Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think i have vundo on my computer?


  • This topic is locked This topic is locked
2 replies to this topic

#1 treefern

treefern

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 PM

Posted 27 February 2009 - 05:19 AM

WE have a number of problems. firstly when i start the computer it comes up with an eror ( something about win32). then automatic updates wont update and you cant turn it on have tried as much as i know (not much). if you go onto the net all these pop ups keep starting. driving me mad. Please help. hope this is enough info. My kids also play games such as runescape etc could this be the problem? I am following the instructions from the preparation guide and hope all is as it should be.


DDS (Ver_09-02-01.01) - NTFSx86
Run by Terry Wall at 20:50:53.64 on Fri 27/02/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.61.1033.18.503.128 [GMT 11:00]

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Terry Wall\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ccfn.com.au/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO:  - No File
BHO: {00FAE0C8-3C9A-4C90-94BC-CE6A77253C96} - No File
BHO: {0394D1C1-117A-4571-B8F1-8B12D71776C6} - No File
BHO: {051EB695-4277-4FF4-9215-B8DE2F030B7B} - No File
BHO: {959eeb36-6fda-7efa-e804-fa24820bb490}: {094bb028-42af-408e-afe7-adf663bee959} - c:\windows\system32\zpjfdl.dll
BHO: {1249FE5C-7E84-46EB-8D64-AE5F8FDEDB3E} - No File
BHO: {1847345C-F357-48DA-9FC6-6C352F80D191} - No File
BHO: {1D1D3CA4-A09C-4300-951B-E63A01C0F408} - No File
BHO: {1DAA4581-981C-4F9E-BD5A-987D7B81C2DC} - No File
BHO: {1E2D4034-A4E0-4FD5-B380-983F097D2488} - No File
BHO: {2016A8E2-B6B3-4E6B-967D-78AAE8C38122} - No File
BHO: {24141AFB-1A5A-4076-83B2-BC7BDBCF5A0D} - No File
BHO: {25133F0A-EE4E-4455-8E08-F9913908424A} - No File
BHO: {2EA97541-7DB7-4650-B33B-73CA2E595489} - No File
BHO: {341789FC-8CDE-49BF-A432-928750FFDB5E} - No File
BHO: {35A38B76-EF8F-4D1F-80FC-629AA663061C} - No File
BHO: {367F854D-76D2-4B4A-A3B8-32294F991113} - No File
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.2.1.2.dll
BHO: {45D7E679-C8E1-4148-B701-60896286D71D} - No File
BHO: {52C24C65-B211-4D14-A81E-4A40DD0CDEBD} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5545EA3D-BBBD-400D-90DC-AB528C11375E} - No File
BHO: {5D236C31-A908-4BD9-B4E9-59C3724E3807} - No File
BHO: {5F284221-9951-41A1-86E5-CD2E02A09DF6} - No File
BHO: {634CB496-0508-450D-9EBB-0D6FBA2B5E79} - No File
BHO: {6879F9A3-5CF8-487E-A8F7-895B2B9788BC} - No File
BHO: {6A50AE6F-C35F-4071-8E9B-9BAB94CD2DD7} - No File
BHO: {6B890FAA-C626-43FB-A976-6572257D6606} - No File
BHO: {73F76605-CFE0-4900-A89A-431DDA8E87E1} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {770FB5A3-AAFE-4FA0-9584-FD13CD5429B1} - No File
BHO: {80188252-8D11-4A4A-8BC5-5555684DC89F} - No File
BHO: {8C0DA8B8-B080-4340-AEEA-DC9362A2881D} - No File
BHO: {8D003E57-FC17-4352-855F-D297A5006457} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {A3E83D03-C989-4B82-9F42-C71A996B60F7} - No File
BHO: {A94F728E-537B-4BFB-B3E1-3599984AF7F4} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: {B8CDFF9A-F8DF-4644-B523-7027C10DE009} - No File
BHO: {BBFE4BF1-3735-4AD0-9375-105A0048CC5D} - No File
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
BHO: {CA8CB51C-7E67-4A18-BA63-969BB9AAC7E8} - No File
BHO: {CC3CA9E4-B016-46CE-9637-1D6A2F00D4FA} - No File
BHO: {D4CF40B0-FEFF-45A1-A3DF-B7ED7D8DF0EC} - No File
BHO: {E530A87B-0875-480C-9D7D-90017591460B} - No File
BHO: {e7602565-6b9e-49ec-b0b5-55f5cda67dbb} - c:\windows\system32\geBsrPHx.dll
BHO: {EB31CCAB-04B9-4ABE-88D6-0E93641CEE65} - No File
BHO: {f24cb4b1-9185-4932-8f37-999312a86393} - c:\windows\system32\awttUmmn.dll
BHO: {F34DE996-EDAA-45C0-95F7-CCB4A47F9297} - No File
BHO: {F3F37511-893F-4501-98F9-3FD56D27CA42} - No File
BHO: {F7D56082-B718-4825-B3BA-251172AD464F} - No File
BHO: {FB9E51E8-64A1-4626-B5A1-CAAF72BDD711} - No File
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [msnmsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_1_0
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [0cc93ccb] rundll32.exe "c:\windows\system32\hljmeeca.dll",b
mExplorerRun: [DbeOKfKxgO] c:\docume~1\terryw~1\locals~1\temp\pwrmgr.exe
StartupFolder: c:\documents and settings\terry wall\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.1.2.dll/206
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\imon.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} - hxxp://site.ebrary.com.ezproxy.scu.edu.au/lib/southerncross/support/plugins/ebraryRdr.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by121fd.bay121.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230946168031
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1225095347859
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
Notify: geBsrPHx - geBsrPHx.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: agxzio.dll lyklel.dll qxgdes.dll mausnr.dll wyxwae.dll jvtkew.dll kqntob.dll yygzdo.dll dflfyb.dll etxejp.dll cxynbv.dll dtxrcm.dll cezfxc.dll xghbdn.dll ofxtdt.dll fokkzx.dll efoqii.dll fyvebk.dll ynrien.dll umzqsr.dll kefjvk.dll sywibt.dll yfirqp.dll tffpdb.dll rsegjx.dll dtkvwy.dll hrderb.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {e7602565-6b9e-49ec-b0b5-55f5cda67dbb} - c:\windows\system32\geBsrPHx.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\awttUmmn

============= SERVICES / DRIVERS ===============

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-1-19 15424]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2006-4-12 33920]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2007-1-19 552064]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-1-3 40840]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-1-3 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-1-3 81288]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-1-3 356920]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-1-3 1079176]

=============== Created Last 30 ================

2009-02-27 10:35 54,156 a---h--- c:\windows\QTFont.qfn
2009-02-27 10:35 1,409 a------- c:\windows\QTFont.for
2009-02-18 22:48 4,588 a------- C:\install_Terry Wall_00000000.ERR
2009-02-06 09:31 120 ---sh--- c:\windows\system32\kevabpnd.ini
2009-02-06 09:31 68,096 a------- c:\windows\system32\dnpbavek.dll
2009-02-06 09:31 380,578 a--sh--- c:\windows\system32\KTuDKRqr.ini2
2009-02-06 09:31 380,578 a--sh--- c:\windows\system32\KTuDKRqr.ini
2009-02-06 09:31 237,568 a------- c:\windows\system32\rqRKDuTK.dll
2009-02-05 16:09 120 ---sh--- c:\windows\system32\qnckmyhn.ini
2009-02-05 16:08 68,096 a------- c:\windows\system32\nhymkcnq.dll
2009-02-05 16:08 379,496 a--sh--- c:\windows\system32\NnTDcfii.ini
2009-02-05 16:08 370 a--sh--- c:\windows\system32\NnTDcfii.ini2
2009-02-05 16:08 236,544 a------- c:\windows\system32\iifcDTnN.dll
2009-01-29 16:06 120 ---sh--- c:\windows\system32\qxytbjnw.ini
2009-01-29 16:06 77,312 a------- c:\windows\system32\wnjbtyxq.dll

==================== Find3M ====================

2009-02-27 20:48 4,035 a--sh--- c:\windows\system32\nmmUttwa.ini2
2009-02-27 18:59 34 a------- c:\documents and settings\terry wall\jagex_runescape_preferences.dat
2009-01-27 21:19 76,800 a------- c:\windows\system32\fujpodjp.dll
2009-01-23 05:30 77,824 a------- c:\windows\system32\fsiuworm.dll
2009-01-22 09:51 76,288 a------- c:\windows\system32\podiwxip.dll
2009-01-21 09:49 74,752 a------- c:\windows\system32\rlwelgmq.dll
2009-01-20 07:06 114,176 a------- c:\windows\system32\ibjpskhw.dll
2009-01-20 07:06 114,176 a------- c:\windows\system32\dajmrh.dll
2009-01-20 07:04 76,800 a------- c:\windows\system32\iwcmnmal.dll
2009-01-19 08:36 116,736 a------- c:\windows\system32\ffnxdhhe.dll
2009-01-19 08:36 116,736 a------- c:\windows\system32\eshyux.dll
2009-01-19 08:33 76,800 a------- c:\windows\system32\tmspntlc.dll
2009-01-18 08:32 78,336 a------- c:\windows\system32\myyticxi.dll
2009-01-18 08:30 114,176 a------- c:\windows\system32\unmmylao.dll
2009-01-18 08:30 114,176 a------- c:\windows\system32\dctzos.dll
2009-01-17 19:52 114,176 a------- c:\windows\system32\dxspau.dll
2009-01-17 19:52 114,176 a------- c:\windows\system32\aekvvpab.dll
2009-01-17 19:49 78,336 a------- c:\windows\system32\lrhnhoje.dll
2009-01-16 19:49 115,200 a------- c:\windows\system32\yozuwl.dll
2009-01-16 19:49 115,200 a------- c:\windows\system32\sqfimbuw.dll
2009-01-16 19:48 79,872 a------- c:\windows\system32\ybmyqqne.dll
2009-01-16 14:56 77,312 a------- c:\windows\system32\wxewpmpx.dll
2009-01-16 14:56 115,200 a------- c:\windows\system32\vtrkuw.dll
2009-01-16 14:56 115,200 a------- c:\windows\system32\cwnlnrbl.dll
2009-01-16 11:14 1,347,511 a--sh--- c:\windows\system32\MVvwDcdd.ini2
2009-01-16 11:05 124,416 a------- c:\windows\system32\yfgdji.dll
2009-01-16 11:05 124,416 a------- c:\windows\system32\qvyfjotb.dll
2009-01-16 11:03 73,216 a------- c:\windows\system32\wexpwfox.dll
2009-01-16 11:02 303,104 a------- c:\windows\system32\ddcDwvVM.dll
2009-01-15 14:56 75,776 a------- c:\windows\system32\drterdpi.dll
2009-01-15 14:55 117,248 a------- c:\windows\system32\wklhmujw.dll
2009-01-15 14:55 117,248 a------- c:\windows\system32\mrbtou.dll
2009-01-15 08:15 117,248 a------- c:\windows\system32\uqbcqboh.dll
2009-01-15 08:15 117,248 a------- c:\windows\system32\cqhtbq.dll
2009-01-15 08:12 75,776 a------- c:\windows\system32\uaowoihu.dll
2009-01-14 08:11 119,808 a------- c:\windows\system32\herftn.dll
2009-01-14 08:11 119,808 a------- c:\windows\system32\fpjuiwse.dll
2009-01-13 06:01 81,920 a------- c:\windows\system32\aiaqqrie.dll
2009-01-13 06:00 117,248 a------- c:\windows\system32\hnbyhw.dll
2009-01-13 06:00 117,248 a------- c:\windows\system32\aghuixkl.dll
2009-01-12 08:24 115,712 a------- c:\windows\system32\tgkhctfr.dll
2009-01-12 08:24 115,712 a------- c:\windows\system32\hhbpwy.dll
2009-01-12 08:22 75,776 a------- c:\windows\system32\iwfcoadx.dll
2009-01-11 08:21 115,200 a------- c:\windows\system32\vcpoyi.dll
2009-01-11 08:21 115,200 a------- c:\windows\system32\dulpujfl.dll
2009-01-11 08:21 76,288 a------- c:\windows\system32\asyfvcsb.dll
2009-01-10 07:49 115,200 a------- c:\windows\system32\wswopgyo.dll
2009-01-10 07:49 115,200 a------- c:\windows\system32\mmtjjg.dll
2009-01-10 07:46 79,360 a------- c:\windows\system32\ngjpidqt.dll
2009-01-09 07:47 115,200 a------- c:\windows\system32\ykrywmwj.dll
2009-01-09 07:47 115,200 a------- c:\windows\system32\jtzkmk.dll
2009-01-09 07:46 78,336 a------- c:\windows\system32\inimdpgw.dll
2009-01-08 06:52 116,736 a------- c:\windows\system32\srzfkt.dll
2009-01-08 06:52 116,736 a------- c:\windows\system32\neifhrhi.dll
2009-01-08 06:50 78,848 a------- c:\windows\system32\njedncjc.dll
2009-01-07 06:48 80,384 a------- c:\windows\system32\bptbjnop.dll
2009-01-07 06:48 116,736 a------- c:\windows\system32\npkytq.dll
2009-01-07 06:48 116,736 a------- c:\windows\system32\lmkxkbnj.dll
2009-01-06 06:45 76,800 a------- c:\windows\system32\ryoqeknv.dll
2009-01-06 06:43 118,784 a------- c:\windows\system32\jydlonwu.dll
2009-01-06 06:43 118,784 a------- c:\windows\system32\fkiqfr.dll
2009-01-05 14:22 126,464 a------- c:\windows\system32\nodwuclq.dll
2009-01-05 14:22 126,464 a------- c:\windows\system32\bykkah.dll
2009-01-05 14:21 303,104 a------- c:\windows\system32\fcccdBuT.dll
2009-01-04 07:19 80,384 a------- c:\windows\system32\apgtuily.dll
2009-01-04 07:19 116,224 a------- c:\windows\system32\hkcrkbex.dll
2009-01-04 07:19 116,224 a------- c:\windows\system32\eunwgf.dll
2009-01-03 07:07 116,224 a------- c:\windows\system32\jexoob.dll
2009-01-03 07:07 116,224 a------- c:\windows\system32\agmdjxtd.dll
2009-01-01 08:00 75,264 a------- c:\windows\system32\jokcxwha.dll
2009-01-01 07:58 117,760 a------- c:\windows\system32\wlndgffa.dll
2009-01-01 07:58 117,760 a------- c:\windows\system32\nllraq.dll
2008-12-31 07:41 118,784 a------- c:\windows\system32\vlirhhox.dll
2008-12-31 07:41 118,784 a------- c:\windows\system32\ewfith.dll
2008-12-31 07:40 78,848 a------- c:\windows\system32\duwnsnln.dll
2008-12-30 13:55 78,336 a------- c:\windows\system32\csoqpwxf.dll
2008-12-30 13:52 115,712 a------- c:\windows\system32\vbtpetaa.dll
2008-12-30 13:52 115,712 a------- c:\windows\system32\uepecg.dll
2008-12-29 13:51 119,808 a------- c:\windows\system32\wmverw.dll
2008-12-29 13:51 119,808 a------- c:\windows\system32\eqvbrutb.dll
2008-12-29 13:51 78,336 a------- c:\windows\system32\dmehthcp.dll
2008-12-29 08:55 78,336 a------- c:\windows\system32\jgqxgalw.dll
2008-12-29 08:52 119,808 a------- c:\windows\system32\rlqmjdec.dll
2008-12-29 08:52 119,808 a------- c:\windows\system32\mhfbui.dll
2008-12-28 08:53 77,824 a------- c:\windows\system32\putuyvxb.dll
2008-12-28 08:51 118,272 a------- c:\windows\system32\npwuzd.dll
2008-12-28 08:51 118,272 a------- c:\windows\system32\dnqgosik.dll
2008-12-27 07:15 74,752 a------- c:\windows\system32\wrvymfin.dll
2008-12-27 07:13 115,712 a------- c:\windows\system32\saxqwr.dll
2008-12-27 07:13 115,712 a------- c:\windows\system32\fkklgunx.dll
2008-12-26 08:43 116,736 a------- c:\windows\system32\rixgkssm.dll
2008-12-26 08:43 116,736 a------- c:\windows\system32\iuqeby.dll
2008-12-26 08:43 116,736 a------- c:\windows\system32\aiydkmsh.dll
2008-12-25 08:41 77,824 a------- c:\windows\system32\ixovvhtd.dll
2008-12-25 08:40 117,248 a------- c:\windows\system32\ssiyna.dll
2008-12-25 08:40 117,248 a------- c:\windows\system32\biidtwyh.dll
2008-12-24 06:07 116,224 a------- c:\windows\system32\nbwvwp.dll
2008-12-24 06:07 116,224 a------- c:\windows\system32\antaqynv.dll
2008-12-24 05:38 75,264 a------- c:\windows\system32\qjxrwiyc.dll
2008-12-23 15:12:27 A------- 73,216 c:\windows\system32\urhoimog.dll
2008-05-11 13:00 56 ---shr-- c:\windows\system32\924207B94A.sys
2008-05-14 19:45 1,890 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 20:52:42.39 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:53 PM

Posted 03 March 2009 - 12:27 AM

Hello treefern,

Sorry for the delay. We have over 500 logs backed up and only a few helpers.

We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and Paste the entire Malwarebytes' Anti-Malware report in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.

If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dll

Edited by SifuMike, 03 March 2009 - 12:28 AM.
typo

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:53 PM

Posted 07 March 2009 - 11:22 PM

Due to inactivity, this thread will now be closed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users