Thanks in advance!
Problem seemed to manifest after I download a torrent of an .avi file.
- computer restarts out of the blue
- mad amount of pop ups
- won't recognize USB flash device
- desktop background image w/ text "warning dangerous spyware following viruses were found on your computer: trojan horse, pass capture and etc. Your private information may be potentially transferred to third parties. Please, check the computer using advance software. Thanks."
- taskbar popup of "warning! computer is infected"
- ntdll64.exe error (send error report or don't send) on start up and at other various intervals.
DDS (Ver_09-05-14.01) - NTFSx86
Run by Erin at 11:20:24.95 on Sun 05/17/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.191 [GMT -3:00]
AV: avast! antivirus 4.8.1229 [VPS 080930-0] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\iTunesHelper.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\frmwrk32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Erin\Application Data\ptidle\ptidle.exe
C:\Documents and Settings\Erin\Application Data\Twain\Twain.exe
C:\Documents and Settings\Erin\Application Data\digifast\digifast.exe
C:\Documents and Settings\Erin\Application Data\Microsoft\Windows\yjfdjls.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Erin\Desktop\dds.scr
============== Pseudo HJT Report ===============
uInternet Connection Wizard,ShellNext = hxxp://www.weather.com/newscenter/hurricanecentral/2008/ike.html
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: CPV: {15421b84-3488-49a7-ad18-cbf84a3efaf6} - c:\program files\wwshow\WWShow.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: {8f64d665-e01a-47a2-850e-eb78301fe947} - c:\windows\system32\mawivawo.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Jcore class: {d88e1558-7c2d-407a-953a-c044f5607cea} - c:\program files\jcore\Jcore2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: DF Bar: {67fcef90-073e-11de-8c30-0800200c9a66} - %SystemRoot%\system32\shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ptidle] "c:\documents and settings\erin\application data\ptidle\ptidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
uRun: [Twain] c:\documents and settings\erin\application data\twain\Twain.exe
uRun: [DigiFast] c:\documents and settings\erin\application data\digifast\digifast.exe
uRun: [edTwD] c:\documents and settings\erin\application data\microsoft\windows\yjfdjls.exe
mRun: [SpywareBot] c:\program files\spywarebot\SpywareBot.exe -boot
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [iTunesHelper] "D:\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Framework Windows] frmwrk32.exe
mRun: [vanuvozuya] Rundll32.exe "c:\windows\system32\tofanuwo.dll",s
mRun: [0011c821] rundll32.exe "c:\windows\system32\miwajiho.dll",b
mRun: [CPM0322fbbd] Rundll32.exe "c:\windows\system32\sezerabo.dll",a
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
AppInit_DLLs: c:\windows\system32\yozugifi.dll c:\windows\system32\sezerabo.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sezerabo.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\sezerabo.dll
LSA: Notification Packages = scecli c:\windows\system32\yozugifi.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\erin\applic~1\mozilla\firefox\profiles\qsc7cswb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
www.rushisaband.com
FF - component: c:\documents and settings\all users\application data\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
FF - component: c:\documents and settings\all users\application data\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll
FF - component: c:\program files\mozilla firefox\components\dfff.dll
FF - component: c:\program files\mozilla firefox\components\WWShow.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: d:\mozilla plugins\npitunes.dll
============= SERVICES / DRIVERS ===============
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-5-27 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-5-27 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2007-7-6 147640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-12 24652]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2007-7-6 250040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2007-7-6 348344]
=============== Created Last 30 ================
2009-05-16 13:42 1,425,817 ---sh--- c:\windows\system32\ohijawim.ini
2009-05-14 17:11 <DIR> --d----- c:\docume~1\erin\applic~1\digifast
2009-05-14 17:06 <DIR> --d----- c:\docume~1\erin\applic~1\Twain
2009-05-14 17:01 <DIR> --d----- c:\program files\WWShow
2009-05-14 16:56 <DIR> --d----- c:\program files\Jcore
2009-05-14 14:35 <DIR> --d----- c:\program files\Lavasoft
2009-05-14 13:40 1,425,817 ---sh--- c:\windows\system32\anevenoy.ini
2009-05-13 17:08 1,400 a------- c:\windows\system32\ahtn.htm
2009-05-13 17:08 4,785 a------- c:\windows\system32\warning.gif
2009-05-13 17:07 104,960 a------- c:\windows\system32\ntdll64.exe
2009-05-13 17:07 1 a------- c:\windows\system32\uniq.tll
2009-05-13 17:07 19,456 a------- c:\windows\system32\frmwrk32.exe
2009-05-13 17:07 19,456 a------- c:\windows\system32\loader49.exe
2009-05-13 17:06 111,025 a------- c:\windows\system32\net.net
2009-05-13 16:57 1,398,493 ---sh--- c:\windows\system32\ujakemij.ini
2009-05-13 16:52 <DIR> --d----- c:\docume~1\erin\applic~1\ptidle
2009-05-13 16:52 165,376 a------- c:\windows\system32\prnet.tmp
2009-05-12 16:26 <DIR> --d----- C:\temp internet files
2009-05-12 15:59 <DIR> --d----- C:\The Office - Season 5
2009-05-09 09:18 <DIR> --d----- c:\program files\Regensoft
2009-05-09 09:18 <DIR> --d----- c:\program files\AviSynth 2.5
2009-05-09 09:18 <DIR> --d----- c:\program files\Ipod Video Converter
2009-05-02 15:32 <DIR> --d----- c:\program files\Codec Pack - All In 1
2009-04-19 13:51 6,144 a--sh--- C:\Thumbs.db
==================== Find3M ====================
2009-05-16 13:42 87,040 a--sh--- c:\windows\system32\sezerabo.dll
2009-05-16 13:42 78,848 a--sh--- c:\windows\system32\miwajiho.dll
2009-05-14 13:40 49,664 a--sh--- c:\windows\system32\merilaro.dll
2009-05-14 13:40 86,528 a--sh--- c:\windows\system32\romabotu.dll
2009-05-13 16:57 87,040 a--sh--- c:\windows\system32\fulefoze.dll
2009-05-13 16:57 79,872 -------- c:\windows\system32\jimekaju.dll
2009-05-02 15:32 737,280 ac------ c:\windows\iun6002.exe
2009-03-06 11:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 21:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 15:09 78,336 ac------ c:\windows\system32\ieencode.dll
2001-10-05 11:53 21,866 ac------ c:\program files\common files\tppupd2k.dll
2009-02-14 13:40 49,664 a--sh--- c:\windows\system32\mawivawo.dll
2009-02-14 13:40 49,664 a--sh--- c:\windows\system32\tofanuwo.dll
2009-02-14 13:40 49,664 a--sh--- c:\windows\system32\yozugifi.dll
2008-09-14 14:49 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091420080915\index.dat
============= FINISH: 11:21:01.93 ===============