Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › Windows acting weird
New Posts  All Forums:Forum Nav:

Windows acting weird

post #1 of 9
Thread Starter 
Heres my HijackThis Log, its ronuruso.dll thats causing it but I can't delete it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:07:23 PM, on 12/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\Program Files\\Lavasoft\\Ad-Aware\\aawservice.exe
C:\\WINDOWS\\Explorer.EXE
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\sched.exe
C:\\Program Files\\Microsoft IntelliType Pro\ype32.exe
C:\\Program Files\\Microsoft IntelliPoint\\point32.exe
C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig .exe
C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avguard.exe
C:\\WINDOWS\\system32\
vsvc32.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\Documents and Settings\\Jacob Silvia.SILVIA\\Desktop\\HijackThis.exe

O2 - BHO: (no name) - {2c9f0504-5079-4c32-b311-febc05b2e5d0} - C:\\WINDOWS\\system32\\kizevati.dll (file missing)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\\WINDOWS\\system32\
qRIcccA.dll
O2 - BHO: (no name) - {CE4052B2-8F96-4E6D-8535-160C6F50CF28} - C:\\WINDOWS\\system32\\hgGyVmKE.dll
O4 - HKLM\\..\\Run: [type32] "C:\\Program Files\\Microsoft IntelliType Pro\ype32.exe"
O4 - HKLM\\..\\Run: [IntelliPoint] "C:\\Program Files\\Microsoft IntelliPoint\\point32.exe"
O4 - HKLM\\..\\Run: [amd_dc_opt] C:\\Program Files\\AMD\\Dual-Core Optimizer\\amd_dc_opt.exe
O4 - HKLM\\..\\Run: [MSConfig] C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig .exe /auto
O4 - HKLM\\..\\Run: [telewakiwe] Rundll32.exe "C:\\WINDOWS\\system32\
onuruso.dll",s
O4 - HKLM\\..\\Run: [NvCplDaemon] RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup
O4 - HKUS\\S-1-5-19\\..\\Run: [telewakiwe] Rundll32.exe "C:\\WINDOWS\\system32\
onuruso.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\\S-1-5-20\\..\\Run: [telewakiwe] Rundll32.exe "C:\\WINDOWS\\system32\
onuruso.dll",s (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.6.0_05\\bin\\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.6.0_05\\bin\\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\\Program Files\\AIM\\aim.exe
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\\Program Files\\ShoppingReport\\Bin\\2.5.0\\ShoppingReport. dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\\Program Files\\ShoppingReport\\Bin\\2.5.0\\ShoppingReport. dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://vistatestdrive.com/ActiveX/VM...veXClient1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1206769333828
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab
O20 - AppInit_DLLs: C:\\WINDOWS\\system32\
ozahiti.dll
O20 - Winlogon Notify: rqRIcccA - C:\\WINDOWS\\SYSTEM32\
qRIcccA.dll
O22 - SharedTaskScheduler: FGYbf743iujndsfAfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\\Program Files\\Lavasoft\\Ad-Aware\\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avguard.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\\WINDOWS\\SmFjb2IgU2lsdmlh\\command.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\\Program Files\\iPod\\bin\\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\\Program Files\\Network Monitor\
etmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\\WINDOWS\\system32\
vsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\\WINDOWS\\system32\\HPZipm12.exe

--
End of file - 5055 bytes
Beasted
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD 64x2 6000+ 3.25 GIGABYTE GA-M61P-S3 XFX 7600GT 2x1GB GSkill DDR2-800 
Hard DriveOptical DriveOSMonitor
250GB 7200.10 Seagate SAMSUNG 20X DVD±R DVD Burner Windows XP Pro 22" Samsung 226BW 
PowerCase
Eartwatts 500W NZXT Apollo Blue 
  hide details  
Reply
Beasted
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD 64x2 6000+ 3.25 GIGABYTE GA-M61P-S3 XFX 7600GT 2x1GB GSkill DDR2-800 
Hard DriveOptical DriveOSMonitor
250GB 7200.10 Seagate SAMSUNG 20X DVD±R DVD Burner Windows XP Pro 22" Samsung 226BW 
PowerCase
Eartwatts 500W NZXT Apollo Blue 
  hide details  
Reply
post #2 of 9
end process tree in taskmanager, then delete. If that doesnt work, do the same thing while in safe mode.

Alternatively, if that dll is necessary, just download a fresh copy from the web, and go in safe mode, and copy the new one on top of the old one. That should work

:edit:

it's a virus, so run malwarebytes to destroy it
BloodfireLAN
(16 items)
 
  
CPUMotherboardGraphicsRAM
i5 2500K Asus P67 Pro Asus GTX 680 32GB G. Skill 
Hard DriveHard DriveOptical DriveOS
1TB SATA6 WD Caviar Black Corsair 240GB N/A Win 8 Pro x64 
MonitorMonitorMonitorKeyboard
Asus P278Q 1440p BenQ 1080p BenQ 1080p maxxkeyboard Custom Mechanical MX Cherry Brown 
PowerCaseMouseMouse Pad
Corsair 750TX Custom build in the works Logitech Trackball/Logitech Anywhere Mouse MX N/A 
  hide details  
Reply
BloodfireLAN
(16 items)
 
  
CPUMotherboardGraphicsRAM
i5 2500K Asus P67 Pro Asus GTX 680 32GB G. Skill 
Hard DriveHard DriveOptical DriveOS
1TB SATA6 WD Caviar Black Corsair 240GB N/A Win 8 Pro x64 
MonitorMonitorMonitorKeyboard
Asus P278Q 1440p BenQ 1080p BenQ 1080p maxxkeyboard Custom Mechanical MX Cherry Brown 
PowerCaseMouseMouse Pad
Corsair 750TX Custom build in the works Logitech Trackball/Logitech Anywhere Mouse MX N/A 
  hide details  
Reply
post #3 of 9
Thread Starter 
tried to delete with hijackthis and avira in safe mode and nothing works
Beasted
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD 64x2 6000+ 3.25 GIGABYTE GA-M61P-S3 XFX 7600GT 2x1GB GSkill DDR2-800 
Hard DriveOptical DriveOSMonitor
250GB 7200.10 Seagate SAMSUNG 20X DVD±R DVD Burner Windows XP Pro 22" Samsung 226BW 
PowerCase
Eartwatts 500W NZXT Apollo Blue 
  hide details  
Reply
Beasted
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD 64x2 6000+ 3.25 GIGABYTE GA-M61P-S3 XFX 7600GT 2x1GB GSkill DDR2-800 
Hard DriveOptical DriveOSMonitor
250GB 7200.10 Seagate SAMSUNG 20X DVD±R DVD Burner Windows XP Pro 22" Samsung 226BW 
PowerCase
Eartwatts 500W NZXT Apollo Blue 
  hide details  
Reply
post #4 of 9
Use malwarebytes, it has deleted crap in my PC that other stuff couldnt. If its a file that wont delete the sofware will reboot your system and destroy it befoe it boots all the way up.
TK-421
(14 items)
 
  
CPUMotherboardGraphicsRAM
2600K @4.5 1.22v Asus P8P67 Gigabyte GTX 970 G1 8gb Gskill Sniper 1.25v 
Hard DriveCoolingOSMonitor
1tb WD Black Thermalright Venomous X Windows 7 Pro 64bit Asus 24" 144hz 
KeyboardPowerCaseMouse
Logitech Corsair 550w HEC Logitech MX-518 
Mouse Pad
squishy one 
  hide details  
Reply
TK-421
(14 items)
 
  
CPUMotherboardGraphicsRAM
2600K @4.5 1.22v Asus P8P67 Gigabyte GTX 970 G1 8gb Gskill Sniper 1.25v 
Hard DriveCoolingOSMonitor
1tb WD Black Thermalright Venomous X Windows 7 Pro 64bit Asus 24" 144hz 
KeyboardPowerCaseMouse
Logitech Corsair 550w HEC Logitech MX-518 
Mouse Pad
squishy one 
  hide details  
Reply
post #5 of 9
Thread Starter 
I downloaded it but when I click on it it doesnt show but task manager says the proccess is running.
Beasted
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD 64x2 6000+ 3.25 GIGABYTE GA-M61P-S3 XFX 7600GT 2x1GB GSkill DDR2-800 
Hard DriveOptical DriveOSMonitor
250GB 7200.10 Seagate SAMSUNG 20X DVD±R DVD Burner Windows XP Pro 22" Samsung 226BW 
PowerCase
Eartwatts 500W NZXT Apollo Blue 
  hide details  
Reply
Beasted
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD 64x2 6000+ 3.25 GIGABYTE GA-M61P-S3 XFX 7600GT 2x1GB GSkill DDR2-800 
Hard DriveOptical DriveOSMonitor
250GB 7200.10 Seagate SAMSUNG 20X DVD±R DVD Burner Windows XP Pro 22" Samsung 226BW 
PowerCase
Eartwatts 500W NZXT Apollo Blue 
  hide details  
Reply
post #6 of 9
If you have a spare rig you could hook up the hard drive from the computer giving you trouble to another one and manually delete the .dll
    
CPUMotherboardGraphicsRAM
Intel 2500k Gigabyte Z68X-UD3H-B3 XFX HD5870 16GB G.Skill RipjawsX 
Hard DriveOptical DriveCoolingOS
60GB OCZ Vertex 3 + 2x TB Seagate LG DVD+RW Stock Intel Windows 7 64bit / OSX Mountain Lion 
MonitorKeyboardPowerCase
Dell ST2210 + 17" IBM Das Ultimate S Antec TruePower 650W Antec P183 
MouseMouse PadAudioAudio
Logitech MX Revolution X-Trac Ripper Objective 2 + ODAC Combo Sennheiser HD650 + Klipsch 2.1 Promedia 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Intel 2500k Gigabyte Z68X-UD3H-B3 XFX HD5870 16GB G.Skill RipjawsX 
Hard DriveOptical DriveCoolingOS
60GB OCZ Vertex 3 + 2x TB Seagate LG DVD+RW Stock Intel Windows 7 64bit / OSX Mountain Lion 
MonitorKeyboardPowerCase
Dell ST2210 + 17" IBM Das Ultimate S Antec TruePower 650W Antec P183 
MouseMouse PadAudioAudio
Logitech MX Revolution X-Trac Ripper Objective 2 + ODAC Combo Sennheiser HD650 + Klipsch 2.1 Promedia 
  hide details  
Reply
post #7 of 9
Thread Starter 
Doesn't work cause the DLL isnt there and when I try to delete it in the registry it doesnt work, jsut comes back.
Beasted
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD 64x2 6000+ 3.25 GIGABYTE GA-M61P-S3 XFX 7600GT 2x1GB GSkill DDR2-800 
Hard DriveOptical DriveOSMonitor
250GB 7200.10 Seagate SAMSUNG 20X DVD±R DVD Burner Windows XP Pro 22" Samsung 226BW 
PowerCase
Eartwatts 500W NZXT Apollo Blue 
  hide details  
Reply
Beasted
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD 64x2 6000+ 3.25 GIGABYTE GA-M61P-S3 XFX 7600GT 2x1GB GSkill DDR2-800 
Hard DriveOptical DriveOSMonitor
250GB 7200.10 Seagate SAMSUNG 20X DVD±R DVD Burner Windows XP Pro 22" Samsung 226BW 
PowerCase
Eartwatts 500W NZXT Apollo Blue 
  hide details  
Reply
post #8 of 9
Quote:
Originally Posted by Beastyy View Post
Doesn't work cause the DLL isnt there and when I try to delete it in the registry it doesnt work, jsut comes back.
most times they hide in system restore. turn this feature off the reboot. then turn if back on after you get rid of the virus.
post #9 of 9
Thread Starter 
After I disable system restore what should I do, jsut look in the system32 folder where it should be?
Beasted
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD 64x2 6000+ 3.25 GIGABYTE GA-M61P-S3 XFX 7600GT 2x1GB GSkill DDR2-800 
Hard DriveOptical DriveOSMonitor
250GB 7200.10 Seagate SAMSUNG 20X DVD±R DVD Burner Windows XP Pro 22" Samsung 226BW 
PowerCase
Eartwatts 500W NZXT Apollo Blue 
  hide details  
Reply
Beasted
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD 64x2 6000+ 3.25 GIGABYTE GA-M61P-S3 XFX 7600GT 2x1GB GSkill DDR2-800 
Hard DriveOptical DriveOSMonitor
250GB 7200.10 Seagate SAMSUNG 20X DVD±R DVD Burner Windows XP Pro 22" Samsung 226BW 
PowerCase
Eartwatts 500W NZXT Apollo Blue 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Windows
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › Windows acting weird