Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde


  • This topic is locked This topic is locked
3 replies to this topic

#1 jte1311

jte1311

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 12 March 2009 - 09:22 AM

I am getting a HUGE amount of popups, I have trendmicro and when I reboot, it sometimes won't run, can't access windows medis player, I had to delete IE 7 in order to access IE, I would get an error message claiming IE had to close do to an error (IE wouldn't even come up just the message).




DDS (Ver_09-02-01.01) - NTFSx86
Run by Owner at 8:50:02.65 on Thu 03/12/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.317 [GMT -5:00]

AV: Trend Micro AntiVirus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.dynexproducts.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: {8bc35a63-6b50-fb7a-5f34-0ed276861574}: {47516867-2de0-43f5-a7bf-05b636a53cb8} - c:\windows\system32\dgwpkx.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5af145c1-b0f8-482c-99b6-5ff6a67727b4} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {ad8e7eb0-5260-45eb-a1c1-950742a14720} - c:\windows\system32\pigazigi.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: BhoMisc Class: {e3578b37-6346-4ec1-a82b-38273a100dcf} - c:\program files\trend micro\trendprotect\msie\wrs.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: TrendProtect: {f83be649-1cc3-48ee-b2e2-0826cef3822a} - c:\program files\trend micro\trendprotect\msie\wrs.dll
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRunOnce: [SpybotDeletingB8452] command.com /c del "c:\windows\system32\lagoguze.dll_old"
uRunOnce: [SpybotDeletingD1000] cmd.exe /c del "c:\windows\system32\lagoguze.dll_old"
uRunOnce: [SpybotDeletingB7893] command.com /c del "c:\windows\system32\nadojizu.dll_old"
uRunOnce: [SpybotDeletingD4540] cmd.exe /c del "c:\windows\system32\nadojizu.dll_old"
uRunOnce: [SpybotDeletingB7634] command.com /c del "c:\windows\system32\dositesu.dll_old"
uRunOnce: [SpybotDeletingD3828] cmd.exe /c del "c:\windows\system32\dositesu.dll_old"
uRunOnce: [SpybotDeletingB415] command.com /c del "c:\windows\system32\modubelo.dll_old"
uRunOnce: [SpybotDeletingD2544] cmd.exe /c del "c:\windows\system32\modubelo.dll_old"
uRunOnce: [SpybotDeletingB5774] command.com /c del "c:\windows\system32\fulefoze.dll_old"
uRunOnce: [SpybotDeletingD1626] cmd.exe /c del "c:\windows\system32\fulefoze.dll_old"
mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [Tracker] c:\program files\mysoftware\myinvoices\tracker.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [E63E34A7] c:\docume~1\owner\desktop\cbblee~1.exe /m="c:\docume~1\owner\desktop\CBBLEE~1.EXE" /k=""
mRun: [wojadokovo] Rundll32.exe "c:\windows\system32\gesesiyo.dll",s
mRun: [c072365e] rundll32.exe "c:\windows\system32\yesileya.dll",b
mRun: [CPMc34105c2] Rundll32.exe "c:\windows\system32\gutinila.dll",a
mRunOnce: [SpybotDeletingA1541] command.com /c del "c:\windows\system32\modubelo.dll_old"
mRunOnce: [SpybotDeletingC8806] cmd.exe /c del "c:\windows\system32\modubelo.dll_old"
mRunOnce: [SpybotDeletingA6771] command.com /c del "c:\windows\system32\fulefoze.dll_old"
mRunOnce: [SpybotDeletingC4292] cmd.exe /c del "c:\windows\system32\fulefoze.dll_old"
dRunOnce: [LabelMaker2.0] regsvr32 c:\program files\common files\mysoftware\regdll.dll /s
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sbcsel~1.lnk - c:\program files\sbc self support tool\bin\matcli.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - c:\program files\ultimatebet\UltimateBet.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dll
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221428413682
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221434300546
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - c:\program files\trend micro\trendprotect\msie\WRS.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\lagoguze.dll c:\windows\system32\nodokoge.dll oaoycj.dll dgwpkx.dll c:\windows\system32\gutinila.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\gutinila.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\gutinila.dll
LSA: Notification Packages = scecli c:\windows\system32\nodokoge.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\x29qor8a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\mozilla firefox\components\blsfflock.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\x29qor8a.default\extensions\createandprint@ag.com\platform\winnt_x86-msvc\plugins\NpPopup.dll
FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPCIG.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmidas.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMySrch.dll

============= SERVICES / DRIVERS ===============

R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-1-5 52240]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-2-16 36368]
R3 tmproxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-1-5 648456]

=============== Created Last 30 ================

2009-03-11 21:34 1,807,293 ---sh--- c:\windows\system32\ayelisey.ini
2009-03-11 21:34 123,392 a--sh--- c:\windows\system32\dgwpkx.dll
2009-03-11 17:28 1,807,293 ---sh--- c:\windows\system32\ezofeluf.ini
2009-03-11 09:33 123,392 a--sh--- c:\windows\system32\flbude.dll
2009-03-11 09:21 <DIR> --d----- c:\docume~1\owner\applic~1\Uniblue
2009-03-11 09:21 <DIR> --d----- c:\program files\Uniblue
2009-03-11 09:03 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-03-11 07:49 230 a------- c:\windows\system32\spupdsvc.inf
2009-03-10 21:33 123,392 a--sh--- c:\windows\system32\thdnkb.dll
2009-03-09 21:33 123,392 a--sh--- c:\windows\system32\oaoycj.dll
2009-03-09 20:05 23,392 a------- c:\windows\system32\nscompat.tlb
2009-03-09 20:05 16,832 a------- c:\windows\system32\amcompat.tlb
2009-03-09 15:22 <DIR> --d----- c:\program files\common files\HP
2009-03-09 15:14 69,632 a------- c:\windows\system32\HPZipm12.1
2009-03-09 15:10 117,385 a------- c:\windows\hpoins11.dat
2009-03-09 13:46 135,168 a------- c:\windows\system32\igfxres.dll
2009-03-09 13:33 380,416 -------- c:\windows\system32\irprops.cpl
2009-03-09 13:32 162,304 -------- c:\windows\system32\wuaucpl.cpl
2009-03-09 13:27 <DIR> --d----- c:\windows\ServicePackFiles
2009-03-09 13:20 19,528 a------- c:\windows\002715_.tmp
2009-03-09 13:20 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-03-09 12:19 156,672 ac------ c:\windows\system32\dllcache\winzm.ime
2009-03-09 12:19 156,672 ac------ c:\windows\system32\dllcache\winsp.ime
2009-03-09 12:19 156,672 ac------ c:\windows\system32\dllcache\winpy.ime
2009-03-09 12:19 79,360 ac------ c:\windows\system32\dllcache\winar30.ime
2009-03-09 12:19 69,120 ac------ c:\windows\system32\dllcache\wingb.ime
2009-03-09 12:19 65,536 ac------ c:\windows\system32\dllcache\winime.ime
2009-03-09 12:19 41,600 ac------ c:\windows\system32\dllcache\weitekp9.dll
2009-03-09 12:19 31,232 ac------ c:\windows\system32\dllcache\weitekp9.sys
2009-03-09 12:17 10,096,640 ac------ c:\windows\system32\dllcache\hwxcht.dll
2009-03-09 12:17 <DIR> --d----- c:\temp\ext55098
2009-03-09 12:16 <DIR> --d----- c:\temp\ext12300
2009-03-09 12:09 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-03-09 12:08 252,928 a------- c:\windows\system32\msoeacct.dll
2009-03-09 12:07 185,344 a------- c:\windows\system32\cmprops.dll
2009-03-09 12:07 58,880 a------- c:\windows\system32\licwmi.dll
2009-03-09 12:07 56,320 a------- c:\windows\system32\servdeps.dll
2009-03-09 12:07 17,408 a------- c:\windows\system32\mmfutil.dll
2009-03-09 12:07 196,864 a------- c:\windows\system32\drivers\rdpdr.sys
2009-03-09 11:58 6,400 a------- c:\windows\system32\drivers\splitter.sys
2009-03-09 11:58 52,864 a------- c:\windows\system32\drivers\dmusic.sys
2009-03-09 11:58 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-03-09 11:57 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-03-09 11:57 57,472 a------- c:\windows\system32\drivers\redbook.sys
2009-03-09 11:56 40,840 a------- c:\windows\system32\drivers\termdd.sys
2009-03-09 09:32 2,713 ---sh--- c:\windows\system32\wihedilu.exe
2009-03-08 17:57 442 a------- c:\windows\wininit.ini
2009-03-08 15:32 123,392 a---h--- c:\windows\system32\hxewjx.dll
2009-03-08 13:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Geek Squad
2009-03-08 03:32 123,392 a--sh--- c:\windows\system32\ltrvfn.dll
2009-03-07 15:31 123,392 a--sh--- c:\windows\system32\ltditp.dll
2009-03-06 16:17 <DIR> --d----- c:\program files\common files\supportsoft
2009-03-06 16:17 1,843,200 a------- c:\windows\system32\acXMLParser.dll
2009-03-06 16:17 3,518,464 a------- c:\windows\system32\cdintf300.dll
2009-03-06 16:13 <DIR> --d----- c:\program files\Intuit
2009-03-06 16:13 <DIR> --d----- c:\program files\common files\Intuit
2009-03-06 16:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intuit
2009-03-06 16:09 95 a------- c:\windows\QBChanUtil_Trigger.ini
2009-03-06 16:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SQL Anywhere 10
2009-03-06 16:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\COMMON FILES
2009-03-06 15:27 <DIR> --d----- c:\program files\Akamai
2009-03-03 21:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Gogii
2009-03-03 02:43 <DIR> --d----- c:\windows\system32\log
2009-03-02 22:12 <DIR> --d----- c:\program files\Disney
2009-02-23 21:17 <DIR> --d----- c:\docume~1\owner\applic~1\RobinsonCrusoe
2009-02-23 16:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Big Fish Games Vancouver
2009-02-19 15:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\FarmFrenzy-PizzaParty
2009-02-19 15:24 <DIR> --d----- c:\program files\Farm Frenzy Pizza Party
2009-02-19 15:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\GameFiesta
2009-02-19 15:18 <DIR> --d----- c:\docume~1\owner\applic~1\GameFiesta
2009-02-19 15:15 <DIR> --d----- c:\program files\GameFiesta
2009-02-19 10:24 <DIR> --d----- c:\program files\Jetico
2009-02-18 19:12 <DIR> --d----- c:\docume~1\owner\applic~1\Research In Motion
2009-02-18 19:12 18,432 a----r-- c:\windows\system32\drivers\RimSerial.sys
2009-02-18 19:11 <DIR> --d----- c:\program files\common files\Research In Motion
2009-02-18 19:11 <DIR> --d----- c:\program files\Research In Motion
2009-02-11 00:04 <DIR> --d----- c:\program files\Journey to the Center of the Earth

==================== Find3M ====================

2009-03-11 21:34 80,896 a--sh--- c:\windows\system32\yesileya.dll
2009-03-11 21:34 123,392 a--sh--- c:\windows\system32\mufayehu.dll
2009-03-11 21:34 86,016 a--sh--- c:\windows\system32\gutinila.dll
2009-03-11 09:33 123,392 a--sh--- c:\windows\system32\zusidebi.dll
2009-03-10 21:33 123,392 a--sh--- c:\windows\system32\zefizapu.dll
2009-03-10 21:33 86,528 a--sh--- c:\windows\system32\zajosola.dll
2009-03-09 21:33 123,392 a--sh--- c:\windows\system32\popezaho.dll
2009-03-09 21:33 86,016 a--sh--- c:\windows\system32\voliyeyo.dll
2009-03-09 12:11 77,761 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-09 12:08 23,348 a------- c:\windows\system32\emptyregdb.dat
2009-03-08 15:32 123,392 a--sh--- c:\windows\system32\rasawofu.dll
2009-03-08 03:32 86,016 a--sh--- c:\windows\system32\yosojaju.dll
2009-03-08 03:32 123,392 a--sh--- c:\windows\system32\zevemipe.dll
2009-03-08 03:32 80,896 -------- c:\windows\system32\hulapeta.dll
2009-03-07 15:31 80,896 -------- c:\windows\system32\vofobuyi.dll
2009-03-07 15:31 123,392 a--sh--- c:\windows\system32\gowimuro.dll
2009-03-07 15:31 86,016 a--sh--- c:\windows\system32\gepinuju.dll
2009-01-24 20:45 186,592 a------- c:\windows\system32\drivers\windrvr6.sys
2009-01-13 00:27 275,184 a------- c:\windows\BCUnInstall.exe
2009-01-11 22:15 43,528 -------- c:\windows\system32\drivers\pxhelp20.sys
2008-12-19 10:19 24,576 a------- c:\windows\system32\msxml3a.dll
0000-00-00 00:00 48,640 a--sh--- c:\windows\system32\gesesiyo.dll
0000-00-00 00:00 48,640 a--sh--- c:\windows\system32\nodokoge.dll

============= FINISH: 8:53:56.84 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:24 AM

Posted 21 March 2009 - 01:22 PM

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 jte1311

jte1311
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 21 March 2009 - 02:08 PM

NP, I just ended up reformatting the drive, thanks though, if I need any help in the future I will!

#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:24 AM

Posted 22 March 2009 - 04:54 AM

Ok. Thanks for letting us know :thumbup2:

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users