Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32.Banker.xe and many other problems


  • Please log in to reply
1 reply to this topic

#1 kate c

kate c

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 19 January 2009 - 06:15 PM

I currently have some combination of viruses ganging up on my computer (running WinXP). I had symmantec antivirus software installed, but realized a few weeks ago that its liveupdate had stopped working, so the virus definitions were out of date. When I tried reinstalling liveupdate, I realized that the windows installer no longer worked... This is when I started getting suspicious. Then a few days ago I started up my computer and there is a desktop background, but no icons and no start menu etc. I can only access things through the Task Manager. I installed a few other antivirus programs that did not require windows installer, in an attempt to get things on the mend. I now have Spybot Search and Destroy, AVG, and A-squared Free. They found and deleted several viruses such as Virtumonde, DoubleClick and Win32.Agent.pz along with a few others, however they could not fix Win32.Banker.xe My icons and start menu came back and things appeared to be back to normal, then they dissappeared again, so whatever the root of the problem is still haunts the computer. I am also gettin some pop-ups for "Antivirus2009" and one that keeps trying to load 89.188.16.28 etc.... Any suggestions for where to start?


DDS (Ver_09-01-18.01) - NTFSx86
Run by kate at 17:11:38.62 on Mon 01/19/2009
Internet Explorer: 7.0.5730.13

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig?hl=en
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\twext.exe,c:\windows\system32\twex.exe,
BHO: {2e70fd59-a496-4cf0-89fb-ca384dec43cb} - c:\windows\system32\suwidusu.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {1f45b903-f466-00b9-2ba4-0c2363f7da89}: {98ad7f36-32c0-4ab2-9b00-664f309b54f1} - c:\windows\system32\wckpte.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PPS Accelerator] c:\program files\ppstream\ppsap.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_10\bin\jusched.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [RIS2PostReboot] c:\program files\lego mindstorms\ris 2.0\LaunchRIS2.exe
mRun: [WinTVZilla] "c:\program files\wintvzilla\WinTVZilla.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [!AVG Anti-Spyware] "c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe" /minimized
mRun: [bunigodipi] Rundll32.exe "c:\windows\system32\fujehone.dll",s
mRun: [CPM4f308187] Rundll32.exe "c:\windows\system32\majubilu.dll",a
mRun: [4c03b21b] rundll32.exe "c:\windows\system32\yubiwojo.dll",b
mRunOnce: [SpybotDeletingA8422] command /c del "c:\windows\system32\izohidan.ini"
mRunOnce: [SpybotDeletingC1687] cmd /c del "c:\windows\system32\izohidan.ini"
mRunOnce: [SpybotDeletingA8153] command /c del "c:\windows\system32\twain32\local.ds"
mRunServices: [SchedulingAgent] c:\windows\system32\mstask.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: whataboutadog.com
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: wrapkm - wrapkm.dll
AppInit_DLLs: ows\system32\zodatibo.dll rakprp.dll c:\windows\system32\wahayaga.dll ajxbpf.dll bzohmu.dll yejbkp.dll qjyonw.dll wckpte.dll c:\windows\system32\majubilu.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\majubilu.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\majubilu.dll
SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
LSA: Notification Packages = c:\windows\system32\wahayaga.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kate\applic~1\mozilla\firefox\profiles\fp2kclf1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.engr.ncsu.edu/k12outreach/rampup/
FF - component: c:\program files\mozilla firefox\components\qfaservices.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("backups.number_of_prefs_copies", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromString", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromStream", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.disable_window_open_feature.status", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("advanced.always_load_images", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.protocol-handler.external.help", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.connect.timeout", 30); // in seconds
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.request.timeout", 120); // in seconds
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN_show_punycode", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.image.imageBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.cookieBehavior", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\mozilla firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.version",
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.extensions.version", "1.0");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.build_id",
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true); // Whether or not background app updates
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0); // UTC offset when last App update was
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.update.performed", false); // Whether or not an update has been
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false); // Automatically download and install
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000); // Check for updates to Extensions and
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0); // UTC offset when last Extension/Theme
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.count", 0); // The number of extension/theme/etc
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update.interval", 3600000); // Check each of the above intervals
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update.showSlidingNotification", true); // Windows-only slide-up taskbar
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update.severity", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("general.useragent.vendorSub",
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.update.resetHomepage", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.turbo.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://browser/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update_notifications.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties");

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-01-19 16:17 1,362,005 ---sh--- c:\windows\system32\ojowibuy.ini
2009-01-19 16:17 <DIR> --d----- c:\program files\Trend Micro
2009-01-19 14:03 133,402 a--sh--- c:\windows\system32\wckpte.dll
2009-01-19 02:40 1,358,643 ---sh--- c:\windows\system32\epogiyut.ini
2009-01-19 02:03 133,792 a--sh--- c:\windows\system32\zkckfn.dll
2009-01-18 14:03 133,821 a--sh--- c:\windows\system32\frohxm.dll
2009-01-18 02:02 133,925 a--sh--- c:\windows\system32\qjyonw.dll
2009-01-17 14:02 133,788 a--sh--- c:\windows\system32\yejbkp.dll
2009-01-17 02:10 133,901 a------- c:\windows\system32\bzohmu.dll
2009-01-16 14:08 133,749 a------- c:\windows\system32\ajxbpf.dll
2009-01-16 13:01 <DIR> --d----- c:\docume~1\kate\applic~1\Grisoft
2009-01-16 12:55 301 a------- c:\windows\wininit.ini
2009-01-15 13:31 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-01-15 13:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-01-15 13:25 <DIR> --d----- c:\program files\a-squared Free
2009-01-15 13:06 10,872 a------- c:\windows\system32\drivers\AvgAsCln.sys
2009-01-15 13:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Grisoft
2009-01-15 13:02 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-01-14 18:04 1,396,264 a------- C:\WindowsXP-KB948277-x86-ENU.exe
2009-01-12 13:54 131,868 a--sh--- c:\windows\system32\rakprp.dll
2009-01-12 13:21 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-01-12 13:15 <DIR> --d----- c:\program files\Panda Security
2009-01-12 01:54 1,217,010 ---sh--- c:\windows\system32\efoguhun.ini
2009-01-12 01:54 135,860 a--sh--- c:\windows\system32\owjmik.dll
2009-01-11 13:54 1,217,010 ---sh--- c:\windows\system32\ejudobuv.ini
2009-01-11 13:54 136,942 a--sh--- c:\windows\system32\wocbvv.dll
2009-01-11 01:54 135,803 a--sh--- c:\windows\system32\sreywo.dll
2009-01-11 01:53 1,299,787 ---sh--- c:\windows\system32\ajobumid.ini
2009-01-10 13:54 1,299,787 ---sh--- c:\windows\system32\ujofogey.ini
2009-01-10 13:53 137,029 a--sh--- c:\windows\system32\zoxsjn.dll
2009-01-10 01:53 1,292,180 ---sh--- c:\windows\system32\ejafukup.ini
2009-01-10 01:53 135,866 a--sh--- c:\windows\system32\xqkjbc.dll
2009-01-09 13:53 1,292,180 ---sh--- c:\windows\system32\agudiwoh.ini
2009-01-09 13:53 136,939 a--sh--- c:\windows\system32\ijfmep.dll
2009-01-09 01:53 1,285,026 ---sh--- c:\windows\system32\unadezuf.ini
2009-01-08 13:53 1,285,026 ---sh--- c:\windows\system32\ovenuhet.ini
2009-01-08 01:52 1,279,243 ---sh--- c:\windows\system32\adowonon.ini
2009-01-07 16:37 <DIR> --d----- c:\program files\Microsoft IntelliPoint 5.2
2009-01-07 16:36 <DIR> --d----- c:\program files\Microsoft IntelliType Pro 5.2
2009-01-07 16:22 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll
2009-01-07 16:22 21,504 a------- c:\windows\system32\hidserv.dll
2009-01-07 16:22 14,848 ac------ c:\windows\system32\dllcache\kbdhid.sys
2009-01-07 16:22 14,848 a------- c:\windows\system32\drivers\kbdhid.sys
2009-01-07 13:52 1,279,243 ---sh--- c:\windows\system32\iwujepos.ini
2009-01-07 01:52 1,280,295 ---sh--- c:\windows\system32\odisohis.ini
2009-01-06 13:51 1,280,295 ---sh--- c:\windows\system32\inawulay.ini
2009-01-06 12:51 0 a--sh--- c:\windows\system32\zodikebu.dll
2009-01-06 00:51 1,265,232 ---sh--- c:\windows\system32\ukigufif.ini
2009-01-05 12:51 1,265,232 ---sh--- c:\windows\system32\ulihunih.ini
2009-01-04 20:35 1,266,209 ---sh--- c:\windows\system32\etolopar.ini
2009-01-04 08:35 1,266,209 ---sh--- c:\windows\system32\emaguneb.ini

==================== Find3M ====================

2009-01-19 14:03 133,402 a--sh--- c:\windows\system32\kuwovogi.dll
2009-01-19 14:03 98,553 a--sh--- c:\windows\system32\majubilu.dll
2009-01-19 14:03 87,359 a--sh--- c:\windows\system32\yubiwojo.dll
2009-01-19 02:03 133,792 a--sh--- c:\windows\system32\dupakoti.dll
2009-01-19 02:03 99,450 a--sh--- c:\windows\system32\wuhahate.dll
2009-01-19 02:03 85,257 a--sh--- c:\windows\system32\tuyigope.dll
2009-01-18 14:03 133,821 a--sh--- c:\windows\system32\lagewigo.dll
2009-01-18 14:03 101,128 a--sh--- c:\windows\system32\jeyamiku.dll
2009-01-18 14:03 85,280 a--sh--- c:\windows\system32\netolafo.dll
2009-01-18 02:02 100,618 a--sh--- c:\windows\system32\viyilara.dll
2009-01-18 02:02 133,925 a--sh--- c:\windows\system32\nowiyusa.dll
2009-01-18 02:02 86,230 a--sh--- c:\windows\system32\zitekamo.dll
2009-01-17 14:02 133,788 a--sh--- c:\windows\system32\wobowedi.dll
2009-01-17 14:02 101,145 a--sh--- c:\windows\system32\fodevuna.dll
2009-01-17 14:02 86,173 a--sh--- c:\windows\system32\nadihozi.dll
2009-01-17 02:10 133,901 a------- c:\windows\system32\giyifuvo.dll
2009-01-17 02:10 85,159 a------- c:\windows\system32\lujifufa.dll
2009-01-17 02:10 101,054 a------- c:\windows\system32\jiziwifi.dll
2009-01-16 14:08 133,749 a------- c:\windows\system32\vegibeya.dll
2009-01-16 14:08 100,485 a------- c:\windows\system32\tijebevi.dll
2009-01-16 14:08 86,175 -------- c:\windows\system32\rezalefe.dll
2009-01-16 13:01 64,137 a--sh--- c:\windows\system32\verimowe.dll
2009-01-12 13:54 131,868 a--sh--- c:\windows\system32\tumazuba.dll
2009-01-12 13:54 64,336 a--sh--- c:\windows\system32\yudukoke.dll
2009-01-12 13:54 99,451 a--sh--- c:\windows\system32\lunilidu.dll
2009-01-12 13:54 87,654 -------- c:\windows\system32\yawiziga.dll
2009-01-12 01:54 135,860 a--sh--- c:\windows\system32\vegiyemi.dll
2009-01-12 01:54 101,063 a--sh--- c:\windows\system32\favogupo.dll
2009-01-11 13:54 101,117 a--sh--- c:\windows\system32\katovibu.dll
2009-01-11 13:54 136,942 a--sh--- c:\windows\system32\folelali.dll
2009-01-11 01:53 103,147 a--sh--- c:\windows\system32\yunebume.dll
2009-01-11 01:53 135,803 a--sh--- c:\windows\system32\legunoku.dll
2009-01-11 01:53 91,358 a--sh--- c:\windows\system32\dimuboja.dll
2009-01-10 13:53 90,691 -------- c:\windows\system32\yegofoju.dll
2009-01-10 13:53 137,029 a--sh--- c:\windows\system32\yomumele.dll
2009-01-10 13:53 67,275 a--sh--- c:\windows\system32\bemadoko.dll
2009-01-10 13:53 103,098 a--sh--- c:\windows\system32\lanadata.dll
2009-01-10 01:53 135,866 a--sh--- c:\windows\system32\sabiyubi.dll
2009-01-10 01:53 103,035 a--sh--- c:\windows\system32\kofumaje.dll
2009-01-10 01:53 90,407 -------- c:\windows\system32\pukufaje.dll
2009-01-09 13:53 136,939 a--sh--- c:\windows\system32\nunayeta.dll
2009-01-09 13:53 104,024 a--sh--- c:\windows\system32\binosino.dll
2009-01-09 13:53 90,962 -------- c:\windows\system32\howiduga.dll
2009-01-09 01:53 103,223 a--sh--- c:\windows\system32\fadokase.dll
2009-01-09 01:53 90,358 -------- c:\windows\system32\fuzedanu.dll
2009-01-08 13:52 103,157 a--sh--- c:\windows\system32\zitakihu.dll
2009-01-08 01:52 103,148 a--sh--- c:\windows\system32\zuvusibo.dll
2009-01-08 01:52 90,437 -------- c:\windows\system32\nonowoda.dll
2009-01-07 13:52 104,052 a--sh--- c:\windows\system32\ramegige.dll
2009-01-07 01:52 90,960 a--sh--- c:\windows\system32\sihosido.dll
2009-01-07 01:52 103,209 a--sh--- c:\windows\system32\nevibuni.dll
2009-01-06 13:51 90,445 -------- c:\windows\system32\yaluwani.dll
2009-01-06 13:51 103,111 a--sh--- c:\windows\system32\visutime.dll
2009-01-06 12:51 69,416 a--sh--- c:\windows\system32\fimijole.dll
2009-01-06 00:51 104,250 a--sh--- c:\windows\system32\romenepo.dll
2009-01-06 00:51 89,326 -------- c:\windows\system32\fifugiku.dll
2009-01-05 12:51 103,109 a--sh--- c:\windows\system32\tulowifi.dll
2009-01-04 20:35 89,273 a--sh--- c:\windows\system32\rapolote.dll
2009-01-04 08:35 101,685 a--sh--- c:\windows\system32\pozowaha.dll
2009-01-04 08:35 68,178 a--sh--- c:\windows\system32\parahuri.dll
2008-12-19 12:33 95,912 a--sh--- c:\windows\system32\jeyiniyo.dll
2008-12-19 12:33 85,174 a--sh--- c:\windows\system32\wokoguri.dll
2008-12-18 14:30 83,066 -------- c:\windows\system32\donojawi.dll
2008-12-18 00:42 88,702 a--sh--- c:\windows\system32\somobepu.dll
2008-12-18 00:42 99,972 a--sh--- c:\windows\system32\folawava.dll
2008-12-17 15:19 1,560,576 a------- c:\windows\system32\asoyuzoy.tmp
2008-12-17 12:41 95,851 a--sh--- c:\windows\system32\munufimi.dll
2008-12-17 00:41 95,910 a--sh--- c:\windows\system32\boponase.dll
2008-12-16 12:41 66,317 a--sh--- c:\windows\system32\kewowupa.dll
2008-12-16 12:41 95,800 a--sh--- c:\windows\system32\vuyugije.dll
2008-12-15 15:19 96,848 a--sh--- c:\windows\system32\vemumise.dll
2008-12-15 14:18 67,263 a--sh--- c:\windows\system32\hisekeke.dll
2008-12-15 14:18 97,077 a--sh--- c:\windows\system32\nuvameje.dll
2008-12-15 02:18 92,978 a--sh--- c:\windows\system32\fapugali.dll
2008-12-14 14:17 91,217 a--sh--- c:\windows\system32\bozehuka.dll
2008-12-14 14:17 85,802 -------- c:\windows\system32\guhegeni.dll
2008-12-14 02:17 84,731 -------- c:\windows\system32\haguyofe.dll
2008-12-14 02:17 90,752 a--sh--- c:\windows\system32\rodugema.dll
2008-12-13 14:16 91,248 a--sh--- c:\windows\system32\miwotado.dll
2008-12-13 14:16 85,587 -------- c:\windows\system32\sagetumu.dll
2008-12-13 02:16 91,331 a--sh--- c:\windows\system32\zebekeli.dll
2008-12-13 02:16 85,573 -------- c:\windows\system32\kuzeyogi.dll
2008-12-12 14:16 90,766 a--sh--- c:\windows\system32\teyesiti.dll
2008-12-12 14:16 84,565 -------- c:\windows\system32\sosafuji.dll
2008-12-12 02:16 91,200 a--sh--- c:\windows\system32\vujigami.dll
2008-12-11 14:16 90,921 a--sh--- c:\windows\system32\nawodogi.dll
2008-12-11 13:16 63,566 a--sh--- c:\windows\system32\semasowa.dll
2008-12-11 13:16 86,123 -------- c:\windows\system32\lodivoyo.dll
2008-12-09 13:58 93,328 a--sh--- c:\windows\system32\zusudupe.dll
2008-12-09 13:58 87,190 a--sh--- c:\windows\system32\talefake.dll
2008-12-09 01:58 93,941 a--sh--- c:\windows\system32\binebose.dll
2008-12-09 01:58 87,179 -------- c:\windows\system32\nirepuna.dll
2008-12-08 13:58 94,486 a--sh--- c:\windows\system32\zonazeba.dll
2008-12-08 12:58 64,121 a--sh--- c:\windows\system32\ravuhavu.dll
2008-12-07 23:19 93,474 a--sh--- c:\windows\system32\yawususi.dll
2008-12-07 23:19 87,853 -------- c:\windows\system32\tihonego.dll
2008-12-07 11:19 92,744 a--sh--- c:\windows\system32\bibegipe.dll
2008-12-05 17:34 63,660 a--sh--- c:\windows\system32\pegatijo.dll
2008-12-05 17:34 94,267 a--sh--- c:\windows\system32\wehemeru.dll
2008-12-05 17:34:55 A--SH--- 87,614 c:\windows\system32\fokivilo.dll
2008-09-08 12:58 38,912 a--sh--- c:\windows\system32\dozepiwa.dll
0000-00-00 00:00 64,137 a--sh--- c:\windows\system32\fujehone.dll
0000-00-00 00:00 64,512 a--sh--- c:\windows\system32\luhonaki.dll
0000-00-00 00:00 31,744 a--sh--- c:\windows\system32\mawivawo.dll
0000-00-00 00:00 65,536 a--sh--- c:\windows\system32\riwumagu.dll
0000-00-00 00:00 64,137 a--sh--- c:\windows\system32\suwidusu.dll
0000-00-00 00:00 64,137 a--sh--- c:\windows\system32\wahayaga.dll
2008-09-15 14:18 53,248 a--sh--- c:\windows\system32\yaturite.dll
2008-09-11 13:16 80,896 a--sh--- c:\windows\system32\zenemure.dll

============= FINISH: 17:23:59.15 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:10 PM

Posted 30 January 2009 - 08:29 AM

Hello kate c

Welcome to BleepingComputer :thumbup2:
========================

Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.
---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.
================
Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users