Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

User Tag List

Vundo Variants Slowing Killing My Computer...

This is a discussion on Vundo Variants Slowing Killing My Computer... within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. Hi all, I've run SUPERAntiSpyware to an inch of it's life, but for the life of me I can't get


 
 
Thread Tools Search this Thread
Old 12-17-2008, 02:16 PM   #1
Guest
 
Join Date: Dec 2008
Posts: 1
OS:



Hi all,

I've run SUPERAntiSpyware to an inch of it's life, but for the life of me I can't get rid of all the Vundo Variants that it seems to find.

Now I've got to the stage where I get to my desktop after booting up I get an error when DLL's try to run (Vetaweyo.dll & Vinomisu.dll).

If anyone can lend a hand I'd appreciate it big time. Here is my DDS file:


DDS (Version 1.1.0) - NTFSx86
Run by C505 at 21:39:33.55 on 17/12/2008
Internet Explorer: 7.0.6000.16757
Microsoft® Windows Vista™ Business 6.0.6000.0.1252.44.1033.18.3071.1948 [GMT 0:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Sophos\Remote Management System\RouterNT.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\notepad.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Opera\opera.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
\\cc-fs1\users$\c505\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: {00011268-E188-40DF-A514-835FCD78B1BF} - c:\program files\iepro\iepro.dll
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
BHO: {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: {c467825b-4c5b-487d-8d13-042bb5e69c43} - c:\windows\system32\hatasefa.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Version Cue CS2] "c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\adobe acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [butedowewi] Rundll32.exe "c:\windows\system32\vetaweyo.dll",s
mRun: [0868a5ed] rundll32.exe "c:\windows\system32\vinomisu.dll",b
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoup~1.lnk - c:\program files\sophos\autoupdate\ALMon.exe
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\iepro\iepro.dll
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\iepro\iepro.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - c:\program files\fiddler2\Fiddler.exe
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: c:\windows\system32\zurufalo.dll c:\windows\system32\vekukedu.dll c:\windows\system32\gadagore.dll c:\windows\system32\dupefomu.dll c:\windows\system32\bapemode.dll c:\windows\system32\binuhejo.dll c:\windows\system32\mutupapo.dll c:\windows\system32\mipasowu.dll c:\windows\system32\judobida.dll c:\windows\system32\vayojema.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli c:\windows\system32\binuhejo.dll c:\windows\system32\judobida.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\c505\appdata\roaming\mozilla\firefox\profiles\67wrfja7.default\
FF - component: c:\users\c505\appdata\roaming\mozilla\firefox\profiles\67wrfja7.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - component: c:\users\c505\appdata\roaming\mozilla\firefox\profiles\67wrfja7.default\extensions\[email protected]\components\BkMrkExt.dll
FF - plugin: c:\program files\adobe\adobe acrobat 7.0\acrobat\browser\nppdf32.dll

============= SERVICES / DRIVERS ===============

R0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\ianvstor.sys [2008-10-13 220696]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\SASDIFSV.SYS [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\SASKUTIL.sys [2008-11-17 55024]
R1 SAVOnAccess;SAVOnAccess;c:\windows\system32\drivers\savonaccess.sys [2008-10-14 85312]
R2 SAVAdminService;Sophos Anti-Virus status reporter;"c:\program files\sophos\sophos anti-virus\SAVAdminService.exe" [2008-10-23 69632]
R2 SAVService;Sophos Anti-Virus;"c:\program files\sophos\sophos anti-virus\SavService.exe" [2008-10-14 98304]
R3 SASENUM;SASENUM;\??\c:\program files\superantispyware\SASENUM.SYS [2008-11-17 7408]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-11-26 13352]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2008-11-23 90408]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2008-11-23 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2008-11-23 122024]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2008-11-23 115368]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2008-11-23 25768]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2008-11-23 111784]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2008-11-23 117544]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2008-10-14 20288]

=============== Created Last 30 ================

2008-12-17 16:22 <DIR> --d----- c:\users\c505\appdata\roaming\webex
2008-12-17 16:22 <DIR> --d----- c:\programdata\WebEx
2008-12-17 16:22 <DIR> --d----- c:\progra~2\WebEx
2008-12-16 09:42 <DIR> --d----- c:\users\c505\appdata\roaming\YouSendIt
2008-12-15 23:55 <DIR> --d----- c:\program files\CCleaner
2008-12-11 17:27 61,440 a------- c:\windows\system32\~.exe
2008-12-09 10:42 <DIR> --d----- c:\program files\YouSendIt
2008-12-09 10:41 1,936,528 a------- c:\windows\system32\ltmm15.dll
2008-12-09 10:41 135,168 a------- c:\windows\system32\DSKernel2.dll
2008-12-09 10:40 <DIR> --d----- c:\program files\WinPcap
2008-12-09 10:40 <DIR> --d----- c:\program files\Replay Converter
2008-12-09 10:40 737,280 a------- c:\windows\iun6002.exe
2008-12-09 10:39 <DIR> --d----- c:\program files\Replay AV 8
2008-12-08 22:10 <DIR> --d----- c:\program files\common files\SWF Studio
2008-12-08 22:09 <DIR> --dsh--- c:\users\c505\appdata\roaming\.#
2008-12-08 12:21 <DIR> --d----- c:\programdata\FLEXnet
2008-12-08 12:04 <DIR> --d----- c:\program files\common files\Macrovision Shared
2008-12-01 15:38 0 a------- c:\windows\system32\ozinunen.tmp
2008-11-30 17:30 <DIR> --d----- c:\program files\Trend Micro
2008-11-30 16:10 <DIR> --d----- c:\program files\RogueRemover
2008-11-30 11:00 <DIR> --d----- C:\VundoFix Backups
2008-11-30 02:35 <DIR> a-d----- c:\programdata\TEMP
2008-11-30 02:35 <DIR> --d----- c:\program files\common files\SourceTec
2008-11-30 02:35 <DIR> --d----- c:\program files\SourceTec
2008-11-28 09:38 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2008-11-28 09:38 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2008-11-28 09:37 <DIR> --d----- c:\users\c505\appdata\roaming\SUPERAntiSpyware.com
2008-11-28 09:37 <DIR> --d----- c:\program files\SUPERAntiSpyware
2008-11-27 00:50 <DIR> --d----- c:\programdata\BVRP Software
2008-11-27 00:50 <DIR> --d----- c:\program files\Avanquest update
2008-11-27 00:09 <DIR> --d----- c:\programdata\Sony Ericsson
2008-11-27 00:09 <DIR> --d----- c:\progra~2\Sony Ericsson
2008-11-26 23:41 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2008-11-26 23:27 1,419,232 a------- c:\windows\system32\wdfcoinstaller01005.dll
2008-11-26 23:27 21,672 a------- c:\windows\system32\drivers\ggsemc.sys
2008-11-26 23:27 13,352 a------- c:\windows\system32\drivers\ggflt.sys
2008-11-26 23:06 <DIR> --d----- c:\programdata\PC Suite
2008-11-26 23:05 21,632 a------- c:\windows\system32\drivers\pccsmcfd.sys
2008-11-26 23:03 <DIR> --d----- c:\program files\PC Connectivity Solution
2008-11-26 23:01 90,624 a------- c:\windows\system32\nmwcdcls.dll
2008-11-26 23:01 <DIR> --d----- c:\program files\Nokia
2008-11-26 23:00 <DIR> --d----- c:\programdata\Installations
2008-11-26 10:31 <DIR> --d----- c:\program files\common files\xing shared
2008-11-26 10:31 <DIR> --d----- c:\program files\common files\Real
2008-11-26 09:14 268 a---h--- C:\sqmdata01.sqm
2008-11-26 09:14 244 a---h--- C:\sqmnoopt01.sqm
2008-11-24 00:15 <DIR> --d----- c:\program files\Lavasoft
2008-11-24 00:15 <DIR> --d----- c:\programdata\Lavasoft
2008-11-24 00:02 <DIR> --d----- c:\program files\iPod
2008-11-24 00:02 <DIR> --d----- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-24 00:02 <DIR> --d----- c:\program files\iTunes
2008-11-24 00:02 <DIR> --d----- c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-24 00:01 <DIR> --d----- c:\program files\Bonjour
2008-11-23 23:58 <DIR> --d----- c:\programdata\Apple
2008-11-23 18:23 <DIR> --d----- c:\programdata\Avanquest Bluetooth SDK
2008-11-23 18:23 <DIR> --d----- c:\progra~2\Avanquest Bluetooth SDK
2008-11-23 16:46 <DIR> --d----- c:\users\c505\{924872b5-88b8-40e7-8292-ef603e7c0566}
2008-11-23 16:45 122,024 a------- c:\windows\system32\drivers\s1018mdm.sys
2008-11-23 16:45 117,544 a------- c:\windows\system32\drivers\s1018unic.sys
2008-11-23 16:45 115,368 a------- c:\windows\system32\drivers\s1018mgmt.sys
2008-11-23 16:45 111,784 a------- c:\windows\system32\drivers\s1018obex.sys
2008-11-23 16:45 25,768 a------- c:\windows\system32\drivers\s1018nd5.sys
2008-11-23 16:45 15,016 a------- c:\windows\system32\drivers\s1018mdfl.sys
2008-11-23 16:45 12,200 a------- c:\windows\system32\drivers\s1018whnt.sys
2008-11-23 16:45 12,200 a------- c:\windows\system32\drivers\s1018wh.sys
2008-11-23 16:45 90,408 a------- c:\windows\system32\drivers\s1018bus.sys
2008-11-23 16:45 12,200 a------- c:\windows\system32\drivers\s1018cmnt.sys
2008-11-23 16:45 12,200 a------- c:\windows\system32\drivers\s1018cm.sys
2008-11-23 16:45 10,792 a------- c:\windows\system32\drivers\s1018cr.sys
2008-11-23 16:45 <DIR> --d----- c:\program files\Sony Ericsson

==================== Find3M ====================

2008-12-17 18:24 3,067 a------- c:\windows\bthservsdp.dat
2008-12-16 11:49 115,024 a------- c:\users\c505\appdata\roaming\nvModes.dat
2008-12-15 21:56 96,038 a--sh--- c:\windows\system32\metunoba.dll
2008-12-15 20:55 95,975 a--sh--- c:\windows\system32\javojosu.dll
2008-11-28 09:12 143,360 a------- c:\windows\inf\infstrng.dat
2008-11-28 09:12 86,016 a------- c:\windows\inf\infstor.dat
2008-11-28 09:12 51,200 a------- c:\windows\inf\infpub.dat
2008-11-07 14:23 32,000 a------- c:\windows\system32\drivers\usbaapl.sys
2008-10-14 11:12 130,104 a------- c:\windows\system32\sdccoinstaller.dll
2008-10-14 11:12 23,552 a------- c:\windows\system32\sophosboottasks.exe
2008-10-14 11:11 82,432 a------- c:\windows\system32\msxml4r.dll
2008-10-14 09:49 135,680 a------- c:\windows\system32\wusa.exe
2008-10-14 09:49 268,800 a------- c:\windows\system32\es.dll
2008-10-14 09:49 229,888 a------- c:\windows\system32\msshsq.dll
2008-10-14 09:47 678,408 a------- c:\windows\system32\gpprefcl.dll
2008-10-14 09:39 1,524,224 a------- c:\windows\system32\wucltux.dll
2008-10-14 09:38 83,456 a------- c:\windows\system32\wudriver.dll
2008-10-14 09:38 163,392 a------- c:\windows\system32\wuwebv.dll
2008-10-14 09:38 31,232 a------- c:\windows\system32\wuapp.exe
2008-10-14 08:01 5,509,120 a------- c:\windows\system32\nvdispsr.dll
2008-10-14 08:01 6,340,608 a------- c:\windows\system32\nvdisps.dll
2008-10-14 08:01 4,943,872 a------- c:\windows\system32\nvd3dum.dll
2008-10-14 08:01 1,073,152 a------- c:\windows\system32\nvcpluir.dll
2008-10-14 08:01 753,664 a------- c:\windows\system32\nvcplui.exe
2008-10-14 08:01 8,501,792 a------- c:\windows\system32\nvcpl.dll
2008-10-14 08:01 368,640 a------- c:\windows\system32\nvapi.dll
2008-10-14 08:01 147,456 a------- c:\windows\system32\nvcolor.exe
2008-10-14 08:01 36,864 a------- c:\windows\system32\nvcod100.dll
2008-10-14 08:01 36,864 a------- c:\windows\system32\nvcod.dll
2008-10-14 08:01 795,104 a------- c:\windows\system32\dpinst.exe
2008-10-13 16:06 174 a--sh--- c:\program files\desktop.ini
2008-10-13 16:02 665,600 a------- c:\windows\inf\drvindex.dat
2008-10-13 15:58 28,160 a------- c:\windows\system32\Apphlpdm.dll
2008-10-13 15:58 2,560 a------- c:\windows\apppatch\AcRes.dll
2008-10-13 15:58 4,247,552 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2008-10-13 15:58 2,144,256 a------- c:\windows\apppatch\AcGenral.dll
2008-10-13 15:58 537,600 a------- c:\windows\apppatch\AcLayers.dll
2008-10-13 15:58 449,536 a------- c:\windows\apppatch\AcSpecfc.dll
2008-10-13 15:58 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2008-10-13 15:58 1,686,528 a------- c:\windows\system32\gameux.dll
2008-10-13 15:57 205,824 a------- c:\windows\system32\msoeacct.dll
2008-10-13 15:57 87,040 a------- c:\windows\system32\msoert2.dll
2008-10-13 15:57 39,424 a------- c:\windows\system32\ACCTRES.dll
2008-10-13 15:56 704,000 a------- c:\windows\system32\PhotoScreensaver.scr
2008-10-13 15:56 24,064 a------- c:\windows\system32\wtsapi32.dll
2008-10-13 15:56 2,923,520 a------- c:\windows\explorer.exe
2008-10-13 15:56 542,720 a------- c:\windows\system32\sysmain.dll
2008-10-13 15:56 502,784 a------- c:\windows\system32\wlansvc.dll
2008-10-13 15:56 297,984 a------- c:\windows\system32\wlansec.dll
2008-10-13 15:56 290,816 a------- c:\windows\system32\wlanmsm.dll
2008-10-13 15:56 67,584 a------- c:\windows\system32\wlanhlp.dll
2008-10-13 15:56 47,104 a------- c:\windows\system32\wlanapi.dll
2008-10-13 15:56 194,560 a------- c:\windows\system32\WebClnt.dll
2008-10-13 15:55 376,320 a------- c:\windows\system32\winsrv.dll
2008-10-13 15:55 49,664 a------- c:\windows\system32\csrsrv.dll
2008-10-13 15:52 2,048 a------- c:\windows\system32\tzres.dll
2008-10-13 15:51 374,456 a------- c:\windows\system32\mcupdate_GenuineIntel.dll
2008-10-13 15:51 303,616 a------- c:\windows\system32\wmpeffects.dll
2008-10-13 15:50 414,208 a------- c:\windows\system32\msscp.dll
2008-10-13 15:50 8,147,968 a------- c:\windows\system32\wmploc.DLL
2008-10-13 15:50 356,864 a------- c:\windows\system32\MediaMetadataHandler.dll
2008-10-13 15:50 7,680 a------- c:\windows\system32\spwmp.dll
2008-10-13 15:50 4,096 a------- c:\windows\system32\dxmasf.dll
2008-10-13 15:49 396,800 a------- c:\windows\system32\MPSSVC.dll
2008-10-13 15:49 392,192 a------- c:\windows\system32\FirewallAPI.dll
2008-10-13 15:49 178,688 a------- c:\windows\system32\iphlpsvc.dll
2008-10-13 15:49 86,016 a------- c:\windows\system32\icfupgd.dll
2008-10-13 15:49 61,952 a------- c:\windows\system32\cmifw.dll
2008-10-13 15:49 16,896 a------- c:\windows\system32\wfapigp.dll
2008-10-13 15:48 104,448 a------- c:\windows\system32\DWWIN.EXE
2008-10-13 15:46 8,704 a------- c:\windows\system32\hcrstco.dll
2008-10-13 15:46 8,704 a------- c:\windows\system32\hccoin.dll
2008-10-13 15:46 167,424 a------- c:\windows\system32\tcpipcfg.dll
2008-10-13 15:46 24,064 a------- c:\windows\system32\netcfg.exe
2008-10-13 15:46 22,016 a------- c:\windows\system32\netiougc.exe
2008-10-13 15:42 181,760 a------- c:\windows\system32\fsquirt.exe
2008-10-13 15:39 223,232 a------- c:\windows\system32\WMASF.DLL
2008-10-13 15:39 9,728 a------- c:\windows\system32\LAPRXY.DLL
2008-10-13 15:39 2,048 a------- c:\windows\system32\asferror.dll
2008-10-13 15:39 296,448 a------- c:\windows\system32\gdi32.dll
2008-10-13 15:39 268,288 a------- c:\windows\system32\mcbuilder.exe
2008-10-13 15:39 223,232 a------- c:\windows\system32\SLC.dll
2008-10-13 15:39 33,280 a------- c:\windows\system32\slwmi.dll
2008-10-13 15:39 2,605,568 a------- c:\windows\system32\SLsvc.exe
2008-10-13 15:39 566,784 a------- c:\windows\system32\SLCommDlg.dll
2008-10-13 15:39 351,232 a------- c:\windows\system32\SLUI.exe
2008-10-13 15:39 186,368 a------- c:\windows\system32\SLLUA.exe
2008-10-13 15:39 57,856 a------- c:\windows\system32\SLUINotify.dll
2008-10-13 15:39 39,936 a------- c:\windows\system32\slcinst.dll
2008-10-13 15:38 105,984 a------- c:\windows\system32\CscMig.dll
2008-10-13 15:38 269,824 a------- c:\windows\system32\schannel.dll
2008-10-13 15:38 220,160 a------- c:\windows\system32\ntprint.dll
2008-10-13 15:38 61,440 a------- c:\windows\system32\ntprint.exe
2008-10-13 15:36 84,480 a------- c:\windows\system32\dnsrslvr.dll
2008-10-13 15:36 24,576 a------- c:\windows\system32\dnscacheugc.exe
2008-10-13 15:36 788,992 a------- c:\windows\system32\rpcrt4.dll
2008-10-13 15:35 737,792 a------- c:\windows\system32\inetcomm.dll
2008-10-13 15:35 84,480 a------- c:\windows\system32\INETRES.dll
2008-10-13 15:35 152,576 a------- c:\windows\system32\imagehlp.dll
2008-10-13 15:35:41 A------- 5,120 c:\windows\system32\wmi.dll
2007-03-09 08:12 27,648 a--sh--- c:\windows\system32\AVSredirect.dll

============= FINISH: 21:40:33.33 ===============
Attached Files
File Type: zip Attach.zip (2.2 KB, 15 views)
Hilly_2008 is offline  
Sponsored Links
Advertisement
 
Old 12-19-2008, 05:02 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

https://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-22-2008, 06:38 PM   #3
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 12:14 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts