944 a------- c:\windows\system32\corpol.dll
2009-01-15 03:03 420,352 a------- c:\windows\system32\vbscript.dll
2009-01-15 03:03 72,704 a------- c:\windows\system32\admparse.dll
2009-01-15 03:03 71,680 a------- c:\windows\system32\iesetup.dll
2009-01-15 03:01 34,304 a------- c:\windows\system32\imgutil.dll
2009-01-15 03:00 48,128 a------- c:\windows\system32\mshtmler.dll
2009-01-15 03:00 45,568 a------- c:\windows\system32\mshta.exe
2009-01-15 02:50 156,160 a------- c:\windows\system32\msls31.dll
2004-06-09 10:53 56 ---shr-- c:\windows\system32\EC753DD5D5.sys
0000-00-00 00:00 49,152 a--sh--- c:\windows\system32\hididofu.dll.vir
2004-06-09 10:53 2,516 a--sh--- c:\windows\system32\KGyGaAvL.sys
0000-00-00 00:00 49,152 a--sh--- c:\windows\system32\melepoju.dll
2005-10-15 11:20 352,039 a--sh--- c:\windows\system32\pstwa.bak2
0000-00-00 00:00 49,152 a--sh--- c:\windows\system32\rinitalo.dll
2008-08-02 22:05 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080220080803\index.dat

============= FINISH: 12:28:54.92 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Rodav

Rodav

  • Members
  • 388 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 18 April 2009 - 05:24 PM

Hi,

I have bad news for you :thumbup2:

I see you're dealing with Virut on top of the other nasty malware you are dealing with. In that case, it's unfortunately a lost case - Game over situation and a format and reinstall is the fastest and especially the safest solution.

You may want to read this why: Virut and other File infectors - Throwing in the Towel?

So, I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files...
This because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again.

Read here for instructions how to format and reinstall Windows: http://web.mit.edu/ist/products/winxp/adva...all-format.html

#3 Rodav

Rodav

  • Members
  • 388 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 23 April 2009 - 06:36 AM

This Topic is now closed.

If you need this topic reopened, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users