Jump to content

Computer just now suddenly got severly infected


Recommended Posts

A while back, I had problems with that nasty Dr Guard and XP Security Suite malware, and the instructions on this site seemed to have removed all problems. This was probably a month ago when it happened.

Well, today, randomly in the middle of operating normally, my computer suddenly popped up with Windows XP Security Suite again, in addition to a new malware calling itself Security Tool. I ran rkill, and that seemed to disable the bad stuff so I could run my scanner.

I just started running Antivir, and it ran for about four minutes, then I got hit by the BSOD.

After rebooting the computer, rkill would no longer work, as I got a message that says "A device attached to this program is not functioning". I tried to re-download it, and got the same message the instant I tried to start it.

I restarted again, this time in safe mode (from which I am typing to you now).

I tried to start up AntiVir, and got the same message. I downloaded the latest installer, and got the same message. I tried to start Firefox, and got the same message. However, when I started Firefox by using it to open a .txt file, and then navigate to the internet from there, it works.

Any suggestions?

Link to post
Share on other sites

Update:

I tried to download the program from Microsoft to reset host files. When trying to run it, I got a message that says that the system administrator has disabled this type of installer. I don't know how to access system administrator menus to change it.

I also tried to update Malwarebytes, and got a message that says "This file does not have a program associate with it for performing this action. Create an association in the folder options control panel"

Link to post
Share on other sites

Update:

A friend directed me to RootRepeal, and I ran that. This is the logfile, but I'm not sure what to do.

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2010/04/03 16:24

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP3

==================================================

Hidden/Locked Files

-------------------

Path: C:\WINDOWS\system32\walojofe.dll

Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\nowurumo

Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\sepasalu.dll

Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\geheyani.dll

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\mcafee_hB2avFadvar5QLG

Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\HK-47\Local Settings\Temp\2B.tmp

Status: Visible to the Windows API, but not on disk.

Path: c:\documents and settings\hk-47\local settings\application data\mozilla\firefox\profiles\aay8uq9t.default\cache\d5e0ca16d01

Status: Size mismatch (API: 16725, Raw: 16731)

Path: c:\documents and settings\hk-47\local settings\application data\mozilla\firefox\profiles\aay8uq9t.default\cache\_cache_001_

Status: Size mismatch (API: 783297, Raw: 774443)

Path: c:\documents and settings\hk-47\local settings\application data\mozilla\firefox\profiles\aay8uq9t.default\cache\_cache_003_

Status: Size mismatch (API: 1591393, Raw: 1555752)

==EOF==

This is a DDS file I think I am supposed to post. I'm still working on the GMER.

DDS (Ver_10-03-17.01) - NTFSx86 NETWORK

Run by HK-47 at 16:25:53.26 on Sat 04/03/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3063.2144 [GMT -4:00]

AV: Dr. Guard *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: avast! Antivirus *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe

C:\Documents and Settings\HK-47\Desktop\RootRepeal\RootRepeal.com

C:\PROGRA~1\XFIRE\XFIRE.COM

C:\Documents and Settings\HK-47\Desktop\dds.scr

C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page =

uInternet Settings,ProxyServer = http=localhost:8872

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\toolbar\ctbr.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {5ee33ce9-c568-4fbf-b563-23d49e110b8f} - sepasalu.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\toolbar\ctbr.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr .exe" /background

uRun: [steam] "c:\program files\steam\Steam.exe" -silent

uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet

uRun: [rmbllnbc] c:\documents and settings\hk-47\local settings\application data\isfbrr\jsirsftav.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [rmbllnbc] c:\documents and settings\hk-47\local settings\application data\isfbrr\jsirsftav.exe

mRun: [yugehimiyi] Rundll32.exe "walojofe.dll",s

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\progra~1\malwar~1\MBAM.exe" /runcleanupscript

StartupFolder: c:\documents and settings\hk-47\start menu\programs\startup\Antivirus.exe

StartupFolder: c:\documents and settings\hk-47\start menu\programs\startup\msmngr.exe

StartupFolder: c:\documents and settings\hk-47\start menu\programs\startup\winmpa.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\1.0.150\SSScheduler.exe

dPolicies-system: DisableRegistryTools = 1 (0x1)

IE: Crawler Search - tbr:iemenu

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1014091440000

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - c:\program files\navnetapp\ComUtilities.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\toolbar\ctbr.dll

AppInit_DLLs: geheyani.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Notification Packages = scecli geheyani.dll

uASetup: {233807B5-2H60-13D0-A31Q-00BB00B32C03} - c:\windows\fonts\fonts.exe

uASetup: {233807B5-2H70-13D0-A31Q-00BB00B32C03} - c:\windows\fonts\winlgoon.exe

IFEO: MpCmdRun.exe - c:\windows\system32\svchost.exe

IFEO: MSASCui.exe - c:\windows\system32\svchost.exe

IFEO: MsMpEng.exe - c:\windows\system32\svchost.exe

IFEO: msseces.exe - c:\windows\system32\svchost.exe

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hk-47\applic~1\mozilla\firefox\profiles\aay8uq9t.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 8872

FF - prefs.js: network.proxy.type - 4

FF - component: c:\program files\crawler\toolbar\firefox\components\xcomm.dll

FF - component: c:\program files\crawler\toolbar\firefox\components\xshared.dll

FF - component: c:\program files\crawler\toolbar\firefox\components\xsupport.dll

FF - component: c:\program files\crawler\toolbar\firefox\components\xwsg.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_HotbarSA.dll

---- FIREFOX POLICIES ----

FF - user.js: network.proxy.type - 1

FF - user.js: network.proxy.http - 127.0.0.1

FF - user.js: network.proxy.http_port - 8872

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 mv64xx;mv64xx;c:\windows\system32\drivers\mv64xx.sys [2009-1-29 277032]

S0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2010-3-6 128016]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-28 162640]

S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-3-8 11608]

S1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-3-6 317072]

S1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-7-8 214664]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-3-8 108289]

S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-3-8 185089]

S2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-10-12 464264]

S2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-10-12 234888]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-28 19024]

S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-28 40384]

S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-3-8 56816]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-9-14 93320]

S2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-9-14 359952]

S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-9-14 144704]

S2 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]

S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-28 40384]

S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-28 40384]

S3 gtermddo;gtermddo;\??\c:\docume~1\hk-47\locals~1\temp\gtermddo.sys --> c:\docume~1\hk-47\locals~1\temp\gtermddo.sys [?]

S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-9-14 606736]

S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-9-14 79816]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-9-14 35272]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-9-14 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-9-14 40552]

S3 ndiswdk;ndiswdk;\??\c:\windows\system32\ndiswdk.sys --> c:\windows\system32\ndiswdk.sys [?]

S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

============== File Associations ===============

.exe=secfile

=============== Created Last 30 ================

2010-04-03 20:08:40 54016 ----a-w- c:\windows\system32\drivers\qptcdy.sys

2010-04-03 19:35:12 0 d-----w- c:\docume~1\alluse~1\applic~1\66562732

2010-03-29 06:31:39 0 d-----w- c:\documents and settings\hk-47\Photocensoredet

2010-03-29 06:30:43 0 d-----w- c:\program files\Photocensoredet

2010-03-26 19:00:50 41872 ----a-w- c:\windows\system32\xfcodec.dll

2010-03-17 08:29:56 0 d-----w- c:\program files\Everlong

2010-03-12 02:29:05 0 d-----w- c:\docume~1\hk-47\applic~1\AVG8

2010-03-12 00:23:12 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-03-10 07:20:10 0 d-----w- c:\program files\Crawler

2010-03-10 07:20:05 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys

2010-03-10 07:20:04 0 d-----w- c:\docume~1\hk-47\applic~1\Spyware Terminator

2010-03-10 07:19:58 0 d-----w- c:\program files\Spyware Terminator

2010-03-10 07:19:58 0 d-----w- c:\docume~1\alluse~1\applic~1\Spyware Terminator

2010-03-10 01:09:00 552 ----a-w- c:\windows\system32\d3d8caps.dat

2010-03-09 02:42:58 0 d--h--w- c:\windows\PIF

2010-03-09 01:25:35 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-03-09 01:25:23 0 d-----w- c:\program files\Avira

2010-03-09 01:25:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira

2010-03-09 00:22:02 1048 ----a-w- c:\docume~1\alluse~1\applic~1\fiosejgfse.dll

2010-03-08 16:34:57 296 ----a-w- c:\documents and settings\hk-47\options.cfg

2010-03-07 23:59:32 0 d-----w- c:\docume~1\hk-47\applic~1\Xfire

2010-03-07 23:59:25 0 d-----w- c:\program files\Xfire

2010-03-07 13:15:01 0 d-----w- c:\program files\Zone Labs

2010-03-07 02:13:08 0 d-----w- c:\program files\CCleaner

2010-03-07 00:27:20 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-03-06 04:28:06 0 d-----w- c:\program files\Enigma Software Group

2010-03-06 04:13:44 128016 ----a-w- c:\windows\system32\drivers\kl1.sys

2010-03-06 04:13:15 0 d-----w- c:\windows\system32\ZoneLabs

2010-03-06 04:13:14 423501 ----a-w- c:\windows\system32\vsconfig.xml

2010-03-06 04:12:50 0 d-----w- c:\windows\Internet Logs

==================== Find3M ====================

2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-24 03:23:26 57344 ----a-w- c:\documents and settings\hk-47\MSNMessengerAPI.dll

2010-01-25 21:51:23 18432 ----a-w- c:\documents and settings\hk-47\da.exe

2010-01-25 21:23:19 86016 --sh--w- c:\windows\fonts\DotMSN.dll

2010-01-25 21:23:19 192512 --sh--w- c:\windows\fonts\ICSharpCode.SharpZipLib.dll

2010-01-15 15:40:50 93696 ----a-w- C:\flapp.exe

2006-06-24 02:48:54 32768 ----a-w- c:\windows\inf\UpdateUSB.exe

2010-01-03 19:40:40 139776 --sha-w- c:\windows\system32\payubiya.exe

2009-06-15 15:20:19 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009061520090616\index.dat

============= FINISH: 16:26:12.07 ===============

Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.