Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Virtumonde & Virtumonde.prx


  • This topic is locked This topic is locked
2 replies to this topic

#1 vandasian

vandasian

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 14 April 2009 - 01:34 PM

Hello, while I was looking up some song lyrics (using Firefox) I became infected with the Virtumonde (Virtumonde.prx) adware/rootkit/keylogger. First ZoneAlarm notified me that e.exe was attempting to connect to 85.12.43.103, which turns out to be in the Netherlands. I blocked this. Soon after ZoneAlarm said that siwipuyo.exe was trying to connect to 85.12.43.75. I also blocked this. (I believe this was one of the randomly generated files created by Virtumonde.)

Becoming concerned, I ran a search for e.exe and found it in the Local Settings Temp directory. At about this time I began to experience a few popup ads. I SHIFT-deleted e.exe, then opened up Spybot S&D and ran its scan (note: I do not use TeaTimer or immunization because they cause my browser to become essentially unusable.). Spybot turned up Virtumonde, Virtumonde.prx, and a Windows Firewall bypass. I had Spybot fix these entries, which consisted of 3 files and 8 registry keys altogether. I also disconnected the computer from the network/internet.

I then ran AdAware, which turned up nothing, and AVAST, which detected a Win32:Rootkit-gen [Rtk] in several randomly named .dlls. I tried both to delete these .dlls and move them to the chest, but either AVAST wasn't able to or the rootkit was recreating them instantly.

I set AVAST to run a boot-time scan and rebooted. During the boot-time scan AVAST found 3 .dlls (Win32:Rootkit-gen [Rtk]) in the c:\system volume information\_restore{LONGSTRINGOFALPHANUMERICCHARACTERS}\RP932\ directory. I moved these to the chest, which seemed to work.

When I rebooted I received a box from RUNDLL notifying me "Error loading c:\WINDOWS\system32\zivahesu.dll, Specified module could not be loaded". (Filename was one of the randomly named .dlls I had removed during first AVAST scan.) So it looks like there's still an entry somewhere in a boot process trying to start the .dlls. Since rebooting I have not had any popup ads. A fresh Spybot run found nothing.

I also installed and ran Sophos Anti-Rootkit, which found nothing, and ran McAffee's Rootkit Detective, which had some false-positives and some very long alphanumeric directories that may be relevant. I can post the log here if requested.

I've heard good things about Malwarebytes scanner, FYI.

So now I am turning to this forum to try and get rid of the pieces left. I would really appreciate the help! I am running XP Pro SP3 & the latest version of Firefox. I've attached the Attach.txt DDS logfile, and here's my DDS.txt logfile:

----------------------

DDS (Ver_09-03-16.01) - NTFSx86
Run by Jamie at 13:58:50.57 on Tue 04/14/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1365 [GMT -4:00]

AV: avast! antivirus 4.8.1335 [VPS 090413-0] *On-access scanning enabled* (Updated)
AV: *On-access scanning disabled* (Updated)
FW: *disabled*
FW: ZoneAlarm Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\!UTILITIES\AdAware\aawservice.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Avast\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\!UTILITIES\APC PowerChute\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\!UTILITIES\Diskeeper\DKService.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\MozyPro\mozyprobackup.exe
C:\Program Files\!UTILITIES\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\!UTILITIES\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\PROGRA~1\Avast\ashDisp.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\X3watch\x3watch.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\DOCUME~1\Jamie\LOCALS~1\Temp\clclean.0001
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Documents and Settings\Jamie\My Documents\@Downloads\DesktopOK.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Avast\ashMaiSv.exe
C:\Program Files\!UTILITIES\AWC\AWC.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\!UTILITIES\Launchy\Launchy.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\MozyPro\mozyprostat.exe
C:\Program Files\!UTILITIES\APC PowerChute\apcsystray.exe
C:\Program Files\Avast\ashWebSv.exe
C:\Program Files\!UTILITIES\DiskCheckup\DiskCheckup.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\!UTILITIES\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Documents and Settings\Jamie\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc-rel&channel=us
mDefault_Page_URL = hxxp://www.dell.com
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.dell.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\snagit\SnagitBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: : {206e52e0-d52e-11d4-ad54-0000e86c26f6} - c:\progra~1\!utili~1\freshd~1\FDCatch.dll
BHO: {3b4a9cf4-49f7-4900-bee0-d7cd132d2678} - c:\windows\system32\nemudodi.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: OToolbarHelper Class: {ead3a971-6a23-4246-8691-c9244e858967} - c:\program files\paypal\paypal plug-in\PayPalHelper.dll
TB: FreshDownload Bar: {ed0e8ca5-42fb-4b18-997b-769e0408e79d} - c:\progra~1\!utili~1\freshd~1\fdiebar.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - c:\program files\paypal\paypal plug-in\OToolbar.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\snagit\SnagitIEAddin.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [DesktopOK] "c:\documents and settings\jamie\my documents\@downloads\DesktopOK.exe" -bg
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [TrueImageMonitor.exe] c:\program files\!utilities\acronis\trueimage\TrueImageMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [avast!] c:\progra~1\avast\ashDisp.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [<NO NAME>]
mRun: [x3watch] c:\program files\x3watch\x3watch.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [bonedoduda] Rundll32.exe "c:\windows\system32\zivahesu.dll",s
StartupFolder: c:\docume~1\jamie\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\jamie\startm~1\programs\startup\diskch~1.lnk - c:\program files\!utilities\diskcheckup\DiskCheckup.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\!utilities\apc powerchute\Display.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\awc.lnk - c:\program files\!utilities\awc\AWC.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\launchy.lnk - c:\program files\!utilities\launchy\Launchy.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozypr~1.lnk - c:\program files\mozypro\mozyprostat.exe
IE: Add to Evernote - c:\program files\evernote\enbar.dll/2000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: {1ABCFC17-6A57-4DC5-876F-89B1DC54E06D} - c:\program files\!utilities\freshdownload\fd.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\!utilities\winhttrack\WinHTTrackIEBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E9252800} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEE1} - c:\program files\evernote\enbar.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} - hxxps://accounting.quickbooks.com/c3/v21.148/qboax10.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} - hxxp://u3.sandisk.com/download/apps/LPInstaller.CAB
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
TCP: {52E6E0B6-1F56-47BD-8BAD-DAAB7F80252E} = 192.168.1.1,192.168.2.1
Notify: LMIinit - LMIinit.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll c:\windows\system32\yovopepa.dll,c:\windows\system32\nukatojo.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yovopepa.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\yovopepa.dll
LSA: Authentication Packages = msv1_0 relog_ap
LSA: Notification Packages = scecli c:\windows\system32\nukatojo.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jamie\applic~1\mozilla\firefox\profiles\q4ertjm5.default\
FF - prefs.js: browser.search.selectedEngine - Inquisitor
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\documents and settings\jamie\application data\mozilla\firefox\profiles\q4ertjm5.default\extensions\{31513e58-f253-47ad-86db-d5f21e905429}\components\mintray-9178506d-2005072516-trunk.dll
FF - component: c:\documents and settings\jamie\application data\mozilla\firefox\profiles\q4ertjm5.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - component: c:\documents and settings\jamie\application data\mozilla\firefox\profiles\q4ertjm5.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - component: c:\documents and settings\jamie\application data\mozilla\firefox\profiles\q4ertjm5.default\extensions\{e0b8c461-f8fb-49b4-8373-fe32e9252800}\platform\winnt_x86-msvc\components\enbar3.dll
FF - component: c:\documents and settings\jamie\application data\mozilla\firefox\profiles\q4ertjm5.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\documents and settings\jamie\application data\mozilla\firefox\profiles\q4ertjm5.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\documents and settings\jamie\application data\mozilla\firefox\profiles\q4ertjm5.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-7 114768]
R1 FSLX;FSLX;c:\windows\system32\drivers\fslx.sys [2006-3-14 164992]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-7-17 127768]
R1 mozyFilter;mozyFilter;c:\windows\system32\drivers\mozy.sys [2008-8-15 53752]
R1 mozyproFilter;mozyproFilter;c:\windows\system32\drivers\mozypro.sys [2009-1-21 53752]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2008-12-20 100368]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2008-12-20 41680]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2006-3-31 394952]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\!utilities\adaware\aawservice.exe [2008-5-12 611664]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-7 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast\ashServ.exe [2006-3-31 138680]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-6-7 12992]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-6-7 46112]
R2 mozyprobackup;MozyPro Backup Service;c:\program files\mozypro\mozyprobackup.exe [2009-1-30 78136]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\avast\ashMaiSv.exe [2006-3-31 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\avast\ashWebSv.exe [2006-3-31 352920]
R3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\f.tmp --> c:\windows\system32\F.tmp [?]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2008-12-20 81360]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-3-23 29744]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-04-14 10:05 <DIR> --d----- c:\program files\Sophos Anti-Rootkit
2009-03-28 21:30 <DIR> --d----- c:\docume~1\jamie\applic~1\com.pandora.Pandora.FB9956FD96E03239939108614098AD95535EE674.1

==================== Find3M ====================

2009-04-14 13:58 122,073,120 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-04-13 17:03 1,426,028 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-04-12 17:10 47,104 a--sh--- c:\windows\system32\siwipuyo.exe
2009-03-06 10:28 201,728 a------- c:\windows\system32\PolarClock3.scr
2009-02-23 19:26 88,859 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-08 16:11 22,328 a------- c:\docume~1\jamie\applic~1\PnkBstrK.sys
2008-12-18 13:22 60,744 a------- c:\documents and settings\jamie\g2mdlhlpx.exe
2006-11-30 15:51 111,616 a------- c:\program files\Employee Noncompete & Assignment Agreement.doc

============= FINISH: 14:02:01.31 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 vandasian

vandasian
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 19 April 2009 - 06:13 PM

Please close topic

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:10:48 PM

Posted 21 April 2009 - 05:53 PM

As requested this Thread is closed.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users