Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Vundo / Prunnet / Possibly More


  • This topic is locked This topic is locked
2 replies to this topic

#1 SuperBored

SuperBored

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 27 March 2009 - 08:50 PM

A day or two ago, my computer started giving me a messages that my Symantec auto-detect was disabled, and then a message that the svchost general host process for win32 had stopped. After those messages would appear, another box would appear telling me there was a DCOM error and my computer needed to restart. After several reboots, the error and restart messages disappeared, but my Symantec was still being disabled and internet explorer ads started appearing. While searching google for an answer to my problem I noticed that my links were redirected to ad sites. Also at one point an error message for Prunnet.exe appeared telling me it stopped unexpectedly.

I installed eTrust antivirus as well as AdAware and scanned my computer with both, and both came up with several files infected with Vundo. After these programs quarantined/deleted the infected files, nothing had changed. Next I tried the Vundofix program from Symantec which said it found and removed Vundo but the problems persisted. My last attempts at removal have been the Malwarebytes program which also found and removed several files, and the fixVundo program from secured2k as recommended from bleepingcomputer.com although it found nothing.

From that point on my computer has taken a very long time to startup after I enter my password. After it loads, trying to open the internet or almost any other program besides browsing folders will cause the program to load slowly and immediately not respond or not open at all. Everything is very slow.

The DDS program will not run during a normal boot of my computer, however Hijackthis will. The DDS below and the Attach file are from running the DDS.src program while my computer was in safe mode. Thank you very, very much in advance for help with my problem.


DDS (Ver_09-03-16.01) - NTFSx86 NETWORK
Run by Derrek at 19:02:36.67 on Fri 03/27/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.783 [GMT -6:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated)
AV: eTrust Antivirus *On-access scanning enabled* (Updated)
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Outdated)
FW: Symantec Client Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Derrek\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Realtime Monitor] c:\program files\ca\etrust antivirus\realmon.exe -s
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [TpShocks] TpShocks.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TPHOTKEY] c:\progra~1\lenovo\pkgmgr\hotkey\TPHKMGR.exe
mRun: [TP4EX] tp4ex.exe
mRun: [suScheduler] c:\program files\thinkvantage\systemupdate\UCLauncher.exe /SCHEDULER
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
mRun: [PDService.exe] "c:\program files\ibm thinkvantage\safeguard privatedisk\pdservice.exe"
mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [cssauth] "c:\program files\ibm thinkvantage\client security solution\cssauth.exe" silent
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [DLCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCGtime.dll,_RunDLLEntry@16
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monito~1.lnk - c:\program files\apache group\apache2\bin\ApacheMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ndasde~1.lnk - c:\program files\ndas\system\ndasmgmt.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - c:\program files\lenovo\pkgmgr\\PkgMgr.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: aim.com \aimexpress
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {74FFE28D-2378-11D5-990C-006094235084} - hxxp://www-307.ibm.com/pc/support/IbmEgath.cab
DPF: {89981B1D-07DA-43C3-9770-06C51E7E5DCE} - hxxp://game.nostale.com/sso/NostaleWebLauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab55579.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} - hxxp://www.gamengame.com/KALogoutComponent.cab
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
Notify: ACNotify - ACNotify.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: psfus - psqlpwd.dll
Notify: tpfnf2 - notifyf2.dll
Notify: tphotkey - tphklock.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll,c:\progra~1\google\google~1\goec62~1.dll, c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli psqlpwd csspwntfy

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\derrek\applic~1\mozilla\firefox\profiles\cxhess40.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com
FF - plugin: c:\documents and settings\derrek\application data\mozilla\firefox\profiles\cxhess40.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-23 64160]
R0 lfsfilt;Lean File Sharing;c:\windows\system32\drivers\lfsfilt.sys [2006-10-29 140160]
R0 lpx;LPX Protocol;c:\windows\system32\drivers\lpx.sys [2006-3-20 44288]
R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [2006-8-31 85760]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-19 951632]
R3 ndasbus;NDAS Bus Driver;c:\windows\system32\drivers\ndasbus.sys [2006-3-20 59136]
S1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2006-8-31 11520]
S1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2006-8-31 6016]
S1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2007-7-6 33824]
S1 SAVRT;SAVRT;c:\program files\symantec client security\symantec antivirus\savrt.sys [2005-2-4 324232]
S1 SAVRTPEL;SAVRTPEL;c:\program files\symantec client security\symantec antivirus\Savrtpel.sys [2005-2-4 53896]
S1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [2006-8-31 4736]
S1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2006-8-31 4442]
S2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2005-6-2 239216]
S2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-6-2 161392]
S2 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [2005-12-21 12544]
S2 PrivateDisk;PrivateDisk;c:\program files\ibm thinkvantage\safeguard privatedisk\privatediskm.sys [2005-11-15 46142]
S2 smi2;smi2;c:\program files\smi2\smi2.sys [2005-12-21 3968]
S2 smihlp;SMI helper driver;c:\program files\thinkvantage fingerprint software\smihlp.sys [2005-12-8 3328]
S2 TivoBeacon2;TiVo Beacon;c:\program files\common files\tivo shared\beacon\TiVoBeacon.exe [2006-7-11 857088]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2007-4-10 16512]
S3 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-6-2 185968]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-6-2 83568]
S3 CEDRIVER52;CEDRIVER52;\??\c:\documents and settings\derrek\desktop\ce 5.2 with loadbinary\dbk32.sys --> c:\documents and settings\derrek\desktop\ce 5.2 with loadbinary\Dbk32.sys [?]
S3 CEDRIVER53;CEDRIVER53;\??\c:\program files\cheat engine\dbk32.sys --> c:\program files\cheat engine\dbk32.sys [?]
S3 DADriv1;DADriv1;\??\c:\documents and settings\derrek\desktop\poobah\dak32.sys --> c:\documents and settings\derrek\desktop\poobah\DAK32.sys [?]
S3 iCheat1;iCheat1;\??\c:\documents and settings\derrek\desktop\hax\nvid999.sys --> c:\documents and settings\derrek\desktop\hax\nvid999.sys [?]
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;\??\c:\documents and settings\derrek\desktop\mle\ilvmoney1148.sys --> c:\documents and settings\derrek\desktop\mle\IlvMoney1148.sys [?]
S3 kaspersky1;kaspersky1;\??\c:\documents and settings\derrek\desktop\kaspersky engine\kaspersky.sys --> c:\documents and settings\derrek\desktop\kaspersky engine\kaspersky.sys [?]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20061229.017\naveng.sys [2006-12-29 80408]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20061229.017\navex15.sys [2006-12-29 833048]
S3 ndasscsi;NDAS SCSI Miniport Driver;c:\windows\system32\drivers\ndasscsi.sys [2006-3-20 115584]
S3 Revolution1;Revolution1;\??\c:\documents and settings\derrek\desktop\revengine\revolution engine 6.2\shak3.sys --> c:\documents and settings\derrek\desktop\revengine\revolution engine 6.2\SHAK3.sys [?]
S3 SavRoam;SAVRoam;c:\program files\symantec client security\symantec antivirus\SavRoam.exe [2005-8-18 124608]
S3 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec client security\symantec antivirus\Rtvscan.exe [2005-8-18 1730240]
S3 XDva037;XDva037;\??\c:\windows\system32\xdva037.sys --> c:\windows\system32\XDva037.sys [?]
S3 zenx1;zenx1;\??\c:\documents and settings\derrek\my documents\zenx\zenxengine_latest\zenx.sys --> c:\documents and settings\derrek\my documents\zenx\zenxengine_latest\zenx.sys [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-10 24652]

=============== Created Last 30 ================

2009-03-27 16:20 244 a---h--- C:\sqmnoopt06.sqm
2009-03-26 13:27 <DIR> --d----- C:\VundoFix Backups
2009-03-26 12:00 244 a---h--- C:\sqmnoopt05.sqm
2009-03-26 11:28 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-25 21:21 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-25 21:21 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-25 21:21 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-25 20:58 <DIR> --d----- c:\program files\Trend Micro
2009-03-25 19:55 <DIR> --d----- c:\windows\pss
2009-03-25 01:20 48 a------- C:\xcrashdump.dat
2009-03-25 01:07 <DIR> --d----- c:\docume~1\derrek\applic~1\Malwarebytes
2009-03-25 01:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-24 18:00 <DIR> --d----- c:\program files\CA
2009-03-24 17:58 <DIR> --d----- c:\program files\eTrust
2009-03-23 21:03 45,056 a------- c:\windows\system32\dLer.exe
2009-03-23 08:44 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-03-23 08:33 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{2BAE6915-8510-4B9F-B498-02DA86258AA0}
2009-03-22 22:28 42,496 a------- c:\windows\Upobe.dll
2009-03-22 22:28 42,496 a------- c:\windows\system32\kuzSniper.exe
2009-03-21 08:06 2,713 ---sh--- c:\windows\system32\marasotu.exe

==================== Find3M ====================

2009-03-23 16:12 34 a------- c:\documents and settings\derrek\jagex_runescape_preferences.dat
2009-03-22 00:00 5,427 a------- c:\windows\system32\EGATHDRV.SYS
2009-03-06 02:22 5,848 a------- c:\windows\system32\d3d9caps.dat
2009-02-02 23:10 2,713 ---sh--- c:\windows\system32\rabahahe.exe
2009-02-01 19:04 2,713 ---sh--- c:\windows\system32\tajobosa.exe
2009-01-29 20:42 2,713 ---sh--- c:\windows\system32\dumepiwo.exe
2009-01-27 23:52 2,713 ---sh--- c:\windows\system32\kowevigu.exe
2008-02-25 16:25 22,328 a------- c:\docume~1\derrek\applic~1\PnkBstrK.sys
2008-01-22 14:46 621 a------- c:\program files\INSTALL.LOG
0000-00-00 00:00 62,976 a--sh--- c:\windows\system32\bimolino.dll
0000-00-00 00:00 72,704 a--sh--- c:\windows\system32\bolotiku.dll
0000-00-00 00:00 73,216 a--sh--- c:\windows\system32\bubirihu.dll
0000-00-00 00:00 70,656 a--sh--- c:\windows\system32\bupaziwe.dll
0000-00-00 00:00 73,216 a--sh--- c:\windows\system32\dazukuso.dll
0000-00-00 00:00 73,216 a--sh--- c:\windows\system32\dibawumi.dll
0000-00-00 00:00 73,216 a--sh--- c:\windows\system32\dinohigi.dll
0000-00-00 00:00 101,888 a--sh--- c:\windows\system32\duweweba.dll
0000-00-00 00:00 73,216 a--sh--- c:\windows\system32\faseholu.dll
0000-00-00 00:00 63,488 a--sh--- c:\windows\system32\fenukodo.dll
0000-00-00 00:00 64,000 a--sh--- c:\windows\system32\fihowizu.dll
0000-00-00 00:00 64,594 a--sh--- c:\windows\system32\galotama.dll
0000-00-00 00:00 73,216 a--sh--- c:\windows\system32\gejirafe.dll
0000-00-00 00:00 62,464 a--sh--- c:\windows\system32\gevusiru.dll
0000-00-00 00:00 63,488 a--sh--- c:\windows\system32\gewogopo.dll
0000-00-00 00:00 109,568 a--sh--- c:\windows\system32\gitubazo.dll
0000-00-00 00:00 109,568 a--sh--- c:\windows\system32\gohafiki.dll
0000-00-00 00:00 73,216 a--sh--- c:\windows\system32\gunasupo.dll
0000-00-00 00:00 73,216 a--sh--- c:\windows\system32\hahunona.dll
2008-09-25 14:54 61,440 a--sh--- c:\windows\system32\hapuniri.dll
0000-00-00 00:00 108,032 a--sh--- c:\windows\system32\jafasatu.dll
0000-00-00 00:00 72,192 a--sh--- c:\windows\system32\jemumabi.dll
0000-00-00 00:00 99,328 a--sh--- c:\windows\system32\jerahasu.dll
0000-00-00 00:00 140,800 a--sh--- c:\windows\system32\jisowebe.dll
0000-00-00 00:00 67,584 a--sh--- c:\windows\system32\jojereto.dll
0000-00-00 00:00 73,216 a--sh--- c:\windows\system32\jopibuva.dll
0000-00-00 00:00 66,048 a--sh--- c:\windows\system32\kalemake.dll
0000-00-00 00:00 73,216 a--sh--- c:\windows\system32\kevivusu.dll
0000-00-00 00:00 62,976 a--sh--- c:\windows\system32\kopupavo.dll
0000-00-00 00:00 99,328 a--sh--- c:\windows\system32\kukewomi.dll
0000-00-00 00:00 73,216 a--sh--- c:\windows\system32\lazukeve.dll
0000-00-00 00:00 73,216 a--sh--- c:\windows\system32\leguluja.dll
0000-00-00 00:00 63,488 a--sh--- c:\windows\system32\limevilo.dll
0000-00-00 00:00 74,240 a--sh--- c:\windows\system32\luvitahu.dll
0000-00-00 00:00 67,584 a--sh--- c:\windows\system32\mebahula.dll
0000-00-00 00:00 73,216 a--sh--- c:\windows\system32\meretoyi.dll
2008-09-28 16:13 60,416 a--sh--- c:\windows\system32\mometiyu.dll
0000-00-00 00:00 108,032 a--sh--- c:\windows\system32\movuwuzu.dll
0000-00-00 00:00 63,488 a--sh--- c:\windows\system32\mubawiti.dll
0000-00-00 00:00 66,048 a--sh--- c:\windows\system32\muguluve.dll
0000-00-00 00:00 63,488 a--sh--- c:\windows\system32\nizakone.dll
0000-00-00 00:00 73,216 a--sh--- c:\windows\system32\nuwogope.dll
0000-00-00 00:00 65,024 a--sh--- c:\windows\system32\pivofefi.dll
0000-00-00 00:00 73,216 a--sh--- c:\windows\system32\ripikobi.dll
0000-00-00 00:00 73,216 a--sh--- c:\windows\system32\rolopufo.dll
0000-00-00 00:00 70,656 a--sh--- c:\windows\system32\rorenile.dll
0000-00-00 00:00 99,328 a--sh--- c:\windows\system32\tapohina.dll
0000-00-00 00:00 64,000 a--sh--- c:\windows\system32\tutotemi.dll
0000-00-00 00:00 70,656 a--sh--- c:\windows\system32\vijukosu.dll
0000-00-00 00:00 66,048 a--sh--- c:\windows\system32\wezuhobo.dll
0000-00-00 00:00 72,704 a--sh--- c:\windows\system32\wobubiju.dll
0000-00-00 00:00 62,464 a--sh--- c:\windows\system32\wowufala.dll
0000-00-00 00:00 73,216 a--sh--- c:\windows\system32\wuhemiwa.dll
0000-00-00 00:00 62,976 a--sh--- c:\windows\system32\yeduyapa.dll
0000-00-00 00:00 63,488 a--sh--- c:\windows\system32\yisiraga.dll
0000-00-00 00:00 101,888 a--sh--- c:\windows\system32\yitazeka.dll
0000-00-00 00:00 64,920 a--sh--- c:\windows\system32\yubefeto.dll
0000-00-00 00:00 67,584 a--sh--- c:\windows\system32\zagolazu.dll
0000-00-00 00:00 73,216 a--sh--- c:\windows\system32\zemegolo.dll
0000-00-00 00:00 67,584 a--sh--- c:\windows\system32\zipikuvi.dll
0000-00-00 00:00 73,216 a--sh--- c:\windows\system32\zizavamu.dll
2008-11-03 17:55 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008110320081104\index.dat

============= FINISH: 19:03:12.75 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SuperBored

SuperBored
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 29 March 2009 - 02:36 AM

I am no longer in need of assistance for this virus problem because, in need to use this computer for tasks specific to a time table, I upgraded from Windows XP to Windows Vista and cleared my hard drive. Thank You for all that you volunteers do at BleepingComputer, even though you didn't help me specifically I appreciate your services.

Consider my problem fixed.

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:10:07 AM

Posted 29 March 2009 - 07:32 PM

Thanks for informing us.
Good luck with your upgrade.

This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users