Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

antivirus2010


  • Please log in to reply
7 replies to this topic

#1 moneek

moneek

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:tempe az
  • Local time:05:44 AM

Posted 19 January 2009 - 03:30 PM

Hi Looking for some help out there and I am a computer dummy. A "Antivirus 2010 Security Center" message keeps popping up. I have scanned my computer with spyware doctor and Virtumonde keeps coming up. After scanning the computer I delete this program but I can immediately rescan and it comes up again.
The windows security center warning comes up but at this point I am afraid to click on anything. I do not know if these are related but please help me to get rid of the Antivirus 2010

I am running windows xp pro

Thanks for any help you can give me.

Attached Files

  • Attached File  DDS.txt   20.16KB   24 downloads


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:44 AM

Posted 30 January 2009 - 08:20 AM

Hello moneek

Welcome to BleepingComputer :thumbup2:
========================

Please run dds again and post the log it produces
================
Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 moneek

moneek
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:tempe az
  • Local time:05:44 AM

Posted 02 February 2009 - 06:23 PM

Thank you for answering my plea. Here is my GMER.txt log I hope this is right

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-02 16:13:40
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateKey [0xB0FD47A6]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcess [0xB0FD1794]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcessEx [0xB0FD1F1E]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwDeleteKey [0xB0FD51F0]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwDeleteValueKey [0xB0FD542A]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwRenameKey [0xB0FD612A]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwSetValueKey [0xB0FD583C]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwTerminateProcess [0xB0FD0D0A]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwWriteVirtualMemory [0xB0FD0384]

---- Kernel code sections - GMER 1.0.14 ----

? C:\WINDOWS\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[252] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, BD, 83 ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[252] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[252] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Explorer.EXE[260] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 40, 86 ]
.text C:\WINDOWS\Explorer.EXE[260] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[260] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Program Files\PDF Complete\pdfsty.exe[484] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, BD, 83 ]
.text C:\Program Files\PDF Complete\pdfsty.exe[484] user32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\PDF Complete\pdfsty.exe[484] user32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\SMINST\Scheduler.exe[532] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 79, 84 ]
.text C:\WINDOWS\SMINST\Scheduler.exe[532] USER32.dll!GetSysColor 7E418E78 5 Bytes JMP 004170D0 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[532] USER32.dll!GetSysColorBrush 7E418EAB 5 Bytes JMP 00417140 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[532] USER32.dll!SetScrollInfo 7E419056 7 Bytes JMP 00416FC0 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[532] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\SMINST\Scheduler.exe[532] USER32.dll!GetScrollInfo 7E42DFE2 7 Bytes JMP 00416F10 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[532] USER32.dll!ShowScrollBar 7E42F2F2 5 Bytes JMP 00417090 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[532] USER32.dll!GetScrollPos 7E42F704 5 Bytes JMP 00416F50 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[532] USER32.dll!SetScrollPos 7E42F750 5 Bytes JMP 00417000 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[532] USER32.dll!GetScrollRange 7E42F787 5 Bytes JMP 00416F80 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[532] USER32.dll!SetScrollRange 7E42F99B 5 Bytes JMP 00417040 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[532] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\SMINST\Scheduler.exe[532] USER32.dll!EnableScrollBar 7E468005 7 Bytes JMP 00416ED0 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\system32\hphmon04.exe[548] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 88, 84 ]
.text C:\WINDOWS\system32\hphmon04.exe[548] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\hphmon04.exe[548] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[572] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 71, 84 ]
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[572] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[572] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[616] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 23, 86 ]
.text C:\Program Files\iTunes\iTunesHelper.exe[616] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[616] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\rundll32.exe[656] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 41, 84 ]
.text C:\WINDOWS\system32\rundll32.exe[656] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\rundll32.exe[656] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[708] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 7E, 87 ]
.text C:\Program Files\Spyware Doctor\pctsTray.exe[708] kernel32.dll!CreateThread + 1A 7C8106E1 4 Bytes [ 37, A1, C3, 83 ]
.text C:\Program Files\Spyware Doctor\pctsTray.exe[708] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[708] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ctfmon.exe[732] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 84, 84 ]
.text C:\WINDOWS\system32\ctfmon.exe[732] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[732] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe[740] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, E5, 83 ]
.text C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe[740] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe[740] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Documents and Settings\All Users\Application Data\AV2010\AV2010.exe[748] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, AD, 86 ]
.text C:\Documents and Settings\All Users\Application Data\AV2010\AV2010.exe[748] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\All Users\Application Data\AV2010\AV2010.exe[748] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[756] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 86, 84 ]
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[756] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[756] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[768] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 6D, 84 ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[768] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[768] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Documents and Settings\WIFE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[824] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, F4, 84 ]
.text C:\Documents and Settings\WIFE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[824] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\WIFE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[824] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[876] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 6C, 84 ]
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[876] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[876] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\spoolsv.exe[932] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 60, 84 ]
.text C:\WINDOWS\system32\spoolsv.exe[932] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\spoolsv.exe[932] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\csrss.exe[968] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, CE, 84 ]
.text C:\WINDOWS\system32\csrss.exe[968] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\csrss.exe[968] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\winlogon.exe[996] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, CC, 84 ]
.text C:\WINDOWS\system32\winlogon.exe[996] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\winlogon.exe[996] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 10, 84 ]
.text C:\WINDOWS\system32\services.exe[1044] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\services.exe[1044] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\lsass.exe[1056] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 41, 84 ]
.text C:\WINDOWS\system32\lsass.exe[1056] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\lsass.exe[1056] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Program Files\PokerOffice\bin\javaw.exe[1200] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, FB, 8E ]
.text C:\Program Files\PokerOffice\bin\javaw.exe[1200] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\PokerOffice\bin\javaw.exe[1200] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1228] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 79, 84 ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1228] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1228] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 69, 84 ]
.text C:\WINDOWS\system32\svchost.exe[1248] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1248] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 81, 84 ]
.text C:\WINDOWS\system32\svchost.exe[1356] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1356] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1408] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 0A, 84 ]
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1408] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1408] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[1484] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 50, 86 ]
.text C:\WINDOWS\System32\svchost.exe[1484] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[1484] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Program Files\PDF Complete\pdfsvc.exe[1616] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, EB, 83 ]
.text C:\Program Files\PDF Complete\pdfsvc.exe[1616] user32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\PDF Complete\pdfsvc.exe[1616] user32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 2A, 84 ]
.text C:\WINDOWS\system32\svchost.exe[1644] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1644] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1732] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, F6, 83 ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1732] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1732] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 1D, 84 ]
.text C:\WINDOWS\system32\svchost.exe[1736] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1736] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1784] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, D6, 86 ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1784] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1784] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1844] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 3D, 84 ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1844] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1844] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1920] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, F0, 84 ]
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1920] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1920] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[2100] kernel32.dll!CreateThread + 1A 7C8106E1 4 Bytes [ 23, A1, C3, 83 ]
.text C:\DOCUME~1\WIFE\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[2336] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, BA, 83 ]
.text C:\DOCUME~1\WIFE\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[2336] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\DOCUME~1\WIFE\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[2336] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\DOCUME~1\WIFE\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[2336] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\rundll32.exe[2568] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 13, 84 ]
.text C:\WINDOWS\system32\rundll32.exe[2568] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\WINDOWS\system32\rundll32.exe[2568] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\rundll32.exe[2568] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3044] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 3F, 84 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3044] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3044] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3044] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\rundll32.exe[3200] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 13, 84 ]
.text C:\WINDOWS\system32\rundll32.exe[3200] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\WINDOWS\system32\rundll32.exe[3200] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\rundll32.exe[3200] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Program Files\iPod\bin\iPodService.exe[3240] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 06, 84 ]
.text C:\Program Files\iPod\bin\iPodService.exe[3240] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\Program Files\iPod\bin\iPodService.exe[3240] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[3240] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\alg.exe[3784] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, EC, 83 ]
.text C:\WINDOWS\System32\alg.exe[3784] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\WINDOWS\System32\alg.exe[3784] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\alg.exe[3784] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A

---- EOF - GMER 1.0.14 ----

Attached Files

  • Attached File  GMER.txt   25.79KB   24 downloads


#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:44 AM

Posted 02 February 2009 - 07:42 PM

You are certainly welcome :thumbup2:

Can you post a fresh dds log it is the first type of log that you posted in your original post but just run the program again and post the resulting logs.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 moneek

moneek
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:tempe az
  • Local time:05:44 AM

Posted 04 February 2009 - 11:08 PM

here you go


DDS (Ver_09-02-01.01) - NTFSx86
Run by WIFE at 21:03:41.62 on Wed 02/04/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1268 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PDF Complete\pdfsty.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\All Users\Application Data\AV2010\AV2010.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\WIFE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\PokerOffice\bin\javaw.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPHipm11.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PDF Complete\pdfsty.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\PokerOffice\bin\javaw.exe
C:\Documents and Settings\All Users\Application Data\AV2010\AV2010.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\HUSBAND\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Documents and Settings\WIFE\Desktop\dds(2).scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: solution Class: {99c6d1bb-7555-474c-91da-d8fb62a9cc75} - c:\windows\system32\Djr0rFSA.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Google Update] "c:\documents and settings\wife\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [PDF Complete] "c:\program files\pdf complete\pdfsty.exe"
mRun: [SDMSSplash] "c:\program files\hp_sdms\sdmssplash\launcher.exe" "launchdir=c:\program files\hp_sdms\SDMSSplash"
mRun: [SetRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe
mRun: [Recguard] c:\windows\sminst\Recguard.exe
mRun: [Reminder] c:\windows\creator\Remind_XP.exe
mRun: [Scheduler] c:\windows\sminst\Scheduler.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
mRun: [HPHmon04] c:\windows\system32\hphmon04.exe
mRun: [HPHUPD04] "c:\program files\hp photosmart 11\hphinstall\unipatch\hphupd04.exe"
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [POEngine] "c:\program files\pokeroffice\poengine.exe" c:\program files\PokerOffice
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Xlulocopologoce] rundll32.exe "c:\windows\Qkilazohecewewec.dll",e
mRun: [Wxofe] rundll32.exe "c:\windows\ilovubom.dll",e
mRun: [Gamma Loader] "c:\documents and settings\all users\application data\SysLoader.exe" /adjustment
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [besusolivo] Rundll32.exe "c:\windows\system32\kudepoga.dll",s
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{ccbaa1f7-e5e1-48b2-9ed9-a79c6a37ce78}\Icon3E5562ED7.ico
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {64D01C7F-810D-446E-A07E-16C764235644} - hxxp://zone.msn.com/bingame/amad/default/atomaders.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/chnz/default/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: text/html - {3a819585-dcff-472f-9e02-33ccb035cd19} - c:\windows\system32\mst122.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: icvjre.dll c:\windows\system32\sefatori.dll wsjbqv.dll mduwhy.dll rqrdto.dll qaewwv.dll sfdiqy.dll jnwfam.dll bframe.dll stmohw.dll uwbsly.dll c:\windows\system32\sipewise.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\cbXPiFyy
LSA: Notification Packages = scecli c:\windows\system32\sefatori.dll c:\windows\system32\sipewise.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\wife\applic~1\mozilla\firefox\profiles\qx8cat6w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - component: c:\program files\mozilla firefox\components\srff.dll
FF - plugin: c:\documents and settings\wife\local settings\application data\google\update\1.2.133.37\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll
FF - HiddenExtension: XUL Cache: {0CDDD67E-29F3-4DA8-BC99-955E0594657B} - c:\documents and settings\husband\local settings\application data\{0CDDD67E-29F3-4DA8-BC99-955E0594657B}
FF - HiddenExtension: XUL Cache: {0788FE73-9DDB-4E02-A5F0-4DFEB3A90731} - c:\documents and settings\wife\local settings\application data\{0788FE73-9DDB-4E02-A5F0-4DFEB3A90731}

============= SERVICES / DRIVERS ===============

R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-12-27 40840]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-12-27 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-12-27 81288]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2006-4-14 28933976]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2007-12-21 540184]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-12-27 356920]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-12-27 1079176]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]

=============== Created Last 30 ================

2009-02-02 15:58 250 a------- c:\windows\gmer.ini
2009-01-27 08:49 1,472,669 ---sh--- c:\windows\system32\ikogored.ini
2009-01-26 20:43 141,116 a--sh--- c:\windows\system32\ihhxwp.dll
2009-01-26 20:43 1,472,634 ---sh--- c:\windows\system32\asobojat.ini
2009-01-26 20:24 1,472,634 ---sh--- c:\windows\system32\ayugayoh.ini
2009-01-26 20:24 141,914 a--sh--- c:\windows\system32\tygyno.dll
2009-01-26 20:24 2,713 ---sh--- c:\windows\system32\sokumida.dll
2009-01-26 20:05 141,048 a--sh--- c:\windows\system32\phffti.dll
2009-01-26 20:05 1,472,634 ---sh--- c:\windows\system32\ewepayud.ini
2009-01-26 20:05 2,713 ---sh--- c:\windows\system32\jelayibu.dll
2009-01-26 19:47 1,472,634 ---sh--- c:\windows\system32\uwudupip.ini
2009-01-26 19:47 142,162 a--sh--- c:\windows\system32\wtlcwi.dll
2009-01-26 19:28 1,472,634 ---sh--- c:\windows\system32\ufedapiv.ini
2009-01-26 19:28 142,105 a--sh--- c:\windows\system32\mehmni.dll
2009-01-26 19:10 1,472,634 ---sh--- c:\windows\system32\uvovokot.ini
2009-01-26 19:10 142,135 a--sh--- c:\windows\system32\vwafua.dll
2009-01-26 18:51 1,472,634 ---sh--- c:\windows\system32\urujahuw.ini
2009-01-26 18:51 142,164 a--sh--- c:\windows\system32\cifcoa.dll
2009-01-26 06:45 140,966 a--sh--- c:\windows\system32\pfrdes.dll
2009-01-26 06:45 1,384,649 ---sh--- c:\windows\system32\aturusol.ini
2009-01-26 06:26 141,932 a--sh--- c:\windows\system32\ybfrod.dll
2009-01-26 06:26 1,384,649 ---sh--- c:\windows\system32\odogijuv.ini
2009-01-25 18:12 1,472,634 ---sh--- c:\windows\system32\ikemohiw.ini
2009-01-25 18:12 134,304 a--sh--- c:\windows\system32\uqegav.dll
2009-01-25 09:00 36,864 a------- c:\windows\system32\nnnNhHBs.dll
2009-01-25 06:12 1,384,649 ---sh--- c:\windows\system32\uyopezey.ini
2009-01-24 18:11 133,192 a--sh--- c:\windows\system32\emwigk.dll
2009-01-24 18:11 1,384,649 ---sh--- c:\windows\system32\oneholuj.ini
2009-01-24 13:56 36,864 a------- c:\windows\system32\jkkIBSKC.dll
2009-01-24 13:56 36,864 a------- c:\windows\system32\yayYSJyy.dll
2009-01-24 06:11 1,384,685 ---sh--- c:\windows\system32\owelahus.ini
2009-01-24 06:11 134,351 a--sh--- c:\windows\system32\zrvobk.dll
2009-01-23 18:11 133,422 a--sh--- c:\windows\system32\obkdss.dll
2009-01-23 17:11 134,243 a--sh--- c:\windows\system32\jmzjod.dll
2009-01-23 05:10 1,384,649 ---sh--- c:\windows\system32\alazirod.ini
2009-01-23 05:10 2,713 ---sh--- c:\windows\system32\kerodaru.dll
2009-01-22 23:55 36,352 a------- c:\windows\system32\ssqPfEWN.dll
2009-01-22 17:15 36,352 a------- c:\windows\system32\efcDVpqp.dll
2009-01-22 17:15 36,352 a------- c:\windows\system32\rqRKCvWP.dll
2009-01-22 17:13 1,384,649 ---sh--- c:\windows\system32\ulalusez.ini
2009-01-21 21:53 1,384,658 ---sh--- c:\windows\system32\idebodig.ini
2009-01-21 21:53 133,423 a--sh--- c:\windows\system32\yvdhhf.dll
2009-01-21 12:02 <DIR> --d----- c:\program files\TICK
2009-01-21 09:52 1,384,649 ---sh--- c:\windows\system32\eyekejas.ini
2009-01-21 06:41 36,352 a------- c:\windows\system32\wvUlMgGX.dll
2009-01-20 21:52 1,382,781 ---sh--- c:\windows\system32\ezometot.ini
2009-01-20 18:04 927,744 a------- c:\windows\system32\rn.tmp
2009-01-20 09:52 1,382,537 ---sh--- c:\windows\system32\iyawunij.ini
2009-01-19 21:52 1,357,871 ---sh--- c:\windows\system32\izobenod.ini
2009-01-19 12:02 <DIR> --d----- c:\windows\system32\NtmsData
2009-01-19 09:52 1,354,532 ---sh--- c:\windows\system32\ufunadil.ini
2009-01-19 08:51 1,354,551 ---sh--- c:\windows\system32\ovivepar.ini
2009-01-18 20:51 1,354,509 ---sh--- c:\windows\system32\isodageb.ini
2009-01-18 08:50 133,386 a--sh--- c:\windows\system32\tqirre.dll
2009-01-18 08:50 1,354,509 ---sh--- c:\windows\system32\agifizah.ini
2009-01-18 08:49 1,354,509 ---sh--- c:\windows\system32\ehagesem.ini
2009-01-18 08:49 133,940 a--sh--- c:\windows\system32\rqvvvi.dll
2009-01-17 20:11 1,354,509 ---sh--- c:\windows\system32\inevijif.ini
2009-01-17 08:10 1,354,496 ---sh--- c:\windows\system32\urobujid.ini
2009-01-16 20:10 1,354,487 ---sh--- c:\windows\system32\imorenup.ini
2009-01-16 08:13 1,343,044 ---sh--- c:\windows\system32\ojisatik.ini
2009-01-16 07:11 1,334,707 ---sh--- c:\windows\system32\ezijumaf.ini
2009-01-15 19:10 1,327,740 ---sh--- c:\windows\system32\ujakemij.ini
2009-01-15 07:28 1,323,077 ---sh--- c:\windows\system32\ivonodaf.ini
2009-01-15 07:09 131,694 a--sh--- c:\windows\system32\cibxlj.dll
2009-01-14 19:03 1,318,343 ---sh--- c:\windows\system32\uneduzih.ini
2009-01-14 07:33 1,301,791 ---sh--- c:\windows\system32\akopameh.ini
2009-01-13 18:53 1,302,218 ---sh--- c:\windows\system32\ihuwohak.ini
2009-01-13 06:53 1,282,236 ---sh--- c:\windows\system32\ujohibaj.ini
2009-01-12 15:28 283,189 a------- C:\Arc_RSVP_Layout 4.pdf
2009-01-12 11:46 1,223,096 ---sh--- c:\windows\system32\udodiwub.ini
2009-01-12 10:45 1,223,087 ---sh--- c:\windows\system32\ujibubow.ini
2009-01-11 22:45 1,212,876 ---sh--- c:\windows\system32\elatuvoh.ini
2009-01-11 10:46 1,212,876 ---sh--- c:\windows\system32\opopepab.ini
2009-01-11 10:11 1,212,876 ---sh--- c:\windows\system32\uzohavat.ini
2009-01-10 08:39 1,212,876 ---sh--- c:\windows\system32\asirevuv.ini
2009-01-10 06:41 1,212,876 ---sh--- c:\windows\system32\urugovuj.ini
2009-01-09 07:19 1,207,035 ---sh--- c:\windows\system32\eyosiyid.ini
2009-01-08 19:19 1,206,965 ---sh--- c:\windows\system32\iyomiyif.ini
2009-01-08 18:38 134,656 a------- c:\windows\etokitub.dll
2009-01-08 07:19 1,212,958 ---sh--- c:\windows\system32\uvizepuh.ini
2009-01-07 19:18 1,275,109 ---sh--- c:\windows\system32\ipuduyat.ini
2009-01-07 07:20 1,321,922 ---sh--- c:\windows\system32\ofdyjoup.ini
2009-01-07 07:19 1,276,161 ---sh--- c:\windows\system32\onunosus.ini
2009-01-06 07:37 1,276,161 ---sh--- c:\windows\system32\ibuyefew.ini

==================== Find3M ====================

2009-01-27 08:49 64,767 a--sh--- c:\windows\system32\jesatavu.dll
2009-01-27 08:49 133,278 a--sh--- c:\windows\system32\wojopudu.dll
2009-01-27 08:49 100,481 a--sh--- c:\windows\system32\tayazuvo.dll
2009-01-26 20:43 106,695 a--sh--- c:\windows\system32\hohohano.dll
2009-01-26 20:43 141,116 a--sh--- c:\windows\system32\nuyuviju.dll
2009-01-26 20:43 93,486 -------- c:\windows\system32\tajobosa.dll
2009-01-26 20:24 93,306 -------- c:\windows\system32\hoyaguya.dll
2009-01-26 20:24 141,914 a--sh--- c:\windows\system32\vapobawu.dll
2009-01-26 20:24 106,271 a--sh--- c:\windows\system32\refajami.dll
2009-01-26 20:05 141,048 a--sh--- c:\windows\system32\liraneto.dll
2009-01-26 20:05 107,095 a--sh--- c:\windows\system32\yebukobe.dll
2009-01-26 20:05 93,486 -------- c:\windows\system32\duyapewe.dll
2009-01-26 19:47 142,162 a--sh--- c:\windows\system32\jabayasa.dll
2009-01-26 19:47 95,934 -------- c:\windows\system32\pipuduwu.dll
2009-01-26 19:47 106,083 a--sh--- c:\windows\system32\molezovu.dll
2009-01-26 19:28 93,348 -------- c:\windows\system32\vipadefu.dll
2009-01-26 19:28 142,105 a--sh--- c:\windows\system32\fovuteni.dll
2009-01-26 19:28 107,145 a--sh--- c:\windows\system32\tagafoji.dll
2009-01-26 19:10 107,159 a--sh--- c:\windows\system32\kapeteme.dll
2009-01-26 19:10 142,135 a--sh--- c:\windows\system32\nigokeyo.dll
2009-01-26 19:10 93,508 -------- c:\windows\system32\tokovovu.dll
2009-01-26 18:51 93,407 -------- c:\windows\system32\wuhajuru.dll
2009-01-26 18:51 142,164 a--sh--- c:\windows\system32\veyafoni.dll
2009-01-26 18:51 106,629 a--sh--- c:\windows\system32\luguluhu.dll
2009-01-26 06:45 140,966 a--sh--- c:\windows\system32\kiwasuge.dll
2009-01-26 06:45 106,805 a--sh--- c:\windows\system32\hafinohu.dll
2009-01-26 06:45 96,053 -------- c:\windows\system32\losuruta.dll
2009-01-26 06:26 141,932 a--sh--- c:\windows\system32\ketasonu.dll
2009-01-26 06:26 106,280 a--sh--- c:\windows\system32\hutufivi.dll
2009-01-26 06:26 93,439 -------- c:\windows\system32\vujigodo.dll
2009-01-25 18:12 87,349 -------- c:\windows\system32\wihomeki.dll
2009-01-25 18:12 134,304 a--sh--- c:\windows\system32\futewege.dll
2009-01-25 18:12 98,939 a--sh--- c:\windows\system32\watusero.dll
2009-01-25 06:12 133,450 a--sh--- c:\windows\system32\zokuwesa.dll
2009-01-25 06:12 99,111 a--sh--- c:\windows\system32\huvagobi.dll
2009-01-24 18:11 99,412 a--sh--- c:\windows\system32\hidagipe.dll
2009-01-24 18:11 133,192 a--sh--- c:\windows\system32\yezejugo.dll
2009-01-24 06:11 99,558 a--sh--- c:\windows\system32\puhelero.dll
2009-01-24 06:11 134,351 a--sh--- c:\windows\system32\nevigapi.dll
2009-01-24 06:11 85,624 -------- c:\windows\system32\suhalewo.dll
2009-01-23 18:11 133,422 a--sh--- c:\windows\system32\jenevufi.dll
2009-01-23 18:11 101,719 a--sh--- c:\windows\system32\supilime.dll
2009-01-23 18:11 85,639 a--sh--- c:\windows\system32\yejivoji.dll
2009-01-23 17:11 66,324 a--sh--- c:\windows\system32\rotiduzu.dll
2009-01-23 17:11 134,243 a--sh--- c:\windows\system32\nevoputo.dll
2009-01-23 17:11 101,537 a--sh--- c:\windows\system32\suwuwuha.dll
2009-01-23 05:10 134,359 a--sh--- c:\windows\system32\rokewezi.dll
2009-01-23 05:10 101,604 a--sh--- c:\windows\system32\levewani.dll
2009-01-22 17:10 133,198 a--sh--- c:\windows\system32\rogiwezu.dll
2009-01-22 17:10 100,623 a--sh--- c:\windows\system32\seyomaju.dll
2009-01-21 21:53 99,969 a--sh--- c:\windows\system32\jiremeye.dll
2009-01-21 21:53 133,423 a--sh--- c:\windows\system32\zenatosi.dll
2009-01-21 21:52 86,156 a--sh--- c:\windows\system32\gidobedi.dll
2009-01-21 09:52 134,356 a--sh--- c:\windows\system32\vuvimuwe.dll
2009-01-21 09:52 99,675 a--sh--- c:\windows\system32\mulirowo.dll
2009-01-20 21:52 133,228 a--sh--- c:\windows\system32\jazehode.dll
2009-01-20 21:52 100,153 a--sh--- c:\windows\system32\jogiduji.dll
2009-01-20 09:52 100,148 a--sh--- c:\windows\system32\romabotu.dll
2009-01-20 09:52 133,236 a--sh--- c:\windows\system32\begajetu.dll
2009-01-19 21:52 100,521 a--sh--- c:\windows\system32\zomiduvi.dll
2009-01-19 21:52 133,922 a--sh--- c:\windows\system32\jenafeno.dll
2009-01-19 09:52 133,710 a--sh--- c:\windows\system32\zitakihu.dll
2009-01-19 09:52 100,138 a--sh--- c:\windows\system32\guzuyavu.dll
2009-01-19 08:51 63,203 a--sh--- c:\windows\system32\gawodara.dll
2009-01-19 08:51 99,127 a--sh--- c:\windows\system32\neremije.dll
2009-01-18 20:51 133,973 a--sh--- c:\windows\system32\vajarusu.dll
2009-01-18 20:51 100,580 a--sh--- c:\windows\system32\perofile.dll
2009-01-18 08:50 133,386 a--sh--- c:\windows\system32\sekamuva.dll
2009-01-18 08:50 99,502 a--sh--- c:\windows\system32\delahiru.dll
2009-01-18 08:50 86,151 -------- c:\windows\system32\hazifiga.dll
2009-01-18 08:49 85,249 -------- c:\windows\system32\mesegahe.dll
2009-01-18 08:49 133,940 a--sh--- c:\windows\system32\ruvoyenu.dll
2009-01-18 08:49 99,573 a--sh--- c:\windows\system32\yodutiti.dll
2009-01-17 20:11 133,417 a--sh--- c:\windows\system32\delidubu.dll
2009-01-17 20:11 97,404 a--sh--- c:\windows\system32\vokubonu.dll
2009-01-17 20:11 86,293 a--sh--- c:\windows\system32\fijiveni.dll
2009-01-17 08:10 97,457 a--sh--- c:\windows\system32\yagerumu.dll
2009-01-17 08:10 133,239 a--sh--- c:\windows\system32\hagipugo.dll
2009-01-16 20:10 133,465 a--sh--- c:\windows\system32\musagote.dll
2009-01-16 20:10 100,544 a--sh--- c:\windows\system32\zibuweti.dll
2009-01-16 08:12 86,344 a--sh--- c:\windows\system32\kitasijo.dll
2009-01-16 08:11 133,956 a--sh--- c:\windows\system32\yodejetu.dll
2009-01-16 08:11 100,579 a--sh--- c:\windows\system32\wuratapa.dll
2009-01-16 07:10 99,565 a--sh--- c:\windows\system32\hejapive.dll
2009-01-16 07:10 85,084 -------- c:\windows\system32\famujize.dll
2009-01-16 07:10 63,756 a--sh--- c:\windows\system32\wujeluhe.dll
2009-01-15 19:10 131,760 a--sh--- c:\windows\system32\lakutufo.dll
2009-01-15 19:10 127,907 a--sh--- c:\windows\system32\vuyohasu.dll
2009-01-15 07:10 131,867 a--sh--- c:\windows\system32\tevupiru.dll
2009-01-15 07:10 127,811 a--sh--- c:\windows\system32\gorawuwi.dll
2009-01-15 07:09 131,694 a--sh--- c:\windows\system32\jahomayo.dll
2009-01-15 07:09 68,889 a--sh--- c:\windows\system32\nalayafi.dll
2009-01-15 07:09 127,906 a--sh--- c:\windows\system32\reziguge.dll
2009-01-15 07:09 86,829 a--sh--- c:\windows\system32\nelesoye.dll
2009-01-14 19:03 131,692 a--sh--- c:\windows\system32\fesorega.dll
2009-01-14 19:03 99,495 a--sh--- c:\windows\system32\tukowohu.dll
2009-01-14 07:03 131,683 a--sh--- c:\windows\system32\yomunagu.dll
2009-01-14 07:03 99,416 a--sh--- c:\windows\system32\wotimela.dll
2009-01-13 18:52 99,551 a--sh--- c:\windows\system32\bebohoge.dll
2009-01-13 18:52:57 A--SH--- 131,683 c:\windows\system32\nokihino.dll
0000-00-00 00:00 21,504 a--sh--- c:\windows\system32\gurinuwe.dll
0000-00-00 00:00 0 a--sh--- c:\windows\system32\hurikupu.dll
0000-00-00 00:00 0 a--sh--- c:\windows\system32\nevavite.dll
2008-09-22 09:06 75,776 ac-sh--- c:\windows\system32\pisuvedi.dll
0000-00-00 00:00 0 a--sh--- c:\windows\system32\sidewatu.dll
0000-00-00 00:00 77,824 a--sh--- c:\windows\system32\vutigufe.dll
2008-08-12 22:03 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081220080813\index.dat

============= FINISH: 21:04:25.96 ===============

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:44 AM

Posted 05 February 2009 - 08:56 AM

You are loaded to the maximum with Vundo files we will run Combofix to tthin out the amount of files present on your system then cleanup the rest.
================
Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 moneek

moneek
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:tempe az
  • Local time:05:44 AM

Posted 11 February 2009 - 12:44 AM

here is the log


c:\documents and settings\HUSBAND\Application Data\gadcom
c:\program files\Common\helper.sig
c:\windows\system32\agifizah.ini
c:\windows\system32\akivigir.ini
c:\windows\system32\akopameh.ini
c:\windows\system32\alazirod.ini
c:\windows\system32\amovudag.ini
c:\windows\system32\asirevuv.ini
c:\windows\system32\asobojat.ini
c:\windows\system32\aturusol.ini
c:\windows\system32\ayugayoh.ini
c:\windows\system32\bebohoge.dll
c:\windows\system32\begajetu.dll
c:\windows\system32\buyaneju.dll
c:\windows\system32\cibxlj.dll
c:\windows\system32\cifcoa.dll
c:\windows\system32\clpjqtdn.ini
c:\windows\system32\delahiru.dll
c:\windows\system32\delidubu.dll
c:\windows\system32\dimidiva.dll
c:\windows\system32\ditehahe.dll
c:\windows\system32\diyisoye.dll
c:\windows\system32\duyapewe.dll
c:\windows\system32\efcDVpqp.dll
c:\windows\system32\egukayir.ini
c:\windows\system32\ehagesem.ini
c:\windows\system32\elatuvoh.ini
c:\windows\system32\emenovul.ini
c:\windows\system32\emwigk.dll
c:\windows\system32\erafenuj.ini
c:\windows\system32\evatuyur.ini
c:\windows\system32\ewepayud.ini
c:\windows\system32\eyekejas.ini
c:\windows\system32\eyosiyid.ini
c:\windows\system32\ezijumaf.ini
c:\windows\system32\ezometot.ini
c:\windows\system32\famujize.dll
c:\windows\system32\fayebuzu.dll
c:\windows\system32\fesorega.dll
c:\windows\system32\feyujafi.dll.tmp
c:\windows\system32\fijiveni.dll
c:\windows\system32\fovuteni.dll
c:\windows\system32\futewege.dll
c:\windows\system32\gawodara.dll
c:\windows\system32\gekininu.dll
c:\windows\system32\gidobedi.dll
c:\windows\system32\gmotycaj.ini
c:\windows\system32\gurinuwe.dll
c:\windows\system32\guzuyavu.dll
c:\windows\system32\hadurule.dll
c:\windows\system32\hafinohu.dll
c:\windows\system32\hagipugo.dll
c:\windows\system32\hazifiga.dll
c:\windows\system32\hejapive.dll
c:\windows\system32\hidagipe.dll
c:\windows\system32\hisozega.dll.tmp
c:\windows\system32\hoganova.dll
c:\windows\system32\hohohano.dll
c:\windows\system32\hoyaguya.dll
c:\windows\system32\hrrpoghg.ini
c:\windows\system32\hurikupu.dll
c:\windows\system32\hurunika.dll.tmp
c:\windows\system32\hutufivi.dll
c:\windows\system32\huvagobi.dll
c:\windows\system32\ibuyefew.ini
c:\windows\system32\idebodig.ini
c:\windows\system32\ihhxwp.dll
c:\windows\system32\ihuwohak.ini
c:\windows\system32\ikemohiw.ini
c:\windows\system32\ikogored.ini
c:\windows\system32\iledagoz.ini
c:\windows\system32\imorenup.ini
c:\windows\system32\inevijif.ini
c:\windows\system32\inezejes.ini
c:\windows\system32\inigiyiy.ini
c:\windows\system32\ipuduyat.ini
c:\windows\system32\ipuwuzog.ini
c:\windows\system32\isodageb.ini
c:\windows\system32\ivonodaf.ini
c:\windows\system32\iyawunij.ini
c:\windows\system32\iyomiyif.ini
c:\windows\system32\izobenod.ini
c:\windows\system32\jabayasa.dll
c:\windows\system32\jahomayo.dll
c:\windows\system32\jazehode.dll
c:\windows\system32\jenafeno.dll
c:\windows\system32\jenevufi.dll
c:\windows\system32\jesatavu.dll
c:\windows\system32\jiremeye.dll
c:\windows\system32\jkkIBSKC.dll
c:\windows\system32\jmzjod.dll
c:\windows\system32\jogiduji.dll
c:\windows\system32\juyarono.dll.tmp
c:\windows\system32\kapeteme.dll
c:\windows\system32\ketasonu.dll
c:\windows\system32\kinewego.dll
c:\windows\system32\kitasijo.dll
c:\windows\system32\kiwasuge.dll
c:\windows\system32\kofipulo.dll.tmp
c:\windows\system32\ktwwvjuv.ini
c:\windows\system32\kudepoga.dll.tmp
c:\windows\system32\kvykddrt.ini
c:\windows\system32\lakutufo.dll
c:\windows\system32\leruyale.dll
c:\windows\system32\levewani.dll
c:\windows\system32\liraneto.dll
c:\windows\system32\liseruka.dll
c:\windows\system32\losuruta.dll
c:\windows\system32\luguluhu.dll
c:\windows\system32\lujisosa.dll
c:\windows\system32\luvoneme.dll
c:\windows\system32\mehmni.dll
c:\windows\system32\mesegahe.dll
c:\windows\system32\molezovu.dll
c:\windows\system32\mulirowo.dll
c:\windows\system32\musagote.dll
c:\windows\system32\nalayafi.dll
c:\windows\system32\nelesoye.dll
c:\windows\system32\neremije.dll
c:\windows\system32\nevavite.dll
c:\windows\system32\nevigapi.dll
c:\windows\system32\nevoputo.dll
c:\windows\system32\nigokeyo.dll
c:\windows\system32\nnnNhHBs.dll
c:\windows\system32\nokihino.dll
c:\windows\system32\nuyuviju.dll
c:\windows\system32\nxdjenin.ini
c:\windows\system32\obkdss.dll
c:\windows\system32\odogijuv.ini
c:\windows\system32\ofdyjoup.ini
c:\windows\system32\ojisatik.ini
c:\windows\system32\oneholuj.ini
c:\windows\system32\onunosus.ini
c:\windows\system32\opcdmrfi.ini
c:\windows\system32\opopepab.ini
c:\windows\system32\osatenoy.ini
c:\windows\system32\ovivepar.ini
c:\windows\system32\owelahus.ini
c:\windows\system32\perofile.dll
c:\windows\system32\pfrdes.dll
c:\windows\system32\phffti.dll
c:\windows\system32\pipuduwu.dll
c:\windows\system32\pizofubo.dll.tmp
c:\windows\system32\potibubi.dll
c:\windows\system32\puhelero.dll
c:\windows\system32\razupopi.dll
c:\windows\system32\refajami.dll
c:\windows\system32\rogiwezu.dll
c:\windows\system32\rokewezi.dll
c:\windows\system32\romabotu.dll
c:\windows\system32\rotiduzu.dll
c:\windows\system32\rowopapo.dll
c:\windows\system32\rqRKCvWP.dll
c:\windows\system32\rqvvvi.dll
c:\windows\system32\ruvoyenu.dll
c:\windows\system32\ruxpasef.ini
c:\windows\system32\sajuyaya.dll
c:\windows\system32\sakiyiye.dll.tmp
c:\windows\system32\sbldkaby.ini
c:\windows\system32\sefatori.dll.tmp
c:\windows\system32\sekamuva.dll
c:\windows\system32\seyomaju.dll
c:\windows\system32\sidewatu.dll
c:\windows\system32\sipewise.dll.tmp
c:\windows\system32\siruguhu.dll
c:\windows\system32\sogidona.dll
c:\windows\system32\ssqPfEWN.dll
c:\windows\system32\suhalewo.dll
c:\windows\system32\supilime.dll
c:\windows\system32\susopaya.dll
c:\windows\system32\suwuwuha.dll
c:\windows\system32\tagafoji.dll
c:\windows\system32\tajobosa.dll
c:\windows\system32\tavahozu.dll
c:\windows\system32\tayazuvo.dll
c:\windows\system32\tevupiru.dll
c:\windows\system32\tfkcitte.ini
c:\windows\system32\tokovovu.dll
c:\windows\system32\totodele.dll
c:\windows\system32\tqirre.dll
c:\windows\system32\tukowohu.dll
c:\windows\system32\twain32
c:\windows\system32\twain32\local.ds
c:\windows\system32\twain32\user.ds
c:\windows\system32\tygyno.dll
c:\windows\system32\udodiwub.ini
c:\windows\system32\ufedapiv.ini
c:\windows\system32\ufunadil.ini
c:\windows\system32\ugejisik.ini
c:\windows\system32\ujakemij.ini
c:\windows\system32\ujibubow.ini
c:\windows\system32\ujohibaj.ini
c:\windows\system32\uladepag.ini
c:\windows\system32\ulalusez.ini
c:\windows\system32\uneduzih.ini
c:\windows\system32\unuhutun.ini
c:\windows\system32\uqegav.dll
c:\windows\system32\urobujid.ini
c:\windows\system32\urugovuj.ini
c:\windows\system32\urujahuw.ini
c:\windows\system32\uublsjud.ini
c:\windows\system32\uvizepuh.ini
c:\windows\system32\uvovokot.ini
c:\windows\system32\uwudupip.ini
c:\windows\system32\uyopezey.ini
c:\windows\system32\uzohavat.ini
c:\windows\system32\vajarusu.dll
c:\windows\system32\vapobawu.dll
c:\windows\system32\vegovuni.dll
c:\windows\system32\veyafoni.dll
c:\windows\system32\vipadefu.dll
c:\windows\system32\vokubonu.dll
c:\windows\system32\vujigodo.dll
c:\windows\system32\vutigufe.dll
c:\windows\system32\vuvimuwe.dll
c:\windows\system32\vwafua.dll
c:\windows\system32\watusero.dll
c:\windows\system32\wifukolu.dll
c:\windows\system32\wigenupa.dll.tmp
c:\windows\system32\wihomeki.dll
c:\windows\system32\wobubiju.dll
c:\windows\system32\wojopudu.dll
c:\windows\system32\wotimela.dll
c:\windows\system32\wtlcwi.dll
c:\windows\system32\wuhajuru.dll
c:\windows\system32\wujeluhe.dll
c:\windows\system32\wuratapa.dll
c:\windows\system32\wurigizu.dll
c:\windows\system32\wvUlMgGX.dll
c:\windows\system32\yagerumu.dll
c:\windows\system32\yayYSJyy.dll
c:\windows\system32\ybfrod.dll
c:\windows\system32\yebukobe.dll
c:\windows\system32\yejenujo.dll
c:\windows\system32\yejivoji.dll
c:\windows\system32\yezejugo.dll
c:\windows\system32\yibabofi.dll
c:\windows\system32\yodejetu.dll
c:\windows\system32\yodutiti.dll
c:\windows\system32\yomunagu.dll
c:\windows\system32\yonetaso.dll
c:\windows\system32\yvdhhf.dll
c:\windows\system32\yyFiPXbc.ini
c:\windows\system32\yyFiPXbc.ini2
c:\windows\system32\zenatosi.dll
c:\windows\system32\zibuweti.dll
c:\windows\system32\zijaputa.dll
c:\windows\system32\zipavagi.dll
c:\windows\system32\zitakihu.dll
c:\windows\system32\zivahesu.dll
c:\windows\system32\zokuwesa.dll
c:\windows\system32\zomiduvi.dll
c:\windows\system32\zrvobk.dll
c:\windows\system32\zudijovu.dll.tmp
c:\windows\Temp\tmp3.tmp
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-01-11 to 2009-02-11 )))))))))))))))))))))))))))))))
.

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:44 AM

Posted 11 February 2009 - 06:50 AM

Hi Click Here to upload the combofix file please.
It was cut off.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users