Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

It started with Antiviruspro_2010 I think.


  • This topic is locked This topic is locked
2 replies to this topic

#1 oclocal4

oclocal4

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 30 September 2009 - 07:56 PM

Somehow, Anitviruspro_2010 appeared on my computer last Wednesday. I was finally able to get rid of it, but still have some "embedded" issues. Everytime that I use Malwarebytes - Anit Malware or Spyware Doctor to clean my PC, the same issues reoccur after startup.

One issue that I am having is using Internet Explorer. I am being redirected to different websites when using google.com and sometimes a white screen with some text appears in the upper left hand corner of the browser instead of the google web page (the text contains an underscore).

Thanks very much for your help.

DDS (Ver_09-09-29.01) - NTFSx86 NETWORK
Run by Greg Riddle at 19:58:43.12 on Wed 09/30/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1919.1495 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Greg Riddle\Local Settings\Temporary Internet Files\Content.IE5\V38PT7QX\dds[1].scr
C:\WINDOWS\System32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: URLSearchHook Class: {37d2cdbf-2af4-44aa-8113-bd0d2da3c2b8} - c:\program files\nzsearch\SearchEnh1.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: ZeroBar: {f0f8ecbe-d460-4b34-b007-56a92e8f84a7} - c:\program files\netzero\Toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [RecordNow!]
uRun: [MoneyAgent] "c:\program files\microsoft money\system\mnyexpr.exe"
uRun: [spc_w] "c:\program files\nzsearch\nzspc.exe" -w
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\comcast\comcas~1\data\xtras\mssysmgr.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DW4] "c:\program files\the weather channel fw\desktop weather\DesktopWeather.exe"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [CamMonitor] c:\program files\hp\digital imaging\unload\hpqcmon.exe
mRun: [Share-to-Web Namespace Daemon] c:\program files\hp\hp share-to-web\hpgs2wnd.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [HPHUPD05] c:\program files\hp\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [ViewMgr] c:\program files\viewpoint\viewpoint manager\ViewMgr.exe
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [goyekuloh] Rundll32.exe "c:\windows\system32\notewufe.dll",a
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: microsoft.com\www.update
Trusted Zone: turbotax.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6796.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134083709562
DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: hahohetu.dll c:\windows\system32\notewufe.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: fobuwelet - {fe162eb4-3b0f-4c53-9db1-e035a23ce9f9} - c:\windows\system32\mizezilo.dll
SSODL: pidopodoy - {10a324ad-2656-4a5d-bb94-19cf8a273e8f} - c:\windows\system32\latuwusa.dll
SSODL: bipanozah - {8fd19e13-9075-4972-9760-a9ae3939077d} - c:\windows\system32\notewufe.dll
STS: jugezatag: {fe162eb4-3b0f-4c53-9db1-e035a23ce9f9} - c:\windows\system32\mizezilo.dll
STS: gahurihor: {10a324ad-2656-4a5d-bb94-19cf8a273e8f} - c:\windows\system32\latuwusa.dll
STS: gahurihor: {8fd19e13-9075-4972-9760-a9ae3939077d} - c:\windows\system32\notewufe.dll
LSA: Notification Packages = scecli nijopido.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-9-24 206256]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-9-24 348824]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-9-24 1097096]
S1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2006-11-25 214024]
S2 eivbmrqcevane;eivbmrqcevane;\??\c:\windows\system32\drivers\pzigaiihkfjv.sys --> c:\windows\system32\drivers\pzigaiihkfjv.sys [?]
S2 gupdate1c9c0f2b754f82c;Google Update Service (gupdate1c9c0f2b754f82c);c:\program files\google\update\GoogleUpdate.exe [2009-4-19 133104]
S2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
S2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-8-1 359952]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2006-11-25 144704]
S2 mrtRate;mrtRate; [x]
S2 pciinfo;HP Pci Information;\??\c:\docume~1\gregri~1\locals~1\temp\hpispz\hpdom\pciinfo.sys --> c:\docume~1\gregri~1\locals~1\temp\hpispz\hpdom\pciinfo.sys [?]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2006-11-25 606736]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2006-11-25 79880]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2006-11-25 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2006-11-25 34216]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2006-11-25 40552]

=============== Created Last 30 ================

2009-09-30 19:39 <DIR> --d----- c:\program files\Trend Micro
2009-09-30 18:00 8,212 a------- c:\windows\mfebcdata
2009-09-30 12:04 <DIR> --d----- c:\windows\LastGood.Tmp
2009-09-29 21:34 153,088 -c------ c:\windows\system32\dllcache\triedit.dll
2009-09-26 10:31 79,872 -c------ c:\windows\system32\dllcache\msxml6r.dll
2009-09-26 10:31 1,306,624 -c------ c:\windows\system32\dllcache\msxml6.dll
2009-09-26 10:31 380,416 -------- c:\windows\system32\irprops.cpl
2009-09-26 10:16 19,569 a------- c:\windows\000003_.tmp
2009-09-25 23:11 <DIR> --d----- c:\windows\system32\wbem\Repository.001
2009-09-25 22:56 33,656 a------- c:\windows\system32\sprecovr.exe
2009-09-25 22:53 19,569 a------- c:\windows\003255_.tmp
2009-09-25 22:48 263,680 a------- c:\windows\system32\adsnt.dll
2009-09-25 22:47 799,744 a------- c:\windows\system32\drivers\dmboot.sys
2009-09-25 21:00 <DIR> --d----- C:\65eda173fe0ebd449bec2ad21529
2009-09-25 19:46 213,528 a------- c:\windows\system32\wuaucpl.cpl
2009-09-25 17:36 <DIR> --d----- c:\docume~1\gregri~1\applic~1\Malwarebytes
2009-09-25 17:35 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-25 17:35 18,520 a------- c:\windows\system32\drivers\mbam.sys
2009-09-25 17:35 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-25 17:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-25 17:09 182,880 a------- c:\windows\system32\iuenginenew.dll
2009-09-25 16:54 18,944 ac------ c:\windows\system32\dllcache\simptcp.dll
2009-09-25 16:53 10,129,408 ac------ c:\windows\system32\dllcache\hwxkor.dll
2009-09-25 16:50 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-09-25 16:49 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-09-25 16:49 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-09-25 16:49 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-09-25 16:49 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-09-25 16:49 61,440 ac------ c:\windows\system32\dllcache\icwres.dll
2009-09-25 16:49 40,960 ac------ c:\windows\system32\dllcache\trialoc.dll
2009-09-25 16:49 73,728 ac------ c:\windows\system32\dllcache\icwtutor.exe
2009-09-25 16:49 16,384 ac------ c:\windows\system32\dllcache\isignup.exe
2009-09-25 16:46 51,224 ac------ c:\windows\system32\dllcache\wuauclt.exe
2009-09-25 16:46 1,809,944 ac------ c:\windows\system32\dllcache\wuaueng.dll
2009-09-25 16:46 598,016 ac------ c:\windows\system32\dllcache\mstscax.dll
2009-09-25 16:46 388,608 ac------ c:\windows\system32\dllcache\mstsc.exe
2009-09-25 16:46 40,960 ac------ c:\windows\system32\dllcache\tscupgrd.exe
2009-09-25 16:46 40,960 a------- c:\windows\system32\tscupgrd.exe
2009-09-25 16:32 24,661 ac------ c:\windows\system32\dllcache\spxcoins.dll
2009-09-25 16:32 13,312 ac------ c:\windows\system32\dllcache\irclass.dll
2009-09-25 16:32 24,661 a------- c:\windows\system32\spxcoins.dll
2009-09-25 16:32 13,312 a------- c:\windows\system32\irclass.dll
2009-09-25 16:32 797,189 ac------ c:\windows\system32\dllcache\NT5IIS.CAT
2009-09-25 16:32 399,645 ac------ c:\windows\system32\dllcache\MAPIMIG.CAT
2009-09-25 16:32 37,484 ac------ c:\windows\system32\dllcache\MW770.CAT
2009-09-25 16:32 13,472 ac------ c:\windows\system32\dllcache\HPCRDP.CAT
2009-09-25 16:32 8,574 ac------ c:\windows\system32\dllcache\IASNT4.CAT
2009-09-25 16:32 7,029 ac------ c:\windows\system32\dllcache\OEMBIOS.CAT
2009-09-25 16:32 13,608 a----r-- c:\windows\SETFA.tmp
2009-09-25 16:32 1,086,182 a----r-- c:\windows\SETEE.tmp
2009-09-24 22:03 <DIR> --d----- c:\windows\pss
2009-09-24 21:53 18,265 a------- c:\windows\kijev.dll
2009-09-24 21:53 15,754 a------- c:\docume~1\alluse~1\applic~1\apuvakaje.bin
2009-09-24 21:53 14,506 a------- c:\docume~1\gregri~1\applic~1\oqalafymuq.vbs
2009-09-24 21:53 13,410 a------- c:\windows\system32\ewyxizopa.inf
2009-09-24 21:53 12,695 a------- c:\windows\system32\xujox.exe
2009-09-24 21:53 18,724 a------- c:\docume~1\gregri~1\applic~1\zezofobo.dat
2009-09-24 21:53 16,743 a------- c:\windows\xaki.ban
2009-09-24 21:53 13,697 a------- c:\windows\rajele.exe
2009-09-24 21:53 11,891 a------- c:\docume~1\alluse~1\applic~1\tuwuqeto.reg
2009-09-24 21:53 19,377 a------- c:\docume~1\gregri~1\applic~1\wumynivuke.vbs
2009-09-24 21:53 19,363 a------- c:\windows\system32\vyhyzywu.exe
2009-09-24 21:53 17,916 a------- c:\windows\system32\qixiquwysy.dll
2009-09-24 21:53 14,255 a------- c:\windows\rale.inf
2009-09-24 21:11 11,480 a------- c:\windows\system32\fores.com
2009-09-24 21:11 19,050 a------- c:\windows\oril.dl
2009-09-24 21:11 17,195 a------- c:\windows\osonefiga.dat
2009-09-24 21:11 15,318 a------- c:\program files\common files\ywavoq.dat
2009-09-24 21:11 13,632 a------- c:\windows\panaxelyv.com
2009-09-24 21:11 12,851 a------- c:\docume~1\alluse~1\applic~1\ecikys.dll
2009-09-24 21:11 11,393 a------- c:\program files\common files\ebozisus.vbs
2009-09-24 20:23 19,625 a------- c:\windows\fysupemu.vbs
2009-09-24 20:23 13,938 a------- c:\windows\system32\suwepe.exe
2009-09-24 20:23 11,391 a------- c:\windows\system32\ycuvaxuc.dll
2009-09-24 20:23 10,386 a------- c:\windows\ycabagik.dat
2009-09-24 17:21 0 a------- c:\windows\system32\28145.exe
2009-09-24 17:00 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-09-24 16:59 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-09-24 16:59 206,256 a------- c:\windows\system32\drivers\PCTCore.sys
2009-09-24 16:59 86,888 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-24 16:58 <DIR> --d----- c:\program files\common files\PC Tools
2009-09-24 16:58 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-09-24 16:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-09-24 16:21 0 a------- c:\windows\system32\5705.exe
2009-09-24 15:21 0 a------- c:\windows\system32\24464.exe
2009-09-24 14:21 0 a------- c:\windows\system32\26962.exe
2009-09-24 13:21 0 a------- c:\windows\system32\29358.exe
2009-09-24 12:21 0 a------- c:\windows\system32\11478.exe
2009-09-24 11:21 0 a------- c:\windows\system32\15724.exe
2009-09-24 10:21 0 a------- c:\windows\system32\19169.exe
2009-09-24 06:58 19,688 a------- c:\docume~1\gregri~1\applic~1\syzinot.dll
2009-09-24 06:58 19,101 a------- c:\windows\yruhym.exe
2009-09-24 06:58 17,882 a------- c:\windows\system32\usaq.sys
2009-09-24 06:58 16,746 a------- c:\windows\ezeperit._sy
2009-09-24 06:58 13,578 a------- c:\docume~1\alluse~1\applic~1\xohiq.com
2009-09-24 06:58 11,411 a------- c:\windows\sihyfe.lib
2009-09-24 06:58 11,275 a------- c:\windows\system32\lojyfawo.bin
2009-09-24 01:46 0 a------- c:\windows\system32\26500.exe
2009-09-24 00:46 0 a------- c:\windows\system32\6334.exe
2009-09-23 23:46 0 a------- c:\windows\system32\18467.exe
2009-09-23 22:46 0 a------- c:\windows\system32\41.exe
2009-09-23 13:56 <DIR> --d----- c:\program files\Shared
2009-09-11 22:44 <DIR> --d----- c:\program files\common files\xing shared

==================== Find3M ====================

2009-09-30 00:12 39,424 a--sh--- c:\windows\system32\tuludave.dll
2009-09-28 11:49 36,864 a--sh--- c:\windows\system32\laninejo.dll
2009-09-27 21:14 87,552 a--sh--- c:\windows\system32\hudetola.dll
2009-09-27 21:14 37,376 a--sh--- c:\windows\system32\tuburavi.dll
2009-09-27 09:13 88,064 a--sh--- c:\windows\system32\batufuke.dll
2009-09-27 09:13 37,376 a--sh--- c:\windows\system32\kowavelo.dll
2009-09-26 21:13 88,064 a--sh--- c:\windows\system32\veyopiho.dll
2009-09-26 21:13 44,970 a--sh--- c:\windows\system32\tosofove.exe
2009-09-26 09:18 37,888 a--sh--- c:\windows\system32\hikebaga.dll
2009-09-25 16:48 23,348 a------- c:\windows\system32\emptyregdb.dat
2009-09-24 21:11 16,749 a------- c:\program files\common files\qimetuve.dl
2009-09-24 21:11 14,696 a------- c:\program files\common files\eqase.inf
2009-09-24 21:11 10,377 a------- c:\program files\common files\zegyfejawi._dl
2009-09-24 20:23 11,425 a------- c:\program files\common files\akete._sy
2009-09-24 06:58 16,942 a------- c:\program files\common files\epokydyty._sy
2006-07-24 19:49 184,808 a------- c:\docume~1\gregri~1\applic~1\shb.dat
2009-06-28 11:50 52,736 a--sh--- c:\windows\system32\hahohetu.dll
2009-06-28 11:50 52,736 a--sh--- c:\windows\system32\nijopido.dll

============= FINISH: 19:59:52.51 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:12 PM

Posted 17 October 2009 - 06:19 PM

Hello oclocal4,

Download and run Win32kDiag:**********************

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

**********************
Disable Spyware Doctor before running Malwarebytes, as it will interfer with the malware removal.

To disable Spyware Doctor from running on your system startup:
1. First, disable the OnGuard Tools. This way, when you exit Spyware Doctor, these tools won't stay resident in the background.
2. Click the "Settings" button on the left side.
3. Click the "Startup Settings" link.
4. Uncheck "Run at Windows Startup".
5. Click the "Apply" button.

Note: If you already have Malwarebytes' Anti-Malware, then update, run it, then do a "Perform Full Scan"



Please download Malwarebytes' Anti-Malware from one of these places:
http://download.cnet.com/Malwarebytes-Anti...&tag=button
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/mbam/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply .

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Edited by SifuMike, 17 October 2009 - 06:28 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:12 PM

Posted 24 October 2009 - 12:33 AM

Due to inactivity, this thread will now be closed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users