Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Virus that targest Malwarebytes and generally brings speed of computer


  • This topic is locked This topic is locked
3 replies to this topic

#1 Mirrodin

Mirrodin

    Authentic Member

  • Authentic Member
  • PipPip
  • 37 posts

Posted 06 October 2009 - 10:05 PM

Hello, all. Yesterday around 10 at night, my computer started displaying pop windows through mozilla firefox roughly every 10-15 minutes. I wasn't too concerned about it, since that appeared to be the only thing that it was doing, and really, that's not that bad or that annoying. Unfortunately this morning it got worse. The entire computer began to slow down periodically. Furthermore, certain websites began to take incredibly longer than others, even though everything was slowed down. The pop ups began to decrease the time in between. So I decided to try to see what was going on, through Malwarebytes. Only to find that the .exe had mysteriously been deleted. I uninstalled the program and redownloaded from the website. Upon installing it again, I found that the new .exe was gone. I ran Lavasoft Ad-aware and found a few problems, I think it totaled 5 things. I deleted them and restarted. The problem remains. Can anyone help me? ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/10/06 23:50 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP2 ================================================== Drivers ------------------- Name: dump_iaStor.sys Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys Address: 0x9D723000 Size: 876544 File Visible: No Signed: - Status: - Name: PCI_PNP7126 Image Path: \Driver\PCI_PNP7126 Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0x9B7BF000 Size: 49152 File Visible: No Signed: - Status: - Name: spry.sys Image Path: spry.sys Address: 0xF743B000 Size: 1048576 File Visible: No Signed: - Status: - Name: sptd Image Path: \Driver\sptd Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - SSDT ------------------- #: 041 Function Name: NtCreateKey Status: Hooked by "Lbd.sys" at address 0xf76ac87e #: 071 Function Name: NtEnumerateKey Status: Hooked by "spry.sys" at address 0xf745aca2 #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "spry.sys" at address 0xf745b030 #: 119 Function Name: NtOpenKey Status: Hooked by "spry.sys" at address 0xf743c0c0 #: 160 Function Name: NtQueryKey Status: Hooked by "spry.sys" at address 0xf745b108 #: 177 Function Name: NtQueryValueKey Status: Hooked by "spry.sys" at address 0xf745af88 #: 247 Function Name: NtSetValueKey Status: Hooked by "Lbd.sys" at address 0xf76acbfe ==EOF== DDS (Ver_09-06-26.01) - NTFSx86 Run by jmart366 at 23:36:05.17 on Tue 10/06/2009 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_15 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.758.19 [GMT -4:00] ============== Running Processes =============== C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AskBarDis\bar\bin\AskService.exe C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\WINDOWS\System32\TPHDEXLG.EXE C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe c:\program files\lenovo\system update\suservice.exe C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Network Associates\Common Framework\UdaterUI.exe C:\Program Files\Network Associates\Common Framework\McTray.exe C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe C:\WINDOWS\system32\TpShocks.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Lenovo\AwayTask\AwaySch.EXE C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\AIM6\aolsoftware.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\lelenomu.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE C:\Documents and Settings\jmart366\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://cpprod.stjohns.edu/cp/home/loginf uWindow Title = Microsoft Internet Explorer provided by St. John's University uInternet Settings,ProxyOverride = *.local;<local> uInternet Settings,ProxyServer = http=localhost:7171 BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UdaterUI.exe" /StartedFromRunKey mRun: [PRONoMgrWired] c:\program files\intel\prosetwired\ncs\proset\PRONoMgr.exe mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe mRun: [TpShocks] TpShocks.exe mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper mRun: [TP4EX] tp4ex.exe mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [cssauth] "c:\program files\ibm thinkvantage\client security solution\cssauth.exe" silent mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [ShStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [30843220] c:\documents and settings\all users\application data\30843220\30843220.exe mRun: [veluhepoj] Rundll32.exe "c:\windows\system32\tajozejo.dll",a mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\docume~1\jmart366\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe StartupFolder: c:\docume~1\jmart366\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1) mPolicies-system: LogonType = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - c:\program files\thinkpad\pkgmgr\PkgMgr.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {01111F00-3E00-11D2-8470-0060089874ED} - hxxps://www-3.ibm.com/pc/support/access/sdccommon/download/tgctlins.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120763170514 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147371192171 DPF: {74FFE28D-2378-11D5-990C-006094235084} - file://c:\program files\support.com\bin\ibmaccesssupport\common\install\ibmegath.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38146.5184143518 DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} - file://c:\program files\support.com\bin\ibmaccesssupport\common\install\AcpControl.cab Notify: ACNotify - ACNotify.dll Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll Notify: igfxcui - igfxdev.dll Notify: tpfnf2 - notifyf2.dll Notify: tphotkey - tphklock.dll AppInit_DLLs: egvqfb.dll c:\docume~1\jmart366\locals~1\temp\6509045461458mmx.dll c:\windows\system32\tajozejo.dll,serusoho.dll,wepavuwu.dll SSODL: dayihigoj - {7d06e56d-4d32-41f7-8ca7-d8e0c3e107af} - c:\windows\system32\tajozejo.dll STS: tokatiluy: {7d06e56d-4d32-41f7-8ca7-d8e0c3e107af} - c:\windows\system32\tajozejo.dll LSA: Notification Packages = scecli yiyuhope.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\jmart366\applic~1\mozilla\firefox\profiles\r0zieozj.default\ FF - prefs.js: browser.startup.homepage - hxxp://cpprod.stjohns.edu/cp/home/loginf FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R0 ANCSQ;ANCSQ;c:\windows\system32\drivers\ANCSQ.sys [2005-12-21 6912] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-22 64160] R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [2006-5-15 85760] R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [2005-5-10 14208] R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2006-5-15 11520] R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2006-5-15 6016] R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2008-8-6 59904] R1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [2006-5-15 4736] R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2006-5-15 4442] R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-10-1 464264] R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-10-1 234888] R2 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [2005-12-21 12544] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1028432] R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2003-7-1 104000] R2 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\VsTskMgr.exe [2005-8-22 29184] R2 smi2;smi2;c:\program files\smi2\smi2.sys [2005-12-21 3968] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-2-17 24652] R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [2005-5-10 6016] S2 McShield;Network Associates McShield;c:\program files\network associates\virusscan\Mcshield.exe [2005-8-22 221191] S3 AM5211;11b/g Wireless LAN Mini PCI Adapter Service;c:\windows\system32\drivers\am5211.sys --> c:\windows\system32\drivers\am5211.sys [?] S3 dopewars-server;dopewars server;c:\program files\dopewars-1.5.12\dopewars.exe -n --> c:\program files\dopewars-1.5.12\dopewars.exe -N [?] S3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2008-8-6 117024] =============== Created Last 30 ================ 2009-10-06 20:25 1,316 a---h--- C:\aaw7boot.cmd 2009-10-06 19:51 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-06 19:51 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-10-06 19:51 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-10-06 14:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\30843220 2009-10-03 01:44 <DIR> --d----- c:\program files\LucasArts 2009-10-01 13:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Azureus 2009-10-01 13:11 <DIR> --d----- c:\docume~1\jmart366\applic~1\Azureus 2009-10-01 13:08 <DIR> --d----- c:\program files\Vuze 2009-10-01 13:08 <DIR> --d----- c:\program files\AskBarDis ==================== Find3M ==================== 2009-10-06 19:39 15,688 a------- c:\windows\system32\lsdelete.exe 2009-08-28 20:13 889,855 a------- c:\windows\system32\xa.tmp 2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll 2009-08-06 19:23 215,920 a------- c:\windows\system32\muweb.dll 2009-08-05 05:11 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll 2009-07-17 14:55 58,880 a------- c:\windows\system32\atl.dll 2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll 2009-07-06 14:41 37,888 a--sh--- c:\windows\system32\lehokeso.dll 2009-07-06 14:41 1,050,147 a--sh--- c:\windows\system32\lelenomu.exe 2009-07-06 14:41 26,624 a--sh--- c:\windows\system32\lowofahe.dll 2009-07-06 14:43 52,224 a--sh--- c:\windows\system32\pasufizi.dll 2009-07-06 14:43 52,224 a--sh--- c:\windows\system32\serusoho.dll 2009-07-06 14:41 52,224 a--sh--- c:\windows\system32\sodewife.dll 2009-07-06 14:41 88,576 a--sh--- c:\windows\system32\tajozejo.dll 2009-07-06 14:43 52,224 a--sh--- c:\windows\system32\zefovoya.dll ============= FINISH: 23:37:31.48 ===============

Attached Files


    Advertisements

Register to Remove


#2 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 07 October 2009 - 04:43 PM

Hello and Welcome to the forum.

Download Combofix from any of the links below but rename it to ABCD.exe before saving it to your desktop.

Link 1
Link 2


Double click on the ABCD.exe ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#3 Mirrodin

Mirrodin

    Authentic Member

  • Authentic Member
  • PipPip
  • 37 posts

Posted 07 October 2009 - 08:35 PM

You don't have to worry about it now. The computer completely went haywire this morning and I had to go to my college and get a new hard drive.

#4 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 08 October 2009 - 06:33 PM

Thanks for posting back and letting us know :thumbup:

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users