Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help removing viruses. Win 32 maybe?


  • Please log in to reply
2 replies to this topic

#1 wchapman

wchapman

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 28 October 2009 - 07:33 PM

Hello all, I have a serious problem with my computer. I believe I have a virus that originates from the programs win32, but I am no computer expert so I don;t really know. If someone could please analyze my hijackthis log and let me know what I could do to fix it I would really appreciate it. Let me know if I need to download any more programs to help me in my quest.

Here is a description of the things that are wrong with my computer: When I open my firefox internet browser, sometimes internet explorer will start opening popup after popup and I can't stop it. Overall, there are alot of popups that come up all the time. Also, Firefox does not allow me to open many links; it just freezes and doesn't allow me to proceed. Also, I cannot copy and paste by right clicking inside the internet browser

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:28:52 PM, on 10/28/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18319)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide
O4 - HKLM\..\Run: [PCMAgent] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [bepuyukub] Rundll32.exe "c:\windows\system32\duwozayo.dll",a
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [mwyyp] C:/Users/Owner/Downloads//hmtqoej.exe
O4 - HKCU\..\Run: [wehfd] C:/Users/Owner/Downloads//eaoyehb.exe
O4 - HKCU\..\Run: [bepuyukub] Rundll32.exe "c:\windows\system32\duwozayo.dll",a
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\ProgramData\sewabune\sewabune.dll C:\ProgramData\wukojohe\wukojohe.dll c:\windows\system32\duwozayo.dll
O21 - SSODL: lamepoduh - {ae706781-9baf-4a91-8193-0367997d9e95} - c:\windows\SysWow64\duwozayo.dll
O22 - SharedTaskScheduler: tokatiluy - {ae706781-9baf-4a91-8193-0367997d9e95} - c:\windows\SysWow64\duwozayo.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: ConfigFree Gadget Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12964 bytes

Edited by wchapman, 28 October 2009 - 07:37 PM.


BC AdBot (Login to Remove)

 


#2 wchapman

wchapman
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 29 October 2009 - 07:00 AM

I've seen that alot of posters have been posting DDS logs. Here is my DDS log. Any help at all would be appreciated
DDS (Ver_09-10-26.01) - NTFSX64
Run by Owner at 8:02:37.59 on Thu 10/29/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.3932.1910 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TSS.exe
C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files (x86)\iPod\bin\iPodService.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\syswow64\MsiExec.exe
C:\Windows\system32\DllHost.exe
C:\Users\Owner\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.att.net
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~2\common~1\symant~1\ids\IPSBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~2\micros~1\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files (x86)\java\jre1.6.0_06\bin\ssv.dll
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - c:\programdata\partner\partner.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files (x86)\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [mwyyp] C:/Users/Owner/Downloads//hmtqoej.exe
uRun: [wehfd] C:/Users/Owner/Downloads//eaoyehb.exe
uRun: [bepuyukub] Rundll32.exe "c:\windows\system32\sipahode.dll",a
mRun: [ToshibaServiceStation] "c:\program files (x86)\toshiba\toshiba service station\TSS.exe" /hide
mRun: [PCMAgent] "c:\program files (x86)\cyberlink\powercinema for toshiba\PCMAgent.exe"
mRun: [CLMLServer] "c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\clml\CLMLSvc.exe"
mRun: [ccApp] "c:\program files (x86)\common files\symantec shared\ccApp.exe"
mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] c:\program files (x86)\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [bepuyukub] Rundll32.exe "c:\windows\system32\sipahode.dll",a
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files (x86)\microsoft office\office12\ONENOTEM.EXE
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files (x86)\java\jre1.6.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files (x86)\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~2\micros~1\office12\GR99D3~1.DLL
AppInit_DLLs: c:\programdata\sewabune\sewabune.dll c:\programdata\wukojohe\wukojohe.dll c:\windows\system32\sipahode.dll
SSODL: lamepoduh - {ae706781-9baf-4a91-8193-0367997d9e95} - c:\windows\syswow64\duwozayo.dll
SSODL: lovobofod - {1171a0ba-ab0b-4cf4-a49e-955a0401ee94} - c:\windows\syswow64\sipahode.dll
STS: tokatiluy: {ae706781-9baf-4a91-8193-0367997d9e95} - c:\windows\syswow64\duwozayo.dll
STS: jugezatag: {1171a0ba-ab0b-4cf4-a49e-955a0401ee94} - c:\windows\syswow64\sipahode.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~2\micros~1\office12\GRA8E1~1.DLL
LSA: Notification Packages = scecli yunewoti.dll kowavelo.dll c:\programdata\jagupodi\jagupodi.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg64.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: Show Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
mRun-x64: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun-x64: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun-x64: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

================= FIREFOX ===================

FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\t3pvodkb.default\
FF - component: c:\program files (x86)\mozilla firefox\components\coFFPlgn.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files (x86)\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\users\owner\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-22 69152]
R0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\drivers\tos_sps64.sys [2008-8-20 504912]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-10-20 89680]
R1 IDSvia64;Symantec Intrusion Prevention Driver;c:\progra~3\symantec\defini~1\symcdata\ipsdefs\20090625.001\IDSvia64.sys [2009-7-3 370224]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-20 22096]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-10-20 65616]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\toshiba\configfree\CFProcSRVC.exe [2008-6-27 36864]
R2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\toshiba\configfree\CFSvcs.exe [2008-7-10 40960]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\lavasoft\ad-aware\AAWService.exe [2009-9-24 1170768]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files (x86)\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 McciCMService64;McciCMService64;c:\program files\common files\motive\McciCMService.exe [2009-9-28 495616]
R2 TMachInfo;TMachInfo;c:\program files (x86)\toshiba\toshiba service station\TMachInfo.exe [2008-8-20 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 175104]
R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\drivers\CAXHWAZL.sys [2008-3-25 294400]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-5-4 131632]
R3 NETw5v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ;c:\windows\system32\drivers\NETw5v64.sys [2008-4-28 4730368]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2mdx64.sys [2008-4-15 62040]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sdx64.sys [2008-4-8 51928]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007-4-9 9728]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2009-4-6 27160]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 84992]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 47664]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk60x64.sys [2008-7-25 404992]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-4-16 93184]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-5-4 25424]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-8-28 49152]
S4 KR10I64;KR10I64;c:\windows\system32\drivers\KR10I64.sys [2008-8-20 248320]
S4 KR10N64;KR10N64;c:\windows\system32\drivers\KR10N64.sys [2008-8-20 237568]
S4 Partner Service;Partner Service;c:\programdata\partner\partner.exe [2009-3-3 110576]

=============== Created Last 30 ================

2009-10-27 01:19:12 0 d-----w- c:\programdata\wukojohe
2009-10-27 01:19:12 0 d-----w- c:\programdata\terozepu
2009-10-27 01:19:12 0 d-----w- c:\programdata\jagupodi
2009-10-27 01:18:41 0 d-----w- c:\programdata\feyiyitu
2009-10-27 01:18:39 0 d-----w- c:\programdata\lesuzeka
2009-10-27 01:18:39 0 d-----w- c:\programdata\fohavato
2009-10-22 13:58:07 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-22 12:57:14 69152 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-22 12:55:32 0 dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-22 12:55:20 0 d-----w- c:\programdata\Lavasoft
2009-10-22 12:55:20 0 d-----w- c:\program files (x86)\Lavasoft
2009-10-22 12:05:36 709336 ----a-w- c:\windows\syswow64\PerfStringBackup.INI
2009-10-22 01:45:38 0 d-----w- c:\programdata\PrevxCSI
2009-10-22 01:39:20 0 d-----w- c:\program files (x86)\CCleaner
2009-10-21 00:01:02 0 d-----w- c:\program files (x86)\Trend Micro
2009-10-20 23:52:47 155136 ------w- c:\windows\trz72C0.tmp
2009-10-20 23:21:54 65616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-10-20 23:21:54 0 ----a-w- c:\windows\syswow64\config.nt
2009-10-20 23:21:41 380928 ----a-w- c:\windows\syswow64\actskin4.ocx
2009-10-20 23:21:41 1279968 ----a-w- c:\windows\syswow64\aswBoot.exe
2009-10-20 23:21:40 0 d-----w- c:\program files\Alwil Software
2009-10-20 11:53:43 0 d-----w- c:\programdata\wiwofuko
2009-10-20 11:53:43 0 d-----w- c:\programdata\lerojeba
2009-10-20 11:53:43 0 d-----w- c:\programdata\digobogo
2009-10-20 11:53:12 0 d-----w- c:\programdata\neleyebu
2009-10-20 11:53:12 0 d-----w- c:\programdata\lejubale
2009-10-20 11:53:12 0 d-----w- c:\programdata\hitijuno
2009-10-20 11:53:12 0 d-----w- c:\programdata\fofiyozu
2009-10-19 23:12:24 0 d-----w- c:\programdata\tikorula
2009-10-19 23:12:24 0 d-----w- c:\programdata\nupegofu
2009-10-19 23:12:24 0 d-----w- c:\programdata\jeramako
2009-10-19 23:12:24 0 d-----w- c:\programdata\fohuwoka
2009-10-19 23:06:53 0 d-----w- c:\programdata\venihato
2009-10-19 23:06:53 0 d-----w- c:\programdata\sewabune
2009-10-19 23:06:53 0 d-----w- c:\programdata\labayala
2009-10-17 21:22:21 0 ----a-w- c:\windows\win32k.sys
2009-10-15 20:07:22 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-15 20:07:22 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2009-10-15 20:07:22 107368 ----a-w- c:\windows\syswow64\GEARAspi.dll
2009-10-15 20:06:59 0 d-----w- c:\program files (x86)\iPod
2009-10-15 20:06:58 0 d-----w- c:\programdata\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}
2009-10-15 20:06:58 0 d-----w- c:\program files\iTunes
2009-10-15 16:16:25 4691016 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-15 16:16:17 558592 ----a-w- c:\windows\system32\EncDec.dll
2009-10-15 16:16:17 428544 ----a-w- c:\windows\syswow64\EncDec.dll
2009-10-15 16:16:17 289792 ----a-w- c:\windows\system32\psisrndr.ax
2009-10-15 16:16:17 217088 ----a-w- c:\windows\syswow64\psisrndr.ax
2009-10-15 16:16:16 80896 ----a-w- c:\windows\syswow64\MSNP.ax
2009-10-15 16:16:16 375808 ----a-w- c:\windows\system32\psisdecd.dll
2009-10-15 16:16:16 293376 ----a-w- c:\windows\syswow64\psisdecd.dll
2009-10-15 16:16:16 227328 ----a-w- c:\windows\system32\mpg2splt.ax
2009-10-15 16:16:16 177664 ----a-w- c:\windows\syswow64\mpg2splt.ax
2009-10-15 16:16:16 101376 ----a-w- c:\windows\system32\MSNP.ax
2009-10-15 16:14:34 82944 ----a-w- c:\windows\system32\msasn1.dll
2009-10-15 16:14:34 61440 ----a-w- c:\windows\syswow64\msasn1.dll
2009-10-15 16:14:34 174592 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-03 01:23:15 0 d-----w- c:\programdata\HipSoft
2009-10-03 01:22:25 0 d-----w- c:\users\owner\appdata\roaming\WildTangent
2009-09-30 04:15:41 0 d-----w- c:\program files\Google

==================== Find3M ====================

2009-10-15 20:03:13 86016 ----a-w- c:\windows\inf\infstor.dat
2009-10-15 20:03:13 51200 ----a-w- c:\windows\inf\infpub.dat
2009-10-15 20:03:12 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-09-10 17:53:48 268800 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 17:30:12 213504 ----a-w- c:\windows\syswow64\msv1_0.dll
2009-08-28 23:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 12:51:05 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 12:39:07 28672 ----a-w- c:\windows\syswow64\Apphlpdm.dll
2009-08-28 10:39:32 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-28 10:15:30 4240384 ----a-w- c:\windows\syswow64\GameUXLegacyGDFs.dll
2009-08-27 13:47:55 1032704 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 13:43:42 86528 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 13:32:41 833024 ----a-w- c:\windows\syswow64\wininet.dll
2009-08-27 13:32:28 1174528 ----a-w- c:\windows\syswow64\urlmon.dll
2009-08-27 13:31:28 146432 ----a-w- c:\windows\syswow64\occache.dll
2009-08-27 13:30:22 671232 ----a-w- c:\windows\syswow64\mstime.dll
2009-08-27 13:30:12 3584000 ----a-w- c:\windows\syswow64\mshtml.dll
2009-08-27 13:30:11 458240 ----a-w- c:\windows\syswow64\msfeeds.dll
2009-08-27 13:29:41 28160 ----a-w- c:\windows\syswow64\jsproxy.dll
2009-08-27 13:29:28 270848 ----a-w- c:\windows\syswow64\iertutil.dll
2009-08-27 13:29:27 6069248 ----a-w- c:\windows\syswow64\ieframe.dll
2009-08-27 13:29:25 78336 ----a-w- c:\windows\syswow64\ieencode.dll
2009-08-27 13:29:25 389120 ----a-w- c:\windows\syswow64\iedkcs32.dll
2009-08-27 13:29:25 380928 ----a-w- c:\windows\syswow64\ieapfltr.dll
2009-08-27 13:29:25 230400 ----a-w- c:\windows\syswow64\ieaksie.dll
2009-08-27 11:27:09 32768 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-27 10:58:58 26624 ----a-w- c:\windows\syswow64\ieUnatt.exe
2009-08-14 17:29:27 141312 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 17:29:26 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 16:29:41 17920 ----a-w- c:\windows\syswow64\netevent.dll
2009-08-14 16:29:41 104960 ----a-w- c:\windows\syswow64\netiohlp.dll
2009-08-14 15:13:04 10752 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 15:13:02 21504 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 15:13:01 12800 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 15:12:59 32256 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 15:12:59 23040 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 15:12:58 10240 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 15:12:57 11264 ----a-w- c:\windows\system32\finger.exe
2009-08-14 14:16:55 9728 ----a-w- c:\windows\syswow64\TCPSVCS.EXE
2009-08-14 14:16:55 17920 ----a-w- c:\windows\syswow64\ROUTE.EXE
2009-08-14 14:16:52 11264 ----a-w- c:\windows\syswow64\MRINFO.EXE
2009-08-14 14:16:51 27136 ----a-w- c:\windows\syswow64\NETSTAT.EXE
2009-08-14 14:16:50 19968 ----a-w- c:\windows\syswow64\ARP.EXE
2009-08-14 14:16:49 8704 ----a-w- c:\windows\syswow64\HOSTNAME.EXE
2009-08-14 14:16:49 10240 ----a-w- c:\windows\syswow64\finger.exe
2009-08-07 02:24:09 35552 ----a-w- c:\windows\syswow64\wups.dll
2009-08-07 02:23:52 575704 ----a-w- c:\windows\syswow64\wuapi.dll
2009-08-07 01:59:43 2621440 ----a-w- c:\windows\system32\wucltux.dll
2009-08-07 01:59:07 98816 ----a-w- c:\windows\system32\wudriver.dll
2009-08-07 01:44:40 87552 ----a-w- c:\windows\syswow64\wudriver.dll
2009-08-06 23:23:06 185416 ----a-w- c:\windows\system32\wuwebv.dll
2009-08-06 23:23:06 171608 ----a-w- c:\windows\syswow64\wuwebv.dll
2009-08-06 22:59:12 36864 ----a-w- c:\windows\system32\wuapp.exe
2009-08-06 22:44:46 33792 ----a-w- c:\windows\syswow64\wuapp.exe
2008-08-21 01:32:32 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-04-17 01:42:10 4 --sh--r- c:\windows\system32\drivers\taishop.sys
2009-07-23 15:38:27 90112 --sha-w- c:\windows\syswow64\bahegatu.dll
2009-07-28 13:21:53 37888 --sha-w- c:\windows\syswow64\digulani.dll
2009-07-28 13:21:54 89088 --sha-w- c:\windows\syswow64\duwozayo.dll
2009-07-26 01:18:05 38912 --sha-w- c:\windows\syswow64\fajejako.dll
2009-07-26 01:18:05 1011746 --sha-w- c:\windows\syswow64\fetabeke.exe
2009-07-20 23:53:26 1010970 --sha-w- c:\windows\syswow64\figusagu.exe
2009-07-22 23:45:51 1011451 --sha-w- c:\windows\syswow64\fikarapi.exe
2009-07-24 07:00:25 1011751 --sha-w- c:\windows\syswow64\fironage.exe
2009-07-28 13:21:55 1011848 --sha-w- c:\windows\syswow64\fowerovo.exe
2009-07-21 14:20:21 51712 --sha-w- c:\windows\syswow64\fuhevive.dll
2009-07-20 23:53:26 38400 --sha-w- c:\windows\syswow64\hilemebu.dll
2009-07-20 23:53:26 90112 --sha-w- c:\windows\syswow64\jedemeja.dll
2009-07-25 00:45:23 90112 --sha-w- c:\windows\syswow64\jedusata.dll
2009-07-21 14:20:22 38400 --sha-w- c:\windows\syswow64\jojekode.dll
2009-07-26 13:18:50 51200 --sha-w- c:\windows\syswow64\kowavelo.dll
2009-07-26 13:18:17 38912 --sha-w- c:\windows\syswow64\lemetuku.dll
2009-07-23 15:38:27 38400 --sha-w- c:\windows\syswow64\liborazo.dll
2009-07-25 13:17:56 38912 --sha-w- c:\windows\syswow64\mozobasu.dll
2009-07-28 01:21:35 89600 --sha-w- c:\windows\syswow64\musurupu.dll
2009-07-22 11:46:08 90112 --sha-w- c:\windows\syswow64\piyefire.dll
2009-07-21 14:20:21 1050658 --sha-w- c:\windows\syswow64\remudaze.exe
2009-07-22 23:45:50 38912 --sha-w- c:\windows\syswow64\ronuruso.dll
2009-07-23 15:38:28 1011747 --sha-w- c:\windows\syswow64\sehajiwi.exe
2009-07-26 13:18:17 89088 --sha-w- c:\windows\syswow64\sijoyasu.dll
2009-07-29 01:22:09 89088 --sha-w- c:\windows\syswow64\sipahode.dll
2009-07-22 11:46:08 38912 --sha-w- c:\windows\syswow64\terolidi.dll
2009-07-28 01:21:35 37888 --sha-w- c:\windows\syswow64\tikatabi.dll
2009-07-25 00:45:23 1011751 --sha-w- c:\windows\syswow64\wayowemu.exe
2009-07-22 11:46:08 1011026 --sha-w- c:\windows\syswow64\wefakuve.exe
2009-07-25 13:17:56 1011751 --sha-w- c:\windows\syswow64\wetenusa.exe
2009-07-24 07:00:24 84992 --sha-w- c:\windows\syswow64\wobosoba.dll
2009-07-25 13:17:55 90112 --sha-w- c:\windows\syswow64\yonitino.dll
2009-07-25 00:45:23 38400 --sha-w- c:\windows\syswow64\yujijehi.dll
2009-07-21 14:20:53 51712 --sha-w- c:\windows\syswow64\yunewoti.dll
2009-07-26 01:18:05 89600 --sha-w- c:\windows\syswow64\zadowebi.dll
2009-07-26 13:18:18 51200 --sha-w- c:\windows\syswow64\zavuvuhi.dll
2009-07-22 23:45:50 89088 --sha-w- c:\windows\syswow64\zerunuwa.dll
2009-07-24 07:00:24 38400 --sha-w- c:\windows\syswow64\zinetozu.dll
2009-07-29 01:22:09 37888 --sha-w- c:\windows\syswow64\zokujole.dll
2009-04-17 01:42:14 13 --sh--r- c:\windows\syswow64\drivers\fbd.sys

============= FINISH: 8:06:36.19 ===============

Edited by wchapman, 29 October 2009 - 07:08 AM.


#3 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:08 AM

Posted 03 November 2009 - 06:40 AM

Hello wchapman

Welcome to BleepingComputer :(
==========================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users