Large problems arising, unable to stop.

**XRuecian** · 2009-03-25, 19:55

Within the last few days ive started to notice large changes happening on my system, and Everything i have tried to do to stop it or find out what it is, has failed. Here are some of the problems that have popped up lately, i have made no major changes or downloads lately:

(I use Windows XP)

1. Randomly, Internet Explorer opens and says my computer is infected and that it will run a virus scan, i assume this is a hijack fake ad, and i close it without clicking on anything, ill try to screenshot it if i can next time i see it.

2. The "Folder Options" in my Control Panel is gone.

3. Everytime i try to search for certain keywords or a certain keyword pops up in my browser, my browser seems to crash as if something doesnt want me to search for these terms, here are some of the terms that crash my browser: Anytime i search google for Malware, Avast, Malwarebytes, my browser will suddenly crash without an error.

4. Anytime i try to run certain anti virus/spyware programs, they open and close instantly without an error. Spybot will not open correctly, it freezes during the loading process. HijackThis will not open, it closes instantly. Avast does the same thing.
Some of the antispyware/virus programs that DONT crash when i try:
Spyware Terminator and Ad-Aware SE. I fully scanned my system with both and they found a few things but only minor threat items.

5. My internet seems to be much slower and it is going on and off constantly, this may or may not be related to my other problems, but it all started occuring around the same time.

I am having a hard time finding out what my problem is since i am unable to run HijackThis or Spybot, im not sure what to do.

Before these problems started, i was able to use all of these programs without any crashing.

I cant even search for my problem in google because it causes my browser to crash (i can search in google but anytime i search for something related to my PROBLEM, it crashes...)

**Blade81** · 2009-03-26, 16:27

Hi there,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt
Save both reports to your desktop. Post them back to your topic.

**XRuecian** · 2009-03-26, 18:29

Alright, here are the scan results:

DDS. Txt

DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 12:19:56.54 on Thu 03/26/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.195 [GMT -5:00]

AV: avast! antivirus 4.7.1098 [VPS 080426-0] *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Teamspeak2_RC2\server_windows.exe
C:\Program Files\SlimBrowser\sbrowser.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZYS5QHW8\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
mStart Page = hxxp://www.google.com
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.2.6.26.dll
BHO: {cc95b114-2813-4c80-b995-1e559cdf3002} - c:\windows\system32\jihokika.dll
BHO: {5e3e7598-f908-7208-53c4-d0ccdeac12de}: {ed21caed-cc0d-4c35-8027-809f8957e3e5} - c:\windows\system32\ymaceo.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\toolbar\ctbr.dll
TB: Copernic Agent: {f2e259e8-0fc8-438c-a6e0-342dd80fa53e} - c:\progra~1\copern~1\COPERN~1.DLL
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Copernic Agent Results: {6f480f82-c3a6-4d35-96f7-b297ad49fbe8} - c:\program files\copernic agent\CopernicAgentExt.dll
EB: Copernic Agent: {f2e259e8-0fc8-438c-a6e0-342dd80fa53e} - c:\progra~1\copern~1\COPERN~1.DLL
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [SpywareTerminator] "c:\program files\spyware terminator\SpywareTerminatorShield.exe"
mRun: [yesebiladu] Rundll32.exe "c:\windows\system32\vuropeje.dll",s
mRun: [a00cdb3c] rundll32.exe "c:\windows\system32\yakituro.dll",b
mRun: [CPMa33fe8a0] Rundll32.exe "c:\windows\system32\woyabejo.dll",a
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Crawler Search - tbr:iemenu
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.6.26.dll/206
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\owner\start menu\programs\imvu\Run IMVU.lnk
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {1E29FE02-6363-4749-939B-B8A1F68DBFBA} - hxxp://huxley.webzen.com/Files/ActiveX/WebStarter.cab
DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - hxxp://www.cherrytreeinn.com:8080/kxhcm10.ocx
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\copern~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\copern~1\COPERN~1.DLL
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\toolbar\ctbr.dll
Notify: dacacaeaaab - c:\windows\system32\dacacaeaaab.dll
AppInit_DLLs: c:\windows\system32\vunegezo.dll ajowbm.dll ymaceo.dll c:\windows\system32\woyabejo.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\woyabejo.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\woyabejo.dll
SEH: Internet Shortcut: {fbf23b40-e3f0-101b-8488-00aa003e56f8} - c:\windows\system32\ieframe.dll
LSA: Notification Packages = cli c:\windows\system32\vunegezo.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\w1u7f0b4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\progra~1\crawler\toolbar\firefox\components\xcomm.dll
FF - component: c:\progra~1\crawler\toolbar\firefox\components\xshared.dll
FF - component: c:\progra~1\crawler\toolbar\firefox\components\xsupport.dll
FF - component: c:\progra~1\crawler\toolbar\firefox\components\xwsg.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2007-5-9 142592]
R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\program files\conquer 2.0\data\vmlaunch\BuddyVM.sys [2004-10-5 15872]
R3 allkeys01;allkeys01;c:\windows\system32\drivers\allkeys01.sys [2007-1-22 7424]
R3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [2004-1-23 13952]
R3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [2004-1-23 28800]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2006-11-15 140664]
S2 fcf;FCF;c:\windows\system32\svchost.exe:exe.exe --> c:\windows\system32\svchost.exe:exe.exe [?]
S2 NinjaVideo Helper.exe;NinjaVideo Helper;"c:\program files\ninjavideo\ninjavideo helper\ninjavideo helper.exe" --> c:\program files\ninjavideo\ninjavideo helper\NinjaVideo Helper.exe [?]
S2 radoulsyp;radoulsyp;c:\windows\system32\svchost.exe -k netsvcs [2002-9-3 14336]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2007-5-9 247160]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2007-5-9 345464]
S3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;c:\windows\system32\drivers\bcm42xx5.sys [2006-12-22 54271]
S3 ESISTEMA53;ESISTEMA53;c:\program files\ruanengine\sistema32.sys [2007-1-2 27136]
S3 MAC607;MAC607 Filter;c:\windows\system32\drivers\MAC607.sys [2007-7-9 22144]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 restore;restore;\??\c:\windows\system32\drivers\restore.sys --> c:\windows\system32\drivers\restore.sys [?]

=============== Created Last 30 ================

2009-03-25 13:08 <DIR> --d----- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-03-25 13:07 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-03-25 13:07 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-03-25 13:07 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-03-25 12:23 3,291,597 ---sh--- c:\windows\system32\orutikay.ini
2009-03-25 12:22 139,776 a--sh--- c:\windows\system32\ymaceo.dll
2009-03-25 00:21 142,336 a--sh--- c:\windows\system32\qhfpag.dll
2009-03-24 12:05 3,291,579 ---sh--- c:\windows\system32\ekimopob.ini
2009-03-24 12:04 141,824 a--sh--- c:\windows\system32\beszjr.dll
2009-03-23 12:03 1,791,639 ---sh--- c:\windows\system32\ebukigek.ini
2009-03-23 12:03 140,800 a--sh--- c:\windows\system32\xcnwiw.dll
2009-03-23 00:27 294,400 ac------ c:\windows\system32\dllcache\msctf.dll
2009-03-23 00:27 294,400 a------- c:\windows\system32\msctf.dll
2009-03-23 00:20 <DIR> --d----- c:\docume~1\owner\applic~1\Uniblue
2009-03-23 00:18 <DIR> --d----- c:\program files\Uniblue
2009-03-23 00:18 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-03-23 00:03 1,410,518 ---sh--- c:\windows\system32\igamuwen.ini
2009-03-23 00:02 140,800 a--sh--- c:\windows\system32\tjlwzs.dll
2009-03-22 12:03 1,791,630 ---sh--- c:\windows\system32\ipebadip.ini
2009-03-22 12:02 140,800 -------- c:\windows\system32\ajowbm.dll
2009-03-22 00:02 1,791,634 ---sh--- c:\windows\system32\iluwiwur.ini
2009-03-22 00:02 141,824 a--sh--- c:\windows\system32\dcezmf.dll
2009-03-21 00:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Blizzard
2009-03-20 20:08 184,848 a------- C:\naidprla.exe
2009-03-20 20:08 10,240 a------- C:\wkaqjah.exe
2009-03-20 20:08 41,984 a------- C:\mtaueu.exe
2009-03-20 20:02 33,280 a------- c:\docume~1\owner\applic~1\wovmomsz.dll
2009-03-20 20:01 124,416 a------- C:\pvnncaoo.exe
2009-03-20 20:01 27,648 a------- c:\windows\system32\frmwrk32.exe
2009-03-20 20:00 117,228 a------- c:\windows\system32\drivers\bdf2405c.sys
2009-03-20 20:00 27,648 a------- C:\qvmkk.exe
2009-03-20 19:59 2 a------- C:\-1609770093
2009-03-20 19:59 8,704 a------- C:\gosfrwtt.exe
2009-03-20 19:59 182,656 ac------ c:\windows\system32\dllcache\ndis.sys
2009-03-20 19:59 184,848 a------- C:\tsqhvw.exe
2009-03-20 19:59 30,208 a------- c:\windows\system32\reader_s.exe
2009-03-20 19:59 30,208 a------- c:\documents and settings\owner\reader_s.exe
2009-03-20 19:59 41,984 a------- c:\windows\Xxovisetacok.dll
2009-03-20 19:59 10,240 a------- C:\stjr.exe
2009-03-20 19:59 41,984 a------- C:\qurdchd.exe
2009-03-20 19:59 10,240 a------- c:\windows\instsp2.exe
2009-03-20 19:59 141,312 a--sh--- c:\windows\system32\xmtwlh.dll
2009-03-20 07:59 1,798,802 ---sh--- c:\windows\system32\epowoyoz.ini
2009-03-20 07:58 140,288 a--sh--- c:\windows\system32\rrpdna.dll
2009-03-19 19:59 1,798,259 ---sh--- c:\windows\system32\adazelaj.ini
2009-03-19 19:58 141,312 a--sh--- c:\windows\system32\fnhamj.dll
2009-03-07 00:07 <DIR> --d----- C:\SEGA
2009-03-05 07:52 1,801,046 ---sh--- c:\windows\system32\ewosewij.ini
2009-03-05 05:11 1,902 a------- c:\windows\system32\BIN_STRSBW.SPT
2009-03-04 19:52 1,813,364 ---sh--- c:\windows\system32\ulanabaz.ini
2009-03-04 07:51 1,801,046 ---sh--- c:\windows\system32\uyetowos.ini
2009-03-03 19:51 1,628,540 ---sh--- c:\windows\system32\izeluvut.ini
2009-03-03 19:46 1,560,128 ---sh--- c:\windows\system32\ipibojol.ini
2009-03-03 07:45 1,560,128 ---sh--- c:\windows\system32\ufuwimud.ini
2009-03-02 19:45 1,560,128 ---sh--- c:\windows\system32\enatetip.ini
2009-03-02 07:45 1,560,128 ---sh--- c:\windows\system32\eletariv.ini
2009-03-01 19:45 1,560,128 ---sh--- c:\windows\system32\agovagas.ini
2009-03-01 07:45 1,560,128 ---sh--- c:\windows\system32\ilihomof.ini
2009-02-28 19:44 1,560,128 ---sh--- c:\windows\system32\onuwizet.ini
2009-02-28 07:44 1,560,128 ---sh--- c:\windows\system32\ifubemov.ini
2009-02-27 19:43 1,560,128 ---sh--- c:\windows\system32\evidukok.ini
2009-02-26 19:43 1,560,128 ---sh--- c:\windows\system32\azunasis.ini
2009-02-26 07:43 1,560,128 ---sh--- c:\windows\system32\itibifij.ini
2009-02-25 19:43 1,560,128 ---sh--- c:\windows\system32\apuyegoz.ini
2009-02-25 07:43 1,560,128 ---sh--- c:\windows\system32\ejudobuv.ini
2009-02-25 03:43 2,794,234 a------- c:\windows\system32\GameMon.des
2009-02-24 19:42 1,560,128 ---sh--- c:\windows\system32\ujuhigoj.ini

==================== Find3M ====================

2009-03-25 12:22 105,472 a------- c:\windows\system32\woyabejo.dll
2009-03-25 12:22 101,376 a--sh--- c:\windows\system32\yakituro.dll
2009-03-25 12:22 139,776 a--sh--- c:\windows\system32\galazere.dll
2009-03-25 00:21 142,336 a--sh--- c:\windows\system32\yenonoje.dll
2009-03-25 00:21 107,520 a--sh--- c:\windows\system32\yegemiso.dll
2009-03-24 12:04 141,824 a--sh--- c:\windows\system32\fopotami.dll
2009-03-24 12:04 100,352 -------- c:\windows\system32\bopomike.dll
2009-03-24 12:04 104,960 a--sh--- c:\windows\system32\vowiyuga.dll
2009-03-23 12:03 102,912 a--sh--- c:\windows\system32\kegikube.dll
2009-03-23 12:03 107,520 a--sh--- c:\windows\system32\newakoja.dll
2009-03-23 12:03 140,800 a--sh--- c:\windows\system32\muvuzuda.dll
2009-03-23 00:02 108,032 a--sh--- c:\windows\system32\hogalibe.dll
2009-03-23 00:02 140,800 a--sh--- c:\windows\system32\milikube.dll
2009-03-23 00:02 101,376 -------- c:\windows\system32\newumagi.dll
2009-03-22 12:02 101,888 a--sh--- c:\windows\system32\pidabepi.dll
2009-03-22 12:02 140,800 a--sh--- c:\windows\system32\zimizapa.dll
2009-03-22 12:02 105,984 a--sh--- c:\windows\system32\tufemivu.dll
2009-03-22 00:02 101,888 -------- c:\windows\system32\ruwiwuli.dll
2009-03-22 00:02 141,824 a--sh--- c:\windows\system32\lobeyari.dll
2009-03-22 00:02 105,472 a--sh--- c:\windows\system32\wenijalu.dll
2009-03-20 20:01 14,336 a------- c:\windows\system32\svchost.exe
2009-03-20 19:59 182,656 a------- c:\windows\system32\drivers\ndis.sys
2009-03-20 19:59 100,864 a--sh--- c:\windows\system32\fogeruwu.dll
2009-03-20 19:59 141,312 a--sh--- c:\windows\system32\nudewolu.dll
2009-03-20 19:59 107,520 a--sh--- c:\windows\system32\menonahe.dll
2009-03-20 07:58 140,288 a--sh--- c:\windows\system32\varelofu.dll
2009-03-20 07:58 105,984 a--sh--- c:\windows\system32\kobiyulu.dll.vir
2009-03-19 19:58 103,424 -------- c:\windows\system32\jalezada.dll
2009-03-19 19:58 141,312 a--sh--- c:\windows\system32\jinuriwa.dll
2009-03-19 19:58 106,496 a--sh--- c:\windows\system32\dobafigi.dll
2009-03-05 07:52 107,520 a--sh--- c:\windows\system32\rofeyaza.dll
2009-03-05 07:52 102,400 a--sh--- c:\windows\system32\jiwesowe.dll
2009-03-04 19:51 107,008 a--sh--- c:\windows\system32\nupikufo.dll
2009-03-04 19:51 103,424 -------- c:\windows\system32\zabanalu.dll
2009-03-04 07:51 105,984 a--sh--- c:\windows\system32\legumulo.dll
2009-03-04 07:51 101,376 -------- c:\windows\system32\sowoteyu.dll
2009-03-03 19:51 108,032 a--sh--- c:\windows\system32\lofaduro.dll
2009-03-03 19:45 72,352 a--sh--- c:\windows\system32\tufotubi.dll
2009-03-03 19:45 95,447 -------- c:\windows\system32\lojobipi.dll
2009-03-03 19:45 107,782 a--sh--- c:\windows\system32\loyadeva.dll
2009-03-03 19:45 144,031 a--sh--- c:\windows\system32\fowehuri.dll
2009-03-03 07:44 95,400 -------- c:\windows\system32\dumiwufu.dll
2009-03-03 07:44 107,653 a--sh--- c:\windows\system32\bajumaku.dll
2009-03-03 07:44 143,046 a--sh--- c:\windows\system32\siwohowu.dll
2009-03-02 19:44 109,757 a--sh--- c:\windows\system32\vegoyame.dll
2009-03-02 19:44 143,195 a--sh--- c:\windows\system32\wufunova.dll
2009-03-02 19:44 95,501 -------- c:\windows\system32\pitetane.dll
2009-03-02 07:44 109,800 a--sh--- c:\windows\system32\geyamiza.dll
2009-03-02 07:44 95,412 -------- c:\windows\system32\viratele.dll
2009-03-02 07:44 143,993 a--sh--- c:\windows\system32\vutigufe.dll
2009-03-01 19:44 143,123 a--sh--- c:\windows\system32\runivuji.dll
2009-03-01 19:44 109,141 a--sh--- c:\windows\system32\fekemide.dll
2009-03-01 19:44 95,529 -------- c:\windows\system32\sagavoga.dll
2009-03-01 07:44 95,361 -------- c:\windows\system32\fomohili.dll
2009-03-01 07:43 143,037 a--sh--- c:\windows\system32\vazalele.dll
2009-03-01 07:43 109,364 a--sh--- c:\windows\system32\jujikofa.dll
2009-02-28 19:43 144,108 a--sh--- c:\windows\system32\mafizowo.dll
2009-02-28 19:43 95,522 -------- c:\windows\system32\teziwuno.dll
2009-02-28 19:43 109,740 a--sh--- c:\windows\system32\husuyona.dll
2009-02-28 07:43 144,224 a--sh--- c:\windows\system32\korikabo.dll
2009-02-28 07:43 110,397 a--sh--- c:\windows\system32\polevina.dll
2009-02-28 07:43 95,569 -------- c:\windows\system32\vomebufi.dll
2009-02-27 19:43 143,078 a--sh--- c:\windows\system32\zofufelo.dll
2009-02-27 19:43 107,755 a--sh--- c:\windows\system32\jovireha.dll
2009-02-27 19:43 95,492 -------- c:\windows\system32\kokudive.dll
2009-02-27 07:43 144,040 a--sh--- c:\windows\system32\dosetiwi.dll
2009-02-27 07:43 95,346 a--sh--- c:\windows\system32\sobonewu.dll
2009-02-27 07:42 109,854 a--sh--- c:\windows\system32\zulopuye.dll
2009-02-26 19:42 144,113 a--sh--- c:\windows\system32\zezosivi.dll
2009-02-26 19:42 109,645 a--sh--- c:\windows\system32\wamasamu.dll
2009-02-26 19:42 95,492 -------- c:\windows\system32\sisanuza.dll
2009-02-26 07:42 144,097 a--sh--- c:\windows\system32\jabefebe.dll
2009-02-26 07:42 108,101 a--sh--- c:\windows\system32\yivateta.dll
2009-02-26 07:42 95,514 -------- c:\windows\system32\jifibiti.dll
2009-02-25 19:42 143,061 a--sh--- c:\windows\system32\janifedu.dll
2009-02-25 19:42 108,641 a--sh--- c:\windows\system32\bonafanu.dll
2009-02-25 19:42 95,469 -------- c:\windows\system32\zogeyupa.dll
2009-02-25 07:42 144,070 a--sh--- c:\windows\system32\gupuvefa.dll
2009-02-25 07:42 109,829 a--sh--- c:\windows\system32\vozigoji.dll
2009-02-25 07:42 95,479 -------- c:\windows\system32\vuboduje.dll
2009-02-25 04:40 109,072 a------- c:\windows\system32\WPRO_40_1340woem_nm.tmp
2009-02-25 04:40 96,784 a------- c:\windows\system32\WPRO_40_1340woem.tmp
2009-02-24 19:42 143,960 a--sh--- c:\windows\system32\fafakaza.dll
2009-02-24 19:42 108,794 a--sh--- c:\windows\system32\genetoda.dll
2009-02-24 14:31 142,592 a------- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-02-24 07:41 108,275 a--sh--- c:\windows\system32\vijohato.dll
2009-02-24 07:41 144,123 a--sh--- c:\windows\system32\niwofuzu.dll
2009-02-23 19:41 95,540 -------- c:\windows\system32\dozilibe.dll
2009-02-23 19:41 143,160 a--sh--- c:\windows\system32\gebuhobo.dll
2009-02-23 19:41 110,220 a--sh--- c:\windows\system32\kegojofa.dll
2009-02-23 07:41 142,981 a--sh--- c:\windows\system32\tudeyohi.dll
2009-02-23 07:41 109,333 a--sh--- c:\windows\system32\pihuzura.dll
2009-02-23 07:41 95,515 a--sh--- c:\windows\system32\fedabemi.dll
2009-02-22 19:41 108,793 a--sh--- c:\windows\system32\buhedina.dll
2009-02-22 19:41 143,147 a--sh--- c:\windows\system32\duzileru.dll
2009-02-22 19:41 95,510 a--sh--- c:\windows\system32\kedisuzo.dll
2009-02-22 05:37 95,359 a--sh--- c:\windows\system32\nojawipa.dll
2009-02-22 05:37 108,284 a--sh--- c:\windows\system32\tejulopa.dll
2009-02-22 05:36 143,938 a--sh--- c:\windows\system32\badezehi.dll
2009-02-21 17:36:52 A--SH--- 108,711 c:\windows\system32\wimigiro.dll
0000-00-00 00:00 73,349 a--sh--- c:\windows\system32\doyakipi.dll
0000-00-00 00:00 72,414 a--sh--- c:\windows\system32\felekaka.dll
0000-00-00 00:00 48,128 a--sh--- c:\windows\system32\gebegimi.dll
0000-00-00 00:00 72,352 a--sh--- c:\windows\system32\jihokika.dll
0000-00-00 00:00 68,608 a--sh--- c:\windows\system32\kadehomi.dll
0000-00-00 00:00 72,414 a--sh--- c:\windows\system32\konepoha.dll
0000-00-00 00:00 72,414 a--sh--- c:\windows\system32\lokoyovi.dll
0000-00-00 00:00 103,424 a--sh--- c:\windows\system32\lonumako.dll
0000-00-00 00:00 73,349 a--sh--- c:\windows\system32\nefudafi.dll
0000-00-00 00:00 107,520 a--sh--- c:\windows\system32\pugohawu.dll
0000-00-00 00:00 77,824 a--sh--- c:\windows\system32\rugafusi.dll
0000-00-00 00:00 73,349 a--sh--- c:\windows\system32\sivunege.dll
0000-00-00 00:00 22,528 a--sh--- c:\windows\system32\tepepife.dll
0000-00-00 00:00 72,352 a--sh--- c:\windows\system32\vuropeje.dll
0000-00-00 00:00 11,264 a--sh--- c:\windows\system32\wolizapa.dll
0000-00-00 00:00 39,936 a--sh--- c:\windows\system32\yurilori.dll
2008-10-07 09:49 16,384 a--sh--- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2008-10-07 09:49 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100720081008\index.dat
2008-10-10 20:11 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101020081011\index.dat

============= FINISH: 12:22:53.50 ===============

It says that my primary AntiVirus is Avast, but i have it disabled, and ive been wanting to remove it from my computer but been unable to do so. I use Spyware Terminator as my primary AV.

I attached the attach.txt in a zip as instructed in the DDS scan.

**Blade81** · 2009-03-26, 21:48

Hi,

It says that my primary AntiVirus is Avast, but i have it disabled, and ive been wanting to remove it from my computer but been unable to do so. I use Spyware Terminator as my primary AV.

You're better protected with Avast. It's recommended to keep it as your primary AV.

Ad-Aware SE Personal is not supported anymore. I recommend uninstalling it later. Same thing with Spybot - Search & Destroy 1.4. Version 1.6 is the latest one.

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitComet
BitTorrent
DNA

I'd like you to read this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Delete these folders afterwards:

c:\program files\bitcomet

Empty Recycle Bin.

After that:

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

**XRuecian** · 2009-03-27, 07:03

I will begin to follow your steps and i will post the results soon. But, as for now, i am not able to use Avast antivirus in any way, if i am able to get it working again i will take your advice and use it as my primary AV.

**XRuecian** · 2009-03-27, 10:08

I uninstalled all 3 of the mentioned P2P programs you asked. After attempting to delete the BitComet Folder i got an error saying a file is in use, i have not used any of these programs in months and i have disabled their startup, so it makes me suspicious how any of them could be in use. I took a screenshot of the error and posted it in an attachment.

**Blade81** · 2009-03-27, 16:06

Hi

Please follow up rest of instructions. We'll deal that problematic folder later

**XRuecian** · 2009-03-27, 18:21

The ComboFix says that my Avast antivirus is running and that i should close it before i continue. I checked all my proccesses and none of them seem related to avast, so im a bit confused why and how it could be running. I decided to stop and wait for your advice before continuing because it seemed important that i disable all my AVs before scanning.

**Blade81** · 2009-03-27, 18:37

Hi

Please, ignore the notification

**XRuecian** · 2009-03-28, 09:21

The scan completed, i attached the log in a zip. I was suprised to watch it delete so many files from my system32 folder..

Thread: Large problems arising, unable to stop.

Thread Tools

Display

Large problems arising, unable to stop.

Dds

Posting Permissions