Jump to content

vundo virtumonde type virus


Recommended Posts

I've been having trouble getting rid of this malware. I am unable to run malwarebytes and get an error of "error 707 3." I have uninstalled it, deleted registry entries, and application data info. I tried to reinstall it again, no go. I then uninstalled it, restarted, and tried to run mbam-clean.exe. This doesn't run either and returns with a "SHGetValue failed with error code 0." I've tried in safe mode as well. I can run my anti-virus but it returns with nothing. I ran combofix as it has worked for me in the past and it did fix some issues but after running a hijack this log I see that it is still there. I have also included DDS and the Attach log, which I attached. I did it for time savings so if you don't need it great, but if you do it is there.

Hijack this:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:07:07:PM, on 01/26/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\vmnat.exe

C:\Program Files\VMware\VMware Player\vmware-authd.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\VMware\VMware Player\hqtray.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\DisplayFusion\DisplayFusion.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Documents and Settings\CDR Ltd\Application Data\Dropbox\bin\Dropbox.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\iTunes\iTunes.exe

c:\program files\avira\antivir desktop\avcenter.exe

C:\Program Files\Avira\AntiVir Desktop\avscan.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://en.us.acer.yahoo.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [Preload] C:\Windows\RUNXMLPL.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe"

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKLM\..\Run: [tabitimiv] Rundll32.exe "c:\windows\system32\falukovo.dll",a

O4 - HKCU\..\Run: [DisplayFusion] "C:\Program Files\DisplayFusion\DisplayFusion.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Dropbox.lnk = C:\Documents and Settings\CDR Ltd\Application Data\Dropbox\bin\Dropbox.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll

O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1251410444062

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: c:\windows\system32\falukovo.dll,balayoyu.dll

O21 - SSODL: pozitobir - {4ede8a70-7b6d-4863-88e3-7adf907a8f42} - c:\windows\system32\falukovo.dll (file missing)

O22 - SharedTaskScheduler: jugezatag - {4ede8a70-7b6d-4863-88e3-7adf907a8f42} - c:\windows\system32\falukovo.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exe

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--

End of file - 8470 bytes

DDS:

DDS (Ver_09-12-01.01) - NTFSx86

Run by CDR Ltd at 15:45:20.09 on 01/26/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.469 [GMT -6:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\vmnat.exe

C:\Program Files\VMware\VMware Player\vmware-authd.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\VMware\VMware Player\hqtray.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\DisplayFusion\DisplayFusion.exe

C:\Documents and Settings\CDR Ltd\Application Data\Dropbox\bin\Dropbox.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\CDR Ltd\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://en.us.acer.yahoo.com

uInternet Connection Wizard,ShellNext = hxxp://en.us.acer.yahoo.com/

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {3e89d8fa-4135-479c-a10a-7b2c70ab6fea} - zatarozu.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [DisplayFusion] "c:\program files\displayfusion\DisplayFusion.exe"

mRun: [Preload] c:\windows\RUNXMLPL.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [VMware hqtray] "c:\program files\vmware\vmware player\hqtray.exe"

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [liwotapiti] Rundll32.exe "pedisasa.dll",s

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\bam\mbamgui.exe /install /silent

StartupFolder: c:\docume~1\cdrltd~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\cdrltd~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\cdr ltd\application data\dropbox\bin\Dropbox.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

LSP: c:\program files\vmware\vmware player\vsocklib.dll

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251410444062

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

Notify: LMIinit - LMIinit.dll

AppInit_DLLs: balayoyu.dll

LSA: Notification Packages = scecli pedisasa.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\cdrltd~1\applic~1\mozilla\firefox\profiles\2uteh71b.default\

FF - plugin: c:\documents and settings\cdr ltd\application data\facebook\npfbplugin_1_0_0.dll

FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-8-24 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-8-24 108289]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-8-24 185089]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-24 56816]

R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-8-27 47640]

R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-8-14 54960]

R3 PortDRv;PST Port I/O Driver;c:\windows\system32\drivers\PortDRv.sys [2008-4-22 7168]

R3 SRBoxDRv;PST Serial Response Box Driver;c:\windows\system32\drivers\SRBoxDRv.sys [2008-4-22 14848]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-12-23 50704]

S3 ZD1211BU(SMC);802.11g Wireless USB2.0 Adapter Driver(SMC);c:\windows\system32\drivers\ZD1211BU.sys [2006-8-24 477696]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2010-01-26 21:41:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-26 21:41:33 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-26 21:41:33 0 d-----w- c:\program files\bam

2010-01-26 21:26:47 98816 ----a-w- c:\windows\sed.exe

2010-01-26 21:26:47 77312 ----a-w- c:\windows\MBR.exe

2010-01-26 21:26:47 261632 ----a-w- c:\windows\PEV.exe

2010-01-26 21:26:47 161792 ----a-w- c:\windows\SWREG.exe

2010-01-26 11:08:02 0 d-----w- C:\!KillBox

2010-01-22 07:56:10 0 d-----w- c:\program files\Trend Micro

2010-01-21 20:21:13 0 d-----w- c:\docume~1\cdrltd~1\applic~1\Facebook

2010-01-15 22:40:38 0 d-----w- c:\program files\iTunes

2010-01-15 22:40:18 0 d-----w- c:\program files\Bonjour

2010-01-15 21:50:29 0 d-----w- c:\program files\Windows Installer Clean Up

2010-01-15 21:50:15 0 d-----w- c:\program files\MSECACHE

2010-01-15 21:49:01 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2010-01-15 21:48:25 0 d-----w- c:\program files\iPod

2010-01-14 10:44:49 0 d-----w- c:\docume~1\cdrltd~1\applic~1\InfraRecorder

2010-01-14 10:44:29 0 d-----w- c:\program files\InfraRecorder

2010-01-12 19:15:39 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

2010-01-12 19:10:59 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2010-01-07 21:41:13 0 d-----w- c:\program files\common files\Hewlett-Packard

2010-01-07 21:40:33 38400 ----a-w- c:\windows\system32\hpz3l054.dll

2010-01-07 21:40:16 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2010-01-07 21:40:16 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys

2010-01-07 21:39:50 94208 ----a-w- c:\windows\system32\HPZipt12.dll

2010-01-07 21:39:50 69632 ----a-w- c:\windows\system32\HPZipm12.exe

2010-01-07 21:39:50 65536 ----a-w- c:\windows\system32\HPZinw12.exe

2010-01-07 21:39:50 57344 ----a-w- c:\windows\system32\HPZisn12.dll

2010-01-07 21:39:50 204800 ----a-w- c:\windows\system32\HPZipr12.dll

2010-01-07 21:39:49 282680 ----a-w- c:\windows\system32\HPZidr12.dll

2010-01-07 21:39:25 0 d-----w- c:\program files\HP

2010-01-07 21:38:43 110389 ----a-w- c:\windows\hpoins11.dat

2010-01-07 21:38:42 21568 ----a-w- c:\windows\system32\drivers\HPZius12.sys

2010-01-07 21:38:42 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys

2010-01-07 21:38:41 49664 ----a-w- c:\windows\system32\drivers\HPZid412.sys

2010-01-07 21:38:29 98304 ----a-w- c:\windows\system32\hpzjsn01.dll

2010-01-07 21:38:29 77824 ----a-w- c:\windows\system32\HPZIDS01.dll

2010-01-07 21:38:28 827392 ----a-w- c:\windows\system32\hpotiop2.dll

2010-01-07 21:38:28 659456 ----a-w- c:\windows\system32\hpowiax2.dll

2010-01-07 21:38:28 282624 ----a-w- c:\windows\system32\HPZc3212.dll

2010-01-07 21:38:28 254026 ----a-w- c:\windows\system32\hpovst09.dll

2010-01-07 21:38:21 6947 ----a-w- c:\windows\hpomdl11.dat

2010-01-04 10:46:09 0 d-sha-r- C:\cmdcons

2009-12-30 23:22:38 5632 ----a-w- c:\windows\system32\CNMVS38.DLL

2009-12-30 23:22:37 96768 ----a-w- c:\windows\system32\CNMLM38.DLL

2009-12-30 23:22:33 36864 ----a-w- c:\windows\system32\CNMCP38.EXE

2009-12-30 23:22:31 0 d-----w- C:\BJPrinter

2009-12-30 23:19:06 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

2009-12-30 23:19:06 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys

==================== Find3M ====================

2009-12-23 09:06:13 282624 ----a-w- c:\windows\New England Snow.scr

2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe

2009-12-07 22:42:38 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-12-02 08:28:30 1561600 ----a-w- c:\windows\ElectricSheep_2_7b21.scr

2009-11-26 08:06:00 9820160 ----a-w- c:\windows\avcodec-52.dll

2009-11-26 08:06:00 791040 ----a-w- c:\windows\avformat-52.dll

2009-11-26 08:06:00 77312 ----a-w- c:\windows\avutil-50.dll

2009-11-26 08:06:00 221696 ----a-w- c:\windows\swscale-0.dll

1601-01-01 00:03:28 52224 --sha-w- c:\windows\system32\gijoyeri.dll

1601-01-01 00:03:28 61952 --sha-w- c:\windows\system32\redivipo.dll

1601-01-01 00:03:52 52224 --sha-w- c:\windows\system32\zatarozu.dll

============= FINISH: 15:45:34.65 ===============

Attach.rar

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.