Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with malware (automatically opens IE and shows some web page)


  • This topic is locked This topic is locked
2 replies to this topic

#1 raja14

raja14

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 07 April 2009 - 11:46 PM

DDS (Ver_09-03-16.01) - NTFSx86
Run by Administrator at 23:25:27.39 on Tue 04/07/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.372 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {a2cac655-b840-1a09-a344-7952d77d7ac8}: {8ca7d77d-2597-443a-90a1-048b556cac2a} - c:\windows\system32\nsrvwz.dll
BHO: {ce0b1753-e650-41be-8f03-88f39dce1b3b} - c:\windows\system32\jinuriwa.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HttpWatch Basic: {f1f69322-008f-4895-b2bf-ad194219825a} - c:\program files\httpwatch\httpwatchsc.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide
mRun: [ZCfgSvc.exe] c:\windows\system32\ZCfgSvc.exe
mRun: [PRONoMgr.exe] c:\program files\intel\ncs\proset\PRONoMgr.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [e063c168] rundll32.exe "c:\windows\system32\muledezi.dll",b
mRun: [CPMe350f2f4] Rundll32.exe "c:\windows\system32\hovebozi.dll",a
mRun: [hikivemode] Rundll32.exe "c:\windows\system32\puwohuwu.dll",s
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {D103E85B-5D67-42c1-8C83-F01079DBAB26} - {2B4C4770-27FD-4A09-B17D-33CA580965FB} - c:\program files\httpwatch\httpwatch.dll
DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/TechConsole/x86/RescueControl_v451.cab
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/43.10/uploader2.cab
DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} - hxxp://blrepm01.in.corp.tavant.com/ProjectServer/objects/pjclient.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206704848838
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227677419378
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} - hxxp://blrepm01.in.corp.tavant.com/ProjectServer/objects/1033/pjcintl.cab
DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
TCP: {99B92F86-6A4D-40B6-A443-45428FE4707A} = 192.168.43.34,192.168.25.13
Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - c:\progra~1\quests~1\toadfo~1\RNetPin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: Sebring - c:\windows\system32\LgNotify.dll
AppInit_DLLs: c:\windows\system32\tidadegi.dll c:\windows\system32\yolozode.dll cqcfew.dll gqrwin.dll nsrvwz.dll c:\windows\system32\hovebozi.dll,c:\windows\system32\bonalopi.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hovebozi.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\hovebozi.dll
LSA: Notification Packages = scecli c:\windows\system32\yolozode.dll c:\windows\system32\bonalopi.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\g8g69dtw.default\
FF - prefs.js: browser.startup.homepage -
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-9-27 116464]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-25 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090225.021\naveng.sys [2009-2-25 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090225.021\navex15.sys [2009-2-25 876144]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2008-1-25 25088]
R3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-3-28 280344]
S0 ivlh;ivlh;c:\windows\system32\drivers\ngos.sys --> c:\windows\system32\drivers\ngos.sys [?]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2008-3-28 26488]
S3 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160]
S3 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-1-1 38496]
S3 OracleOraHome90ClientCache;OracleOraHome90ClientCache;c:\oracle\ora90\bin\ONRSD.EXE [2001-8-14 425828]
S3 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.exe xe --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.exe XE [?]
S4 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\oracle.exe xe --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
S4 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\bin\TNSLSNR.EXE [2006-2-2 204800]

=============== Created Last 30 ================

2009-04-07 19:14 <DIR> --d----- c:\program files\VideoLAN
2009-04-07 13:38 <DIR> --d----- c:\windows\system32\XPSViewer
2009-04-07 13:34 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-07 13:34 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-07 13:34 117,760 -------- c:\windows\system32\prntvpt.dll
2009-04-07 13:34 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-07 13:34 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-04-07 13:34 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-04-07 13:34 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-04-07 13:34 <DIR> --d----- C:\236dbe91c326e0f4a5ccb87e
2009-04-05 23:31 3,086 a------- c:\windows\system32\tmp.reg
2009-04-02 10:37 121 ---sh--- c:\windows\system32\adaguhed.ini
2009-03-29 22:36 3,345,504 ---sh--- c:\windows\system32\izedelum.ini
2009-03-29 10:35 3,291,876 ---sh--- c:\windows\system32\ekitenuj.ini
2009-03-28 10:34 3,291,876 ---sh--- c:\windows\system32\osiseyiz.ini
2009-03-27 22:34 3,291,876 ---sh--- c:\windows\system32\apalohew.ini
2009-03-26 23:02 3,290,923 ---sh--- c:\windows\system32\opininuh.ini
2009-03-26 11:02 3,326,579 ---sh--- c:\windows\system32\uligugir.ini
2009-03-26 11:02 129,024 a--sh--- c:\windows\system32\nsrvwz.dll
2009-03-25 23:02 3,326,557 ---sh--- c:\windows\system32\elilojoz.ini
2009-03-25 23:02 128,512 a--sh--- c:\windows\system32\gqrwin.dll
2009-03-25 11:01 128,512 a--sh--- c:\windows\system32\cfysos.dll
2009-03-24 23:01 3,326,557 ---sh--- c:\windows\system32\izabolef.ini
2009-03-24 23:01 128,000 a--sh--- c:\windows\system32\evlpzq.dll
2009-03-24 11:01 1,410,297 ---sh--- c:\windows\system32\umuzulin.ini
2009-03-24 11:01 129,024 a--sh--- c:\windows\system32\dnhiew.dll
2009-03-23 23:01 1,410,297 ---sh--- c:\windows\system32\ibayepaw.ini
2009-03-23 23:00 129,024 a--sh--- c:\windows\system32\bugydc.dll
2009-03-23 11:00 1,791,743 ---sh--- c:\windows\system32\avawikud.ini
2009-03-23 11:00 128,000 a--sh--- c:\windows\system32\qicofw.dll
2009-03-22 23:00 1,791,169 ---sh--- c:\windows\system32\omomolaj.ini
2009-03-22 23:00 128,000 a--sh--- c:\windows\system32\ponmlp.dll
2009-03-22 11:00 1,791,178 ---sh--- c:\windows\system32\uvelazub.ini
2009-03-22 11:00 128,000 a--sh--- c:\windows\system32\wnbdoz.dll
2009-03-21 23:00 1,791,156 ---sh--- c:\windows\system32\onebasen.ini
2009-03-21 22:59 129,024 a--sh--- c:\windows\system32\bzhtjk.dll
2009-03-21 10:59 127,488 a--sh--- c:\windows\system32\swuntv.dll
2009-03-21 10:59 1,791,178 ---sh--- c:\windows\system32\alitepig.ini
2009-03-20 21:54 <DIR> --d----- c:\program files\AC3Filter
2009-03-20 16:36 1,791,178 ---sh--- c:\windows\system32\otopowow.ini
2009-03-20 16:35 129,536 a--sh--- c:\windows\system32\tlqtpk.dll
2009-03-19 18:58 <DIR> --d----- c:\docume~1\admini~1\applic~1\AVS4YOU
2009-03-19 18:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVS4YOU
2009-03-19 18:54 <DIR> --d----- c:\program files\common files\AVSMedia
2009-03-19 18:54 974,848 a------- c:\windows\system32\mfc70.dll
2009-03-19 18:54 487,424 a------- c:\windows\system32\msvcp70.dll
2009-03-19 18:54 344,064 a------- c:\windows\system32\msvcr70.dll
2009-03-19 18:54 1,700,352 a------- c:\windows\system32\GdiPlus.dll
2009-03-19 18:54 24,576 a------- c:\windows\system32\msxml3a.dll
2009-03-19 18:54 <DIR> --d----- c:\program files\AVS4YOU
2009-03-16 22:35 <DIR> --d----- c:\program files\Bobcat
2009-03-14 14:13 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-14 14:13 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-12 13:27 <DIR> --d----- c:\windows\pss
2009-03-12 09:18 <DIR> --d----- c:\windows\B0FF774C873649E0ABB13082680BCD43.TMP
2009-03-12 09:14 1,381,376 a------- c:\windows\system32\vcl70.bpl
2009-03-12 09:14 778,240 a------- c:\windows\system32\rtl70.bpl
2009-03-12 09:14 227,328 a------- c:\windows\system32\vclie70.bpl
2009-03-12 09:14 <DIR> --d----- c:\program files\Raize
2009-03-12 09:14 <DIR> --d----- c:\docume~1\admini~1\applic~1\Software
2009-03-10 13:34 <DIR> --d----- c:\program files\Veoh Networks

==================== Find3M ====================

2009-04-07 22:52 61,440 a--sh--- c:\windows\system32\vuviyigi.exe
2009-04-07 21:26 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-04-07 10:52 61,440 a--sh--- c:\windows\system32\rekusiro.exe
2009-04-06 22:51 61,440 a--sh--- c:\windows\system32\vamayuve.exe
2009-04-06 10:51 61,440 a--sh--- c:\windows\system32\gabuwime.exe
2009-04-05 22:50 61,440 a--sh--- c:\windows\system32\jolozoza.exe
2009-04-05 10:50 61,440 a--sh--- c:\windows\system32\ruhigofe.exe
2009-04-04 22:50 61,440 a--sh--- c:\windows\system32\bifimeto.exe
2009-04-04 10:51 61,440 a--sh--- c:\windows\system32\noyutumi.exe
2009-04-03 19:02 61,440 a--sh--- c:\windows\system32\yiyawefo.exe
2009-04-03 07:02 61,440 a--sh--- c:\windows\system32\tudumupu.exe
2009-04-02 10:37 69,632 a--sh--- c:\windows\system32\melasora.dll
2009-04-02 10:37 94,720 a--sh--- c:\windows\system32\hovebozi.dll
2009-04-02 10:37 90,624 a--sh--- c:\windows\system32\dehugada.dll
2009-03-29 22:35 90,112 -------- c:\windows\system32\muledezi.dll
2009-03-29 22:35 94,208 a--sh--- c:\windows\system32\zugiyugi.dll
2009-03-29 22:35 61,440 a--sh--- c:\windows\system32\fidamufa.exe
2009-03-29 10:35 94,208 a--sh--- c:\windows\system32\jasamohu.dll
2009-03-29 10:35 61,440 a--sh--- c:\windows\system32\sutuhoha.exe
2009-03-29 10:35 89,600 -------- c:\windows\system32\junetike.dll
2009-03-28 10:34 95,232 a--sh--- c:\windows\system32\sevohozu.dll
2009-03-28 10:34 61,440 a--sh--- c:\windows\system32\vakuwuti.exe
2009-03-28 10:34 91,648 -------- c:\windows\system32\ziyesiso.dll
2009-03-27 22:34 95,744 a--sh--- c:\windows\system32\wuyamoba.dll
2009-03-27 22:34 61,440 a--sh--- c:\windows\system32\hiyoluge.exe
2009-03-27 22:34 89,600 -------- c:\windows\system32\weholapa.dll
2009-03-26 23:02 95,232 a--sh--- c:\windows\system32\mobarata.dll
2009-03-26 23:02 61,440 a--sh--- c:\windows\system32\difopavu.exe
2009-03-26 23:02 89,088 -------- c:\windows\system32\huninipo.dll
2009-03-26 11:02 95,232 a--sh--- c:\windows\system32\bavogufa.dll
2009-03-26 11:02 129,024 a--sh--- c:\windows\system32\bewenuwo.dll
2009-03-26 11:02 90,112 a--sh--- c:\windows\system32\rigugilu.dll
2009-03-25 23:02 90,624 -------- c:\windows\system32\zojolile.dll
2009-03-25 23:01 128,512 a--sh--- c:\windows\system32\malanade.dll
2009-03-25 23:01 95,744 a--sh--- c:\windows\system32\yumevuni.dll
2009-03-25 11:01 128,512 a--sh--- c:\windows\system32\gimutane.dll
2009-03-25 11:01 95,744 a--sh--- c:\windows\system32\potalade.dll
2009-03-25 11:01 89,088 a--sh--- c:\windows\system32\jemevevo.dll
2009-03-24 23:01 128,000 a--sh--- c:\windows\system32\yekarupi.dll
2009-03-24 23:01 95,744 a--sh--- c:\windows\system32\bakorigi.dll
2009-03-24 23:01 89,600 -------- c:\windows\system32\felobazi.dll
2009-03-24 11:01 90,624 -------- c:\windows\system32\niluzumu.dll
2009-03-24 11:01 129,024 a--sh--- c:\windows\system32\gofoloju.dll
2009-03-24 11:01 95,232 a--sh--- c:\windows\system32\gajonosu.dll
2009-03-23 23:00 89,600 -------- c:\windows\system32\wapeyabi.dll
2009-03-23 23:00 129,024 a--sh--- c:\windows\system32\lupeyute.dll
2009-03-23 23:00 94,208 a--sh--- c:\windows\system32\vabehile.dll
2009-03-23 11:00 128,000 a--sh--- c:\windows\system32\kifupiza.dll
2009-03-23 11:00 95,232 a--sh--- c:\windows\system32\pibiyuvi.dll
2009-03-23 11:00 90,112 -------- c:\windows\system32\dukiwava.dll
2009-03-22 23:00 128,000 a--sh--- c:\windows\system32\runesata.dll
2009-03-22 23:00 94,208 a--sh--- c:\windows\system32\yeteyohi.dll
2009-03-22 23:00 88,576 -------- c:\windows\system32\jalomomo.dll
2009-03-22 11:00 90,112 -------- c:\windows\system32\buzalevu.dll
2009-03-22 11:00 128,000 a--sh--- c:\windows\system32\diwunawo.dll
2009-03-22 11:00 94,720 a--sh--- c:\windows\system32\moreweda.dll
2009-03-21 22:59 95,232 a--sh--- c:\windows\system32\boboyifa.dll
2009-03-21 22:59 129,024 a--sh--- c:\windows\system32\gogalofa.dll
2009-03-21 22:59 90,112 -------- c:\windows\system32\nesabeno.dll
2009-03-21 10:59 91,648 a--sh--- c:\windows\system32\gipetila.dll
2009-03-21 10:59 127,488 a--sh--- c:\windows\system32\fisabami.dll
2009-03-21 10:59 95,232 a--sh--- c:\windows\system32\nalomofa.dll
2009-03-20 16:35 90,624 -------- c:\windows\system32\wowopoto.dll
2009-03-20 16:35 129,536 a--sh--- c:\windows\system32\wesayoto.dll
2009-03-20 16:35 95,232 a--sh--- c:\windows\system32\yupojepi.dll
2009-02-22 17:57 13,696 a------- c:\windows\system32\drivers\wpsnuio.sys
2009-01-02 10:37 69,632 a--sh--- c:\windows\system32\bonalopi.dll
2009-01-02 10:37 69,632 a--sh--- c:\windows\system32\jinuriwa.dll
2009-01-02 10:37 69,632 a--sh--- c:\windows\system32\puwohuwu.dll
2008-11-26 00:26 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008112520081126\index.dat

============= FINISH: 23:30:45.58 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:45 PM

Posted 08 April 2009 - 04:25 AM

Hi,

* Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.
  • Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:45 PM

Posted 16 April 2009 - 07:11 AM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users