Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan 32 Vundo & JS Fake(?) Rootkit32


  • This topic is locked This topic is locked
2 replies to this topic

#1 lisa33

lisa33

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 30 December 2009 - 05:15 PM

Hi, I run XP and have Avast anti-virus installed. Avast has picked up a couple of problems Win32Rootkit, Trojan32 Js Fake. I now can not execute MB it will download but when I go to run I get an error. PC is running slowwwww. Here is the DDS also attached the (Attach and Rootrepeal) 12-31-09 I have had to try a couple things so I will have to run these over for you when you respond.. [color="#A0522D"]I have ran combo fix
Thanks for your time :(

DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 16:39:41.07 on Wed 12/30/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.54 [GMT -5:00]

AV: avast! antivirus 4.8.1368 [VPS 091230-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner.FAMILY\My Documents\Downloads\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uDefault_Page_URL = hxxp://us10.hpwis.com/
uDefault_Search_URL = hxxp://srch-us10.hpwis.com/
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant =
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No File
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [BackupNotify] c:\program files\hp\digital imaging\bin\backupnotify.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HPHUPD05] c:\program files\hp\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [Sunkist2k] c:\program files\multimedia card reader\shwicon2k.exe
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SecurDisc] c:\program files\nero\nero 7\incd\NBHGui.exe
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [snpstd3] c:\windows\vsnpstd3.exe
mRun: [tsnpstd3] c:\windows\tsnpstd3.exe
mRun: [nufimevej] Rundll32.exe "c:\windows\system32\sedutodo.dll",a
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe
IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
LSP: SpSubLSP.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1250810586546
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: bohemuko.dll c:\windows\system32\hamehalu.dll c:\windows\system32\sedutodo.dll c:\windows\system32\mavubayi.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: sejejidov - {482753d5-8011-4600-8ba5-68c1e08aa7dc} - c:\windows\system32\mavubayi.dll
SSODL: jozafuzek - {6e9e9bdc-d476-442a-897b-ec6a6f1c90b0} - c:\windows\system32\sedutodo.dll
STS: mujuzedij: {482753d5-8011-4600-8ba5-68c1e08aa7dc} - c:\windows\system32\mavubayi.dll
STS: jugezatag: {6e9e9bdc-d476-442a-897b-ec6a6f1c90b0} - c:\windows\system32\sedutodo.dll
LSA: Notification Packages = scecli kugatugi.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner~1.fam\applic~1\mozilla\firefox\profiles\tofngg9u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\mozilla firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-4-10 114768]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-2-12 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-22 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-4-10 138680]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-12-6 54752]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-4-10 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-4-10 352920]
S2 mrtRate;mrtRate; [x]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 usbanyka;Anyka USB Web Camera;c:\windows\system32\drivers\usbanyka.sys [2009-9-24 17536]

=============== Created Last 30 ================

2009-12-30 21:31:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 21:31:57 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-30 21:26:35 0 d--h--w- c:\windows\PIF
2009-12-30 19:03:47 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-30 18:22:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-12-30 18:22:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-12-30 18:22:21 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-12-30 18:22:21 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-12-28 19:43:16 23392 ----a-w- c:\windows\system32\nscompat.tlb
2009-12-28 19:43:16 16832 ----a-w- c:\windows\system32\amcompat.tlb
2009-12-28 05:46:45 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-12-28 05:46:45 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-12-28 05:43:58 98304 ----a-w- c:\windows\amcap.exe
2009-12-28 05:43:50 15498 ----a-w- c:\windows\snpstd3.ini
2009-12-28 05:43:50 13023 ----a-w- c:\windows\snpstd3.src
2009-12-28 05:43:48 270336 ----a-w- c:\windows\tsnpstd3.exe
2009-12-28 05:43:45 827392 ----a-w- c:\windows\vsnpstd3.exe
2009-12-28 05:43:43 3968 ----a-w- c:\windows\system32\drivers\DeNoise.sys
2009-12-28 05:43:39 10252544 ----a-w- c:\windows\system32\drivers\snpstd3.sys
2009-12-28 05:43:36 61440 ----a-w- c:\windows\system32\vsnpstd3.dll
2009-12-28 05:43:35 172032 ----a-w- c:\windows\system32\rsnpstd3.dll
2009-12-28 05:43:34 53248 ----a-w- c:\windows\csnpstd3.dll
2009-12-28 05:43:33 53248 ----a-w- c:\windows\system32\csnpstd3.dll
2009-12-28 05:43:32 0 d-----w- c:\program files\common files\snpstd3
2009-12-24 05:56:23 0 d-----w- c:\program files\common files\Macrovision Shared
2009-12-24 01:42:12 0 d-----w- c:\program files\common files\Akamai
2009-12-22 08:01:26 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-12-20 19:24:26 57344 ----a-w- c:\windows\system32\CNCI160.DLL
2009-12-20 19:24:26 135168 ----a-w- c:\windows\system32\CNCL160.DLL
2009-12-20 19:24:26 1298432 ----a-w- c:\windows\system32\CNCC160.DLL
2009-12-20 19:24:26 106496 ----a-w- c:\windows\system32\cnco160.dll
2009-12-20 18:40:34 416 ----a-w- c:\windows\MAXLINK.INI
2009-12-20 18:40:14 0 d-----w- c:\program files\common files\ScanSoft Shared
2009-12-20 18:39:40 0 d-----w- c:\program files\ScanSoft
2009-12-20 18:34:14 197632 ----a-w- c:\windows\system32\CNMLM83.DLL
2009-12-20 18:33:10 0 d-----w- c:\program files\Canon
2009-12-16 23:39:59 0 d-----w- c:\program files\common files\Symantec Shared
2009-12-16 23:29:20 0 d-----w- c:\windows\system32\drivers\NSS
2009-12-16 23:29:20 0 d-----w- c:\program files\Norton Security Scan
2009-12-16 23:29:20 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2009-12-16 23:29:13 0 d-----w- c:\program files\NortonInstaller
2009-12-16 23:29:13 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-12-16 01:46:41 0 d-----w- c:\program files\Linksys EasyLink Advisor
2009-12-16 00:49:55 0 d-----w- c:\windows\system32\Adobe
2009-12-14 01:08:44 0 d-----w- c:\program files\Gimp-2.0
2009-12-12 19:57:04 3684 ----a-w- c:\windows\system32\OEMINFO.PNF
2009-12-09 22:24:10 1089601 -c----w- c:\windows\system32\dllcache\ntprint.cat
2009-12-08 08:07:58 0 d-----w- c:\windows\system32\XPSViewer
2009-12-08 08:06:50 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-12-08 08:06:50 117760 ------w- c:\windows\system32\prntvpt.dll
2009-12-08 08:06:49 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-12-08 08:06:49 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-12-08 08:06:49 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-12-08 08:06:49 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-12-08 08:06:49 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-12-08 08:06:45 0 d-----w- C:\aa3251399105e5d69fe536
2009-12-08 08:01:49 0 d-----w- c:\program files\MSXML 6.0
2009-12-06 23:33:35 40 ----a-w- C:\Auth.prof
2009-12-06 20:39:27 0 d-----w- c:\documents and settings\owner.family\.thumb
2009-12-06 20:16:02 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-12-06 20:14:10 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-12-06 20:13:50 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-12-06 02:08:47 0 d-----w- c:\windows\V58
2009-12-06 01:38:23 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2009-12-06 01:17:02 420240 ----a-w- c:\windows\system32\mpg4c32.dll
2009-12-06 01:17:02 245760 ----a-w- c:\windows\system32\mp4sds32.ax
2009-12-05 03:18:54 245408 ----a-w- c:\windows\system32\unicows.dll
2009-12-05 03:16:15 11776 ----a-w- c:\windows\system32\drivers\afc.sys
2009-12-05 03:14:32 212480 ----a-w- c:\windows\PCDLIB32.DLL
2009-12-05 03:12:58 0 d-----w- c:\program files\muvee Technologies
2009-12-05 03:12:56 0 d-----w- c:\program files\common files\muvee Technologies

==================== Find3M ====================

2009-12-05 03:11:39 76676 ------w- c:\windows\fonts\Neurochr.ttf
2009-12-05 03:11:39 75364 ------w- c:\windows\fonts\Quigleyw.ttf
2009-12-05 03:11:39 67704 ------w- c:\windows\fonts\flx_girl.ttf
2009-12-05 03:11:39 67016 ------w- c:\windows\fonts\Occident.ttf
2009-12-05 03:11:39 39064 ------w- c:\windows\fonts\Manzanit.ttf
2009-12-05 03:11:39 37048 ------w- c:\windows\fonts\Outright.ttf
2009-12-05 03:11:39 35504 ------w- c:\windows\fonts\Resegrg_.ttf
2009-12-05 03:11:39 122736 ------w- c:\windows\fonts\Orlando.ttf
2009-12-05 03:11:39 120804 ------w- c:\windows\fonts\Oldgatel.ttf
2009-12-05 03:11:39 110644 ------w- c:\windows\fonts\tallpaul.ttf
2009-12-05 03:11:32 151668 ------w- c:\windows\fonts\batik.ttf
2009-12-05 03:11:32 148688 ------w- c:\windows\fonts\Austrise.ttf
2009-11-30 16:22:58 28256 ----a-w- c:\windows\system32\drivers\MxlW2k.sys
2009-11-24 23:51:25 29028 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-29 07:46:59 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46:52 78336 ------w- c:\windows\system32\ieencode.dll
2009-10-29 07:46:50 17408 ------w- c:\windows\system32\corpol.dll
2009-10-21 06:00:55 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00:55 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-13 10:53:29 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54:17 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54:17 112128 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 09:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-04 23:00:58 916430 ----a-w- c:\program files\Apr2006_MDX1_x86.cab
2009-09-29 22:12:42 38400 --sha-w- c:\windows\system32\bametusi.dll
2009-09-27 08:11:06 51712 --sha-w- c:\windows\system32\bohemuko.dll
2009-09-27 08:10:59 39424 --sha-w- c:\windows\system32\dayahiba.dll
2009-09-27 21:11:31 92160 --sha-w- c:\windows\system32\gananiro.dll
2009-09-27 09:11:11 92160 --sha-w- c:\windows\system32\gapedalu.dll
2009-09-27 21:11:31 38912 --sha-w- c:\windows\system32\gesekise.dll
2009-09-30 10:13:11 39424 --sha-w- c:\windows\system32\gibegovu.dll
2009-09-29 09:12:21 92672 --sha-w- c:\windows\system32\gihupahi.dll
2009-09-27 08:10:59 51712 --sha-w- c:\windows\system32\halubufu.dll
2009-09-27 08:11:06 51712 --sha-w- c:\windows\system32\jekosefu.dll
2009-09-27 21:11:31 61952 --sha-w- c:\windows\system32\kerodaru.dll
2009-09-27 08:11:06 51712 --sha-w- c:\windows\system32\kugatugi.dll
2009-09-27 09:11:11 38400 --sha-w- c:\windows\system32\mamakubu.dll
2009-09-30 10:13:11 91648 --sha-w- c:\windows\system32\mavubayi.dll
2009-09-27 08:10:59 94208 --sha-w- c:\windows\system32\napigowu.dll
2009-09-28 21:12:07 38400 --sha-w- c:\windows\system32\penonoge.dll
2009-09-29 09:12:21 38912 --sha-w- c:\windows\system32\peroruvo.dll
2009-09-29 22:12:42 92672 --sha-w- c:\windows\system32\sedutodo.dll
2009-09-28 09:11:50 38400 --sha-w- c:\windows\system32\tuluferu.dll
2009-09-26 19:45:30 39424 --sha-w- c:\windows\system32\wunepiju.dll
2009-04-05 17:08:19 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-04-05 17:08:19 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-04-05 17:08:19 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 16:41:09.01 ===============

Attached Files


Edited by lisa33, 31 December 2009 - 01:14 PM.


BC AdBot (Login to Remove)

 


#2 lisa33

lisa33
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 01 January 2010 - 10:49 PM

Hi, never mind I got it.

#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:16 PM

Posted 09 January 2010 - 11:24 AM

Since this topic appears to be resolved, I will now close it. THanks for letting us know.

If you need this topic re-opened please send me a PM.

Everyone else, please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users