Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Vundo trojan


  • This topic is locked This topic is locked
2 replies to this topic

#1 changeUp

changeUp

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 16 April 2009 - 10:09 AM

My McAfee reported infection by the Vundo!grb trojan two days ago. While it says it deletes it (about 7 times so far), it is apparently protected by a rootkit and is still there. I have tried some of the Vundo removal programs, but I think they are old and don't work on this version.

Any help would be appreciated. Thanks,

- John

DSS.txt:

DDS (Ver_09-03-16.01) - NTFSx86
Run by John at 10:47:06.31 on Thu 04/16/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1011 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\product\10.1.3.1\OraBPEL_1\Mobile\Sdk\BIN\olsv2040.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\McAfee\MSC\mcshell.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\John\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = localhost;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: {00000000-0000-0000-0000-000000000240} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6172\SiteAdv.dll
BHO: {20b934e9-507d-46b8-bda7-7ea1b5435e4f} - c:\windows\system32\tevuwoja.dll
BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Browser Helper Object: {afd4ad01-58c1-47db-a404-fbe00a6c5486} - c:\program files\common\helper.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6172\SiteAdv.dll
TB: AIM Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Sonic RecordNow!]
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe
mRun: [WildTangent CDA] RUNDLL32.exe "c:\program files\wildtangent\apps\cda\cdaEngine0400.dll",cdaEngineMain
mRun: [OrderReminder] c:\program files\hewlett-packard\orderreminder\OrderReminder.exe
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [SiteAdvisor] c:\program files\siteadvisor\6172\SiteAdv.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [lipolevabo] Rundll32.exe "c:\windows\system32\duvalufu.dll",s
mRun: [CPM57e32615] Rundll32.exe "c:\windows\system32\kedawubo.dll",a
mRun: [54d01589] rundll32.exe "c:\windows\system32\nezusena.dll",b
StartupFolder: c:\docume~1\john\startm~1\programs\startup\cyber-~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll
Trusted Zone: cedarcrestone.com
Trusted Zone: intuit.com
Trusted Zone: mcafee.com
Trusted Zone: turbotax.com
Trusted Zone: wachovia.com\www
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab
DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} - hxxp://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38037.684525463
DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://plazacam.studentaffairs.duke.edu/activex/AMC.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://cedarcrestone.webex.com/client/T26L10NSP49EP12/training/ieatgpc.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://secureaccess.cedarcrestone.com/dana-cached/setup/JuniperSetupSP1.cab
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6172\SiteAdv.dll
AppInit_DLLs: c:\windows\system32\yozofuko.dll c:\windows\system32\kedawubo.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kedawubo.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\kedawubo.dll
LSA: Notification Packages = scecli c:\windows\system32\yozofuko.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\john\applic~1\mozilla\firefox\profiles\khtz0dfw.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\program files\siteadvisor\6172\ff\components\FFHook.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-3-19 213640]
R1 NEOFLTR_630_13881;Juniper Networks TDI Filter Driver (NEOFLTR_630_13881);c:\windows\system32\drivers\NEOFLTR_630_13881.sys [2009-1-23 64480]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-8-1 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-3-19 144704]
R2 OliteService;Oracle Lite Multiuser Service;c:\product\10.1.3.1\orabpel_1\mobile\sdk\bin\olsv2040.exe [2009-4-6 73728]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-3-19 24652]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-3-19 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-3-19 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-3-19 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-3-19 40552]
S2 afinding;afinding Service;c:\windows\system32\afinding.exe --> c:\windows\system32\AFinding.exe [?]
S2 afisicx;afisicx Portable Media Serial Service;c:\windows\system32\afisicx.exe --> c:\windows\system32\afisicx.exe [?]
S2 Ias;Ias;c:\windows\system32\svchost.exe -k netsvcs [2002-8-29 14336]
S2 Iprip;Iprip;c:\windows\system32\svchost.exe -k netsvcs [2002-8-29 14336]
S2 mabidwe;mabidwe Corporation inc.;c:\windows\system32\mabidwe.exe --> c:\windows\system32\mabidwe.exe [?]
S2 macidwe;macidwe Service;c:\windows\system32\macidwe.exe --> c:\windows\system32\macidwe.exe [?]
S2 nobicyt;nobicyt Service;c:\windows\system32\nobicyt.exe --> c:\windows\system32\Nobicyt.exe [?]
S2 noytcyr;noytcyr Service;c:\windows\system32\noytcyr.exe --> c:\windows\system32\noytcyr.exe [?]
S2 perfs;perfs Service;c:\windows\system32\perfs.exe --> c:\windows\system32\perfs.exe [?]
S2 routing;routing Service;c:\windows\system32\routing.exe --> c:\windows\system32\routing.exe [?]
S2 roytctm;roytctm Service;c:\windows\system32\roytctm.exe --> c:\windows\system32\roytctm.exe [?]
S2 seictrl;Security Control;c:\windows\system32\rundll32.exe dbi102.dll,scan --> c:\windows\system32\rundll32.exe dbi102.dll,scan [?]
S2 sobicyt;sobicyt;c:\windows\system32\sobicyt.exe --> c:\windows\system32\sobicyt.exe [?]
S2 sotpeca;sotpeca Manages messages;c:\windows\system32\sotpeca.exe --> c:\windows\system32\sotpeca.exe [?]
S2 soxpeca;soxpeca Service;c:\windows\system32\soxpeca.exe --> c:\windows\system32\soxpeca.exe [?]
S2 tdxdowkc;tdxdowkc Service;c:\windows\system32\tdxdowkc.exe --> c:\windows\system32\tdxdowkc.exe [?]
S2 tdydowkc;tdydowkc Co. Ltd.;c:\windows\system32\tdydowkc.exe --> c:\windows\system32\tdydowkc.exe [?]
S2 wsldoekd;wsldoekd Portable Media Serial Service;c:\windows\system32\wsldoekd.exe --> c:\windows\system32\wsldoekd.exe [?]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;c:\windows\system32\drivers\NSDriver.sys [2008-4-29 15648]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-3-19 34216]

=============== Created Last 30 ================

2009-04-16 10:24 121 ---sh--- c:\windows\system32\anesuzen.ini
2009-04-16 09:46 <DIR> --d----- C:\VundoFix Backups
2009-04-16 09:40 <DIR> --d----- C:\Virus
2009-04-13 12:57 <DIR> --d----- c:\documents and settings\john\WebEx
2009-04-13 09:46 <DIR> --d----- c:\program files\Microsoft WSE
2009-04-13 09:43 <DIR> --d----- c:\program files\FirebirdClient
2009-04-13 09:29 <DIR> --d----- c:\program files\User Productivity Kit
2009-04-09 12:30 <DIR> --d----- c:\temp\OrderApproval
2009-04-09 10:18 <DIR> --d----- c:\temp\default
2009-04-06 14:53 18 a------- C:\pending.un
2009-04-06 14:53 <DIR> --d----- c:\program files\Juniper Networks
2009-04-06 14:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Juniper Networks
2009-04-06 14:52 <DIR> --d----- c:\docume~1\john\applic~1\Juniper Networks
2009-04-06 13:02 <DIR> --d----- C:\bea
2009-04-06 12:54 <DIR> --d----- C:\Oracle
2009-04-06 12:17 995 a------- c:\windows\ODBC.INI.BPM
2009-04-06 12:11 206 a------- c:\windows\polite.ini
2009-04-06 12:10 204,547 a------- c:\windows\system32\THREED32.OCX
2009-04-06 12:10 89,859 a------- c:\windows\system32\GRID32.OCX
2009-04-06 12:00 <DIR> --d----- C:\product
2009-04-06 12:00 <DIR> --d----- c:\program files\Oracle
2009-04-06 11:46 <DIR> --d----- c:\temp\bpel
2009-03-26 14:46 1,878,888 a------- c:\temp\install_flash_player.exe
2009-03-19 11:00 1,427,547 a------- c:\windows\system32\SSPDFD
2009-03-18 17:31 <DIR> --d----- c:\temp\xaml

==================== Find3M ====================

2009-04-16 08:59 107,520 a--sh--- c:\windows\system32\kedawubo.dll
2009-04-16 08:59 101,376 a--sh--- c:\windows\system32\nezusena.dll
2009-04-15 11:23 70,144 a--sh--- c:\windows\system32\sesisuvo.dll
2009-04-15 11:22 108,032 a--sh--- c:\windows\system32\zilolowa.dll
2009-04-15 11:22 99,840 a--sh--- c:\windows\system32\kizemaji.dll
2009-04-14 23:21 108,544 a--sh--- c:\windows\system32\jinujone.dll
2009-03-02 19:28 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 07:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-01-23 03:27 8,704 a------- c:\windows\system32\sporder.dll
2009-01-16 22:35 3,594,752 -------- c:\windows\system32\dllcache\mshtml.dll
2008-08-09 18:24 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080920080810\index.dat

============= FINISH: 10:50:41.76 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 changeUp

changeUp
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 16 April 2009 - 05:15 PM

This has been corrected by another technician so don't bother looking at it.

#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 17 April 2009 - 07:05 AM

Thank you for notify us.. I will now close this topic.. Please pm any Moderator or HJT Team should you need to re-open this topic..


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users