Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Critical Security Update Released for Adobe Reader and Acrobat

Featured Deal: Get 95% off The Ultimate MCSE Certification Training Bundle

Photo

Antivirus 2009 - It's also in the taskbar

Started by Nipo , Mar 18 2009 03:55 PM

  • Please log in to reply
1 reply to this topic

#1 Nipo

Nipo

  • Members
  • 2 posts
  • OFFLINE
    •  
  • Local time:12:51 AM

Posted 18 March 2009 - 03:55 PM

I have a lot of stuff on this computer, I hope it's just Antivirus 2009 that's harming my computer. Before I got AVG (free edition), my computer always froze the moment I logged on, sometimes even before. I have also gotten the Antivirus 2009 pop-ups often. At the moment it appears in my taskbar saying my computer is infected, and I should start some spyware cleaner tool.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Admin at 16:42:44.75 on Wed 03/18/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.253 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: CyberDefender Internet Security *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\frmwrk32.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\frmwrk32.exe
C:\WINDOWS\system32\ntdll64.exe
C:\WINDOWS\system32\ntdll64.exe
C:\Documents and Settings\Admin\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Bar = hxxp://safesearch.cyberdefender.com/smallsearch.html
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\twex.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {b66cd55f-201a-8b3a-c164-1f0c2f5898a3}: {3a8985f2-c0f1-461c-a3b8-a102f55dc66b} - c:\windows\system32\ydbexn.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {48b4f6af-4bc2-4460-a17e-3d6a0ebf45b0} - c:\windows\system32\parajami.dll
BHO: {56c2ec6d-07f6-4655-a559-c5181be36e4d} - c:\windows\system32\nnnkLebc.dll
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\khfefdBt.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: BHO: {c9c42510-9b21-41c1-9dcd-8382a2d07c61} - c:\windows\system32\iehelper.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No File
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
uRun: [<NO NAME>]
uRun: [BitTorrent] "c:\program files\bittorrent\bittorrent.exe" --force_start_minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [CyberDefender Early Detection Center] "c:\program files\cyberdefender\antispyware\cdasb.exe" /minimize
uRun: [rundll32.exe] rundll32.exe "c:\documents and settings\admin\application data\macromedia\common\e3e300381.dll""
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Vtegiyurega] rundll32.exe "c:\windows\Ocolis.dll",e
mRun: [Llodayape] rundll32.exe "c:\windows\obogunewucobuh.dll",e
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [gazokozare] Rundll32.exe "c:\windows\system32\jihizeda.dll",s
mRun: [CPM17604e94] Rundll32.exe "c:\windows\system32\zudotumo.dll",a
mRun: [Framework Windows] frmwrk32.exe
dRun: [rundll32.exe] rundll32.exe "c:\documents and settings\localservice\application data\macromedia\common\e3e300381.dll""
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
LSP: c:\windows\temp\ntdll64.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/binary/MJSS.cab69309.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://avatar.mabinogi.jp/3drender/renderer/mabiweb.2007.4.4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: khfefdBt - khfefdBt.dll
AppInit_DLLs: c:\windows\system32\ruziveki.dll c:\windows\system32\pusifore.dll c:\windows\system32\zudotumo.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zudotumo.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\zudotumo.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\khfefdBt.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~3\MpShHook.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\nnnkLebc
LSA: Notification Packages = scecli c:\windows\system32\ruziveki.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\1dto4mhh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {4F486280-7DB9-4D31-B828-18CBADCB71B4} - c:\documents and settings\admin\local settings\application data\{4F486280-7DB9-4D31-B828-18CBADCB71B4}
FF - HiddenExtension: XUL Cache: {16BCEA14-0A50-4655-8B16-10EDD5702FE0} - c:\documents and settings\admin_2\local settings\application data\{16bcea14-0a50-4655-8b16-10edd5702fe0}\

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-10 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-10 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-10 107912]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-3-10 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-10 298264]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 cheetah1;cheetah1;c:\documents and settings\admin\my documents\downloads\ms\cheetahengine10\cheetahengine\cheetah.sys [2007-2-12 26240]
S3 TipCtrl;TipCtrl;"c:\program files\utipu\tipctrl.exe" --> c:\program files\utipu\TipCtrl.exe [?]
S3 xp1;xp1;\??\c:\documents and settings\all users\desktop\hacks\xp engine 1.0\xp.sys --> c:\documents and settings\all users\desktop\hacks\xp engine 1.0\xp.sys [?]

=============== Created Last 30 ================

2009-03-18 16:40 <DIR> --dsh--- c:\windows\system32\twain32
2009-03-18 16:40 75,264 a------- c:\windows\system32\MPh.exe
2009-03-18 16:25 104,960 a------- c:\windows\system32\ntdll64.exe
2009-03-18 16:10 1,394 a------- c:\windows\system32\ahtn.htm
2009-03-18 16:10 4,785 a------- c:\windows\system32\warning.gif
2009-03-18 16:10 488 a------- c:\windows\system32\win32hlp.cnf
2009-03-18 16:10 104,960 ac------ c:\windows\system32\dllcache\userinit.exe
2009-03-18 16:10 1 a------- c:\windows\system32\uniq.tll
2009-03-18 16:10 27,648 a------- c:\windows\system32\frmwrk32.exe
2009-03-18 16:10 27,648 a------- c:\windows\system32\1000.exe
2009-03-18 16:08 27,648 a------- c:\windows\system32\998.exe
2009-03-15 11:33 1,544,935 ---sh--- c:\windows\system32\ahuvubuv.ini
2009-03-14 23:33 2,713 ---sh--- c:\windows\system32\musafike.dll
2009-03-14 23:33 1,544,926 ---sh--- c:\windows\system32\ubozoniz.ini
2009-03-14 11:34 1,544,926 ---sh--- c:\windows\system32\ebinapew.ini
2009-03-14 10:32 1,544,926 ---sh--- c:\windows\system32\onowurul.ini
2009-03-13 16:58 1,544,926 ---sh--- c:\windows\system32\efokiway.ini
2009-03-12 17:51 1,544,926 ---sh--- c:\windows\system32\ireyewam.ini
2009-03-12 17:08 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-03-12 15:45 1,544,926 ---sh--- c:\windows\system32\anamugoh.ini
2009-03-11 15:12 1,544,935 ---sh--- c:\windows\system32\ifolataf.ini
2009-03-10 17:40 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-03-10 17:40 107,912 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-10 17:40 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-10 17:40 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-03-10 15:27 1,544,926 ---sh--- c:\windows\system32\ezorizew.ini
2009-03-10 14:28 1,544,926 ---sh--- c:\windows\system32\irofilid.ini
2009-03-09 16:51 1,544,926 ---sh--- c:\windows\system32\uzorataz.ini
2009-03-09 15:02 1,544,926 ---sh--- c:\windows\system32\ewenewop.ini
2009-03-08 22:09 1,544,926 ---sh--- c:\windows\system32\olebudom.ini
2009-03-08 10:09 1,544,944 ---sh--- c:\windows\system32\opihewet.ini
2009-03-07 22:09 1,544,926 ---sh--- c:\windows\system32\uladopum.ini
2009-03-07 10:09 1,544,926 ---sh--- c:\windows\system32\azuvajir.ini
2009-03-06 22:22 1,544,926 ---sh--- c:\windows\system32\ogayonoz.ini
2009-03-05 15:56 1,544,926 ---sh--- c:\windows\system32\ifihiyin.ini
2009-03-04 15:59 1,544,926 ---sh--- c:\windows\system32\idegukep.ini
2009-03-03 23:03 1,544,926 ---sh--- c:\windows\system32\evugigeh.ini
2009-03-03 11:03 1,544,926 ---sh--- c:\windows\system32\ugiwehoz.ini
2009-03-02 11:44 1,544,935 ---sh--- c:\windows\system32\uhapurid.ini
2009-03-01 18:19 1,544,926 ---sh--- c:\windows\system32\itifesiv.ini
2009-02-28 13:28 131,072 a------- c:\windows\obogunewucobuh.dll
2009-02-28 10:35 1,544,926 ---sh--- c:\windows\system32\akasatur.ini
2009-02-27 17:00 1,544,935 ---sh--- c:\windows\system32\oyizosiv.ini
2009-02-26 18:43 <DIR> --d----- c:\program files\iPod
2009-02-26 18:43 <DIR> --d----- c:\program files\iTunes
2009-02-26 18:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-26 18:41 <DIR> --d----- c:\program files\Bonjour
2009-02-26 18:35 32,000 a------- c:\windows\system32\drivers\usbaapl.sys
2009-02-26 16:52 <DIR> --d----- c:\docume~1\admin\applic~1\BSD
2009-02-26 16:52 1,386,496 a------- c:\windows\bsdsetup.dll
2009-02-26 16:52 <DIR> --d----- c:\program files\Media Widget
2009-02-26 16:50 <DIR> --d----- c:\docume~1\admin\applic~1\GetRightToGo
2009-02-26 15:56 1,544,926 ---sh--- c:\windows\system32\ebapopam.ini
2009-02-25 16:18 1,544,926 ---sh--- c:\windows\system32\edepajuv.ini
2009-02-24 15:55 120 ---sh--- c:\windows\system32\udejoluv.ini
2009-02-23 16:09 1,544,926 ---sh--- c:\windows\system32\izojoyiz.ini
2009-02-22 15:49 1,553,478 ---sh--- c:\windows\system32\ijizavej.ini
2009-02-21 15:57 1,564,845 ---sh--- c:\windows\system32\abipolum.ini
2009-02-21 03:57 1,564,844 ---sh--- c:\windows\system32\alireyos.ini
2009-02-20 20:43 54,156 a---h--- c:\windows\QTFont.qfn
2009-02-20 20:43 1,409 a------- c:\windows\QTFont.for
2009-02-20 15:57 1,555,762 ---sh--- c:\windows\system32\arezuruv.ini
2009-02-20 03:57 1,544,070 ---sh--- c:\windows\system32\ijadiwen.ini
2009-02-19 15:57 1,544,070 ---sh--- c:\windows\system32\itizizuy.ini
2009-02-19 03:57 1,539,076 ---sh--- c:\windows\system32\iduwebuz.ini
2009-02-18 15:56 1,539,076 ---sh--- c:\windows\system32\olodugih.ini
2009-02-18 03:56 1,531,177 ---sh--- c:\windows\system32\amugewah.ini
2009-02-17 22:03 96 a---h--- c:\windows\system32\HsInfo.dat
2009-02-17 21:48 <DIR> --d----- C:\Netts
2009-02-17 15:57 1,531,186 ---sh--- c:\windows\system32\esapofel.ini
2009-02-17 00:41 1,539,926 ---sh--- c:\windows\system32\ihazigag.ini

==================== Find3M ====================

2009-03-18 16:10 104,960 a------- c:\windows\system32\userinit.exe
2009-02-10 16:53 2,713 ---sh--- c:\windows\system32\hahagoho.dll
2009-02-10 04:53 2,713 ---sh--- c:\windows\system32\kavutiro.dll
2009-02-09 16:53 2,713 ---sh--- c:\windows\system32\febobafi.dll
2009-02-06 15:54 2,713 ---sh--- c:\windows\system32\midirude.dll
2009-02-05 15:51 2,713 ---sh--- c:\windows\system32\banijihi.dll
2009-01-21 15:39 41,797 ---sh--- c:\windows\system32\lodayija.dll
2009-01-20 19:10 41,797 ---sh--- c:\windows\system32\dokutaru.dll
2009-01-16 21:45 33,832 a------- c:\windows\system32\jnskbyzd.exe
2009-01-16 16:26 33,832 a------- c:\windows\system32\wmyikjei.exe
2009-01-15 17:27 33,832 a------- c:\windows\system32\cqoxiowj.exe
2009-01-15 17:09 33,832 a------- c:\windows\system32\pkztufps.exe
2009-01-15 17:08 33,832 a------- c:\windows\system32\wtdrtozo.exe
2009-01-09 18:13 732,427 a--sh--- c:\windows\system32\cbeLknnn.ini2
2008-12-19 20:36 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
0000-00-00 00:00 6,144 a--sh--- c:\windows\system32\jasosise.dll

============= FINISH: 16:43:52.43 ===============

Attached Files


BC AdBot (Login to Remove)

 

#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Belgium
  • Local time:06:51 AM

Posted 24 March 2009 - 04:56 PM

Hello Nipo and welcome to Bleeping Computer,

1. Please download GooredFix and save it to your Desktop.
  • Select "2. Fix Goored" by typing 2 and pressing Enter.
  • Make sure all instances of Firefox are closed at this point.
  • Type y at the prompt and press Enter again.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.

2. Please read this tutorial carefully to download ComboFix from one of the locations specified, and save it to your Desktop.
Double click the ComboFix icon to run it.
If ComboFix askes you to install the Recovery Console, please do so..
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.
Once the Recovery Console is installed, continue with the malware scan.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbup2:

If you have any questions along the way, STOP and ask them before proceeding !!

If ComboFix does run it's full circle, the please try to install Avira Antivir as well, update and run a full system scan.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference
Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·