Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected witth Vundo, Virtumonde, Win32 and possibly Zlob


  • This topic is locked This topic is locked
2 replies to this topic

#1 Eva W

Eva W

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 10 January 2009 - 12:12 PM

Hi, I'm very grateful for any assistance offered.
The story so far:
I have Windows XP Media Centre ver 2002, SP3.
Antivirus: Trend Micro PC-Cillin, up to date.

A week ago PC-Cillin quarantined TROJ_WIMAD.AT. Two days ago the log shows "Ignored Success" with respect to TROJ_GENERIC.DAT (several files).
I noticed a lot of pop-ups, which were all blocked by PC-Cillin, all pointing to sites with words like "clicks" etc.
Yesterday quarantined TROJ_VUNDO.LAF.
I had deleted all quarantined files and rescanned the computer. PC-Cillin again quarantined this time TROJ_VUNDO.LAC, which I also deleted.
The computer still did not run well. On startup there was an error message which said something about VIPOGIJE.dll not being found and another one I can't remember exactly (but that one no longer appears, the VIPOGIJE still does).
Since system did not run well and pop ups were still coming, I ran PC-Cillin scan again - clear.
Then I tried Symantec Vundo fix, in safe mode with explorer.exe and winlogon.exe suspended, which did not find any infected files to fix. THis was done with system restore turned off and all temp files deleted.
So I downloaded Spyware doctor (paid for the full version) and scanned. This detected the Vundo again and a number of other "cookies" etc, which it removed. System still not running well, so I ran the Spydoctor software in safemode with networking, as recommended by the vendor help. This was clear.
Downloaded Spy Hunter and this found:
-Zlob.Trojan
-Wild Tangent
-Hotbar
-Neospace
These were not fixed, as I was not prepared to pay for yet another software. At the same time Pc-cillin spontaneously quarantinned file nubobevu.dll.
I ran Kaspersky scanner and got these infections results:

Saturday, January 10, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, January 10, 2009 04:08:50
Records in database: 1596509


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics
Files scanned 192182
Threat name 3
Infected objects 5
Suspicious objects 0
Duration of the scan 02:26:14

File name Threat name Threats count
C:\Documents and Settings\Eva & Michelangelo\Application Data\Sun\Java\Deployment\cache\6.0\3\6edc3c83-732c3e32 Infected: Exploit.Java.ByteVerify 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\nubobevu.dll Infected: Trojan.Win32.Agent.bfdf 1

C:\WINDOWS\system32\temomelo.dll Infected: Trojan.Win32.Monder.aidi 1

C:\WINDOWS\system32\wemipipo.dll Infected: Trojan.Win32.Agent.bfdf 1

C:\WINDOWS\system32\zuwokuwu.dll Infected: Trojan.Win32.Agent.bfdf 1

The selected area was scanned.


Then I ran VundoFix from www.atribune.org (got it from some forum) - no infected files. Tried to Run Vundobegone (?correct name) but my computer wouldn't allow me to open the page to download it.
In the meantime Pc-cillin did a pre-scheduled daily scan which was clear.
I also noticed that: PC-cillin setting were changed (I didn't do that), Windows automatic update was disabled (I'm at present not able to restart this, although not tried all that hard yet), and home page now changed to MSN.

Since writing this the Spyware doctor has performed another check and detected 35 infections with Virtumonde. I deleted the quarantined files and had ran it again - 3 more virtumonde files quarantined and deleted.

I really really appreciate your help. I would be most grateful for any assisstance. It appears that every scanner I do detects different spyware. I'm happy to pay for more software, but not another useless one.

I had run the recommended diagnositcs (DDS) but I was not sure how to turn off the "script-blocker". I have PC-Cillin Trend micro and Spyware doctor. I hope this has not influenced the results, but if you think it has, could you tell me how to turn the script blocker off and I will run it again. Please be patient with me as I am in Australia and due to the time zone difference I may not respond for several hours to your scripts (although this problem is preventing me from sleeping right now :thumbsup: ).

Many thanks,
Eva


Below are the DDS results


DDS (Ver_09-01-07.01) - NTFSx86
Run by Eva & Michelangelo at 3:47:19.51 on Sun 11/01/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1141 [GMT 11:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated)
AV: *On-access scanning disabled* (Updated)
AV: Trend Micro Internet Security Pro *On-access scanning enabled* (Updated)
FW: *disabled*
FW: Trend Micro Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE
C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\Dependent\HSChkProxyExe.exe
C:\WINDOWS\system32\kdfmgr.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Eva & Michelangelo\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page =
uWindow Title = Microsoft Internet Explorer provided by OptusNet
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: {5fcd68f5-62e4-4da4-852c-e5cb6d2ae188} - c:\windows\system32\nesavina.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: TSToolbarBHO: {c1656cca-d2ea-4a32-94ae-ae0b180e6449} - c:\program files\trend micro\trendsecure\transactionprotector\TSToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Transaction Protector: {e7620c98-fccc-40e5-92ec-c7685d2e1e40} - c:\program files\trend micro\trendsecure\transactionprotector\TSToolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [bobuyekani] Rundll32.exe "c:\windows\system32\vipogije.dll",s
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [CTSysVol] c:\program files\creative\sound blaster live! 24-bit\surround mixer\CTSysVol.exe /r
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Desktop Service Centre] c:\program files\optusnet dsl internet\DSC.exe
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Line Speed Meter] c:\program files\tcpiq\line speed meter\LineSpeedMeter.exe -minimize
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [Mediafour Mac Volume Notifications] "c:\program files\common files\mediafour\MACVNTFY.EXE" /auto
mRun: [Mediafour XPlay Tray Notification Icon] c:\program files\mediafour\xplay\XPTRYICN.EXE
mRun: [MDDiskProtect.exe] c:\program files\mediafour\macdrive\MDDiskProtect.exe
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [bobuyekani] Rundll32.exe "c:\windows\system32\ziwinuro.dll",s
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [CPMeb532e01] Rundll32.exe "c:\windows\system32\serinoho.dll",a
dRun: [PcSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
StartupFolder: c:\docume~1\eva&mi~1\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewirepro\LimeWire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: adventist.org\interdivisionservices.gc
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\windows\system32\vatotosa.dll c:\windows\system32\serinoho.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\serinoho.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\serinoho.dll
LSA: Notification Packages = scecli c:\windows\system32\vatotosa.dll

============= SERVICES / DRIVERS ===============

R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-1-10 40840]
R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.SYS [2005-7-21 24320]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-1-10 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-1-10 81288]
R1 MDFSYSNT;MDFSYSNT;c:\windows\system32\drivers\MDFSYSNT.SYS [2006-9-14 213888]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2009-1-10 160792]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2007-12-16 333328]
R3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~3\TmPfw.exe [2008-1-18 488768]
R3 tmproxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2008-1-18 648456]
R4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R4 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-1-10 356920]
R4 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-1-10 1079176]
R4 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2008-1-18 52240]
R4 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2007-12-16 36368]
S3 glauiad;D-Link DSL-302G Modem;c:\windows\system32\drivers\glauiad.sys [2006-1-28 29603]

=============== Created Last 30 ================

2009-01-11 03:06 38,224 a------- c:\windows\system32\drivers\neokdss.sys
2009-01-11 01:49 1,217,010 ---sh--- c:\windows\system32\abivizuw.ini
2009-01-10 18:54 <DIR> --d----- C:\VundoFix Backups
2009-01-10 10:30 <DIR> --d----- c:\program files\Enigma Software Group
2009-01-10 00:17 160,792 a------- c:\windows\system32\drivers\pctfw2.sys
2009-01-10 00:17 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2009-01-10 00:17 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2009-01-10 00:17 40,840 a------- c:\windows\system32\drivers\ikfilesec.sys
2009-01-10 00:17 29,576 a------- c:\windows\system32\drivers\kcom.sys
2009-01-10 00:17 <DIR> --d----- c:\program files\common files\PC Tools
2009-01-10 00:17 <DIR> --d----- c:\program files\Spyware Doctor
2009-01-10 00:17 <DIR> --d----- c:\docume~1\eva&mi~1\applic~1\PC Tools
2009-01-10 00:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-01-09 16:51 16,384 a------- c:\windows\DCEBoot.exe
2009-01-09 11:34 1,287,091 ---sh--- c:\windows\system32\elorinih.ini
2009-01-08 21:15 1,281,310 ---sh--- c:\windows\system32\iyowasin.ini
2009-01-06 20:34 1,281,310 ---sh--- c:\windows\system32\olemomet.ini
2009-01-06 08:22 1,266,245 ---sh--- c:\windows\system32\ajanutuj.ini
2009-01-05 19:29 1,266,236 ---sh--- c:\windows\system32\alevuyut.ini
2008-12-18 18:26 410,984 a------- c:\windows\system32\deploytk.dll

==================== Find3M ====================

2009-01-11 02:55 192,512 a------- c:\windows\system32\kdfvmgr.exe
2009-01-11 02:55 77,824 a------- c:\windows\system32\kdfapi.dll
2009-01-11 02:55 53,248 a------- c:\windows\system32\Kdfhok.dll
2009-01-11 02:54 726,568 a------- c:\windows\system32\kdfmgr.exe
2009-01-11 01:49 102,154 a--sh--- c:\windows\system32\serinoho.dll
2009-01-10 13:49 103,522 a--sh--- c:\windows\system32\fidetiga.dll
2009-01-10 12:48 66,791 a--sh--- c:\windows\system32\ravemuse.dll
2009-01-10 00:48 7,065 a--sh--- c:\windows\system32\nodivivo.dll
2009-01-10 00:48 7,061 a--sh--- c:\windows\system32\yagehusi.dll
2009-01-09 11:34 102,226 a--sh--- c:\windows\system32\logibeja.dll
2009-01-08 21:15 103,632 a--sh--- c:\windows\system32\bahegope.dll
2009-01-07 21:50 7,081 a--sh--- c:\windows\system32\kesezila.dll
2009-01-07 21:50 7,075 a--sh--- c:\windows\system32\rubepusa.dll
2009-01-07 20:50 102,023 a--sh--- c:\windows\system32\riyijuvu.dll
2009-01-07 20:50 65,797 a--sh--- c:\windows\system32\roruhore.dll
2009-01-06 20:39 102,556 a------- c:\windows\system32\tofayava.dll
2009-01-06 20:34 89,334 -------- c:\windows\system32\temomelo.dll
2009-01-06 08:22 102,091 a--sh--- c:\windows\system32\pojavoru.dll
2009-01-05 19:29 66,720 a--sh--- c:\windows\system32\rurimita.dll
2009-01-05 19:29 102,135 a--sh--- c:\windows\system32\zeladugu.dll
2009-01-04 16:22 6,946 a--sh--- c:\windows\system32\boyifada.dll
2009-01-04 16:22 7,029 a--sh--- c:\windows\system32\ruteteku.dll
2009-01-04 16:22 6,894 a--sh--- c:\windows\system32\magarino.dll
2009-01-04 04:21 7,031 a--sh--- c:\windows\system32\jiditate.dll
2009-01-04 04:21 7,006 a--sh--- c:\windows\system32\deresebo.dll
2009-01-04 04:21 6,903 a--sh--- c:\windows\system32\sipasone.dll
2009-01-03 16:21 7,043 a--sh--- c:\windows\system32\rihinonu.dll
2009-01-03 16:21 7,078 a--sh--- c:\windows\system32\yalisume.dll
2009-01-03 16:21 6,893 a--sh--- c:\windows\system32\winufame.dll
2009-01-03 04:21 7,058 a--sh--- c:\windows\system32\lakayepo.dll
2009-01-03 04:21 6,990 a--sh--- c:\windows\system32\doriwofa.dll
2009-01-03 04:21 6,909 a--sh--- c:\windows\system32\tomujanu.dll
2009-01-02 16:21 7,072 a--sh--- c:\windows\system32\mewofawi.dll
2009-01-02 16:21 6,876 a--sh--- c:\windows\system32\punajita.dll
2009-01-02 04:21 7,105 a--sh--- c:\windows\system32\yeyikufa.dll
2009-01-02 04:21 6,946 a--sh--- c:\windows\system32\sakadadu.dll
2009-01-01 16:21 7,097 a--sh--- c:\windows\system32\hesonumi.dll
2009-01-01 16:21 7,014 a--sh--- c:\windows\system32\wawilibe.dll
2009-01-01 04:21 6,944 a--sh--- c:\windows\system32\zojogaho.dll
2009-01-01 04:21 6,847 a--sh--- c:\windows\system32\fakugupu.dll
2008-12-31 16:21 7,093 a--sh--- c:\windows\system32\hikemavi.dll
2008-12-31 16:21 6,860 a--sh--- c:\windows\system32\detukimi.dll
2008-12-13 17:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-10-27 20:53 89,803 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-10-24 22:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 23:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 23:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-17 00:11 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-17 00:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 03:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 18:06 633,632 -------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 18:04 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-06-02 11:33 56,912 a------- c:\documents and settings\eva & michelangelo\g2mdlhlpx.exe
2006-11-29 23:05 251 a------- c:\program files\wt3d.ini
1999-08-13 07:00 4,820 a------- c:\program files\CAMUNWISE.INI
1601-01-01 11:12 65,797 a--sh--- c:\windows\system32\dasabisi.dll
1601-01-01 11:12 66,791 a--sh--- c:\windows\system32\vatotosa.dll
1601-01-01 11:12 29,696 a--sh--- c:\windows\system32\wemipipo.dll
1601-01-01 11:12 66,791 a--sh--- c:\windows\system32\ziwinuro.dll
1601-01-01 11:12 73,728 a--sh--- c:\windows\system32\zuwokuwu.dll

============= FINISH: 3:50:34.95 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Eva W

Eva W
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 12 January 2009 - 06:00 AM

Thanks Guys!
I'm currently getting help with this on another forum.
Please help others.
Eva

PS How do I finish/resolve this thread?

#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 12 January 2009 - 02:45 PM

Thank you for notify us.. I will now close this topic.. Please pm any Moderator or HJT Team should you need to re-open this topic..


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users