Thread: Viruses keep returning
View Single Post
Old 07-02-2009, 07:37 AM   #1 (permalink)
attley.appleton
Registered User
 
Join Date: Jun 2009
Posts: 13
OS: Windows Xp SP2 Media Center Edition


Viruses keep returning
Hello,
I installed malwarebytes on the computer to delete the malware such as protection system, but they keep returning everytime my avg 8.5 firewall enables and allows the profile. When I block all profiles, the obscene icons on my desktop does not appear and protection system does not run. I also run the antivirus scan for avg and it finds and deletes different viruses but uacinit.dll. I tried killbox to delete uacinit and it says that it could not be deleted. In addition to this rundll32.exe is gone and when I try to expand it off my system disc and I restart computer and scan using malwarebytes, it turns out to be a backdoor.lastdoor. Also taskmanager is gone and when I try to expand it off the system disc it still does not work. Here is the dds file.
Several files that are trojans, 6.tmp and 7.tmp, will not be deleted because the files are corrupt or unreadable. I zipped two ark files that are the same thing but one is ark.txt and the other ark.

DDS (Ver_09-06-26.01) - NTFSx86
Run by Owner at 12:08:15.10 on Wed 07/01/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Protection System *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============


============== Pseudo HJT Report ===============

uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=W3503
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uInternet Connection Wizard,ShellNext = "c:\program files\msn gaming zone\windows\shvlzm.exe"
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\bin\ssv.dll
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: {D584CA81-D40C-4804-AAA6-6971C9D243C0} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\lib\deploy\jqs\ie\jqs_plugin.dll
TB: BellSouth Toolbar: {4e7bd74f-2b8d-469e-8cbd-fd60bb9aae2e} - c:\progra~1\blstoo~1\BLSTOO~1.DLL
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [HelpCenter4.1] c:\program files\fastaccessdsl\helpcenter43\bin\sprtcmd.exe /P HelpCenter4.1
mRun: [SunJavaUpdateSched] "c:\program files\java\bin\jusched.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
dRun: [Power2GoExpress] NA
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw_promo.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8ad9c840-044e-11d1-b3e9-00805f499d93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} - hxxp://www.imgag.com/cp/install/AxCtp2.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {cafeefac-0016-0000-0007-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {cafeefac-0016-0000-0011-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {cafeefac-ffff-ffff-ffff-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\progra~1\qualcomm\eudora\EuShlExt.dll
LSA: Notification Packages = scecli c:\windows\system32\legidonu.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner~1.you\applic~1\mozilla\firefox\profiles\tb4g7jsp.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\java\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\java\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {8E6513AA-7B3B-496A-92FA-111727E165C9} - c:\documents and settings\owner\local settings\application data\{8E6513AA-7B3B-496A-92FA-111727E165C9}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============


============== File Associations ===============

txtfile=%windir%\NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-07-01 11:27 <DIR> --d----- c:\program files\Protection System
2009-07-01 10:28 <DIR> --d----- c:\program files\common files\PC Tools
2009-07-01 10:28 <DIR> --d----- c:\program files\Spyware Doctor
2009-07-01 09:45 167,936 a------- c:\windows\REGEDIT.EXE
2009-07-01 09:02 90,624 a------- c:\windows\notepad.exe
2009-07-01 09:02 90,624 a------- c:\windows\system32\notepad.exe
2009-06-29 13:08 <DIR> --d----- C:\!KillBox
2009-06-29 11:57 248 a------- c:\docume~1\owner~1.you\applic~1\wklnhst.dat
2009-06-29 10:47 360,320 a------- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-06-28 06:10 14,356 a------- c:\windows\2ee95parse15z7.dll
2009-06-27 19:53 12,553 a------- c:\windows\71cd9wnloader2z55.ocx
2009-06-27 18:24 <DIR> --d----- c:\docume~1\owner~1.you\applic~1\Malwarebytes
2009-06-27 12:21 <DIR> --d----- c:\docume~1\owner~1.you\applic~1\You've Got Pictures Screensaver
2009-06-27 12:21 <DIR> --d----- c:\docume~1\owner~1.you\applic~1\AOL
2009-06-27 12:21 <DIR> --d----- c:\documents and settings\owner.your-5653e30a79\WINDOWS
2009-06-27 12:21 <DIR> --d----- c:\documents and settings\Owner.YOUR-5653E30A79
2009-06-27 00:47 5,547 a------- c:\windows\19015szy597.exe
2009-06-26 19:02 <DIR> --d----- C:\70d59229f8235fabca
2009-06-26 08:16 82,432 a------- c:\windows\system32\resdll.dll
2009-06-25 11:48 17,778 a------- c:\windows\9z089troj7b5.exe
2009-06-25 10:34 <DIR> --d----- c:\program files\common files\DivX Shared
2009-06-25 10:34 <DIR> --d----- c:\program files\DivX
2009-06-24 12:23 1,409 a------- c:\windows\QTFont.for
2009-06-24 12:23 54,156 a---h--- c:\windows\QTFont.qfn
2009-06-23 22:46 2,777 a------- c:\windows\system32\26099z5oj182.bin
2009-06-23 11:25 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-23 11:25 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-23 11:25 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-22 18:15 2 a------- c:\windows\010112010146118114.lso
2009-06-22 18:15 39,424 ----h--- c:\windows\ld10.exe
2009-06-22 15:38 8,989 a------- c:\windows\2a04sparse590z.ocx
2009-06-21 19:36 17,093 a------- c:\windows\16511h5cztool9ee.exe
2009-06-21 18:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-06-21 08:08 62,465 a------- c:\windows\system32\reader_s.exe
2009-06-21 08:08 0 a------- c:\windows\system32\20.tmp
2009-06-21 08:08 40,961 a------- c:\windows\system32\1F.tmp
2009-06-21 08:08 0 a------- c:\windows\system32\1E.tmp
2009-06-21 07:45 120 a------- c:\windows\system32\1B.tmp
2009-06-21 06:09 15,326 a------- c:\windows\system32\5565threzt14998.cpl
2009-06-20 17:37 1 a------- c:\windows\system32\1C.tmp
2009-06-20 17:37 84 a------- c:\windows\system32\1A.tmp
2009-06-20 10:03 247,808 a------- c:\windows\system32\wzszxrjbpiwsg.dll
2009-06-20 10:03 54,272 a------- c:\windows\system32\wzszxhomufjwx.dll
2009-06-20 10:03 17,408 a------- c:\windows\system32\wzszxrjlbopav.dll
2009-06-20 10:03 4 a------- c:\windows\system32\wzszxcounter
2009-06-20 10:03 33,793 a------- c:\windows\system32\drivers\wzszxetobwesr.sys.rmv
2009-06-19 12:42 <DIR> --d----- c:\program files\TweakNow RegCleaner
2009-06-19 10:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\RegCure
2009-06-19 09:41 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-06-19 09:41 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-19 09:41 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-06-19 09:41 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-19 09:39 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-06-19 09:37 50,968 a------- c:\windows\system32\avgfwdx.dll
2009-06-19 09:37 29,208 a------- c:\windows\system32\drivers\avgfwdx.sys
2009-06-19 09:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\U3
2009-06-18 15:56 81,408 a------- c:\windows\system32\7.tmp
2009-06-18 15:56 1 a------- c:\windows\system32\6.tmp
2009-06-18 13:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-06-18 13:46 1 a------- c:\windows\system32\11.tmp
2009-06-18 13:46 84 a------- c:\windows\system32\10.tmp
2009-06-18 13:14 0 a------- c:\windows\system32\Installer.exe
2009-06-18 13:10 1 a------- c:\windows\system32\3D.tmp
2009-06-18 13:10 84 a------- c:\windows\system32\39.tmp
2009-06-18 11:36 84 a------- c:\windows\system32\3B.tmp
2009-06-18 11:35 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-06-18 11:34 <DIR> --d----- c:\program files\Norton Internet Security
2009-06-18 11:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-06-18 11:23 <DIR> --d----- c:\program files\NortonInstaller
2009-06-18 11:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-06-17 21:41 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-06-17 18:58 8,680 a------- c:\windows\system32\234925p96z5.bin
2009-06-17 17:36 2 a------- c:\windows\010112010146118114.dat
2009-06-17 13:18 12,448 a------- c:\windows\31925nz59a-virus603.dll
2009-06-17 12:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVS4YOU
2009-06-17 12:09 <DIR> --d----- c:\program files\common files\AVSMedia
2009-06-17 12:09 974,848 a------- c:\windows\system32\mfc70.dll
2009-06-17 12:08 487,424 a------- c:\windows\system32\msvcp70.dll
2009-06-17 11:55 <DIR> --d----- c:\program files\common files\Common Share
2009-06-17 11:43 344,064 a------- c:\windows\system32\msvcr70.dll
2009-06-16 00:57 6,527 a------- c:\windows\7431downlzade59465.exe
2009-06-15 13:55 17,134 a------- c:\windows\system32\1eb1t9i5z208.cpl
2009-06-14 03:40 16,615 a------- c:\windows\4c27zpy9ar594.exe
2009-06-13 20:04 17,279 a------- c:\windows\13fdd5wnlo9der3z9.bin
2009-06-12 14:19 4,563 a------- c:\windows\3a99spa5sez297.cpl
2009-06-12 13:43 8,240 a------- c:\windows\system32\10481v59usz02.exe
2009-06-11 22:04 11,645 a------- c:\windows\255t9reat28z45.ocx
2009-06-11 00:21 9,489 a------- c:\windows\system32\2877d5wnlo9dzr3008.exe
2009-06-07 09:17 5,902 a------- c:\windows\system32\18145not5a-virzs39f.dll
2009-06-07 07:37 5,883 a------- c:\windows\system32\23529pa5bot6z2.cpl
2009-06-07 01:48 14,809 a------- c:\windows\36e9sparsz19745.bin
2009-06-05 03:26 11,755 a------- c:\windows\45zavi91.dll
2009-06-04 02:39 8,142 a------- c:\windows\656adow5l9azer2918.cpl
2009-06-03 16:31 13,874 a------- c:\windows\4a43st5al957z.bin

==================== Find3M ====================

2009-07-01 09:50 65,536 a------- c:\windows\DUMP827e.tmp
2009-06-29 12:05 65,536 a------- c:\windows\DUMP7b5a.tmp
2009-06-29 10:47 360,320 a------- c:\windows\system32\drivers\TCPIP.SYS
2009-06-28 17:31 65,536 a------- c:\windows\DUMP9e53.tmp
2009-06-28 15:43 65,536 a------- c:\windows\DUMP8368.tmp
2009-06-27 18:27 65,536 a------- c:\windows\DUMP7ce0.tmp
2009-06-26 19:50 65,536 a------- c:\windows\DUMP7a12.tmp
2009-06-26 19:26 65,536 a------- c:\windows\DUMP8378.tmp
2009-06-26 19:04 65,536 a------- c:\windows\DUMPd8cc.tmp
2009-06-26 19:00 65,536 a------- c:\windows\DUMP8608.tmp
2009-06-23 20:13 65,536 a------- c:\windows\DUMPab14.tmp
2009-06-23 12:08 65,536 a------- c:\windows\DUMP7687.tmp
2009-06-23 08:29 65,536 a------- c:\windows\DUMP79b4.tmp
2009-06-22 11:59 65,536 a------- c:\windows\DUMP73e7.tmp
2009-06-21 08:09 65,536 a------- c:\windows\DUMP7985.tmp
2009-06-20 16:05 65,536 a------- c:\windows\DUMP81a3.tmp
2009-06-20 15:49 65,536 a------- c:\windows\DUMP7ef4.tmp
2009-06-19 13:20 65,536 a------- c:\windows\DUMP857b.tmp
2009-05-27 12:44 9,600 a------- c:\windows\system32\56z4ba9kdoor2798.dll
2009-05-27 08:54 14,294 a------- c:\windows\zacda5d9are2405.bin
2009-05-26 16:04 13,110 a------- c:\windows\75bc9irz65.dll
2009-05-25 07:22 4,752 a------- c:\windows\system32\192zstea51070.bin
2009-05-23 09:42 6,523 a------- c:\windows\9675viruz584.dll
2009-05-22 11:34 13,978 a------- c:\windows\95895vzrus553.bin
2009-05-18 18:04 12,023 a------- c:\windows\z5eddo5nload9r590.exe
2009-05-18 01:06 3,238 a------- c:\windows\system32\5e5dbackd9or2586z.exe
2009-05-16 05:46 16,998 a------- c:\windows\system32\7925s9yzare1384.exe
2009-05-15 14:17 8,300 a------- c:\windows\9d27downloaderz564.exe
2009-05-14 14:05 530,083 a------- C:\HC4DecommissionScheduler.exe
2009-05-13 04:07 8,979 a------- c:\windows\5ezev5r5979.dll
2009-05-12 00:25 16,788 a------- c:\windows\21384ha9ztool3f5.dll
2009-05-10 15:40 8,008 a------- c:\windows\system32\1f39zpa9se24895.dll
2009-05-09 18:33 87,552 a--sh--- c:\windows\system32\fokitape.dll
2009-05-08 21:02 87,552 a--sh--- c:\windows\system32\gamunaku.dll
2009-05-08 02:18 13,352 a------- c:\windows\b99addwar53z5.exe
2009-05-07 11:09 16,735 a------- c:\windows\system32\22355zr9jbf.dll
2009-05-07 08:33 87,552 a--sh--- c:\windows\system32\jelulede.dll
2009-05-06 17:59 87,552 a--sh--- c:\windows\system32\diduwada.dll
2009-05-06 05:59 49,664 a--sh--- c:\windows\system32\dusayamo.dll
2009-05-05 23:38 17,425 a------- c:\windows\13893tr5jz8e.exe
2009-05-05 18:19 3,082 a------- c:\windows\system32\affv300053706p4now.sys
2009-05-05 17:59 88,064 a--sh--- c:\windows\system32\bozujeyi.dll
2009-05-05 06:01 79,872 a--sh--- c:\windows\system32\jojilite.exe
2009-05-04 17:08 9,108 a------- c:\windows\system32\25020spa5z9t268.dll
2009-05-04 15:40 3,287 a------- c:\windows\system32\51z5down9oader1238.dll
2009-05-04 11:37 79,360 a--sh--- c:\windows\system32\lubujoko.exe
2009-05-03 15:44 79,360 a------- c:\windows\system32\vebenone.dll
2009-05-02 22:53 5,733 a------- c:\windows\59dadd9are119z5.dll
2009-05-02 16:19 7,838 a------- c:\windows\3d90spzrs52089.dll
2009-05-02 13:05 88,064 a------- c:\windows\system32\wojohilu.dll
2009-05-02 12:06 78,848 a--sh--- c:\windows\system32\pubinibu.exe
2009-05-01 17:03 129,784 -------- c:\windows\system32\pxafs.dll
2009-05-01 17:03 120,056 -------- c:\windows\system32\pxcpyi64.exe
2009-05-01 17:03 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-05-01 17:02 90,112 a------- c:\windows\system32\dpl100.dll
2009-05-01 17:02 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-05-01 17:02 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-05-01 17:02 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-05-01 17:02 811,008 a------- c:\windows\system32\divx_xx16.dll
2009-05-01 17:02 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-05-01 17:02 685,056 a------- c:\windows\system32\DivX.dll
2009-05-01 15:38 79,872 a--sh--- c:\windows\system32\rimuwuka.exe
2009-05-01 00:45 7,890 a------- c:\windows\system32\z0199v5rus3dc.dll
2009-04-30 06:58 79,872 a--sh--- c:\windows\system32\rolivepa.exe
2009-04-29 18:44 87,040 a--sh--- c:\windows\system32\vunogenu.dll
2009-04-28 17:14 48,640 a--sh--- c:\windows\system32\vufurajo.dll
2009-04-28 17:13 87,552 a--sh--- c:\windows\system32\nadojizu.dll
2009-04-24 07:12 2,843 a------- c:\windows\system32\7625thr95z17482.dll
2009-04-24 01:40 16,652 a------- c:\windows\29509roz321.dll
2009-04-19 23:05 16,889 a------- c:\windows\c6evi5319z.exe
2009-04-17 05:13 2,578 a------- c:\windows\system32\4747viz2959.exe
2009-04-16 16:16 6,144 a------- c:\windows\95641tzoj7b5.bin
2009-04-16 06:06 14,157 a------- c:\windows\55dfs5ezl994.dll
2009-04-15 08:51 18,429 a------- c:\windows\system32\5629addware9z635.bin
2009-04-12 08:31 2,737 a------- c:\windows\2z592virus5c09.bin
2009-04-11 15:27 16,236 a------- c:\windows\486dsp9rze5686.exe
2009-04-11 12:54 7,161 a------- c:\windows\42b9spazs9815.exe
2009-04-10 15:29 10,028 a------- c:\windows\7d57s9ywaze2034.bin
2009-04-10 05:23 12,828 a------- c:\windows\4zethi9f3594.exe
2009-04-10 00:52 17,910 a------- c:\windows\29591spy513z.bin
2009-04-08 01:19 11,803 a------- c:\windows\19529zp5mbot3aa.dll
2009-04-06 01:46 13,865 a------- c:\windows\system32\4bc4zteal9556.bin
2009-04-04 17:30 14,166 a------- c:\windows\system32\51zespars5995.bin
2009-01-28 17:15 48,640 a--sh--- c:\windows\system32\seyohehu.dll

============= FINISH: 12:10:14.84 ===============
Attached Files
File Type: zip Attach.zip (33.7 KB, 1 views)
attley.appleton is offline   Reply With Quote
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here