 Vuno/MySearch/SystemSecurity2009/zetojusu.dll errors, Jambalaya of viruses. |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Want a New HP LaserJet MFP? Trade in your old printer and receive $1,000 in savings!
Trade in your old printer and receive up to $1,000 in saving on a new HP LaserJet Multifunction Printer. Click here for savings!
Forum Guidelines
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.
Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help DO NOT RUN ComboFix unless requested to. Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
  Aug 23 2009, 01:18 AM
Post
#1
|
|
|
New Member  Group: Members Posts: 3 Joined: 23-August 09 Member No.: 367,788  |
I recently helped a friend fix/clean up his PC. He had problems with Vundo/Mysearch which I think I fixed a few months ago. Now he got scammed by SystemSecurity 2009 a rogue antispyware company. It infected his PC again and also caused a system32/zetojusu.dll error, which I believed I fixed again. I would really like an experts opinion though before I hand it back to him. I have completely updated Windows, Java, Flash, and Acrobat. I installed Comodo Firewall, Spyware Blaster, and used MBAM to remove the virus. VundoFix found nothing. A second scan with MBAM found nothing. I also used CCleaner. He does not have his copy of Win XP Home, so I am unable to do a repair install, fix the MBR, or reinstall his OS etc. Thanks in advance for taking the time to look this over. Franz DDS (Ver_09-07-30.01) - NTFSx86 Run by Alan at 1:38:41.75 on Sun 08/23/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15 ============== Pseudo HJT Report =============== uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s mSearchAssistant = hxxp://www.google.com/ie mURLSearchHooks: H - No File mWinlogon: Userinit=c:\windows\system32\Userinit.exe BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - No File BHO: {b56a7d7d-6927-48c8-a975-17df180c71ac} - PCTools Browser Monitor BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File TB: {C17590D2-ECB4-4b15-8820-F58798DCC118} - No File TB: {61539ecd-cc67-4437-a03c-9aaccbd14326} - No File TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL mRun: [VTTimer] VTTimer.exe mRun: [AOLDialer] "c:\program files\common files\aol\acs\AOLDial.exe" mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe" mRun: [HostManager] "c:\program files\common files\aol\1183464832\ee\AOLSoftware.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay mRun: [SoundMan] SOUNDMAN.EXE dRun: [Exetender] "c:\program files\verizon games on demand player\GPlayer.exe /runonstartup" dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\bridget\start menu\programs\imvu\Run IMVU.lnk IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - {A1EDC4A1-940F-48E0-8DFD-E38F1D501021} IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} - hxxp://games.bigfishgames.com/en_dairy-dash-game/online/DairyDashWeb.1.0.0.15.cab DPF: {068BFA33-99F4-4BA9-887D-182386FA2931} - hxxp://download.playfirst.com/play/game/spongebobdash/SpongeBobDinerDashWeb.1.0.0.17.cab DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Nanny%20Mania%202%20-%20Hollywood/Images/stg_drm.ocx DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} - hxxp://www.shockwave.com/content/bigcityadventuresf/sis/JBGamePlayer.cab DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} - hxxp://www.worldwinner.com/games/v49/luxor/luxor.cab DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Wedding%20Dash/Images/armhelper.ocx DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - hxxp://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://www.shockwave.com/content/cinematycoon/sis/cinematycoon.cab TCP: {DF593D5B-4B66-4EB4-992A-4B5D5FAF4FDC} = 156.154.70.22,156.154.71.22 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: AtiExtEvent - Ati2evxx.dll AppInit_DLLs: c:\windows\system32\guard32.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - No File SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\alan\applic~1\mozilla\firefox\profiles\w7yr6qn9.default\ FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\picasa2\npPicasa2.dll FF - plugin: c:\program files\verizon games on demand player\npExentCtl.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== =============== Created Last 30 ================ 2009-08-23 01:12 <DIR> --d----- c:\program files\Trend Micro 2009-08-23 01:09 49,152 a------- c:\windows\system32\ChCfg.exe 2009-08-23 01:08 <DIR> --d----- c:\program files\Realtek AC97 2009-08-23 01:08 1,846,632 a------- c:\windows\system32\D3DCompiler_41.dll 2009-08-23 01:08 453,456 a------- c:\windows\system32\d3dx10_41.dll 2009-08-23 01:08 4,178,264 a------- c:\windows\system32\D3DX9_41.dll 2009-08-23 01:08 517,448 a------- c:\windows\system32\XAudio2_4.dll 2009-08-23 01:08 69,448 a------- c:\windows\system32\XAPOFX1_3.dll 2009-08-23 01:08 235,352 a------- c:\windows\system32\xactengine3_4.dll 2009-08-23 01:08 22,360 a------- c:\windows\system32\X3DAudio1_6.dll 2009-08-23 01:06 237,848 a------- c:\windows\system32\xactengine2_4.dll 2009-08-23 01:06 15,128 a------- c:\windows\system32\x3daudio1_1.dll 2009-08-23 01:06 2,414,360 a------- c:\windows\system32\d3dx9_31.dll 2009-08-23 01:06 236,824 a------- c:\windows\system32\xactengine2_3.dll 2009-08-23 01:06 62,744 a------- c:\windows\system32\xinput1_2.dll 2009-08-23 01:05 <DIR> --d-h--- c:\windows\msdownld.tmp 2009-08-23 01:05 <DIR> --d----- c:\windows\Logs 2009-08-23 00:46 <DIR> --d----- C:\ATI 2009-08-22 23:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Comodo 2009-08-22 23:23 179,792 a------- c:\windows\system32\guard32.dll 2009-08-22 23:23 132,040 a------- c:\windows\system32\drivers\cmdguard.sys 2009-08-22 23:23 25,160 a------- c:\windows\system32\drivers\cmdhlp.sys 2009-08-22 23:23 <DIR> --d----- c:\program files\COMODO 2009-08-22 23:12 <DIR> --d----- c:\program files\SpywareBlaster 2009-08-22 23:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2009-08-22 23:07 <DIR> --d----- c:\program files\SUPERAntiSpyware 2009-08-22 23:07 <DIR> --d----- c:\docume~1\alan\applic~1\SUPERAntiSpyware.com 2009-08-22 23:07 <DIR> --d----- c:\program files\common files\Wise Installation Wizard 2009-08-22 22:17 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat 2009-08-22 21:57 <DIR> --d----- c:\windows\system32\XPSViewer 2009-08-22 21:56 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll 2009-08-22 21:56 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-22 21:56 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-22 21:56 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-22 21:56 1,676,288 -------- c:\windows\system32\xpssvcs.dll 2009-08-22 21:56 575,488 -------- c:\windows\system32\xpsshhdr.dll 2009-08-22 21:56 117,760 -------- c:\windows\system32\prntvpt.dll 2009-08-22 21:56 <DIR> --d----- C:\8dc6d646d574c03d0fbec50acaa0 2009-08-22 21:10 <DIR> -cd-h--- c:\windows\ie8 2009-08-22 21:01 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll 2009-08-22 21:01 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll 2009-08-22 20:48 <DIR> --dsh--- c:\documents and settings\alan\IECompatCache 2009-08-22 20:24 <DIR> --d----- C:\VundoFix Backups 2009-08-22 19:24 116,224 ac------ c:\windows\system32\dllcache\xrxwiadr.dll 2009-08-22 19:23 23,040 ac------ c:\windows\system32\dllcache\xrxwbtmp.dll 2009-08-22 19:23 18,944 ac------ c:\windows\system32\dllcache\xrxscnui.dll 2009-08-22 19:23 27,648 ac------ c:\windows\system32\dllcache\xrxftplt.exe 2009-08-22 19:23 4,608 ac------ c:\windows\system32\dllcache\xrxflnch.exe 2009-08-22 19:23 99,865 ac------ c:\windows\system32\dllcache\xlog.exe 2009-08-22 19:23 16,970 ac------ c:\windows\system32\dllcache\xem336n5.sys 2009-08-22 19:23 19,455 ac------ c:\windows\system32\dllcache\wvchntxx.sys 2009-08-22 19:23 19,200 ac------ c:\windows\system32\dllcache\wstcodec.sys 2009-08-22 19:23 12,063 ac------ c:\windows\system32\dllcache\wsiintxx.sys 2009-08-22 19:23 8,192 ac------ c:\windows\system32\dllcache\wshirda.dll 2009-08-22 19:23 8,832 ac------ c:\windows\system32\dllcache\wmiacpi.sys 2009-08-22 19:23 154,624 ac------ c:\windows\system32\dllcache\wlluc48.sys 2009-08-22 19:21 90,900 a----r-- c:\windows\system32\drivers\OLD833.tmp 2009-08-22 19:21 942,675 a----r-- c:\windows\system32\drivers\OLD82F.tmp 2009-08-22 19:21 936,833 a----r-- c:\windows\system32\drivers\OLD825.tmp 2009-08-22 19:21 249,402 ac------ c:\windows\system32\dllcache\vinwm.sys 2009-08-22 19:21 24,576 ac------ c:\windows\system32\dllcache\viairda.sys 2009-08-22 19:21 53,760 ac------ c:\windows\system32\dllcache\vfwwdm32.dll 2009-08-22 19:21 687,999 ac------ c:\windows\system32\dllcache\usrwdxjs.sys 2009-08-22 19:21 765,884 ac------ c:\windows\system32\dllcache\usrti.sys 2009-08-22 19:21 113,762 ac------ c:\windows\system32\dllcache\usrpda.sys 2009-08-22 19:21 7,556 ac------ c:\windows\system32\dllcache\usroslba.sys 2009-08-22 19:21 224,802 ac------ c:\windows\system32\dllcache\usr1807a.sys 2009-08-22 19:21 794,399 ac------ c:\windows\system32\dllcache\usr1806v.sys 2009-08-22 19:19 11,520 ac------ c:\windows\system32\dllcache\twotrack.sys 2009-08-22 19:18 28,232 ac------ c:\windows\system32\dllcache\tos4mo.sys 2009-08-22 19:17 94,293 ac------ c:\windows\system32\dllcache\sxports.dll 2009-08-22 19:16 61,824 ac------ c:\windows\system32\dllcache\speed.sys 2009-08-22 19:15 6,784 ac------ c:\windows\system32\dllcache\smbhc.sys 2009-08-22 19:14 252,032 ac------ c:\windows\system32\dllcache\sis300iv.dll 2009-08-22 19:13 23,936 ac------ c:\windows\system32\dllcache\sccmn50m.sys 2009-08-22 19:12 27,648 ac------ c:\windows\system32\dllcache\rw430ext.dll 2009-08-22 19:12 19,017 ac------ c:\windows\system32\dllcache\rtl8029.sys 2009-08-22 19:12 30,720 ac------ c:\windows\system32\dllcache\rthwcls.sys 2009-08-22 19:12 9,216 ac------ c:\windows\system32\dllcache\rsmgrstr.dll 2009-08-22 19:12 3,840 ac------ c:\windows\system32\dllcache\rpfun.sys 2009-08-22 19:12 79,104 ac------ c:\windows\system32\dllcache\rocket.sys 2009-08-22 19:12 37,563 ac------ c:\windows\system32\dllcache\rlnet5.sys 2009-08-22 19:12 86,097 ac------ c:\windows\system32\dllcache\reslog32.dll 2009-08-22 19:12 19,584 ac------ c:\windows\system32\dllcache\rasirda.sys 2009-08-22 19:12 714,762 ac------ c:\windows\system32\dllcache\r2mdmkxx.sys 2009-08-22 19:12 899,146 ac------ c:\windows\system32\dllcache\r2mdkxga.sys 2009-08-22 19:12 41,472 ac------ c:\windows\system32\dllcache\qvusd.dll 2009-08-22 19:12 3,328 ac------ c:\windows\system32\dllcache\qv2kux.sys 2009-08-22 19:10 121,344 ac------ c:\windows\system32\dllcache\phvfwext.dll 2009-08-22 19:09 41,984 ac------ c:\windows\system32\dllcache\ovui2rc.dll 2009-08-22 19:08 198,144 ac------ c:\windows\system32\dllcache\nv3.sys 2009-08-22 19:07 27,936 ac------ c:\windows\system32\dllcache\n9i3d.sys 2009-08-22 19:06 12,416 ac------ c:\windows\system32\dllcache\msriffwv.sys 2009-08-22 19:06 2,944 ac------ c:\windows\system32\dllcache\msmpu401.sys 2009-08-22 19:06 22,016 ac------ c:\windows\system32\dllcache\msircomm.sys 2009-08-22 19:06 35,200 ac------ c:\windows\system32\dllcache\msgame.sys 2009-08-22 19:06 56,832 ac------ c:\windows\system32\dllcache\msdvbnp.ax 2009-08-22 19:06 6,016 ac------ c:\windows\system32\dllcache\msfsio.sys 2009-08-22 19:06 51,200 ac------ c:\windows\system32\dllcache\msdv.sys 2009-08-22 19:06 17,280 ac------ c:\windows\system32\dllcache\mraid35x.sys 2009-08-22 19:06 15,232 ac------ c:\windows\system32\dllcache\mpe.sys 2009-08-22 19:04 70,730 ac------ c:\windows\system32\dllcache\lne100tx.sys 2009-08-22 19:03 26,624 ac------ c:\windows\system32\dllcache\irstusb.sys 2009-08-22 19:02 154,496 ac------ c:\windows\system32\dllcache\icam4usb.sys 2009-08-22 19:01 50,751 ac------ c:\windows\system32\dllcache\hsf_tone.sys 2009-08-22 19:00 48,128 ac------ c:\windows\system32\dllcache\hpgt33tk.dll 2009-08-22 18:59 442,240 ac------ c:\windows\system32\dllcache\fpnpbase.sys 2009-08-22 18:58 40,704 ac------ c:\windows\system32\dllcache\es1371mp.sys 2009-08-22 18:57 20,992 ac------ c:\windows\system32\dllcache\dshowext.ax 2009-08-22 18:56 110,592 ac------ c:\windows\system32\dllcache\dc260usd.dll 2009-08-22 18:55 45,696 ac------ c:\windows\system32\dllcache\cirrus.sys 2009-08-22 18:54 13,824 ac------ c:\windows\system32\dllcache\bulltlp3.sys 2009-08-22 18:53 268,160 ac------ c:\windows\system32\dllcache\atidvai.dll 2009-08-22 18:52 101,888 ac------ c:\windows\system32\dllcache\adpu160m.sys 2009-08-22 18:51 66,048 ac------ c:\windows\system32\dllcache\s3legacy.dll 2009-08-22 10:59 <DIR> --d----- c:\program files\CCleaner 2009-08-20 17:28 <DIR> --d----- c:\docume~1\alan\applic~1\Malwarebytes 2009-08-20 17:28 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-20 17:28 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-08-20 17:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-08-20 17:28 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-08-14 23:26 <DIR> --d----- c:\program files\Wedding Dash - Ready, Aim, Love 2009-08-13 18:23 <DIR> --d----- c:\program files\Build-a-Lot 4 - Power Source 2009-08-12 15:37 <DIR> --d----- c:\program files\Farm Frenzy 2 2009-08-12 15:36 <DIR> --d----- c:\program files\Burger Shop 2 2009-08-12 15:35 <DIR> --d----- c:\program files\Nanny Mania 2 - Hollywood 2009-08-12 15:34 <DIR> --d----- c:\program files\Turbo Subs 2009-08-12 15:23 <DIR> --d----- c:\program files\Turbo Pizza 2009-08-12 03:03 <DIR> --d----- c:\program files\Turbo Fiesta 2009-08-11 17:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\FarmFrenzy3 2009-08-11 15:48 <DIR> --d----- c:\program files\Alawar 2009-08-11 15:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\GoBit Games 2009-08-09 21:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CasualForge 2009-08-09 18:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Mean Hamster 2009-08-09 17:46 <DIR> --d----- c:\program files\Hotel Mogul 2009-08-09 17:40 <DIR> --d----- c:\program files\Chicken Chase 2009-08-09 14:49 32,656 a------- c:\windows\system32\msonpmon.dll 2009-08-09 02:28 <DIR> --d----- c:\temp\Microsoft Office Enterprise 2007 English 2009-08-08 15:12 <DIR> --d----- c:\program files\Top Chef 2009-08-08 10:43 <DIR> --d----- c:\documents and settings\alan\Contacts 2009-08-06 14:03 <DIR> --d----- c:\program files\TweetDeck 2009-08-04 12:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Merscom 2009-08-03 20:10 <DIR> --d----- c:\program files\DQ Tycoon 2009-08-03 19:59 <DIR> --d----- c:\program files\Jojo's Fashion Show 2009-08-03 19:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Playtonium Games 2009-08-03 18:35 <DIR> --d----- c:\program files\Home Sweet Home 2009-08-03 18:32 <DIR> --d----- c:\program files\Build-a-lot 2009-08-03 17:59 <DIR> --d----- c:\program files\Westward III 2009-08-03 17:12 <DIR> --d----- c:\program files\Kudos Rock Legend 2009-08-03 17:09 <DIR> --d----- c:\program files\Pat Sajak's Trivia Gems 2009-08-03 17:05 <DIR> --d----- c:\program files\bfgclient 2009-08-03 11:36 54,156 a---h--- c:\windows\QTFont.qfn 2009-08-03 11:36 1,409 a------- c:\windows\QTFont.for 2009-08-03 06:14 <DIR> --dsh--- c:\documents and settings\alan\IETldCache 2009-07-30 17:43 <DIR> --d----- C:\Temp 2009-07-29 21:15 <DIR> --d----- c:\docume~1\alan\applic~1\AOL 2009-07-29 15:43 <DIR> --d----- c:\program files\twhirl 2009-07-28 15:36 <DIR> --d----- c:\program files\Rockstar Games 2009-07-25 11:32 <DIR> --dsh--- c:\documents and settings\alan\PrivacIE 2009-07-25 11:05 <DIR> --d----- c:\documents and settings\Alan ==================== Find3M ==================== 2009-08-12 18:09 37,376 a--sh--- c:\windows\system32\nuzevuzi.dll 2009-08-12 05:53 37,888 a--sh--- c:\windows\system32\rahuziti.dll 2009-08-11 20:46 84,992 a--sh--- c:\windows\system32\hihogufe.dll 2009-08-11 20:46 37,376 a--sh--- c:\windows\system32\fofizuju.dll 2009-08-11 20:24 84,992 a--sh--- c:\windows\system32\naniyizo.dll 2009-08-11 20:01 84,992 a--sh--- c:\windows\system32\movemora.dll 2009-08-11 20:01 37,888 a--sh--- c:\windows\system32\foyitufa.dll 2009-08-11 19:39 84,992 a--sh--- c:\windows\system32\kahasuha.dll 2009-08-11 19:39 37,888 a--sh--- c:\windows\system32\monuviwi.dll 2009-08-11 19:16 84,992 a--sh--- c:\windows\system32\govujena.dll 2009-08-11 06:35 83,968 a--sh--- c:\windows\system32\kekasika.dll 2009-08-10 18:38 49,664 a--sh--- c:\windows\system32\gerogije.dll 2009-08-10 18:37 84,992 a--sh--- c:\windows\system32\wofomobu.dll 2009-08-10 18:27 84,992 a--sh--- c:\windows\system32\tazazasa.dll 2009-08-10 18:27 37,888 a--sh--- c:\windows\system32\sosazeri.dll 2009-08-10 06:09 84,480 a--sh--- c:\windows\system32\ritujute.dll 2009-08-10 06:09 37,376 a--sh--- c:\windows\system32\venijija.dll 2009-08-10 02:34 84,480 a--sh--- c:\windows\system32\fadonovi.dll 2009-08-10 02:34 37,376 a--sh--- c:\windows\system32\wojifoge.dll 2009-08-10 02:12 84,480 a--sh--- c:\windows\system32\datudove.dll 2009-08-10 02:12 37,376 a--sh--- c:\windows\system32\mivadulu.dll 2009-08-10 01:49 84,480 a--sh--- c:\windows\system32\mupitera.dll 2009-08-10 01:49 37,376 a--sh--- c:\windows\system32\mijepubi.dll 2009-08-10 01:22 84,480 a--sh--- c:\windows\system32\monajode.dll 2009-08-10 01:22 37,376 a--sh--- c:\windows\system32\yitebuza.dll 2009-08-09 15:08 84,480 a--sh--- c:\windows\system32\hajegiwa.dll 2009-08-09 15:08 37,888 a--sh--- c:\windows\system32\jemovese.dll 2009-08-09 14:54 84,480 a--sh--- c:\windows\system32\vegujele.dll 2009-08-09 14:54 37,888 a--sh--- c:\windows\system32\wibapaza.dll 2009-08-09 14:24 84,480 a--sh--- c:\windows\system32\lezuyenu.dll 2009-08-09 14:24 37,888 a--sh--- c:\windows\system32\wumugaka.dll 2009-08-09 14:01 84,480 a--sh--- c:\windows\system32\buguduno.dll 2009-08-09 14:01 37,888 a--sh--- c:\windows\system32\funamazi.dll 2009-08-09 13:39 84,480 a--sh--- c:\windows\system32\dowosiki.dll 2009-08-09 13:38 37,888 a--sh--- c:\windows\system32\rezutepi.dll 2009-08-09 13:16 84,480 a--sh--- c:\windows\system32\wabatase.dll 2009-08-09 13:16 37,888 a--sh--- c:\windows\system32\gevuniya.dll 2009-08-09 12:53 84,480 a--sh--- c:\windows\system32\sojamuli.dll 2009-08-09 12:53 37,888 a--sh--- c:\windows\system32\topohije.dll 2009-08-09 12:31 84,480 a--sh--- c:\windows\system32\juyimuri.dll 2009-08-09 12:31 37,888 a--sh--- c:\windows\system32\dedodada.dll 2009-08-09 12:08 84,992 a--sh--- c:\windows\system32\mererijo.dll 2009-08-09 12:08 38,400 a--sh--- c:\windows\system32\gavehere.dll 2009-08-09 11:46 84,992 a--sh--- c:\windows\system32\junodefu.dll 2009-08-09 11:46 38,400 a--sh--- c:\windows\system32\hegulihu.dll 2009-08-09 11:23 84,992 a--sh--- c:\windows\system32\tasisura.dll 2009-08-09 11:23 38,400 a--sh--- c:\windows\system32\gejapifo.dll 2009-08-08 23:18 84,480 a--sh--- c:\windows\system32\yisavisu.dll 2009-08-08 23:18 38,400 a--sh--- c:\windows\system32\danujave.dll 2009-08-08 22:55 84,480 a--sh--- c:\windows\system32\nidefafe.dll 2009-08-08 22:55 38,400 a--sh--- c:\windows\system32\rukohayo.dll 2009-08-08 10:39 83,968 a--sh--- c:\windows\system32\rujamika.dll 2009-08-08 10:39 37,888 a--sh--- c:\windows\system32\yuwehosu.dll 2009-08-07 14:59 84,480 a--sh--- c:\windows\system32\tifupeva.dll 2009-08-07 14:59 37,888 a--sh--- c:\windows\system32\yabohoyu.dll 2009-08-06 13:34 84,992 a--sh--- c:\windows\system32\yujukaku.dll 2009-08-06 01:34 83,968 a--sh--- c:\windows\system32\namejara.dll 2009-08-05 13:34 49,664 a--sh--- c:\windows\system32\yeruduki.dll 2009-08-05 13:34 84,992 a--sh--- c:\windows\system32\lobofenu.dll 2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-08-04 23:55 85,504 a--sh--- c:\windows\system32\joponudo.dll 2009-08-04 11:58 84,992 a--sh--- c:\windows\system32\bupodaze.dll 2009-08-03 23:30 84,992 a--sh--- c:\windows\system32\mefolara.dll 2009-08-03 10:31 50,176 a--sh--- c:\windows\system32\mulumobu.dll 2009-08-02 21:10 85,504 a--sh--- c:\windows\system32\fomofege.dll 2009-08-02 09:10 84,992 a--sh--- c:\windows\system32\lonayemu.dll 2009-08-01 19:51 84,992 a--sh--- c:\windows\system32\bezayedo.dll 2009-08-01 01:21 84,992 a--sh--- c:\windows\system32\zeyoheko.dll 2009-07-31 13:20 85,504 a--sh--- c:\windows\system32\zumidiba.dll 2009-07-30 13:19 84,992 a--sh--- c:\windows\system32\najejifo.dll 2009-07-29 00:37 119,808 a------- c:\windows\system32\t2embed.dll 2009-07-29 00:37 81,920 a------- c:\windows\system32\fontsub.dll 2009-07-28 01:29 190,976 a--sh--- c:\windows\system32\lugarine.dll 2009-07-27 13:31 84,992 a--sh--- c:\windows\system32\fugedepi.dll 2009-07-27 00:02 86,016 a--sh--- c:\windows\system32\lanikuwo.dll 2009-07-26 12:04 86,016 a--sh--- c:\windows\system32\dijuzihi.dll 2009-07-25 23:05 85,504 a--sh--- c:\windows\system32\fewusopa.dll 2009-07-25 11:06 86,016 a--sh--- c:\windows\system32\nadusifa.dll 2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll 2009-07-24 19:01 86,016 a--sh--- c:\windows\system32\birizofu.dll 2009-07-22 02:42 85,504 a--sh--- c:\windows\system32\pavulahi.dll 2009-07-21 14:44 85,504 a--sh--- c:\windows\system32\sunapija.dll 2009-07-20 13:50 714,793 a--sh--- c:\windows\system32\walikahe.exe 2009-07-20 01:33 715,305 a--sh--- c:\windows\system32\zurufalo.exe 2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll 2009-07-16 03:22 718,885 a--sh--- c:\windows\system32\jogihuju.exe 2009-07-16 02:59 718,885 a--sh--- c:\windows\system32\rajenoka.exe 2009-07-16 02:37 718,885 a--sh--- c:\windows\system32\vinomisu.exe 2009-07-16 02:14 718,885 a--sh--- c:\windows\system32\bofuwike.exe 2009-07-15 13:56 718,885 a--sh--- c:\windows\system32\rigagine.exe 2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll 2009-07-09 12:57 50,176 a--sh--- c:\windows\system32\jikonidi.dll 2009-07-08 19:28 84,992 a--sh--- c:\windows\system32\repeseza.dll 2009-07-03 13:09 915,456 a------- c:\windows\system32\wininet.dll 2009-06-25 04:25 730,112 a------- c:\windows\system32\lsasrv.dll 2009-06-25 04:25 301,568 a------- c:\windows\system32\kerberos.dll 2009-06-25 04:25 147,456 a------- c:\windows\system32\schannel.dll 2009-06-25 04:25 136,192 a------- c:\windows\system32\msv1_0.dll 2009-06-25 04:25 56,832 a------- c:\windows\system32\secur32.dll 2009-06-25 04:25:26 A------- 54,272 c:\windows\system32\wdigest.dll 2005-05-23 10:49 56 a--shr-- c:\windows\system32\3FF449E8D7.sys 2005-05-23 10:49 1,682 ac-sh--- c:\windows\system32\KGyGaAvL.sys 2009-05-12 18:20 0 a--sh--- c:\windows\system32\zetojusu.dll 2008-09-19 19:06 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091920080920\index.dat ============= FINISH: 1:39:49.10 ===============
Attached File(s)
|
 |
 
|
|
Aug 28 2009, 05:16 PM
Post
#2
|
|
|
New Member Group: Members Posts: 3 Joined: 23-August 09 Member No.: 367,788 |
Just an update. I ended up having many more problems with his PC, so I just reinstalled Windows. Problem solved.
Hopefully he has learned something in the whole process. Thanks anyways, franz |
|
|
|
|
Sep 4 2009, 01:00 PM
Post
#3
|
|
 OBleepin Investigator Group: Moderator Posts: 23,236 Joined: 14-July 06 From: Bloomington, IN Member No.: 76,150 |
Thank you for letting us know. Sometimes the best and quickest solution is to reformat and reinstall.
This topic shall now be closed. In case you experience any problems with the computer, please start a new topic. Happy computing, Orange Blossom 
-------------------- Orange Blossom An ounce of prevention is worth a pound of cure AVAST, SuperAntiSpyware Pro, SpywareBlaster, WinPatrol Plus, Sunbelt Personal Firewall - Full, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 9th September 2010 - 05:47 AM |
© 2003-2010 All Rights Reserved Bleeping Computer LLC.