Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo of course


  • Please log in to reply
1 reply to this topic

#1 imanster

imanster

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 28 December 2008 - 01:52 AM

I've never had such a nemesis on my computers before so I'm looking to learning something out of this because i'm tired of chasing my tail.
DDS (Version 1.1.0) - NTFSx86
Run by Iman at 22:26:24.12 on Sat 12/27/2008
Internet Explorer: 7.0.6001.18000
Black Edition Team® Windows® Vista Eternity™ 2009 6.0.6001.1.1252.1.1033.18.2046.1112 [GMT -8:00]

AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
FW: BitDefender Firewall *disabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\System32\rpcnetp.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Geek Squad Online Backup\GeekSquadOnlineBackup.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Online Armor\oacat.exe
C:\Program Files\Opera\Opera.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Iman\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [@OnlineArmor GUI] "c:\program files\online armor\oaui.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\rocket~1.lnk - c:\program files\rocketdock\RocketDock.exe
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
AppInit_DLLs: c:\programdata\ludofuka\ludofuka.dll c:\windows\system32\duluhoyo.dll,c:\programdata\wigudozi\wigudozi.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll

============= SERVICES / DRIVERS ===============

R rpcnetp;rpcnetp; []
R1 OADevice;OADriver;\??\c:\windows\system32\drivers\OADriver.sys [2008-12-27 178376]
R1 OAmon;OAmon;\??\c:\windows\system32\drivers\OAmon.sys [2008-12-27 30920]
R2 OAcat;Online Armor Helper Service;"c:\program files\online armor\oacat.exe" [2008-12-27 1402568]
R3 QuickBooksDB19;QuickBooksDB19;c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB19 []
S2 SvcOnlineArmor;Online Armor;c:\program files\online armor\oasrv.exe [2008-12-27 3538632]

=============== Created Last 30 ================

2008-12-27 20:39 <DIR> --d----- c:\users\iman\appdata\roaming\OnlineArmor
2008-12-27 20:39 <DIR> --d----- c:\programdata\OnlineArmor
2008-12-27 20:39 <DIR> --d----- c:\progra~2\OnlineArmor
2008-12-27 20:38 178,376 a------- c:\windows\system32\drivers\OADriver.sys
2008-12-27 20:38 30,920 a------- c:\windows\system32\drivers\OAmon.sys
2008-12-27 20:38 <DIR> --d----- c:\program files\Online Armor
2008-12-27 17:56 <DIR> --d----- C:\SDFix
2008-12-27 17:55 <DIR> --d----- c:\users\iman\appdata\roaming\BitDefender
2008-12-27 14:41 161,792 a------- c:\windows\SWREG.exe
2008-12-27 14:41 98,816 a------- c:\windows\sed.exe
2008-12-27 14:33 <DIR> --d----- c:\program files\ATF Cleaner
2008-12-27 11:19 <DIR> --d----- c:\program files\Geek Squad Online Backup
2008-12-27 08:46 104,328 a------- c:\windows\system32\drivers\bdfndisf.sys
2008-12-27 08:45 <DIR> --d----- c:\programdata\Yahoo!
2008-12-27 08:45 <DIR> --d----- c:\program files\Yahoo!
2008-12-25 14:13 <DIR> --d----- c:\programdata\niwuyoti
2008-12-25 14:13 <DIR> --d----- c:\progra~2\niwuyoti
2008-12-25 14:13 <DIR> --d----- c:\programdata\koravulu
2008-12-25 14:13 <DIR> --d----- c:\progra~2\koravulu
2008-12-25 13:50 <DIR> --d----- c:\programdata\dogefoyi
2008-12-25 13:50 <DIR> --d----- c:\progra~2\dogefoyi
2008-12-25 13:50 <DIR> --d----- c:\programdata\waderero
2008-12-25 13:50 <DIR> --d----- c:\progra~2\waderero
2008-12-25 13:28 <DIR> --d----- c:\programdata\sovanavo
2008-12-25 13:28 <DIR> --d----- c:\progra~2\sovanavo
2008-12-25 13:28 <DIR> --d----- c:\programdata\tevajoge
2008-12-25 13:28 <DIR> --d----- c:\progra~2\tevajoge
2008-12-25 13:05 <DIR> --d----- c:\programdata\nakuwiyi
2008-12-25 13:05 <DIR> --d----- c:\progra~2\nakuwiyi
2008-12-25 13:05 <DIR> --d----- c:\programdata\kogekebe
2008-12-25 13:05 <DIR> --d----- c:\progra~2\kogekebe
2008-12-25 12:43 <DIR> --d----- c:\programdata\futoyiyi
2008-12-25 12:43 <DIR> --d----- c:\progra~2\futoyiyi
2008-12-25 12:43 <DIR> --d----- c:\programdata\mufayehu
2008-12-25 12:43 <DIR> --d----- c:\progra~2\mufayehu
2008-12-24 23:10 <DIR> --d----- c:\users\iman\appdata\roaming\Stream.60C1B02F58139D4F94FBEA05916766FCE7C22742.1
2008-12-24 17:22 <DIR> --d----- c:\programdata\wigudozi
2008-12-24 17:22 <DIR> --d----- c:\programdata\lujetifi
2008-12-24 17:22 <DIR> --d----- c:\programdata\fuhaleke
2008-12-24 17:22 <DIR> --d----- c:\progra~2\wigudozi
2008-12-24 17:22 <DIR> --d----- c:\progra~2\lujetifi
2008-12-24 17:22 <DIR> --d----- c:\progra~2\fuhaleke
2008-12-24 17:22 <DIR> --d----- c:\programdata\vebimayo
2008-12-24 17:22 <DIR> --d----- c:\progra~2\vebimayo
2008-12-24 17:22 <DIR> --d----- c:\programdata\defohesi
2008-12-24 17:22 <DIR> --d----- c:\progra~2\defohesi
2008-12-24 17:22 <DIR> --d----- c:\programdata\norupeze
2008-12-24 17:22 <DIR> --d----- c:\progra~2\norupeze
2008-12-21 14:05 373,654,046 a------- c:\windows\MEMORY.DMP
2008-12-17 02:47 <DIR> --d----- c:\programdata\viyijiyu
2008-12-17 02:47 <DIR> --d----- c:\progra~2\viyijiyu
2008-12-17 02:47 <DIR> --d----- c:\programdata\hepotiza
2008-12-17 02:47 <DIR> --d----- c:\progra~2\hepotiza
2008-12-17 01:47 <DIR> --d----- c:\programdata\zohihele
2008-12-17 01:47 <DIR> --d----- c:\programdata\fabokenu
2008-12-17 01:47 <DIR> --d----- c:\programdata\dekoleha
2008-12-17 01:47 <DIR> --d----- c:\progra~2\zohihele
2008-12-17 01:47 <DIR> --d----- c:\progra~2\fabokenu
2008-12-17 01:47 <DIR> --d----- c:\progra~2\dekoleha
2008-12-17 01:47 <DIR> --d----- c:\programdata\witeyaza
2008-12-17 01:47 <DIR> --d----- c:\progra~2\witeyaza
2008-12-17 01:47 <DIR> --d----- c:\programdata\tidadegi
2008-12-17 01:47 <DIR> --d----- c:\progra~2\tidadegi
2008-12-16 22:24 <DIR> --d----- c:\users\iman\appdata\roaming\Malwarebytes
2008-12-16 22:23 <DIR> --d----- c:\programdata\Malwarebytes
2008-12-16 22:23 <DIR> --d----- c:\progra~2\Malwarebytes
2008-12-16 07:49 <DIR> --d----- c:\users\iman\appdata\roaming\Dorame.DC6B9E36A8DEBEED5BC27362B8BA1F548F6CB916.1
2008-12-16 07:48 <DIR> --d----- c:\program files\air
2008-12-16 03:57 <DIR> --d----- c:\programdata\ALM
2008-12-16 03:57 <DIR> --d----- c:\progra~2\ALM
2008-12-16 03:57 <DIR> --d----- c:\program files\common files\PX Storage Engine
2008-12-16 03:45 22,872 a----r-- c:\windows\system32\AdobePDFUI.dll
2008-12-16 02:45 116,736 a------- c:\windows\system32\drivers\mcdbus.sys
2008-12-16 02:45 <DIR> --d----- c:\users\iman\{b2cea1ed-6c61-4188-a9d0-a6efbf75d1a7}
2008-12-16 02:45 <DIR> --d----- c:\program files\MagicDisc
2008-12-15 20:15 <DIR> --d----- C:\VundoFix Backups
2008-12-15 17:45 <DIR> --d----- c:\programdata\yumafiba
2008-12-15 17:45 <DIR> --d----- c:\programdata\saleyako
2008-12-15 17:45 <DIR> --d----- c:\programdata\ludofuka
2008-12-15 17:45 <DIR> --d----- c:\progra~2\yumafiba
2008-12-15 17:45 <DIR> --d----- c:\progra~2\saleyako
2008-12-15 17:45 <DIR> --d----- c:\progra~2\ludofuka
2008-12-15 17:45 <DIR> --d----- c:\programdata\koburiwi
2008-12-15 17:45 <DIR> --d----- c:\programdata\gokefena
2008-12-15 17:45 <DIR> --d----- c:\progra~2\koburiwi
2008-12-15 17:45 <DIR> --d----- c:\progra~2\gokefena
2008-12-11 22:19 <DIR> --d----- c:\program files\Process Exp
2008-12-10 19:11 5,632 a------- c:\windows\system32\ctrestrt.exe
2008-12-10 18:49 <DIR> --d----- c:\programdata\WindowsSearch
2008-12-10 18:40 47,104 a------- c:\windows\system32\NTAgent.exe
2008-12-10 18:37 17,408 a------- c:\windows\system32\rpcnetp.dll
2008-12-10 18:37 17,408 a------- c:\windows\system32\rpcnetp.exe
2008-12-10 13:11 <DIR> --d----- c:\programdata\bahezido
2008-12-10 13:11 <DIR> --d----- c:\progra~2\bahezido
2008-12-10 02:56 5,406 a------- c:\windows\system32\PerfStringBackup.TMP
2008-12-10 00:49 <DIR> --d----- c:\windows\system32\appmgmt
2008-12-09 23:45 <DIR> --d----- c:\programdata\yowokifo
2008-12-09 23:45 <DIR> --d----- c:\programdata\wejupaza
2008-12-09 23:45 <DIR> --d----- c:\progra~2\yowokifo
2008-12-09 23:45 <DIR> --d----- c:\progra~2\wejupaza
2008-12-09 20:32 28,672 a------- c:\windows\system32\Apphlpdm.dll
2008-12-09 20:32 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2008-12-09 20:32 296,960 a------- c:\windows\system32\gdi32.dll
2008-12-09 20:31 2,927,104 a------- c:\windows\explorer.exe
2008-12-09 20:31 827,392 a------- c:\windows\system32\wininet.dll
2008-12-09 20:29 2,868,736 a------- c:\windows\system32\mf.dll
2008-12-09 20:29 996,352 a------- c:\windows\system32\WMNetMgr.dll
2008-12-09 20:29 94,720 a------- c:\windows\system32\logagent.exe
2008-12-09 00:34 <DIR> --d----- c:\program files\common files\supportsoft
2008-12-09 00:24 1,843,200 a------- c:\windows\system32\acXMLParser.dll
2008-12-09 00:24 3,518,464 a------- c:\windows\system32\cdintf300.dll
2008-12-09 00:18 <DIR> --d----- c:\programdata\Intuit
2008-12-09 00:18 <DIR> --d----- c:\program files\Intuit
2008-12-09 00:18 <DIR> --d----- c:\program files\common files\Intuit
2008-12-09 00:18 <DIR> --d----- c:\progra~2\Intuit
2008-12-09 00:13 90 a------- c:\windows\QBChanUtil_Trigger.ini
2008-12-09 00:13 <DIR> --d----- c:\programdata\SQL Anywhere 10
2008-12-09 00:13 <DIR> --d----- c:\progra~2\SQL Anywhere 10
2008-12-09 00:13 <DIR> --d----- c:\programdata\COMMON FILES
2008-12-09 00:13 <DIR> --d----- c:\progra~2\COMMON FILES
2008-12-08 01:45 <DIR> --d----- c:\programdata\Microsoft Help
2008-12-07 21:40 <DIR> --d----- c:\users\iman\appdata\roaming\com.adobe.ExMan
2008-12-07 20:50 <DIR> --d----- c:\program files\Oxin's Style!
2008-12-07 12:50 <DIR> --d----- c:\program files\uTorrent
2008-12-07 12:50 <DIR> --d----- c:\users\iman\appdata\roaming\uTorrent
2008-12-07 01:42 120 ---sh--- c:\windows\system32\ogowapip.ini
2008-12-07 01:14 <DIR> --d----- c:\windows\PCHEALTH
2008-12-07 01:11 <DIR> -cdsh--- c:\program files\common files\WindowsLiveInstaller
2008-12-07 01:10 <DIR> --d----- c:\programdata\WLInstaller
2008-12-07 00:52 <DIR> --d----- c:\program files\MSXML 4.0
2008-12-06 15:40 <DIR> --d----- C:\Downloads
2008-12-06 09:02 164,352 a------- c:\windows\system32\unrar.dll
2008-12-06 09:02 38 a------- c:\windows\avisplitter.ini
2008-12-06 09:02 <DIR> --d----- c:\program files\K-Lite Codec Pack
2008-12-06 02:32 <DIR> --d----- c:\program files\SourceTec
2008-12-06 02:20 1,294,336 a------- c:\windows\system32\vorbis.acm
2008-12-06 02:20 839,680 a------- c:\windows\system32\lameACM.acm
2008-12-06 02:20 287,744 a------- c:\windows\system32\divxa32.acm
2008-12-06 02:20 232,448 a------- c:\windows\system32\mp3fhg.acm
2008-12-06 02:20 118,784 a------- c:\windows\system32\ac3acm.acm
2008-12-05 00:47 <DIR> --d----- c:\users\iman\appdata\roaming\Ashampoo
2008-12-05 00:46 <DIR> --d----- c:\program files\Ashampoo
2008-12-04 23:45 47,104 a------- c:\windows\system32\rpcnet.dll
2008-12-04 23:44 47,104 a------- c:\windows\system32\rpcnet.exe
2008-12-04 23:02 850 a------- c:\windows\system32\ProductTweaks.xml
2008-12-04 23:02 385 a------- c:\windows\system32\user_gensett.xml
2008-12-04 22:59 <DIR> --d----- c:\windows\system32\logs
2008-12-04 22:59 <DIR> --d----- c:\program files\common files\MSSoap
2008-12-04 22:59 <DIR> --d----- c:\program files\BitDefender
2008-12-04 22:57 <DIR> --d----- c:\windows\system32\URTTEMP
2008-12-04 22:57 <DIR> --d----- c:\program files\common files\BitDefender
2008-12-04 18:09 <DIR> --d----- c:\users\iman\appdata\roaming\Any Video Converter
2008-12-04 18:09 <DIR> --d----- c:\program files\Any Video Converter
2008-12-04 18:05 1,430,057 ---sh--- c:\windows\system32\ugegijiz.ini
2008-12-03 21:49 <DIR> --d----- c:\programdata\FLEXnet
2008-12-03 21:47 <DIR> --d----- c:\programdata\Adobe
2008-12-03 21:38 <DIR> --d----- c:\program files\common files\Macrovision Shared
2008-12-03 14:04 <DIR> --d----- c:\program files\Free Window Registry Repair
2008-12-03 12:25 <DIR> a-d----- c:\programdata\TEMP
2008-12-02 22:47 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-12-02 21:17 <DIR> --dsh--- c:\windows\Installer
2008-12-02 20:43 303,616 a------- c:\windows\system32\wmpeffects.dll
2008-12-02 20:42 428,544 a------- c:\windows\system32\EncDec.dll
2008-12-02 20:42 217,088 a------- c:\windows\system32\psisrndr.ax
2008-12-02 20:42 293,376 a------- c:\windows\system32\psisdecd.dll
2008-12-02 20:42 177,664 a------- c:\windows\system32\mpg2splt.ax
2008-12-02 20:42 80,896 a------- c:\windows\system32\MSNP.ax
2008-12-02 20:42 57,856 a------- c:\windows\system32\MSDvbNP.ax
2008-12-02 20:42 269,312 a------- c:\windows\system32\es.dll
2008-12-02 20:42 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2008-12-02 20:42 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2008-12-02 20:42 801,280 a------- c:\windows\system32\NaturalLanguage6.dll
2008-12-02 20:42 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2008-12-02 20:42 19,000 a------- c:\windows\system32\kd1394.dll
2008-12-02 20:37 1,383,424 a------- c:\windows\system32\mshtml.tlb
2008-12-02 20:28 1,524,736 a------- c:\windows\system32\wucltux.dll
2008-12-02 20:28 83,456 a------- c:\windows\system32\wudriver.dll
2008-12-02 20:28 162,064 a------- c:\windows\system32\wuwebv.dll
2008-12-02 20:28 31,232 a------- c:\windows\system32\wuapp.exe
2008-12-02 20:22 <DIR> --d----- c:\users\Iman
2008-12-02 20:07 <DIR> --d----- c:\windows\Panther
2008-12-02 20:07 8,192 a--s-r-- C:\BOOTSECT.BAK
2008-12-02 20:07 333,203 a--shr-- C:\bootmgr
2008-12-02 20:07 <DIR> --dsh--- C:\Boot
2008-12-02 20:06 171,136 a--shr-- C:\grldr
2008-12-02 20:06 <DIR> --d----- c:\windows\system32\OEM

==================== Find3M ====================

2008-12-16 03:45 86,016 a------- c:\windows\inf\infstrng.dat
2008-12-16 03:45 86,016 a------- c:\windows\inf\infstor.dat
2008-12-16 03:45 51,200 a------- c:\windows\inf\infpub.dat
2008-12-02 21:06 665,600 a------- c:\windows\inf\drvindex.dat
2008-12-02 20:15 174 a--sh--- c:\program files\desktop.ini
2008-10-31 19:44 52,736 a------- c:\windows\apppatch\iebrshim.dll
2008-10-31 19:44 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2008-10-31 19:44 541,696 a------- c:\windows\apppatch\AcLayers.dll
2008-10-31 19:44 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2008-10-31 19:44 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2008-10-20 21:25 1,645,568 a------- c:\windows\system32\connect.dll
2008-10-02 14:36 32,256 a------- c:\windows\system32\identprv.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2006-11-02 04:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 04:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 04:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 04:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-09-16 12:47 2,713 ---sh--- c:\windows\system32\hezurowo.exe
2008-09-23 19:56 2,713 ---sh--- c:\windows\system32\hoyovize.exe
2008-09-23 01:55 2,713 ---sh--- c:\windows\system32\kejowigi.exe
2008-09-25 00:24 2,713 ---sh--- c:\windows\system32\koyudave.exe
2008-09-10 01:25 2,713 ---sh--- c:\windows\system32\wayolelu.dll
2008-09-16 10:03 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 22:26:48.49 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 08 January 2009 - 05:48 AM

Hi ,

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then we'll take a look.


Regards,

Rosty.
Posted Image
Proud member of ASAP since 2007




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users