View Full Version : Daughter's mini laptop infected
Rorynater1
2010-04-24, 23:45
The ex-wife calls me yesterday and tells me that my 14 year old daughter's computer is infected with "a" virus. I tell her to send it over to me and I would take a look. Ran Ad-aware and it found 89 hits, with a couple of them being pretty significant. Ah well. Been a while since I have cleaned an infected computer, so thought I would ask for some help. Here is the HiJackThis log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:23:37 PM, on 4/24/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\MSI\EasyFace Logon\AutoLock\OpenChmAp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\System Control Manager\MSIService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0d914044-8d03-4edf-a4ef-45cf53505953} - wibotelo.dll (file missing)
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [AutoLockOpenChm] C:\Program Files\MSI\EasyFace Logon\AutoLock\OpenChmAp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [wemikejahu] Rundll32.exe "rurisugo.dll",s
O4 - HKLM\..\Run: [rasuwejey] Rundll32.exe "c:\windows\system32\feyujafi.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.msi.com.tw
O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://m1.cdn.gaiaonline.com/plugins/IDMFlash.cab
O20 - AppInit_DLLs: c:\windows\system32\dipagowe.dll jogopamo.dll c:\windows\system32\feyujafi.dll
O21 - SSODL: witeruwat - {027b552c-d32b-4add-8520-5787933badf4} - c:\windows\system32\dipagowe.dll (file missing)
O21 - SSODL: zomuhojis - {91a76196-9af0-4c52-9b06-bc0bb58cc20b} - c:\windows\system32\feyujafi.dll (file missing)
O22 - SharedTaskScheduler: gahurihor - {027b552c-d32b-4add-8520-5787933badf4} - c:\windows\system32\dipagowe.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {91a76196-9af0-4c52-9b06-bc0bb58cc20b} - c:\windows\system32\feyujafi.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Micro Star SCM - Unknown owner - C:\Program Files\System Control Manager\MSIService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 7655 bytes
I know some of them, but thought I would just leave everything alone in the spirit of "don't try this at home". Shouldn't have run ad-aware first, I know. Sorry about that. Let me know guys.
Hi,
Download DDS and save it to your desktop from here (http://download.bleepingcomputer.com/sUBs/dds.com) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to your topic.
---
Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab, uncheck files option and then click scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.
Rorynater1
2010-04-29, 04:10
DDS Attach.txt:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/10/2009 7:57:30 AM
System Uptime: 4/28/2010 1:06:26 PM (7 hours ago)
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | U-100
Processor: Intel(R) Atom(TM) CPU N280 @ 1.66GHz | CPU 1 | 1666/667mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 39 GiB total, 20.184 GiB free.
D: is FIXED (NTFS) - 106 GiB total, 105.98 GiB free.
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP8: 1/30/2010 3:31:40 PM - Software Distribution Service 3.0
RP9: 1/31/2010 2:28:58 PM - Software Distribution Service 3.0
RP10: 2/21/2010 5:27:17 PM - Software Distribution Service 3.0
RP11: 3/2/2010 4:44:00 PM - Software Distribution Service 3.0
RP12: 3/10/2010 3:58:18 PM - Software Distribution Service 3.0
RP13: 3/11/2010 9:16:25 PM - Software Distribution Service 3.0
RP14: 3/12/2010 5:46:48 PM - Software Distribution Service 3.0
RP15: 3/12/2010 6:54:32 PM - Installed iTunes
RP16: 3/14/2010 6:47:13 PM - System Checkpoint
RP17: 3/24/2010 9:13:07 PM - System Checkpoint
RP18: 3/31/2010 4:17:45 PM - Software Distribution Service 3.0
RP19: 4/24/2010 4:44:38 PM - System Checkpoint
RP20: 4/25/2010 8:02:11 PM - System Checkpoint
RP21: 4/28/2010 7:19:24 PM - System Checkpoint
==== Installed Programs ======================
2007 Microsoft Office system
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe Flash Player 10 ActiveX
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.2
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bluetooth Stack for Windows by Toshiba
Bonjour
BurnRecovery
Choice Guard
CrazyTalk Cam Suite
EasyFace Logon
ERUNT 1.1j
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Intel(R) Graphics Media Accelerator Driver
iTunes
Junk Mail filter update
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MSVCRT
Pando Media Booster
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
Solstice
System Control Manager
Ulead Burn.Now 4.5
Ulead Burn.Now 4.5 SE
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Office 2007 (KB934528)
Update for Office System 2007 Setup (KB929722)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB2.0 Card Reader Software
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Driver Package - Atheros (AR5416) Net (09/18/2008 7.6.1.149)
Windows Driver Package - Realtek (rtl8187Se) Net (08/22/2008 5.9071.0822.2008)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
==== Event Viewer Messages From Past Week ========
4/28/2010 7:03:40 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
4/24/2010 3:02:13 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
4/24/2010 3:02:13 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/21/2010 8:52:51 AM, error: ACPIEC [1] - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible.
==== End Of File ===========================
DDS DDS.txt:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Sahara Burroughs at 20:03:14.60 on Wed 04/28/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.354 [GMT -5:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\MSI\EasyFace Logon\AutoLock\OpenChmAp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\System Control Manager\MSIService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Sahara Burroughs\Local Settings\Temporary Internet Files\Content.IE5\K8DI2SXD\dds[1].com
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://search.live.com
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://search.live.com/sphome.aspx
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {0d914044-8d03-4edf-a4ef-45cf53505953} - wibotelo.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [MGSysCtrl] c:\program files\system control manager\MGSysCtrl.exe
mRun: [AutoLockOpenChm] c:\program files\msi\easyface logon\autolock\OpenChmAp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [wemikejahu] Rundll32.exe "rurisugo.dll",s
mRun: [rasuwejey] Rundll32.exe "c:\windows\system32\yuguhehe.dll",a
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} - hxxp://m1.cdn.gaiaonline.com/plugins/IDMFlash.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\dipagowe.dll jogopamo.dll c:\windows\system32\feyujafi.dll c:\windows\system32\yuguhehe.dll
SSODL: witeruwat - {027b552c-d32b-4add-8520-5787933badf4} - c:\windows\system32\dipagowe.dll
SSODL: zomuhojis - {91a76196-9af0-4c52-9b06-bc0bb58cc20b} - c:\windows\system32\feyujafi.dll
SSODL: natujevaf - {436ecb2f-0bd2-4abc-8286-4a72822891ed} - c:\windows\system32\yuguhehe.dll
STS: gahurihor: {027b552c-d32b-4add-8520-5787933badf4} - c:\windows\system32\dipagowe.dll
STS: jugezatag: {91a76196-9af0-4c52-9b06-bc0bb58cc20b} - c:\windows\system32\feyujafi.dll
STS: tokatiluy: {436ecb2f-0bd2-4abc-8286-4a72822891ed} - c:\windows\system32\yuguhehe.dll
LSA: Notification Packages = scecli jogopamo.dll
IFEO: MpCmdRun.exe - c:\windows\system32\svchost.exe
IFEO: MSASCui.exe - c:\windows\system32\svchost.exe
IFEO: MsMpEng.exe - c:\windows\system32\svchost.exe
IFEO: msseces.exe - c:\windows\system32\svchost.exe
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-4-24 64288]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-3-4 14336]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-4 55136]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1265264]
R2 Micro Star SCM;Micro Star SCM;c:\program files\system control manager\MSIService.exe [2009-3-4 159744]
R3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\drivers\RLVrtAuCbl.sys [2009-3-4 31616]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-3-4 162816]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2008-12-8 533344]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
=============== Created Last 30 ================
2010-04-24 20:21:43 0 d-----w- c:\program files\Trend Micro
2010-04-24 20:02:15 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-24 19:42:17 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-04-24 19:42:12 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-24 19:40:20 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-24 19:40:06 0 d-----w- c:\program files\Lavasoft
2010-04-21 00:55:10 0 d-----w- c:\program files\scdata
2010-04-21 00:50:32 0 d-----w- c:\program files\Your PC Protector
==================== Find3M ====================
2010-03-15 22:17:20 55984 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-11 12:38:54 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38:51 17408 ----a-w- c:\windows\system32\corpol.dll
2010-01-21 00:50:11 41984 --sha-w- c:\windows\system32\banijufe.dll
2010-01-25 13:23:05 42496 --sha-w- c:\windows\system32\bowafefi.dll
2010-01-15 20:41:20 65024 --sha-w- c:\windows\system32\bupudofa.dll
2010-01-27 00:10:53 95232 --sha-w- c:\windows\system32\datotaso.dll
2010-01-26 04:02:50 94720 --sha-w- c:\windows\system32\davimizi.dll
2010-01-29 00:03:59 64512 --sha-w- c:\windows\system32\fonekiyo.dll
2010-01-24 18:54:57 41984 --sha-w- c:\windows\system32\fopijunu.dll
2010-01-15 20:41:20 97280 --sha-w- c:\windows\system32\gitadumi.dll
2010-01-15 20:41:59 65024 --sha-w- c:\windows\system32\jogopamo.dll
2010-01-21 13:56:23 41984 --sha-w- c:\windows\system32\kisafigu.dll
2010-01-25 13:23:05 94720 --sha-w- c:\windows\system32\livutego.dll
2010-01-26 04:02:50 42496 --sha-w- c:\windows\system32\nemiseza.dll
2010-01-15 20:41:59 65024 --sha-w- c:\windows\system32\rurisugo.dll
2010-01-27 12:28:02 41984 --sha-w- c:\windows\system32\sunejiwu.dll
2010-01-15 20:41:20 43008 --sha-w- c:\windows\system32\tanovivo.dll
2010-01-29 00:03:59 41984 --sha-w- c:\windows\system32\vehupapi.dll
2010-01-15 20:41:59 65024 --sha-w- c:\windows\system32\wibotelo.dll
2010-01-27 00:10:52 42496 --sha-w- c:\windows\system32\yivibubu.dll
2010-01-29 00:03:59 94720 --sha-w- c:\windows\system32\yuguhehe.dll
2010-01-27 12:28:02 94720 --sha-w- c:\windows\system32\zehorute.dll
2009-03-05 02:27:16 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2009-12-10 13:53:02 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009121020091211\index.dat
2009-12-10 13:53:03 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-12-10 13:53:03 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-12-10 13:53:03 16384 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
============= FINISH: 20:03:49.09 ===============
Rorynater1
2010-04-29, 04:25
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-28 20:22:35
Windows 5.1.2600 Service Pack 3
Running: pf917xxb.exe; Driver: C:\DOCUME~1\SAHARA~1\LOCALS~1\Temp\uxldypow.sys
---- System - GMER 1.0.15 ----
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF764387E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7643BFE]
---- Kernel code sections - GMER 1.0.15 ----
? System32\Drivers\hiber_WMILIB.SYS The system cannot find the path specified. !
? C:\DOCUME~1\SAHARA~1\LOCALS~1\Temp\uxldypoc.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[132] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 10001BEC C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[132] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 10001B16 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[132] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 10001B7C C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[132] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B93 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[132] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001C79 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[132] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001D4A C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[132] kernel32.dll!Module32FirstW 7C8652E7 5 Bytes JMP 10001C23 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[132] kernel32.dll!Module32NextW 7C865484 5 Bytes JMP 10001C62 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[132] PSAPI.DLL!EnumProcessModules 76BF1EF4 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[228] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 10001BEC C:\WINDOWS\system32\jogopamo.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[228] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 10001B16 C:\WINDOWS\system32\jogopamo.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[228] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 10001B7C C:\WINDOWS\system32\jogopamo.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[228] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B93 C:\WINDOWS\system32\jogopamo.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[228] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001C79 C:\WINDOWS\system32\jogopamo.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[228] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001D4A C:\WINDOWS\system32\jogopamo.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[228] kernel32.dll!Module32FirstW 7C8652E7 5 Bytes JMP 10001C23 C:\WINDOWS\system32\jogopamo.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[228] kernel32.dll!Module32NextW 7C865484 5 Bytes JMP 10001C62 C:\WINDOWS\system32\jogopamo.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[228] PSAPI.DLL!EnumProcessModules 76BF1EF4 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\jogopamo.dll
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[236] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 012C1BEC C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[236] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 012C1B16 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[236] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 012C1B7C C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[236] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 012C1B93 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[236] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 012C1C79 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[236] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 012C1D4A C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[236] kernel32.dll!Module32FirstW 7C8652E7 5 Bytes JMP 012C1C23 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[236] kernel32.dll!Module32NextW 7C865484 5 Bytes JMP 012C1C62 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[236] PSAPI.DLL!EnumProcessModules 76BF1EF4 5 Bytes JMP 012C1CB0 C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\Explorer.EXE[328] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 10001BEC C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\Explorer.EXE[328] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 10001B16 C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\Explorer.EXE[328] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 10001B7C C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\Explorer.EXE[328] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B93 C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\Explorer.EXE[328] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001C79 C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\Explorer.EXE[328] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001D4A C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\Explorer.EXE[328] kernel32.dll!Module32FirstW 7C8652E7 5 Bytes JMP 10001C23 C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\Explorer.EXE[328] kernel32.dll!Module32NextW 7C865484 5 Bytes JMP 10001C62 C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\Explorer.EXE[328] PSAPI.DLL!EnumProcessModules 76BF1EF4 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[404] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 10001BEC C:\WINDOWS\system32\jogopamo.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[404] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 10001B16 C:\WINDOWS\system32\jogopamo.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[404] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 10001B7C C:\WINDOWS\system32\jogopamo.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[404] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B93 C:\WINDOWS\system32\jogopamo.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[404] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001C79 C:\WINDOWS\system32\jogopamo.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[404] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001D4A C:\WINDOWS\system32\jogopamo.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[404] kernel32.dll!Module32FirstW 7C8652E7 5 Bytes JMP 10001C23 C:\WINDOWS\system32\jogopamo.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[404] kernel32.dll!Module32NextW 7C865484 5 Bytes JMP 10001C62 C:\WINDOWS\system32\jogopamo.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[404] PSAPI.DLL!EnumProcessModules 76BF1EF4 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\jogopamo.dll
.text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 00FF1BEC C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 00FF1B16 C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 00FF1B7C C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FF1B93 C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 00FF1C79 C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 00FF1D4A C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!Module32FirstW 7C8652E7 5 Bytes JMP 00FF1C23 C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!Module32NextW 7C865484 5 Bytes JMP 00FF1C62 C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\system32\igfxpers.exe[1232] PSAPI.DLL!EnumProcessModules 76BF1EF4 5 Bytes JMP 00FF1CB0 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[1444] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 00E41BEC C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[1444] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 00E41B16 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[1444] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 00E41B7C C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[1444] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E41B93 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[1444] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 00E41C79 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[1444] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 00E41D4A C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[1444] kernel32.dll!Module32FirstW 7C8652E7 5 Bytes JMP 00E41C23 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[1444] kernel32.dll!Module32NextW 7C865484 5 Bytes JMP 00E41C62 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[1444] PSAPI.DLL!EnumProcessModules 76BF1EF4 5 Bytes JMP 00E41CB0 C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\system32\hkcmd.exe[1508] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 00FD1BEC C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\system32\hkcmd.exe[1508] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 00FD1B16 C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\system32\hkcmd.exe[1508] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 00FD1B7C C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\system32\hkcmd.exe[1508] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FD1B93 C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\system32\hkcmd.exe[1508] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 00FD1C79 C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\system32\hkcmd.exe[1508] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 00FD1D4A C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\system32\hkcmd.exe[1508] kernel32.dll!Module32FirstW 7C8652E7 5 Bytes JMP 00FD1C23 C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\system32\hkcmd.exe[1508] kernel32.dll!Module32NextW 7C865484 5 Bytes JMP 00FD1C62 C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\system32\hkcmd.exe[1508] PSAPI.DLL!EnumProcessModules 76BF1EF4 5 Bytes JMP 00FD1CB0 C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\system32\igfxtray.exe[1556] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 01301BEC C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\system32\igfxtray.exe[1556] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 01301B16 C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\system32\igfxtray.exe[1556] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 01301B7C C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\system32\igfxtray.exe[1556] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01301B93 C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\system32\igfxtray.exe[1556] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 01301C79 C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\system32\igfxtray.exe[1556] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 01301D4A C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\system32\igfxtray.exe[1556] kernel32.dll!Module32FirstW 7C8652E7 5 Bytes JMP 01301C23 C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\system32\igfxtray.exe[1556] kernel32.dll!Module32NextW 7C865484 5 Bytes JMP 01301C62 C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\system32\igfxtray.exe[1556] PSAPI.DLL!EnumProcessModules 76BF1EF4 5 Bytes JMP 01301CB0 C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\RTHDCPL.EXE[1616] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 10001BEC C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\RTHDCPL.EXE[1616] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 10001B16 C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\RTHDCPL.EXE[1616] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 10001B7C C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\RTHDCPL.EXE[1616] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B93 C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\RTHDCPL.EXE[1616] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001C79 C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\RTHDCPL.EXE[1616] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001D4A C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\RTHDCPL.EXE[1616] kernel32.dll!Module32FirstW 7C8652E7 5 Bytes JMP 10001C23 C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\RTHDCPL.EXE[1616] kernel32.dll!Module32NextW 7C865484 5 Bytes JMP 10001C62 C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\RTHDCPL.EXE[1616] PSAPI.DLL!EnumProcessModules 76BF1EF4 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe[1716] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 10001BEC C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe[1716] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 10001B16 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe[1716] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 10001B7C C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe[1716] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B93 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe[1716] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001C79 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe[1716] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001D4A C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe[1716] kernel32.dll!Module32FirstW 7C8652E7 5 Bytes JMP 10001C23 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe[1716] kernel32.dll!Module32NextW 7C865484 5 Bytes JMP 10001C62 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe[1716] PSAPI.DLL!EnumProcessModules 76BF1EF4 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[1820] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 011C1BEC C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[1820] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 011C1B16 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[1820] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 011C1B7C C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[1820] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 011C1B93 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[1820] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 011C1C79 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[1820] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 011C1D4A C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[1820] kernel32.dll!Module32FirstW 7C8652E7 5 Bytes JMP 011C1C23 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[1820] kernel32.dll!Module32NextW 7C865484 5 Bytes JMP 011C1C62 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[1820] PSAPI.DLL!EnumProcessModules 76BF1EF4 5 Bytes JMP 011C1CB0 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\MSI\EasyFace Logon\AutoLock\OpenChmAp.exe[1848] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 10001BEC C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\MSI\EasyFace Logon\AutoLock\OpenChmAp.exe[1848] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 10001B16 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\MSI\EasyFace Logon\AutoLock\OpenChmAp.exe[1848] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 10001B7C C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\MSI\EasyFace Logon\AutoLock\OpenChmAp.exe[1848] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B93 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\MSI\EasyFace Logon\AutoLock\OpenChmAp.exe[1848] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001C79 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\MSI\EasyFace Logon\AutoLock\OpenChmAp.exe[1848] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001D4A C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\MSI\EasyFace Logon\AutoLock\OpenChmAp.exe[1848] kernel32.dll!Module32FirstW 7C8652E7 5 Bytes JMP 10001C23 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\MSI\EasyFace Logon\AutoLock\OpenChmAp.exe[1848] kernel32.dll!Module32NextW 7C865484 5 Bytes JMP 10001C62 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\MSI\EasyFace Logon\AutoLock\OpenChmAp.exe[1848] PSAPI.DLL!EnumProcessModules 76BF1EF4 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1880] kernel32.dll!GetFileAttributesW 7C80B7EC 3 Bytes JMP 010C1BEC C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1880] kernel32.dll!GetFileAttributesW + 4 7C80B7F0 1 Byte [84]
.text C:\Program Files\iTunes\iTunesHelper.exe[1880] kernel32.dll!FindFirstFileExW 7C80EB1D 3 Bytes JMP 010C1B16 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1880] kernel32.dll!FindFirstFileExW + 4 7C80EB21 1 Byte [84]
.text C:\Program Files\iTunes\iTunesHelper.exe[1880] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 010C1B7C C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1880] kernel32.dll!CreateFileW 7C810800 3 Bytes JMP 010C1B93 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1880] kernel32.dll!CreateFileW + 4 7C810804 1 Byte [84]
.text C:\Program Files\iTunes\iTunesHelper.exe[1880] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 010C1C79 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1880] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 010C1D4A C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1880] kernel32.dll!Module32FirstW 7C8652E7 5 Bytes JMP 010C1C23 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1880] kernel32.dll!Module32NextW 7C865484 5 Bytes JMP 010C1C62 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1880] PSAPI.DLL!EnumProcessModules 76BF1EF4 5 Bytes JMP 010C1CB0 C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\system32\ctfmon.exe[1960] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 10001BEC C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\system32\ctfmon.exe[1960] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 10001B16 C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\system32\ctfmon.exe[1960] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 10001B7C C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\system32\ctfmon.exe[1960] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B93 C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\system32\ctfmon.exe[1960] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001C79 C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\system32\ctfmon.exe[1960] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001D4A C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\system32\ctfmon.exe[1960] kernel32.dll!Module32FirstW 7C8652E7 5 Bytes JMP 10001C23 C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\system32\ctfmon.exe[1960] kernel32.dll!Module32NextW 7C865484 5 Bytes JMP 10001C62 C:\WINDOWS\system32\rurisugo.dll
.text C:\WINDOWS\system32\ctfmon.exe[1960] PSAPI.DLL!EnumProcessModules 76BF1EF4 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2060] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 10001BEC C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2060] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 10001B16 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2060] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 10001B7C C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2060] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B93 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2060] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001C79 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2060] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001D4A C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2060] kernel32.dll!Module32FirstW 7C8652E7 5 Bytes JMP 10001C23 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2060] kernel32.dll!Module32NextW 7C865484 5 Bytes JMP 10001C62 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2060] PSAPI.DLL!EnumProcessModules 76BF1EF4 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2092] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 00E41BEC C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2092] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 00E41B16 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2092] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 00E41B7C C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2092] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E41B93 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2092] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 00E41C79 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2092] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 00E41D4A C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2092] kernel32.dll!Module32FirstW 7C8652E7 5 Bytes JMP 00E41C23 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2092] kernel32.dll!Module32NextW 7C865484 5 Bytes JMP 00E41C62 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2092] PSAPI.DLL!EnumProcessModules 76BF1EF4 5 Bytes JMP 00E41CB0 C:\WINDOWS\system32\rurisugo.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2156] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 00B51BEC C:\WINDOWS\system32\jogopamo.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2156] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 00B51B16 C:\WINDOWS\system32\jogopamo.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2156] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 00B51B7C C:\WINDOWS\system32\jogopamo.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2156] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B51B93 C:\WINDOWS\system32\jogopamo.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2156] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 00B51C79 C:\WINDOWS\system32\jogopamo.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2156] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 00B51D4A C:\WINDOWS\system32\jogopamo.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2156] kernel32.dll!Module32FirstW 7C8652E7 5 Bytes JMP 00B51C23 C:\WINDOWS\system32\jogopamo.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2156] kernel32.dll!Module32NextW 7C865484 5 Bytes JMP 00B51C62 C:\WINDOWS\system32\jogopamo.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2156] PSAPI.DLL!EnumProcessModules 76BF1EF4 5 Bytes JMP 00B51CB0 C:\WINDOWS\system32\jogopamo.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2880] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 10001BEC C:\WINDOWS\system32\jogopamo.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2880] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 10001B16 C:\WINDOWS\system32\jogopamo.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2880] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 10001B7C C:\WINDOWS\system32\jogopamo.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2880] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B93 C:\WINDOWS\system32\jogopamo.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2880] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001C79 C:\WINDOWS\system32\jogopamo.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2880] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001D4A C:\WINDOWS\system32\jogopamo.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2880] kernel32.dll!Module32FirstW 7C8652E7 5 Bytes JMP 10001C23 C:\WINDOWS\system32\jogopamo.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2880] kernel32.dll!Module32NextW 7C865484 5 Bytes JMP 10001C62 C:\WINDOWS\system32\jogopamo.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2880] PSAPI.DLL!EnumProcessModules 76BF1EF4 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\jogopamo.dll
.text C:\Program Files\iPod\bin\iPodService.exe[2920] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 10001BEC C:\WINDOWS\system32\jogopamo.dll
.text C:\Program Files\iPod\bin\iPodService.exe[2920] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 10001B16 C:\WINDOWS\system32\jogopamo.dll
.text C:\Program Files\iPod\bin\iPodService.exe[2920] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 10001B7C C:\WINDOWS\system32\jogopamo.dll
.text C:\Program Files\iPod\bin\iPodService.exe[2920] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B93 C:\WINDOWS\system32\jogopamo.dll
.text C:\Program Files\iPod\bin\iPodService.exe[2920] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001C79 C:\WINDOWS\system32\jogopamo.dll
.text C:\Program Files\iPod\bin\iPodService.exe[2920] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001D4A C:\WINDOWS\system32\jogopamo.dll
.text C:\Program Files\iPod\bin\iPodService.exe[2920] kernel32.dll!Module32FirstW 7C8652E7 5 Bytes JMP 10001C23 C:\WINDOWS\system32\jogopamo.dll
.text C:\Program Files\iPod\bin\iPodService.exe[2920] kernel32.dll!Module32NextW 7C865484 5 Bytes JMP 10001C62 C:\WINDOWS\system32\jogopamo.dll
.text C:\Program Files\iPod\bin\iPodService.exe[2920] PSAPI.DLL!EnumProcessModules 76BF1EF4 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\jogopamo.dll
.text C:\Documents and Settings\Sahara Burroughs\Desktop\pf917xxb.exe[5772] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 10001BEC C:\WINDOWS\system32\jogopamo.dll
.text C:\Documents and Settings\Sahara Burroughs\Desktop\pf917xxb.exe[5772] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 10001B16 C:\WINDOWS\system32\jogopamo.dll
.text C:\Documents and Settings\Sahara Burroughs\Desktop\pf917xxb.exe[5772] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 10001B7C C:\WINDOWS\system32\jogopamo.dll
.text C:\Documents and Settings\Sahara Burroughs\Desktop\pf917xxb.exe[5772] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B93 C:\WINDOWS\system32\jogopamo.dll
.text C:\Documents and Settings\Sahara Burroughs\Desktop\pf917xxb.exe[5772] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001C79 C:\WINDOWS\system32\jogopamo.dll
.text C:\Documents and Settings\Sahara Burroughs\Desktop\pf917xxb.exe[5772] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001D4A C:\WINDOWS\system32\jogopamo.dll
.text C:\Documents and Settings\Sahara Burroughs\Desktop\pf917xxb.exe[5772] kernel32.dll!Module32FirstW 7C8652E7 5 Bytes JMP 10001C23 C:\WINDOWS\system32\jogopamo.dll
.text C:\Documents and Settings\Sahara Burroughs\Desktop\pf917xxb.exe[5772] kernel32.dll!Module32NextW 7C865484 5 Bytes JMP 10001C62 C:\WINDOWS\system32\jogopamo.dll
.text C:\Documents and Settings\Sahara Burroughs\Desktop\pf917xxb.exe[5772] PSAPI.DLL!EnumProcessModules 76BF1EF4 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\jogopamo.dll
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
Device \FileSystem\Fastfat \Fat A52E4D20
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----
Library C:\WINDOWS\system32\jogopamo.dll (*** hidden *** ) @ C:\Program Files\Windows Live\Messenger\msnmsgr.exe [132] 0x02420000
Library C:\WINDOWS\system32\jogopamo.dll (*** hidden *** ) @ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [228] 0x10000000
Library C:\WINDOWS\system32\jogopamo.dll (*** hidden *** ) @ C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [236] 0x01460000
Library C:\WINDOWS\system32\jogopamo.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [328] 0x01890000
Library C:\WINDOWS\system32\jogopamo.dll (*** hidden *** ) @ C:\Program Files\Bonjour\mDNSResponder.exe [404] 0x10000000
Library C:\WINDOWS\system32\jogopamo.dll (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [884] 0x10000000
Library C:\WINDOWS\system32\jogopamo.dll (*** hidden *** ) @ C:\WINDOWS\system32\services.exe [932] 0x10000000
Library C:\WINDOWS\system32\jogopamo.dll (*** hidden *** ) @ C:\WINDOWS\system32\lsass.exe [944] 0x10000000
Library C:\WINDOWS\system32\jogopamo.dll (*** hidden *** ) @ C:\WINDOWS\system32\igfxpers.exe [1232] 0x01140000
Library C:\WINDOWS\system32\jogopamo.dll (*** hidden *** ) @ C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe [1444] 0x00FB0000
Library C:\WINDOWS\system32\jogopamo.dll (*** hidden *** ) @ C:\WINDOWS\system32\hkcmd.exe [1508] 0x01120000
Library C:\WINDOWS\system32\jogopamo.dll (*** hidden *** ) @ C:\WINDOWS\system32\igfxtray.exe [1556] 0x01450000
Library C:\WINDOWS\system32\jogopamo.dll (*** hidden *** ) @ C:\WINDOWS\RTHDCPL.EXE [1616] 0x03EB0000
Library C:\WINDOWS\system32\jogopamo.dll (*** hidden *** ) @ C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [1716] 0x00C50000
Library C:\WINDOWS\system32\jogopamo.dll (*** hidden *** ) @ C:\Program Files\System Control Manager\MGSysCtrl.exe [1820] 0x01310000
Library C:\WINDOWS\system32\jogopamo.dll (*** hidden *** ) @ C:\Program Files\MSI\EasyFace Logon\AutoLock\OpenChmAp.exe [1848] 0x00B40000
Library C:\WINDOWS\system32\jogopamo.dll (*** hidden *** ) @ C:\Program Files\iTunes\iTunesHelper.exe [1880] 0x09B10000
Library C:\WINDOWS\system32\jogopamo.dll (*** hidden *** ) @ C:\WINDOWS\system32\ctfmon.exe [1960] 0x00A60000
Library C:\WINDOWS\system32\jogopamo.dll (*** hidden *** ) @ C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe [2060] 0x00C90000
Library C:\WINDOWS\system32\jogopamo.dll (*** hidden *** ) @ C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe [2092] 0x00FB0000
Library C:\WINDOWS\system32\jogopamo.dll (*** hidden *** ) @ C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2156] 0x00B50000
Library C:\WINDOWS\system32\jogopamo.dll (*** hidden *** ) @ C:\WINDOWS\system32\wbem\unsecapp.exe [2880] 0x10000000
Library C:\WINDOWS\system32\jogopamo.dll (*** hidden *** ) @ C:\Program Files\iPod\bin\iPodService.exe [2920] 0x10000000
Library C:\WINDOWS\system32\jogopamo.dll (*** hidden *** ) @ C:\Documents and Settings\Sahara Burroughs\Desktop\pf917xxb.exe [5772] 0x10000000
---- EOF - GMER 1.0.15 ----
Hi,
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
Rorynater1
2010-04-30, 17:41
ComboFix 10-04-29.04 - Sahara Burroughs 04/29/2010 17:55:08.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.511 [GMT -5:00]
Running from: c:\documents and settings\Sahara Burroughs\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Sahara Burroughs\Start Menu\Programs\Your PC Protector
c:\documents and settings\Sahara Burroughs\Start Menu\Programs\Your PC Protector\Your PC Protector.lnk
c:\program files\Your PC Protector
c:\windows\system32\bajoduza.dll
c:\windows\system32\banijufe.dll
c:\windows\system32\bowafefi.dll
c:\windows\system32\bupudofa.dll
c:\windows\system32\datotaso.dll
c:\windows\system32\davimizi.dll
c:\windows\system32\FD.dll
c:\windows\system32\fopijunu.dll
c:\windows\system32\gitadumi.dll
c:\windows\system32\hoselozu.dll
c:\windows\system32\jogopamo.dll
c:\windows\system32\kisafigu.dll
c:\windows\system32\livutego.dll
c:\windows\system32\nemiseza.dll
c:\windows\system32\nodutike.dll
c:\windows\system32\rurisugo.dll
c:\windows\system32\sunejiwu.dll
c:\windows\system32\tanovivo.dll
c:\windows\system32\vehupapi.dll
c:\windows\system32\wibotelo.dll
c:\windows\system32\yivibubu.dll
c:\windows\system32\yuguhehe.dll
c:\windows\Tasks\ejsmvrgr.job
.
((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-29 )))))))))))))))))))))))))))))))
.
2010-04-27 12:33 . 2010-04-27 12:33 -------- d-----w- C:\rsit
2010-04-24 20:32 . 2010-04-24 20:32 -------- d-----w- c:\program files\ERUNT
2010-04-24 20:21 . 2010-04-24 20:21 -------- d-----w- c:\program files\Trend Micro
2010-04-24 20:02 . 2010-04-24 19:42 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-24 19:41 . 2010-04-24 19:41 966104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-04-24 19:41 . 2010-04-24 19:41 849744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-04-24 19:41 . 2010-04-24 19:41 855864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-04-24 19:41 . 2010-04-24 19:41 1597952 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-04-24 19:41 . 2010-04-24 19:41 818256 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-04-24 19:41 . 2010-04-24 19:41 1265264 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-04-24 19:40 . 2010-04-24 19:40 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-24 19:40 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-04-24 19:40 . 2010-04-24 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-04-24 19:40 . 2010-04-24 19:40 -------- d-----w- c:\program files\Lavasoft
2010-04-21 13:44 . 2010-04-21 13:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-04-21 00:55 . 2010-04-22 00:32 -------- d-----w- c:\program files\scdata
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-29 23:04 . 2009-12-26 03:11 -------- d-----w- c:\program files\Common Files\Akamai
2010-03-19 23:28 . 2010-03-19 23:28 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-15 22:17 . 2010-03-15 22:17 55984 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-13 00:56 . 2010-03-13 00:55 -------- d-----w- c:\documents and settings\Sahara Burroughs\Application Data\Apple Computer
2010-03-13 00:55 . 2010-03-13 00:54 -------- d-----w- c:\program files\iTunes
2010-03-13 00:55 . 2010-03-13 00:54 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-03-13 00:54 . 2010-03-13 00:54 -------- d-----w- c:\program files\iPod
2010-03-13 00:54 . 2010-03-13 00:54 -------- d-----w- c:\program files\Bonjour
2010-03-13 00:54 . 2010-03-13 00:53 -------- d-----w- c:\program files\QuickTime
2010-03-13 00:53 . 2010-03-13 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-03-13 00:53 . 2010-03-13 00:53 -------- d-----w- c:\program files\Apple Software Update
2010-03-13 00:52 . 2010-03-13 00:52 -------- d-----w- c:\program files\Common Files\Apple
2010-03-13 00:52 . 2010-03-13 00:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-03-11 12:38 . 2009-03-04 22:15 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2009-03-04 22:15 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2009-03-04 22:15 17408 ----a-w- c:\windows\system32\corpol.dll
2010-02-16 00:41 . 2010-02-16 00:41 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-04 15:53 . 2010-04-24 19:42 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-12-26 2935480]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-03 3882312]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-30 18082304]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-29 75136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2008-10-09 688128]
"AutoLockOpenChm"="c:\program files\MSI\EasyFace Logon\AutoLock\OpenChmAp.exe" [2008-10-16 51712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-16 141608]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\System Control Manager\\MGSysCtrl.exe"=
"c:\\Program Files\\MSI\\EasyFace Logon\\autolock\\OpenChmAp.exe"=
"c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosBtMng.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58902:TCP"= 58902:TCP:Pando Media Booster
"58902:UDP"= 58902:UDP:Pando Media Booster
"1032:TCP"= 1032:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/24/2010 2:42 PM 64288]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [3/4/2009 5:15 PM 14336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1265264]
R2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [3/4/2009 7:47 PM 159744]
R3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\drivers\RLVrtAuCbl.sys [3/4/2009 7:54 PM 31616]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [3/4/2009 7:29 PM 162816]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
2010-04-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 19:41]
2010-04-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} - hxxp://m1.cdn.gaiaonline.com/plugins/IDMFlash.cab
.
- - - - ORPHANS REMOVED - - - -
BHO-{0d914044-8d03-4edf-a4ef-45cf53505953} - wibotelo.dll
HKLM-Run-wemikejahu - rurisugo.dll
HKLM-Run-rasuwejey - c:\windows\system32\hoselozu.dll
SharedTaskScheduler-{027b552c-d32b-4add-8520-5787933badf4} - c:\windows\system32\dipagowe.dll
SharedTaskScheduler-{91a76196-9af0-4c52-9b06-bc0bb58cc20b} - c:\windows\system32\feyujafi.dll
SharedTaskScheduler-{a0abfb62-b53e-44b5-84cc-784a58932a36} - c:\windows\system32\hoselozu.dll
SSODL-witeruwat-{027b552c-d32b-4add-8520-5787933badf4} - c:\windows\system32\dipagowe.dll
SSODL-zomuhojis-{91a76196-9af0-4c52-9b06-bc0bb58cc20b} - c:\windows\system32\feyujafi.dll
SSODL-fuzikegik-{a0abfb62-b53e-44b5-84cc-784a58932a36} - c:\windows\system32\hoselozu.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-29 18:04
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3868)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\Rundll32.exe
c:\windows\system32\Rundll32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2010-04-29 18:08:02 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-29 23:07
Pre-Run: 21,597,184,000 bytes free
Post-Run: 22,020,251,648 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 3193109C9E1B35A74F03444DD6FD2D40
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/10/2009 7:57:30 AM
System Uptime: 4/30/2010 9:28:34 AM (0 hours ago)
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | U-100
Processor: Intel(R) Atom(TM) CPU N280 @ 1.66GHz | CPU 1 | 1666/667mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 39 GiB total, 20.453 GiB free.
D: is FIXED (NTFS) - 106 GiB total, 105.98 GiB free.
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP8: 1/30/2010 3:31:40 PM - Software Distribution Service 3.0
RP9: 1/31/2010 2:28:58 PM - Software Distribution Service 3.0
RP10: 2/21/2010 5:27:17 PM - Software Distribution Service 3.0
RP11: 3/2/2010 4:44:00 PM - Software Distribution Service 3.0
RP12: 3/10/2010 3:58:18 PM - Software Distribution Service 3.0
RP13: 3/11/2010 9:16:25 PM - Software Distribution Service 3.0
RP14: 3/12/2010 5:46:48 PM - Software Distribution Service 3.0
RP15: 3/12/2010 6:54:32 PM - Installed iTunes
RP16: 3/14/2010 6:47:13 PM - System Checkpoint
RP17: 3/24/2010 9:13:07 PM - System Checkpoint
RP18: 3/31/2010 4:17:45 PM - Software Distribution Service 3.0
RP19: 4/24/2010 4:44:38 PM - System Checkpoint
RP20: 4/25/2010 8:02:11 PM - System Checkpoint
RP21: 4/28/2010 7:19:24 PM - System Checkpoint
RP22: 4/29/2010 6:05:26 PM - Software Distribution Service 3.0
RP23: 4/30/2010 9:27:00 AM - Software Distribution Service 3.0
==== Installed Programs ======================
2007 Microsoft Office system
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe Flash Player 10 ActiveX
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.2
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bluetooth Stack for Windows by Toshiba
Bonjour
BurnRecovery
Choice Guard
CrazyTalk Cam Suite
EasyFace Logon
ERUNT 1.1j
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Intel(R) Graphics Media Accelerator Driver
iTunes
Junk Mail filter update
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MSVCRT
Pando Media Booster
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Segoe UI
Solstice
System Control Manager
Ulead Burn.Now 4.5
Ulead Burn.Now 4.5 SE
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Office 2007 (KB934528)
Update for Office System 2007 Setup (KB929722)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB2.0 Card Reader Software
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Driver Package - Atheros (AR5416) Net (09/18/2008 7.6.1.149)
Windows Driver Package - Realtek (rtl8187Se) Net (08/22/2008 5.9071.0822.2008)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
==== Event Viewer Messages From Past Week ========
4/29/2010 7:35:40 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
4/29/2010 7:01:43 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.
4/29/2010 5:54:55 PM, error: Service Control Manager [7034] - The Micro Star SCM service terminated unexpectedly. It has done this 1 time(s).
4/28/2010 9:01:39 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the PolicyAgent service.
4/28/2010 7:03:40 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
4/24/2010 3:02:13 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
4/24/2010 3:02:13 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
==== End Of File ===========================
DDS (Ver_10-03-17.01) - NTFSx86
Run by Sahara Burroughs at 9:37:52.28 on Fri 04/30/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.462 [GMT -5:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\System Control Manager\MSIService.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\MSI\EasyFace Logon\AutoLock\OpenChmAp.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\Sahara Burroughs\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [MGSysCtrl] c:\program files\system control manager\MGSysCtrl.exe
mRun: [AutoLockOpenChm] c:\program files\msi\easyface logon\autolock\OpenChmAp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} - hxxp://m1.cdn.gaiaonline.com/plugins/IDMFlash.cab
Notify: igfxcui - igfxdev.dll
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-4-24 64288]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-3-4 14336]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-4 55136]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1265264]
R2 Micro Star SCM;Micro Star SCM;c:\program files\system control manager\MSIService.exe [2009-3-4 159744]
R3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\drivers\RLVrtAuCbl.sys [2009-3-4 31616]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-3-4 162816]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2008-12-8 533344]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
=============== Created Last 30 ================
2010-04-29 22:54:02 0 d-sha-r- C:\cmdcons
2010-04-29 22:53:09 98816 ----a-w- c:\windows\sed.exe
2010-04-29 22:53:09 77312 ----a-w- c:\windows\MBR.exe
2010-04-29 22:53:09 256512 ----a-w- c:\windows\PEV.exe
2010-04-29 22:53:09 161792 ----a-w- c:\windows\SWREG.exe
2010-04-24 20:21:43 0 d-----w- c:\program files\Trend Micro
2010-04-24 20:02:15 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-24 19:42:17 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-04-24 19:42:12 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-24 19:40:20 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-24 19:40:06 0 d-----w- c:\program files\Lavasoft
2010-04-21 00:55:10 0 d-----w- c:\program files\scdata
==================== Find3M ====================
2010-03-15 22:17:20 55984 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-11 12:38:54 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38:51 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2009-03-05 02:27:16 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2009-12-10 13:53:02 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009121020091211\index.dat
============= FINISH: 9:38:16.42 ===============
Hi again,
Uninstall old Adobe Reader versions and get the latest one (9.3 + update 9.3.2) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).
Uninstall vulnerable Flash versions by following instructions here (http://kb2.adobe.com/cps/141/tn_14157.html). Fresh version can be obtained here (http://get.adobe.com/flashplayer/).
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Tick the box next to YES, I accept the Terms of Use.
Click Start
Make sure that the option Remove found threats is UNchecked.
Click Scan
Wait for the scan to finish
Copy and paste the log as a reply to this topic, along with a new dds log & a description of any remaining problems
Hi,
Do you still need help?
Due to inactivity, this thread will now be closed.
Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.