Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vuno/MySearch/SystemSecurity2009/zetojusu.dll errors


  • This topic is locked This topic is locked
2 replies to this topic

#1 franz13

franz13

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 23 August 2009 - 01:18 AM

Hello,

I recently helped a friend fix/clean up his PC. He had problems with Vundo/Mysearch which I think I fixed a few months ago. Now he got scammed by SystemSecurity 2009 a rogue antispyware company. It infected his PC again and also caused a system32/zetojusu.dll error, which I believed I fixed again.

I would really like an experts opinion though before I hand it back to him.

I have completely updated Windows, Java, Flash, and Acrobat.
I installed Comodo Firewall, Spyware Blaster, and used MBAM to remove the virus. VundoFix found nothing. A second scan with MBAM found nothing.
I also used CCleaner.

He does not have his copy of Win XP Home, so I am unable to do a repair install, fix the MBR, or reinstall his OS etc.

Thanks in advance for taking the time to look this over.

Franz


DDS (Ver_09-07-30.01) - NTFSx86
Run by Alan at 1:38:41.75 on Sun 08/23/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - No File
BHO: {b56a7d7d-6927-48c8-a975-17df180c71ac} - PCTools Browser Monitor
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
TB: {C17590D2-ECB4-4b15-8820-F58798DCC118} - No File
TB: {61539ecd-cc67-4437-a03c-9aaccbd14326} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
mRun: [VTTimer] VTTimer.exe
mRun: [AOLDialer] "c:\program files\common files\aol\acs\AOLDial.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [HostManager] "c:\program files\common files\aol\1183464832\ee\AOLSoftware.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [SoundMan] SOUNDMAN.EXE
dRun: [Exetender] "c:\program files\verizon games on demand player\GPlayer.exe /runonstartup"
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\bridget\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - {A1EDC4A1-940F-48E0-8DFD-E38F1D501021}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} - hxxp://games.bigfishgames.com/en_dairy-dash-game/online/DairyDashWeb.1.0.0.15.cab
DPF: {068BFA33-99F4-4BA9-887D-182386FA2931} - hxxp://download.playfirst.com/play/game/spongebobdash/SpongeBobDinerDashWeb.1.0.0.17.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Nanny%20Mania%202%20-%20Hollywood/Images/stg_drm.ocx
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} - hxxp://www.shockwave.com/content/bigcityadventuresf/sis/JBGamePlayer.cab
DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} - hxxp://www.worldwinner.com/games/v49/luxor/luxor.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Wedding%20Dash/Images/armhelper.ocx
DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - hxxp://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://www.shockwave.com/content/cinematycoon/sis/cinematycoon.cab
TCP: {DF593D5B-4B66-4EB4-992A-4B5D5FAF4FDC} = 156.154.70.22,156.154.71.22
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - No File
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\alan\applic~1\mozilla\firefox\profiles\w7yr6qn9.default\
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\verizon games on demand player\npExentCtl.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-08-23 01:12 <DIR> --d----- c:\program files\Trend Micro
2009-08-23 01:09 49,152 a------- c:\windows\system32\ChCfg.exe
2009-08-23 01:08 <DIR> --d----- c:\program files\Realtek AC97
2009-08-23 01:08 1,846,632 a------- c:\windows\system32\D3DCompiler_41.dll
2009-08-23 01:08 453,456 a------- c:\windows\system32\d3dx10_41.dll
2009-08-23 01:08 4,178,264 a------- c:\windows\system32\D3DX9_41.dll
2009-08-23 01:08 517,448 a------- c:\windows\system32\XAudio2_4.dll
2009-08-23 01:08 69,448 a------- c:\windows\system32\XAPOFX1_3.dll
2009-08-23 01:08 235,352 a------- c:\windows\system32\xactengine3_4.dll
2009-08-23 01:08 22,360 a------- c:\windows\system32\X3DAudio1_6.dll
2009-08-23 01:06 237,848 a------- c:\windows\system32\xactengine2_4.dll
2009-08-23 01:06 15,128 a------- c:\windows\system32\x3daudio1_1.dll
2009-08-23 01:06 2,414,360 a------- c:\windows\system32\d3dx9_31.dll
2009-08-23 01:06 236,824 a------- c:\windows\system32\xactengine2_3.dll
2009-08-23 01:06 62,744 a------- c:\windows\system32\xinput1_2.dll
2009-08-23 01:05 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-08-23 01:05 <DIR> --d----- c:\windows\Logs
2009-08-23 00:46 <DIR> --d----- C:\ATI
2009-08-22 23:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Comodo
2009-08-22 23:23 179,792 a------- c:\windows\system32\guard32.dll
2009-08-22 23:23 132,040 a------- c:\windows\system32\drivers\cmdguard.sys
2009-08-22 23:23 25,160 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-08-22 23:23 <DIR> --d----- c:\program files\COMODO
2009-08-22 23:12 <DIR> --d----- c:\program files\SpywareBlaster
2009-08-22 23:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-08-22 23:07 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-08-22 23:07 <DIR> --d----- c:\docume~1\alan\applic~1\SUPERAntiSpyware.com
2009-08-22 23:07 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-08-22 22:17 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-08-22 21:57 <DIR> --d----- c:\windows\system32\XPSViewer
2009-08-22 21:56 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-08-22 21:56 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-22 21:56 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-22 21:56 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-22 21:56 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-08-22 21:56 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-08-22 21:56 117,760 -------- c:\windows\system32\prntvpt.dll
2009-08-22 21:56 <DIR> --d----- C:\8dc6d646d574c03d0fbec50acaa0
2009-08-22 21:10 <DIR> -cd-h--- c:\windows\ie8
2009-08-22 21:01 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-08-22 21:01 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-08-22 20:48 <DIR> --dsh--- c:\documents and settings\alan\IECompatCache
2009-08-22 20:24 <DIR> --d----- C:\VundoFix Backups
2009-08-22 19:24 116,224 ac------ c:\windows\system32\dllcache\xrxwiadr.dll
2009-08-22 19:23 23,040 ac------ c:\windows\system32\dllcache\xrxwbtmp.dll
2009-08-22 19:23 18,944 ac------ c:\windows\system32\dllcache\xrxscnui.dll
2009-08-22 19:23 27,648 ac------ c:\windows\system32\dllcache\xrxftplt.exe
2009-08-22 19:23 4,608 ac------ c:\windows\system32\dllcache\xrxflnch.exe
2009-08-22 19:23 99,865 ac------ c:\windows\system32\dllcache\xlog.exe
2009-08-22 19:23 16,970 ac------ c:\windows\system32\dllcache\xem336n5.sys
2009-08-22 19:23 19,455 ac------ c:\windows\system32\dllcache\wvchntxx.sys
2009-08-22 19:23 19,200 ac------ c:\windows\system32\dllcache\wstcodec.sys
2009-08-22 19:23 12,063 ac------ c:\windows\system32\dllcache\wsiintxx.sys
2009-08-22 19:23 8,192 ac------ c:\windows\system32\dllcache\wshirda.dll
2009-08-22 19:23 8,832 ac------ c:\windows\system32\dllcache\wmiacpi.sys
2009-08-22 19:23 154,624 ac------ c:\windows\system32\dllcache\wlluc48.sys
2009-08-22 19:21 90,900 a----r-- c:\windows\system32\drivers\OLD833.tmp
2009-08-22 19:21 942,675 a----r-- c:\windows\system32\drivers\OLD82F.tmp
2009-08-22 19:21 936,833 a----r-- c:\windows\system32\drivers\OLD825.tmp
2009-08-22 19:21 249,402 ac------ c:\windows\system32\dllcache\vinwm.sys
2009-08-22 19:21 24,576 ac------ c:\windows\system32\dllcache\viairda.sys
2009-08-22 19:21 53,760 ac------ c:\windows\system32\dllcache\vfwwdm32.dll
2009-08-22 19:21 687,999 ac------ c:\windows\system32\dllcache\usrwdxjs.sys
2009-08-22 19:21 765,884 ac------ c:\windows\system32\dllcache\usrti.sys
2009-08-22 19:21 113,762 ac------ c:\windows\system32\dllcache\usrpda.sys
2009-08-22 19:21 7,556 ac------ c:\windows\system32\dllcache\usroslba.sys
2009-08-22 19:21 224,802 ac------ c:\windows\system32\dllcache\usr1807a.sys
2009-08-22 19:21 794,399 ac------ c:\windows\system32\dllcache\usr1806v.sys
2009-08-22 19:19 11,520 ac------ c:\windows\system32\dllcache\twotrack.sys
2009-08-22 19:18 28,232 ac------ c:\windows\system32\dllcache\tos4mo.sys
2009-08-22 19:17 94,293 ac------ c:\windows\system32\dllcache\sxports.dll
2009-08-22 19:16 61,824 ac------ c:\windows\system32\dllcache\speed.sys
2009-08-22 19:15 6,784 ac------ c:\windows\system32\dllcache\smbhc.sys
2009-08-22 19:14 252,032 ac------ c:\windows\system32\dllcache\sis300iv.dll
2009-08-22 19:13 23,936 ac------ c:\windows\system32\dllcache\sccmn50m.sys
2009-08-22 19:12 27,648 ac------ c:\windows\system32\dllcache\rw430ext.dll
2009-08-22 19:12 19,017 ac------ c:\windows\system32\dllcache\rtl8029.sys
2009-08-22 19:12 30,720 ac------ c:\windows\system32\dllcache\rthwcls.sys
2009-08-22 19:12 9,216 ac------ c:\windows\system32\dllcache\rsmgrstr.dll
2009-08-22 19:12 3,840 ac------ c:\windows\system32\dllcache\rpfun.sys
2009-08-22 19:12 79,104 ac------ c:\windows\system32\dllcache\rocket.sys
2009-08-22 19:12 37,563 ac------ c:\windows\system32\dllcache\rlnet5.sys
2009-08-22 19:12 86,097 ac------ c:\windows\system32\dllcache\reslog32.dll
2009-08-22 19:12 19,584 ac------ c:\windows\system32\dllcache\rasirda.sys
2009-08-22 19:12 714,762 ac------ c:\windows\system32\dllcache\r2mdmkxx.sys
2009-08-22 19:12 899,146 ac------ c:\windows\system32\dllcache\r2mdkxga.sys
2009-08-22 19:12 41,472 ac------ c:\windows\system32\dllcache\qvusd.dll
2009-08-22 19:12 3,328 ac------ c:\windows\system32\dllcache\qv2kux.sys
2009-08-22 19:10 121,344 ac------ c:\windows\system32\dllcache\phvfwext.dll
2009-08-22 19:09 41,984 ac------ c:\windows\system32\dllcache\ovui2rc.dll
2009-08-22 19:08 198,144 ac------ c:\windows\system32\dllcache\nv3.sys
2009-08-22 19:07 27,936 ac------ c:\windows\system32\dllcache\n9i3d.sys
2009-08-22 19:06 12,416 ac------ c:\windows\system32\dllcache\msriffwv.sys
2009-08-22 19:06 2,944 ac------ c:\windows\system32\dllcache\msmpu401.sys
2009-08-22 19:06 22,016 ac------ c:\windows\system32\dllcache\msircomm.sys
2009-08-22 19:06 35,200 ac------ c:\windows\system32\dllcache\msgame.sys
2009-08-22 19:06 56,832 ac------ c:\windows\system32\dllcache\msdvbnp.ax
2009-08-22 19:06 6,016 ac------ c:\windows\system32\dllcache\msfsio.sys
2009-08-22 19:06 51,200 ac------ c:\windows\system32\dllcache\msdv.sys
2009-08-22 19:06 17,280 ac------ c:\windows\system32\dllcache\mraid35x.sys
2009-08-22 19:06 15,232 ac------ c:\windows\system32\dllcache\mpe.sys
2009-08-22 19:04 70,730 ac------ c:\windows\system32\dllcache\lne100tx.sys
2009-08-22 19:03 26,624 ac------ c:\windows\system32\dllcache\irstusb.sys
2009-08-22 19:02 154,496 ac------ c:\windows\system32\dllcache\icam4usb.sys
2009-08-22 19:01 50,751 ac------ c:\windows\system32\dllcache\hsf_tone.sys
2009-08-22 19:00 48,128 ac------ c:\windows\system32\dllcache\hpgt33tk.dll
2009-08-22 18:59 442,240 ac------ c:\windows\system32\dllcache\fpnpbase.sys
2009-08-22 18:58 40,704 ac------ c:\windows\system32\dllcache\es1371mp.sys
2009-08-22 18:57 20,992 ac------ c:\windows\system32\dllcache\dshowext.ax
2009-08-22 18:56 110,592 ac------ c:\windows\system32\dllcache\dc260usd.dll
2009-08-22 18:55 45,696 ac------ c:\windows\system32\dllcache\cirrus.sys
2009-08-22 18:54 13,824 ac------ c:\windows\system32\dllcache\bulltlp3.sys
2009-08-22 18:53 268,160 ac------ c:\windows\system32\dllcache\atidvai.dll
2009-08-22 18:52 101,888 ac------ c:\windows\system32\dllcache\adpu160m.sys
2009-08-22 18:51 66,048 ac------ c:\windows\system32\dllcache\s3legacy.dll
2009-08-22 10:59 <DIR> --d----- c:\program files\CCleaner
2009-08-20 17:28 <DIR> --d----- c:\docume~1\alan\applic~1\Malwarebytes
2009-08-20 17:28 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-20 17:28 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-20 17:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-20 17:28 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-14 23:26 <DIR> --d----- c:\program files\Wedding Dash - Ready, Aim, Love
2009-08-13 18:23 <DIR> --d----- c:\program files\Build-a-Lot 4 - Power Source
2009-08-12 15:37 <DIR> --d----- c:\program files\Farm Frenzy 2
2009-08-12 15:36 <DIR> --d----- c:\program files\Burger Shop 2
2009-08-12 15:35 <DIR> --d----- c:\program files\Nanny Mania 2 - Hollywood
2009-08-12 15:34 <DIR> --d----- c:\program files\Turbo Subs
2009-08-12 15:23 <DIR> --d----- c:\program files\Turbo Pizza
2009-08-12 03:03 <DIR> --d----- c:\program files\Turbo Fiesta
2009-08-11 17:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\FarmFrenzy3
2009-08-11 15:48 <DIR> --d----- c:\program files\Alawar
2009-08-11 15:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\GoBit Games
2009-08-09 21:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CasualForge
2009-08-09 18:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Mean Hamster
2009-08-09 17:46 <DIR> --d----- c:\program files\Hotel Mogul
2009-08-09 17:40 <DIR> --d----- c:\program files\Chicken Chase
2009-08-09 14:49 32,656 a------- c:\windows\system32\msonpmon.dll
2009-08-09 02:28 <DIR> --d----- c:\temp\Microsoft Office Enterprise 2007 English
2009-08-08 15:12 <DIR> --d----- c:\program files\Top Chef
2009-08-08 10:43 <DIR> --d----- c:\documents and settings\alan\Contacts
2009-08-06 14:03 <DIR> --d----- c:\program files\TweetDeck
2009-08-04 12:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Merscom
2009-08-03 20:10 <DIR> --d----- c:\program files\DQ Tycoon
2009-08-03 19:59 <DIR> --d----- c:\program files\Jojo's Fashion Show
2009-08-03 19:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Playtonium Games
2009-08-03 18:35 <DIR> --d----- c:\program files\Home Sweet Home
2009-08-03 18:32 <DIR> --d----- c:\program files\Build-a-lot
2009-08-03 17:59 <DIR> --d----- c:\program files\Westward III
2009-08-03 17:12 <DIR> --d----- c:\program files\Kudos Rock Legend
2009-08-03 17:09 <DIR> --d----- c:\program files\Pat Sajak's Trivia Gems
2009-08-03 17:05 <DIR> --d----- c:\program files\bfgclient
2009-08-03 11:36 54,156 a---h--- c:\windows\QTFont.qfn
2009-08-03 11:36 1,409 a------- c:\windows\QTFont.for
2009-08-03 06:14 <DIR> --dsh--- c:\documents and settings\alan\IETldCache
2009-07-30 17:43 <DIR> --d----- C:\Temp
2009-07-29 21:15 <DIR> --d----- c:\docume~1\alan\applic~1\AOL
2009-07-29 15:43 <DIR> --d----- c:\program files\twhirl
2009-07-28 15:36 <DIR> --d----- c:\program files\Rockstar Games
2009-07-25 11:32 <DIR> --dsh--- c:\documents and settings\alan\PrivacIE
2009-07-25 11:05 <DIR> --d----- c:\documents and settings\Alan

==================== Find3M ====================

2009-08-12 18:09 37,376 a--sh--- c:\windows\system32\nuzevuzi.dll
2009-08-12 05:53 37,888 a--sh--- c:\windows\system32\rahuziti.dll
2009-08-11 20:46 84,992 a--sh--- c:\windows\system32\hihogufe.dll
2009-08-11 20:46 37,376 a--sh--- c:\windows\system32\fofizuju.dll
2009-08-11 20:24 84,992 a--sh--- c:\windows\system32\naniyizo.dll
2009-08-11 20:01 84,992 a--sh--- c:\windows\system32\movemora.dll
2009-08-11 20:01 37,888 a--sh--- c:\windows\system32\foyitufa.dll
2009-08-11 19:39 84,992 a--sh--- c:\windows\system32\kahasuha.dll
2009-08-11 19:39 37,888 a--sh--- c:\windows\system32\monuviwi.dll
2009-08-11 19:16 84,992 a--sh--- c:\windows\system32\govujena.dll
2009-08-11 06:35 83,968 a--sh--- c:\windows\system32\kekasika.dll
2009-08-10 18:38 49,664 a--sh--- c:\windows\system32\gerogije.dll
2009-08-10 18:37 84,992 a--sh--- c:\windows\system32\wofomobu.dll
2009-08-10 18:27 84,992 a--sh--- c:\windows\system32\tazazasa.dll
2009-08-10 18:27 37,888 a--sh--- c:\windows\system32\sosazeri.dll
2009-08-10 06:09 84,480 a--sh--- c:\windows\system32\ritujute.dll
2009-08-10 06:09 37,376 a--sh--- c:\windows\system32\venijija.dll
2009-08-10 02:34 84,480 a--sh--- c:\windows\system32\fadonovi.dll
2009-08-10 02:34 37,376 a--sh--- c:\windows\system32\wojifoge.dll
2009-08-10 02:12 84,480 a--sh--- c:\windows\system32\datudove.dll
2009-08-10 02:12 37,376 a--sh--- c:\windows\system32\mivadulu.dll
2009-08-10 01:49 84,480 a--sh--- c:\windows\system32\mupitera.dll
2009-08-10 01:49 37,376 a--sh--- c:\windows\system32\mijepubi.dll
2009-08-10 01:22 84,480 a--sh--- c:\windows\system32\monajode.dll
2009-08-10 01:22 37,376 a--sh--- c:\windows\system32\yitebuza.dll
2009-08-09 15:08 84,480 a--sh--- c:\windows\system32\hajegiwa.dll
2009-08-09 15:08 37,888 a--sh--- c:\windows\system32\jemovese.dll
2009-08-09 14:54 84,480 a--sh--- c:\windows\system32\vegujele.dll
2009-08-09 14:54 37,888 a--sh--- c:\windows\system32\wibapaza.dll
2009-08-09 14:24 84,480 a--sh--- c:\windows\system32\lezuyenu.dll
2009-08-09 14:24 37,888 a--sh--- c:\windows\system32\wumugaka.dll
2009-08-09 14:01 84,480 a--sh--- c:\windows\system32\buguduno.dll
2009-08-09 14:01 37,888 a--sh--- c:\windows\system32\funamazi.dll
2009-08-09 13:39 84,480 a--sh--- c:\windows\system32\dowosiki.dll
2009-08-09 13:38 37,888 a--sh--- c:\windows\system32\rezutepi.dll
2009-08-09 13:16 84,480 a--sh--- c:\windows\system32\wabatase.dll
2009-08-09 13:16 37,888 a--sh--- c:\windows\system32\gevuniya.dll
2009-08-09 12:53 84,480 a--sh--- c:\windows\system32\sojamuli.dll
2009-08-09 12:53 37,888 a--sh--- c:\windows\system32\topohije.dll
2009-08-09 12:31 84,480 a--sh--- c:\windows\system32\juyimuri.dll
2009-08-09 12:31 37,888 a--sh--- c:\windows\system32\dedodada.dll
2009-08-09 12:08 84,992 a--sh--- c:\windows\system32\mererijo.dll
2009-08-09 12:08 38,400 a--sh--- c:\windows\system32\gavehere.dll
2009-08-09 11:46 84,992 a--sh--- c:\windows\system32\junodefu.dll
2009-08-09 11:46 38,400 a--sh--- c:\windows\system32\hegulihu.dll
2009-08-09 11:23 84,992 a--sh--- c:\windows\system32\tasisura.dll
2009-08-09 11:23 38,400 a--sh--- c:\windows\system32\gejapifo.dll
2009-08-08 23:18 84,480 a--sh--- c:\windows\system32\yisavisu.dll
2009-08-08 23:18 38,400 a--sh--- c:\windows\system32\danujave.dll
2009-08-08 22:55 84,480 a--sh--- c:\windows\system32\nidefafe.dll
2009-08-08 22:55 38,400 a--sh--- c:\windows\system32\rukohayo.dll
2009-08-08 10:39 83,968 a--sh--- c:\windows\system32\rujamika.dll
2009-08-08 10:39 37,888 a--sh--- c:\windows\system32\yuwehosu.dll
2009-08-07 14:59 84,480 a--sh--- c:\windows\system32\tifupeva.dll
2009-08-07 14:59 37,888 a--sh--- c:\windows\system32\yabohoyu.dll
2009-08-06 13:34 84,992 a--sh--- c:\windows\system32\yujukaku.dll
2009-08-06 01:34 83,968 a--sh--- c:\windows\system32\namejara.dll
2009-08-05 13:34 49,664 a--sh--- c:\windows\system32\yeruduki.dll
2009-08-05 13:34 84,992 a--sh--- c:\windows\system32\lobofenu.dll
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-04 23:55 85,504 a--sh--- c:\windows\system32\joponudo.dll
2009-08-04 11:58 84,992 a--sh--- c:\windows\system32\bupodaze.dll
2009-08-03 23:30 84,992 a--sh--- c:\windows\system32\mefolara.dll
2009-08-03 10:31 50,176 a--sh--- c:\windows\system32\mulumobu.dll
2009-08-02 21:10 85,504 a--sh--- c:\windows\system32\fomofege.dll
2009-08-02 09:10 84,992 a--sh--- c:\windows\system32\lonayemu.dll
2009-08-01 19:51 84,992 a--sh--- c:\windows\system32\bezayedo.dll
2009-08-01 01:21 84,992 a--sh--- c:\windows\system32\zeyoheko.dll
2009-07-31 13:20 85,504 a--sh--- c:\windows\system32\zumidiba.dll
2009-07-30 13:19 84,992 a--sh--- c:\windows\system32\najejifo.dll
2009-07-29 00:37 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-29 00:37 81,920 a------- c:\windows\system32\fontsub.dll
2009-07-28 01:29 190,976 a--sh--- c:\windows\system32\lugarine.dll
2009-07-27 13:31 84,992 a--sh--- c:\windows\system32\fugedepi.dll
2009-07-27 00:02 86,016 a--sh--- c:\windows\system32\lanikuwo.dll
2009-07-26 12:04 86,016 a--sh--- c:\windows\system32\dijuzihi.dll
2009-07-25 23:05 85,504 a--sh--- c:\windows\system32\fewusopa.dll
2009-07-25 11:06 86,016 a--sh--- c:\windows\system32\nadusifa.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-24 19:01 86,016 a--sh--- c:\windows\system32\birizofu.dll
2009-07-22 02:42 85,504 a--sh--- c:\windows\system32\pavulahi.dll
2009-07-21 14:44 85,504 a--sh--- c:\windows\system32\sunapija.dll
2009-07-20 13:50 714,793 a--sh--- c:\windows\system32\walikahe.exe
2009-07-20 01:33 715,305 a--sh--- c:\windows\system32\zurufalo.exe
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-16 03:22 718,885 a--sh--- c:\windows\system32\jogihuju.exe
2009-07-16 02:59 718,885 a--sh--- c:\windows\system32\rajenoka.exe
2009-07-16 02:37 718,885 a--sh--- c:\windows\system32\vinomisu.exe
2009-07-16 02:14 718,885 a--sh--- c:\windows\system32\bofuwike.exe
2009-07-15 13:56 718,885 a--sh--- c:\windows\system32\rigagine.exe
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-09 12:57 50,176 a--sh--- c:\windows\system32\jikonidi.dll
2009-07-08 19:28 84,992 a--sh--- c:\windows\system32\repeseza.dll
2009-07-03 13:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-25 04:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 04:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 04:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 04:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 04:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 04:25:26 A------- 54,272 c:\windows\system32\wdigest.dll
2005-05-23 10:49 56 a--shr-- c:\windows\system32\3FF449E8D7.sys
2005-05-23 10:49 1,682 ac-sh--- c:\windows\system32\KGyGaAvL.sys
2009-05-12 18:20 0 a--sh--- c:\windows\system32\zetojusu.dll
2008-09-19 19:06 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091920080920\index.dat

============= FINISH: 1:39:49.10 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 franz13

franz13
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 28 August 2009 - 05:16 PM

Just an update. I ended up having many more problems with his PC, so I just reinstalled Windows. Problem solved.

Hopefully he has learned something in the whole process.

Thanks anyways,

franz

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,963 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:48 PM

Posted 04 September 2009 - 01:00 PM

Thank you for letting us know. Sometimes the best and quickest solution is to reformat and reinstall.

This topic shall now be closed.

In case you experience any problems with the computer, please start a new topic.

Happy computing,

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users