Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System slowed to a crawl


  • This topic is locked This topic is locked
2 replies to this topic

#1 wickedj69

wickedj69

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:49 AM

Posted 16 June 2009 - 04:55 AM

So, despite a couple years of CompTIA A+ i once again feel like a noob(no offense to noobs <3) with this spyware stuff. Not sure how i managed to get it but i got something pretty evil that i *THOUGHT* i got rid of, till i tried to open WinAmp and it wouldnt open. Ive got three files in my startup which dont belong and Google has returned some unfriendly results on said files. prior to what i thought was a fix my Task Manager filled up with multiple "Rundll32.exe" which would bring my system to an almost halt

Ramobugu
Wayebomi
Juhijudu (I'd like to buy a vowel?)

Anyhow, heres the logs the FAQ asks for

DDS (Ver_09-05-14.01) - NTFSx86
Run by WickedJ at 5:38:29.39 on Tue 06/16/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.492 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\WickedJ\LOCALS~1\Temp\ose00000.exe
C:\Documents and Settings\WickedJ\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bigfishgames.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: {0325B7F7-E2F1-4959-95A3-278775895B06} - No File
BHO: {0D51D5B5-039F-4626-920D-9B65672E0CD6} - No File
BHO: {2E0D7BBC-F10C-4701-A031-AC0922A714D9} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {3EF5F2BE-4B8A-4A32-AAC9-ADE2C1E081C3} - No File
BHO: ShowBarObj Class: {43ae45cb-dda7-454b-9650-93a4c090bdb8} - c:\program files\eyetide media\eyetide viewer\toolbar\ETBar.dll
BHO: {6048bc77-4ac1-46c2-a705-85f68be23ed1} - c:\windows\system32\wuduzuli.dll
BHO: {67BDBF6E-E311-4AD4-A921-5B6E79DAA570} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: {8753239E-2713-470D-8C57-F2032F8D86E6} - No File
BHO: {98D8D9A4-CF48-41A8-BF88-D66B5B21C10B} - No File
BHO: {AC256132-27B8-4E37-90B9-35A3F74D14E2} - No File
BHO: {D4F42643-3BA2-4879-B97C-4D7E899639BE} - No File
BHO: {E93EA153-5E26-4DA0-8C94-B088633D0E8A} - No File
TB: &EyeTideBar: {987d027c-f0ef-40fa-9a1a-c45007f1f36f} - c:\program files\eyetide media\eyetide viewer\toolbar\ETBar.dll
TB: {B24BA06E-FB7B-4757-95C2-DC01125F750E} - No File
uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [58fce24f] rundll32.exe "c:\windows\system32\wayebomi.dll",b
mRun: [CPM5bcfd1d3] Rundll32.exe "c:\windows\system32\juhijudu.dll",a
mRun: [wiyayagivi] Rundll32.exe "c:\windows\system32\ramobugu.dll",s
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
StartupFolder: c:\docume~1\wickedj\startm~1\programs\startup\eyetid~1.lnk - c:\program files\eyetide media\eyetide viewer\EyetideController.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\progra~1\yahoo!\messen~1\YPager.exe
IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program files\partygaming.net\partypokernet\RunPF.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\windows\system32\jasosise.dll c:\windows\system32\juhijudu.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\juhijudu.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\juhijudu.dll
LSA: Notification Packages = scecli c:\windows\system32\jasosise.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\wickedj\applic~1\mozilla\firefox\profiles\a65uzayo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\wickedj\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\bittorrent_dna\npbtdna.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll

============= SERVICES / DRIVERS ===============

R2 PDSched;PDScheduler;c:\program files\raxco\perfectdisk\PDSched.exe [2004-11-1 237635]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]

=============== Created Last 30 ================

2009-06-16 04:29 1,406,743 ---sh--- c:\windows\system32\imobeyaw.ini
2009-06-16 04:22 <DIR> a-dshr-- C:\cmdcons
2009-06-16 04:19 161,792 a------- c:\windows\SWREG.exe
2009-06-16 04:19 155,136 a------- c:\windows\PEV.exe
2009-06-16 04:19 98,816 a------- c:\windows\sed.exe
2009-06-16 04:19 388,608 a------- c:\windows\system32\CF681.exe
2009-06-16 03:31 11,952 -------- c:\windows\system32\avgrsstx.dll.install_backup
2009-06-16 03:30 <DIR> --d----- c:\program files\AVG
2009-06-16 00:09 48,640 a------- c:\windows\system32\dowgiikx.dll
2009-06-16 00:02 <DIR> --d----- c:\program files\Xilisoft
2009-06-15 04:21 <DIR> --d----- c:\program files\common files\DivX Shared
2009-06-15 01:35 <DIR> --d----- c:\program files\common files\HP
2009-06-15 01:35 43,488 a------- c:\windows\system32\drivers\AFS2K.SYS
2009-06-15 01:28 38,867 -------- c:\windows\hpomdl03.dat.temp
2009-06-15 01:28 29,538 -------- c:\windows\hpoins03.dat.temp
2009-06-14 19:06 626,960 a----r-- c:\windows\system32\hpvaut32.dll
2009-06-14 19:06 487,424 a----r-- c:\windows\system32\hpvcp70.dll
2009-06-14 19:06 344,064 a----r-- c:\windows\system32\hpvcr70.dll
2009-06-14 19:06 44,544 a----r-- c:\windows\system32\MSXML4a.dll
2009-06-14 19:05 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2009-06-14 19:05 16,496 a----r-- c:\windows\system32\drivers\HPZipr12.sys
2009-06-14 19:05 51,056 a----r-- c:\windows\system32\drivers\hpzid412.sys
2009-06-14 19:04 21,488 a----r-- c:\windows\system32\drivers\HPZius12.sys
2009-06-14 19:04 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-06-14 19:04 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-06-14 19:02 <DIR> --d----- c:\program files\HP
2009-06-14 19:01 29,232 a------- c:\windows\hpoins03.dat
2009-06-14 19:01 38,867 -------- c:\windows\hpomdl03.dat
2009-06-12 15:29 49,904 a----r-- c:\windows\system32\drivers\BVRPMPR5.SYS
2009-06-12 15:28 <DIR> --d----- C:\Netgear
2009-06-12 15:23 <DIR> --d----- c:\windows\system32\LogFiles
2009-06-12 15:02 <DIR> --dsh--- c:\windows\ftpcache
2009-06-07 00:11 <DIR> --d----- c:\program files\common files\DirectX
2009-06-07 00:08 <DIR> --d----- c:\program files\Infogrames
2009-05-23 05:59 <DIR> --d----- c:\windows\SxsCaPendDel

==================== Find3M ====================

2009-06-16 00:15 79,872 a--sh--- c:\windows\system32\wayebomi.dll
2009-06-16 00:15 81,920 a--sh--- c:\windows\system32\juhijudu.dll
2009-04-03 23:14 2,035 a------- c:\windows\eReg.dat
2009-01-12 01:47 0 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLds.DAT
2008-03-16 19:33 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2008-02-16 22:46 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLec.DAT
2007-01-29 23:59 6,482,944 a------- c:\documents and settings\wickedj\ffmpeg.exe
2007-07-17 02:53 56 ---shr-- c:\windows\system32\7EEC9D3BBE.sys
2007-07-17 02:53 1,890 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-03-16 00:10 48,640 a--sh--- c:\windows\system32\ramobugu.dll
2009-03-16 00:10 48,640 a--sh--- c:\windows\system32\wuduzuli.dll

============= FINISH: 5:39:13.12 ===============


Thank you in advance for any and all help :thumbup2:

Attached Files



BC AdBot (Login to Remove)

 


#2 wickedj69

wickedj69
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:49 AM

Posted 16 June 2009 - 07:50 PM

Please lock/delete this, i was able to solve the problem using a guide from another forum

Thanks

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,806 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:49 AM

Posted 16 June 2009 - 08:06 PM

Hello

Thank you for letting us know. I'm glad that your computer problems have been fixed. Since this issue seems to be resolved, this thread will now be closed.

In case you experience any problems with the computer, please start a new topic.

Happy computing,

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users