Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rampant Email Proxy through my machine


  • This topic is locked This topic is locked
2 replies to this topic

#1 wrangler-ed

wrangler-ed

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:51 AM

Posted 08 March 2009 - 04:41 PM

I had lots of problems with my Dell laptop. This issue started after installing Symantec Endpoint Protection. I was getting up to one error message per second. I was able to stop the error messages by going to Window Task Manager and deleting the application a few times and the Symantec process which was looking at these email messages stopped reporting them. Alternatively, I could go to the process tab and delete the Symantec process and the error messages would go away and stop being generated. However, that does not stop the actual problem of my computer being used as an email proxy.

What I have done to address the issue so far is loading Malwarebytes Anti-Malware. Also tried Moon Antivirius, which I attempted to delete after no results. Malwarebytes found some 80 items that Norton did not find. Also, I saw on a Bleeping Computer post about multiple instances of Network Adapters drivers in the Hardware Device Manager. So I deleted the keys associated with those drivers (Psched.sys). (I do not believe I had any MS QOS installed on my machine.) They were linked so after that my wireless network did not work, so I reinstalled from Dell's recovery disk the drivers and the problem recurs once I am connected to the internet. Every time I turn on the machine, Norton finds a Trojan BN1.tmp in the Windows\Temp directory. After going into safe mode and clearing this directory and restarting in the normal mode two other files are generated in this directory (1) mtaXXXXX.dll and (2) Perflib_Perfdata_YYY.dat where the X's and Y's can be different values each time generated. If I do not clean this directory then the next time I restart the machine, then these two files will be generated with different X's and Y's. I can not remove these files while the machine is running in the normal mode as it appears they are being used. I tried the Malwarebytes' FileASSASSIN to delete locked files, however, it comes back and says it can't unless there is a reboot. Of course on a reboot another set of files is generated, which solves nothing. After running Malwarebytes Anti-Malware I get Windows RUNDLL errors for the following files removed by Malwarebytes: (1) buyenayo.dll, (2) wepekigi.dll, and (3) kusudewi.dll. I do not know whether this is related to the root cause of the email issue, but the undeletable files in the Windows\Temp directory do appear related because the emails start sometime after these files are well established. While this may not be so, it appears that Symantec starts later than the generation of the files being loaded to the Windows\Temp directory and damage has already been done. I even set this directory to Read Only, however, the malware is still writing to the directory and not changing the attribute. Something is putting or generating stuff on my machine which I do not understand. Also, BN1.tmp sometimes appears as BN3.tmp in the Windows\Temp directory.

Here is the DDS report:


DDS (Ver_09-02-01.01) - NTFSx86
Run by ecrampto at 15:32:59.76 on Sun 03/08/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1362 [GMT -5:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ecrampto\Desktop\dds.scr

============== Pseudo HJT Report ===============

mWinlogon: Userinit=c:\windows\system32\userinit.exe
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [prunnet] "c:\windows\system32\prunnet.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IntelZeroConfig] c:\program files\intel\wireless\bin\ZCfgSvc.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [prunnet] "c:\windows\system32\prunnet.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [f8180815] rundll32.exe "c:\windows\system32\kusudewi.dll",b
mRun: [CPMfb2b3b89] Rundll32.exe "c:\windows\system32\buyenayo.dll",a
mRun: [mivanubuzo] Rundll32.exe "c:\windows\system32\wepekigi.dll",s
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
dRun: [Cognac] c:\windows\temp\3A9.tmp.exe
dRun: [services] c:\windows\services.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9e.exe
uExplorerRun: [services] c:\windows\services.exe
mExplorerRun: [services] c:\windows\services.exe
dExplorerRun: [services] c:\windows\services.exe
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-150-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
Notify: nnnoOgdE - nnnoOgdE.dll
AppInit_DLLs: rvygmc.dll umvczr.dll ltfesb.dll iahyll.dll bcgphl.dll sewcug.dll clxghx.dll xbuzmh.dll scfvcx.dll diupgu.dll kkqoip.dll ywwqgu.dll dbkefw.dll uofzaz.dll iprdtx.dll iogmde.dll c:\windows\system32\buyenayo.dll,c:\windows\system32\tikiyabu.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\buyenayo.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\buyenayo.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ecrampto\applic~1\mozilla\firefox\profiles\ffx2u7n3.default\
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll

============= SERVICES / DRIVERS ===============

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-6-17 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-6-17 108392]
R2 sopidkc;sopidkc Service;c:\windows\system32\sopidkc.exe [2004-8-4 48128]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-23 99376]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090222.018\NAVENG.SYS [2009-2-23 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090222.018\NAVEX15.SYS [2009-2-23 876144]
R3 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2008-6-17 2234296]
S2 msav;Moon Secure Antivirus Core;c:\program files\moon secure antivirus\msavcore.exe --> c:\program files\moon secure antivirus\msavcore.exe [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-6-17 23888]
S3 restore;restore;\??\c:\windows\system32\drivers\restore.sys --> c:\windows\system32\drivers\restore.sys [?]

=============== Created Last 30 ================

2009-03-08 09:50 <DIR> --d----- C:\drvrtmp
2009-03-07 17:30 <DIR> --d----- c:\docume~1\ecrampto\applic~1\Malwarebytes
2009-03-07 17:29 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-07 17:29 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-07 17:29 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-07 17:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-07 17:27 2,876,720 a------- c:\temp\mbam-setup.exe
2009-03-07 12:29 129,024 a--sh--- c:\windows\system32\iprdtx.dll
2009-03-07 00:28 1,805,695 ---sh--- c:\windows\system32\ifasamir.ini
2009-03-07 00:28 129,024 a--sh--- c:\windows\system32\uofzaz.dll
2009-03-06 12:29 2,713 ---sh--- c:\windows\system32\gagaviju.exe
2009-03-05 18:26 1,805,695 ---sh--- c:\windows\system32\uyenigip.ini
2009-03-05 18:26 129,024 a--sh--- c:\windows\system32\dbkefw.dll
2009-03-05 06:27 121 ---sh--- c:\windows\system32\ibiwovaw.ini
2009-03-05 06:26 129,024 a--sh--- c:\windows\system32\ywwqgu.dll
2009-03-05 05:41 <DIR> --d-h--- c:\windows\PIF
2009-03-05 04:02 <DIR> --d----- c:\windows\system32\NtmsData
2009-03-04 17:24 129,024 a--sh--- c:\windows\system32\oznfoy.dll
2009-03-04 05:24 1,628,170 ---sh--- c:\windows\system32\ilupiyam.ini
2009-03-04 05:24 129,024 a--sh--- c:\windows\system32\kkqoip.dll
2009-03-03 22:01 1,628,170 ---sh--- c:\windows\system32\opajegud.ini
2009-03-03 17:24 129,024 a--sh--- c:\windows\system32\diupgu.dll
2009-03-03 05:23 129,024 a--sh--- c:\windows\system32\scfvcx.dll
2009-03-02 17:23 1,629,035 ---sh--- c:\windows\system32\orowumiz.ini
2009-03-02 17:23 129,024 a--sh--- c:\windows\system32\xbuzmh.dll
2009-03-02 08:16 1,665,710 ---sh--- c:\windows\system32\ufozinaw.tmp2
2009-03-02 08:13 1,665,710 ---sh--- c:\windows\system32\ufozinaw.tmp
2009-03-02 05:22 129,024 a--sh--- c:\windows\system32\clxghx.dll
2009-03-01 05:22 129,024 a--sh--- c:\windows\system32\sewcug.dll
2009-02-28 17:22 129,024 a--sh--- c:\windows\system32\twalxc.dll
2009-02-28 05:22 129,024 a--sh--- c:\windows\system32\ihedtz.dll
2009-02-27 17:21 129,024 a--sh--- c:\windows\system32\zanilc.dll
2009-02-27 05:21 2,713 ---sh--- c:\windows\system32\jesotuvi.exe
2009-02-26 13:21 516 a------- C:\Settings.ini
2009-02-26 13:21 <DIR> --d-h--- c:\windows\system32\WLANProfiles
2009-02-26 13:21 <DIR> --d----- C:\Settings
2009-02-26 11:20 129,024 a--sh--- c:\windows\system32\bcgphl.dll
2009-02-26 07:33 193,024 a------- c:\windows\system32\OLD225E.tmp
2009-02-26 07:31 61,440 a------- c:\windows\system32\OLD2211.tmp
2009-02-26 07:31 77,824 a------- c:\windows\system32\OLD220D.tmp
2009-02-26 07:27 55,296 a------- c:\windows\system32\OLD2130.tmp
2009-02-25 23:20 129,024 a--sh--- c:\windows\system32\iahyll.dll
2009-02-25 06:54 446,464 a----r-- c:\windows\system32\hhactivex.dll
2009-02-25 06:54 328,480 a------- c:\windows\system32\ssa3d30.ocx
2009-02-25 06:54 176,128 a------- c:\windows\system32\RcdScan.dll
2009-02-25 06:54 171,967 a------- c:\windows\system32\Odbcjet.hlp
2009-02-25 06:54 7,348 a------- c:\windows\system32\Odbcjet.cnt
2009-02-25 06:54 89,360 a------- c:\windows\system32\VB5DB.DLL
2009-02-25 06:54 13,632 -------- c:\windows\system32\drivers\omci.sys
2009-02-24 23:19 2,713 ---sh--- c:\windows\system32\fibufeti.dll
2009-02-24 23:19 129,024 a--sh--- c:\windows\system32\ltfesb.dll
2009-02-24 22:40 991,232 a----r-- c:\windows\system32\W22MLRES.DLL
2009-02-23 16:04 2,713 ---sh--- c:\windows\system32\zusidebi.exe
2009-02-23 07:02 664 a------- c:\windows\system32\d3d9caps.dat
2009-02-23 05:57 105,984 a------- c:\windows\system32\1E.tmp
2009-02-23 05:57 1 a------- c:\windows\system32\1D.tmp
2009-02-23 05:57 84 a------- c:\windows\system32\1B.tmp
2009-02-23 05:48 105,984 a------- c:\windows\system32\1C.tmp
2009-02-23 05:48 1 a------- c:\windows\system32\1A.tmp
2009-02-23 05:48 84 a------- c:\windows\system32\18.tmp
2009-02-23 05:45 <DIR> --d----- c:\windows\system32\appmgmt
2009-02-23 05:38 0 a------- c:\windows\system32\16.tmp
2009-02-23 05:38 124,928 a------- c:\windows\system32\umvczr.dll
2009-02-23 05:38 124,928 a------- c:\windows\system32\objqotuu.dll
2009-02-22 23:37 36,864 a------- c:\windows\system32\19.tmp
2009-02-22 23:37 67,585 a------- c:\windows\system32\17.tmp
2009-02-22 23:36 168 a------- c:\windows\system32\14.tmp
2009-02-22 23:33 36,864 a------- c:\windows\system32\15.tmp
2009-02-22 23:33 67,585 a------- c:\windows\system32\13.tmp
2009-02-22 23:19 36,864 a------- c:\windows\system32\12.tmp
2009-02-22 23:19 67,585 a------- c:\windows\system32\10.tmp
2009-02-22 23:07 6 a------- c:\windows\_id.dat
2009-02-22 23:00 130 a------- c:\windows\adobe.bat
2009-02-22 22:45 388,608 a------- c:\windows\system32\tmpxccacj0.exe
2009-02-22 21:39 209 a------- c:\windows\system32\xcchit32.ini
2009-02-22 21:39 77,824 a------- c:\windows\system32\u21221826.dll
2009-02-22 21:38 26,624 a------- c:\windows\system32\grcrt2.exe
2009-02-22 21:38 578 a------- c:\windows\xccwinsys.ini
2009-02-22 21:38 <DIR> --d----- c:\windows\system32\inf
2009-02-22 21:38 676,352 a------- c:\windows\system32\rtl60.bpl
2009-02-22 20:48 <DIR> --d----- C:\OAUTIL
2009-02-22 20:45 60,800 a------- c:\windows\system32\S32EVNT1.DLL
2009-02-22 20:45 123,952 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-22 20:45 10,563 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-22 20:45 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-02-22 20:43 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-02-22 20:43 <DIR> --d----- c:\program files\Symantec
2009-02-22 20:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-02-22 09:50 125,440 a------- c:\windows\system32\rvygmc.dll
2009-02-22 09:50 125,440 a------- c:\windows\system32\qhcspyvc.dll
2009-02-22 09:47 1,608,127 ---sh--- c:\windows\system32\hjmmmlkc.ini
2009-02-21 21:47 1,607,808 ---sh--- c:\windows\system32\yylqmbcw.ini
2009-02-21 05:08 1,607,797 ---sh--- c:\windows\system32\pdgroxqs.ini
2009-02-21 05:06 123,392 a------- c:\windows\system32\lizmww.dll
2009-02-21 05:06 123,392 a------- c:\windows\system32\sesrcabc.dll
2009-02-18 01:27 63 a------- c:\windows\system\SYSRegC.dll
2009-02-18 01:26 143,360 a------- c:\windows\system32\GetHardDiskNo.dll
2009-02-17 12:17 1,585,213 ---sh--- c:\windows\system32\glvklgyl.ini
2009-02-17 00:22 8,341 a------- c:\windows\system32\events.dat
2009-02-16 23:46 <DIR> --d----- c:\program files\Moon Secure Antivirus
2009-02-16 23:19 1,571,654 ---sh--- c:\windows\system32\uoqtygnt.ini
2009-02-16 08:09 <DIR> --d----- c:\windows\quuu
2009-02-16 08:09 <DIR> --d----- c:\program files\common files\quuu

==================== Find3M ====================

2009-03-07 12:29 129,024 a--sh--- c:\windows\system32\gojowahu.dll
2009-03-07 12:29 84,992 a--sh--- c:\windows\system32\gopohiyu.dll
2009-03-07 00:28 129,024 a--sh--- c:\windows\system32\vusegawu.dll
2009-03-05 18:26 84,992 a--sh--- c:\windows\system32\rejiyuwa.dll
2009-03-05 18:26 129,024 a--sh--- c:\windows\system32\moreleju.dll
2009-03-05 06:26 129,024 a--sh--- c:\windows\system32\bozujeyi.dll
2009-03-05 06:26 84,992 a--sh--- c:\windows\system32\mebarepo.dll
2009-03-04 17:24 129,024 a--sh--- c:\windows\system32\dofawada.dll
2009-03-04 17:24 84,992 a--sh--- c:\windows\system32\zeyegabu.dll
2009-03-04 05:24 129,024 a--sh--- c:\windows\system32\dufifeka.dll
2009-03-04 05:24 84,992 a--sh--- c:\windows\system32\gadibope.dll
2009-03-03 17:24 129,024 a--sh--- c:\windows\system32\vuzasufa.dll
2009-03-03 17:24 84,992 a--sh--- c:\windows\system32\nakavadu.dll
2009-03-03 05:23 129,024 a--sh--- c:\windows\system32\yozezuna.dll
2009-03-03 05:23 84,992 a--sh--- c:\windows\system32\kiduruka.dll
2009-03-02 17:23 129,024 a--sh--- c:\windows\system32\dijozadu.dll
2009-03-02 17:23 84,992 a--sh--- c:\windows\system32\fezepope.dll
2009-03-02 05:22 84,992 a--sh--- c:\windows\system32\suhidonu.dll
2009-03-02 05:22 129,024 a--sh--- c:\windows\system32\bigasunu.dll
2009-03-01 17:22 84,992 a--sh--- c:\windows\system32\kumidule.dll
2009-03-01 05:22 129,024 a--sh--- c:\windows\system32\sanotoyi.dll
2009-02-28 17:22 84,992 a--sh--- c:\windows\system32\pebemona.dll
2009-02-28 17:22 129,024 a--sh--- c:\windows\system32\pugiseka.dll
2009-02-28 05:22 84,992 a--sh--- c:\windows\system32\pisenewo.dll
2009-02-28 05:22 129,024 a--sh--- c:\windows\system32\dopugezo.dll
2009-02-27 17:21 84,992 a--sh--- c:\windows\system32\yezadisa.dll
2009-02-27 17:21 129,024 a--sh--- c:\windows\system32\kibivegi.dll
2009-02-26 11:20 84,992 a--sh--- c:\windows\system32\wajilisa.dll
2009-02-26 11:20 129,024 a--sh--- c:\windows\system32\kibarofa.dll
2009-02-26 07:32 438,272 a------- c:\windows\system32\igfxcfg.exe
2009-02-26 07:32 114,688 a------- c:\windows\system32\igfxzoom.exe
2009-02-26 07:30 11,776 -------- c:\windows\system32\regsvr32.exe.tmp
2009-02-26 07:30 388,608 a------- c:\windows\system32\cmd.exe.tmp
2009-02-26 07:30 20,480 a------- c:\windows\system32\cliconfg.exe
2009-02-26 07:27 61,952 -------- c:\windows\system32\Hdaudpropshortcut.exe
2009-02-26 07:26 15,360 a------- c:\windows\system32\taskman.exe
2009-02-26 07:25 51,712 a------- c:\windows\system32\migpwd.exe
2009-02-25 23:20 84,992 a--sh--- c:\windows\system32\hulujige.dll
2009-02-25 23:20 129,024 a--sh--- c:\windows\system32\toruyuhu.dll
2009-02-25 22:52 14,336 a------- c:\windows\system32\runonce.exe.tmp
2009-02-25 17:13 104,960 a------- c:\windows\system32\dfrgntfs.exe.tmp
2009-02-25 17:13 25,088 a------- c:\windows\system32\defrag.exe.tmp
2009-02-25 11:20 84,992 a--sh--- c:\windows\system32\vokevuda.dll
2009-02-25 08:35 11,264 a------- c:\windows\system32\attrib.exe
2009-02-25 08:33 119,808 a------- c:\windows\system32\winmine.exe
2009-02-25 08:33 56,832 a------- c:\windows\system32\sol.exe
2009-02-25 08:33 55,296 a------- c:\windows\system32\freecell.exe
2009-02-25 07:09 98,304 a------- c:\windows\system32\igfxext.exe
2009-02-24 23:57 135,680 a------- c:\windows\system32\taskmgr.exe
2009-02-24 23:19 129,024 a--sh--- c:\windows\system32\zozonodu.dll
2009-02-24 22:57 10,752 a------- c:\windows\hh.exe
2009-02-24 22:53 69,632 a------- c:\windows\system32\usrshuta.exe
2009-02-24 22:53 114,688 a------- c:\windows\system32\ialmudlg.exe
2009-02-23 21:54 815,104 a------- c:\windows\system32\mmc.exe.tmp
2009-02-23 21:43 13,312 a------- c:\windows\system32\savedump.exe
2009-02-23 21:37 180,224 a------- c:\windows\system32\dwwin.exe.tmp
2009-02-23 21:37 15,360 a------- c:\windows\system32\ctfmon.exe.tmp
2009-02-23 21:37 10,752 a------- c:\windows\system32\dumprep.exe.tmp
2009-02-23 21:36 33,280 a------- c:\windows\system32\rundll32.exe.tmp
2009-02-23 21:36 159,744 a------- c:\windows\system32\igfxsrvc.exe
2009-02-23 21:36 114,688 a------- c:\windows\system32\igfxpers.exe
2009-02-23 21:36 77,824 a------- c:\windows\system32\hkcmd.exe
2009-02-23 21:36 94,208 a------- c:\windows\system32\igfxtray.exe
2009-02-23 21:36 1,032,192 a------- c:\windows\explorer.exe.tmp
2009-02-23 21:34 57,856 a------- c:\windows\system32\spoolsv.exe.tmp
2009-02-23 21:34 514,560 a------- c:\windows\system32\logonui.exe
2009-02-23 21:34 420,352 a------- c:\windows\system32\ntvdm.exe
2009-02-23 06:14 4,401 a--sh--- c:\windows\system32\oooonnpo.ini2
2009-02-22 23:00 182,912 a------- c:\windows\system32\drivers\ndis.sys
2009-02-16 19:00 297,984 a------- c:\windows\system32\nkgnfimafkksekzfg.dll

============= FINISH: 15:35:37.36 ===============
:thumbup2:

BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:07:51 AM

Posted 20 March 2009 - 04:54 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:07:51 AM

Posted 25 March 2009 - 07:34 AM

Due to the lack of feedback This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users