javamama
2010-08-20, 18:35
My laptop has some sort of virus that won't allow any programs to be opened. All attempts to run anything, including Spybot, brings up a message that the program is infected with malicious malware and then it automatically opens Internet Explorer (which is not my default browser) and takes me to a website where it wants me to download an antivirus program. I can't do anything on my computer without this happening.
I had to download DDS using my Desktop computer and transfer it and run it using a memory stick. Here is the DDS log:
DDS (Ver_10-03-17.01) - NTFSx86 MINIMAL
Run by starlie at 12:16:36.15 on Fri 08/20/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1773 [GMT -4:00]
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
E:\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6522
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Azizuyokuyep] rundll32.exe "c:\windows\wmsbau.dll",Startup
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; FunWebProducts; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://edits.zwinky.com/zwinky-world/GamePlayer/play.jhtml?gameID=6"
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Axakud] rundll32.exe "c:\windows\ezogutud.dll",Startup
mRun: [punepycy] c:\documents and settings\networkservice\local settings\application data\rxneggrtw\uxedhfqshdw.exe
dRun: [punepycy] c:\documents and settings\networkservice\local settings\application data\rxneggrtw\uxedhfqshdw.exe
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
IE: &Search - ?p=ZJfox000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226801475787
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226801466787
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\0053.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\starlie\applic~1\mozilla\firefox\profiles\eutgkqd2.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.burningman.com
FF - plugin: c:\documents and settings\starlie\application data\mozilla\firefox\profiles\eutgkqd2.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\starlie\local settings\application data\huludesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {ACB8A0EA-E9AC-4D63-8704-53AC68E81E8E} - c:\documents and settings\starlie\local settings\application data\{ACB8A0EA-E9AC-4D63-8704-53AC68E81E8E}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-4-22 353672]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
=============== Created Last 30 ================
2010-08-20 15:53:41 388608 ----a-w- C:\HijackThis.exe
2010-08-20 14:52:58 2838 ----a-w- c:\windows\uroqipof.dll
2010-08-20 14:31:08 2838 ----a-w- c:\windows\oseruxilexexe.dll
2010-08-20 14:24:01 2838 ----a-w- c:\windows\wmpl32.exe
2010-08-17 01:21:40 257024 ----a-w- c:\windows\system32\0.302613130542024.exe
2010-08-15 19:43:10 0 d-----w- c:\program files\Free Window Registry Repair
2010-08-13 01:21:11 6898 ----a-w- c:\windows\system32\WORK.DAT
2010-08-13 01:21:09 25600 ----a-w- c:\windows\system32\0041.DLL
2010-08-13 01:21:06 46080 ---ha-w- c:\windows\system32\wexe.exe
2010-08-11 00:53:36 0 ---ha-w- c:\windows\system32\wupd.dat
2010-08-11 00:53:32 38400 ----a-w- c:\windows\system32\0053.DLL
2010-07-26 22:56:09 1098 ----a-w- c:\windows\Vfamiracevenup.dat
2010-07-26 22:56:09 0 ----a-w- c:\windows\Pmexoc.bin
2010-07-26 22:54:21 72704 ----a-w- c:\windows\system32\viruschert.exe
2010-07-24 13:45:25 0 d-----w- c:\windows\system32\wbem\Repository
==================== Find3M ====================
2010-07-13 01:37:06 92160 ----a-w- c:\windows\system32\anttraf.exe
2010-05-20 21:52:19 10367552 ----a-w- c:\program files\Opera_1053_en_Setup.exe
2010-05-19 18:42:21 1956656 ----a-w- c:\program files\install_flash_player_ax.exe
2009-01-04 17:26:27 1234120 -c--a-w- c:\program files\wrar380.exe
2008-12-21 21:35:01 4566456 -c--a-w- c:\program files\Shockwave_Installer_Slim.exe
2008-11-16 03:31:23 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008111520081116\index.dat
============= FINISH: 12:17:36.21 ===============
I've attached the attach.txt file
I had to download DDS using my Desktop computer and transfer it and run it using a memory stick. Here is the DDS log:
DDS (Ver_10-03-17.01) - NTFSx86 MINIMAL
Run by starlie at 12:16:36.15 on Fri 08/20/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1773 [GMT -4:00]
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
E:\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6522
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Azizuyokuyep] rundll32.exe "c:\windows\wmsbau.dll",Startup
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; FunWebProducts; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://edits.zwinky.com/zwinky-world/GamePlayer/play.jhtml?gameID=6"
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Axakud] rundll32.exe "c:\windows\ezogutud.dll",Startup
mRun: [punepycy] c:\documents and settings\networkservice\local settings\application data\rxneggrtw\uxedhfqshdw.exe
dRun: [punepycy] c:\documents and settings\networkservice\local settings\application data\rxneggrtw\uxedhfqshdw.exe
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
IE: &Search - ?p=ZJfox000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226801475787
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226801466787
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\0053.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\starlie\applic~1\mozilla\firefox\profiles\eutgkqd2.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.burningman.com
FF - plugin: c:\documents and settings\starlie\application data\mozilla\firefox\profiles\eutgkqd2.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\starlie\local settings\application data\huludesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {ACB8A0EA-E9AC-4D63-8704-53AC68E81E8E} - c:\documents and settings\starlie\local settings\application data\{ACB8A0EA-E9AC-4D63-8704-53AC68E81E8E}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-4-22 353672]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
=============== Created Last 30 ================
2010-08-20 15:53:41 388608 ----a-w- C:\HijackThis.exe
2010-08-20 14:52:58 2838 ----a-w- c:\windows\uroqipof.dll
2010-08-20 14:31:08 2838 ----a-w- c:\windows\oseruxilexexe.dll
2010-08-20 14:24:01 2838 ----a-w- c:\windows\wmpl32.exe
2010-08-17 01:21:40 257024 ----a-w- c:\windows\system32\0.302613130542024.exe
2010-08-15 19:43:10 0 d-----w- c:\program files\Free Window Registry Repair
2010-08-13 01:21:11 6898 ----a-w- c:\windows\system32\WORK.DAT
2010-08-13 01:21:09 25600 ----a-w- c:\windows\system32\0041.DLL
2010-08-13 01:21:06 46080 ---ha-w- c:\windows\system32\wexe.exe
2010-08-11 00:53:36 0 ---ha-w- c:\windows\system32\wupd.dat
2010-08-11 00:53:32 38400 ----a-w- c:\windows\system32\0053.DLL
2010-07-26 22:56:09 1098 ----a-w- c:\windows\Vfamiracevenup.dat
2010-07-26 22:56:09 0 ----a-w- c:\windows\Pmexoc.bin
2010-07-26 22:54:21 72704 ----a-w- c:\windows\system32\viruschert.exe
2010-07-24 13:45:25 0 d-----w- c:\windows\system32\wbem\Repository
==================== Find3M ====================
2010-07-13 01:37:06 92160 ----a-w- c:\windows\system32\anttraf.exe
2010-05-20 21:52:19 10367552 ----a-w- c:\program files\Opera_1053_en_Setup.exe
2010-05-19 18:42:21 1956656 ----a-w- c:\program files\install_flash_player_ax.exe
2009-01-04 17:26:27 1234120 -c--a-w- c:\program files\wrar380.exe
2008-12-21 21:35:01 4566456 -c--a-w- c:\program files\Shockwave_Installer_Slim.exe
2008-11-16 03:31:23 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008111520081116\index.dat
============= FINISH: 12:17:36.21 ===============
I've attached the attach.txt file