Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Internet 2010 has got me too


Recommended Posts

Hi, first time doing this and I'm not an expert so hopefully I covered what you are looking for. I have downloaded several programs that have kept internet security 2010 at bay but I am certain it is still active in my computer. It will not let me install your program, I've tried renaming, using seperate folders, hijack this, and a myriad of other self help stuff you have listed in the forum. I found an adware/anti virus program that at least can eliminate the symptoms so my computer will run but it constantly brings up info that the program is still trying to take over. I'd love your help to remove this sucker for good. thx in advance if you can do anything.

posted below is dds and I will hopefully have zipped the attach and ark files correctly.

DDS (Ver_09-12-01.01) - NTFSx86

Run by Owner at 15:14:22.64 on Wed 01/13/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.329 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Opera\opera.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\rundll32.exe

C:\Documents and Settings\Owner\My Documents\mal\yjj1opew.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Owner\My Documents\mal\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076

mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60076

mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60076

uURLSearchHooks: N/A: {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\ctbr.dll

BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\ctbr.dll

TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\ctbr.dll

TB: {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File

uRun: [spywareTerminatorUpdate] "c:\program files\spyware terminator\SpywareTerminatorUpdate.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [spywareTerminator] "c:\program files\spyware terminator\SpywareTerminatorShield.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [kukilevam] Rundll32.exe "c:\windows\system32\suziwavi.dll",a

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)

uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)

dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

dPolicies-system: DisableTaskMgr = 1 (0x1)

IE: Crawler Search - tbr:iemenu

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

TCP: {73D222CD-EF58-41B0-AE4C-291599C09EBE} = 193.104.110.38,4.2.2.1,24.197.97.137 24.197.97.135

Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\ctbr.dll

AppInit_DLLs: rufalube.dll c:\windows\system32\bipemuya.dll c:\windows\system32\jugihiju.dll c:\windows\system32\hahunona.dll c:\windows\system32\sepewiye.dll c:\windows\system32\wakutowo.dll c:\windows\system32\dabilili.dll c:\windows\system32\najuwifi.dll c:\windows\system32\kuzepobo.dll c:\windows\system32\sesuwive.dll c:\windows\system32\pukirohu.dll c:\windows\system32\gimalija.dll c:\windows\system32\yujedefe.dll c:\windows\system32\suziwavi.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SSODL: kolopivat - {bf8f4e63-4f30-4f0c-8ab5-4878be3ca409} - c:\windows\system32\didirose.dll

SSODL: tihigedem - {91a453aa-8974-4c80-8ac2-3083111e39e4} - c:\windows\system32\kuwihefa.dll

SSODL: lusimivak - {d77a793f-da0d-4946-a2b8-5089fb202ef3} - c:\windows\system32\darezolu.dll

SSODL: bajalugur - {5c0e107d-d6f9-48d3-9013-199868fbf623} - c:\windows\system32\hetasegu.dll

SSODL: fuvarapur - {f597fa42-7cb1-4c3c-92b1-61829357faab} - c:\windows\system32\gimalija.dll

SSODL: kadidefed - {aac02796-34ba-483d-9753-25aba431bc85} - c:\windows\system32\gimalija.dll

SSODL: fidulafuj - {9faf67a6-09cd-463e-ae09-d28ca560973d} - c:\windows\system32\dabilili.dll

SSODL: felosebuy - {7a96105a-f44e-4f41-9906-a117f9466142} - c:\windows\system32\suziwavi.dll

STS: jugezatag: {bf8f4e63-4f30-4f0c-8ab5-4878be3ca409} - c:\windows\system32\didirose.dll

STS: gahurihor: {91a453aa-8974-4c80-8ac2-3083111e39e4} - c:\windows\system32\kuwihefa.dll

STS: kupuhivus: {d77a793f-da0d-4946-a2b8-5089fb202ef3} - c:\windows\system32\darezolu.dll

STS: tokatiluy: {5c0e107d-d6f9-48d3-9013-199868fbf623} - c:\windows\system32\hetasegu.dll

STS: kupuhivus: {f597fa42-7cb1-4c3c-92b1-61829357faab} - c:\windows\system32\gimalija.dll

STS: tokatiluy: {aac02796-34ba-483d-9753-25aba431bc85} - c:\windows\system32\gimalija.dll

STS: gahurihor: {9faf67a6-09cd-463e-ae09-d28ca560973d} - c:\windows\system32\dabilili.dll

STS: mujuzedij: {7a96105a-f44e-4f41-9906-a117f9466142} - c:\windows\system32\suziwavi.dll

LSA: Notification Packages = scecli jazuzulo.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\yacvvs6i.default\

FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-12-26 142592]

R2 ntk_dtv;ntk_dtv;c:\program files\directv\directv\kernel\dmp\ntk_dtv.sys [2009-3-2 72688]

S1 zjugyzfi;zjugyzfi;\??\c:\windows\system32\drivers\zjugyzfi.sys --> c:\windows\system32\drivers\zjugyzfi.sys [?]

S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2008-6-7 20160]

S4 CLDTVHNService;CLDTVHNService;c:\program files\directv\directv\kernel\dmp\CLDTVHNService.exe [2009-3-2 72736]

=============== Created Last 30 ================

2010-01-13 19:49:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-13 19:49:28 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-26 05:51:31 0 d-----w- c:\program files\WinClamAVShield

2009-12-26 05:41:49 0 d-----w- c:\program files\Crawler

2009-12-26 05:24:52 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys

2009-12-26 05:24:49 0 d-----w- c:\docume~1\owner\applic~1\Spyware Terminator

2009-12-26 05:24:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Spyware Terminator

2009-12-26 05:24:27 0 d-----w- c:\program files\Spyware Terminator

2009-12-20 20:27:37 0 ----a-w- c:\windows\system32\winhelper86.dll

2009-12-20 20:27:37 0 ----a-w- c:\windows\system32\AVR10.exe

2009-12-20 20:27:11 22016 --sha-w- c:\windows\system32\winlogon86.exe

2009-12-20 20:27:07 22016 --sha-w- c:\windows\system32\winupdate86.exe

2009-12-19 11:26:20 2713 --sh--w- c:\windows\system32\rotomemu.dll

2009-12-19 11:26:02 2713 --sh--w- c:\windows\system32\zohifosu.exe

2009-12-19 11:26:02 2713 --sh--w- c:\windows\system32\vegewowo.exe

2009-12-19 11:26:02 2713 --sh--w- c:\windows\system32\jahimaga.dll

2009-12-19 11:26:02 2713 --sh--w- c:\windows\system32\diziteba.dll

2009-12-15 00:18:31 2713 --sh--w- c:\windows\system32\wumoyuvo.dll

2009-12-15 00:18:17 2713 --sh--w- c:\windows\system32\zodetego.exe

2009-12-15 00:18:17 2713 --sh--w- c:\windows\system32\sufokiyu.exe

2009-12-15 00:18:17 2713 --sh--w- c:\windows\system32\mupafeve.dll

2009-12-15 00:18:17 2713 --sh--w- c:\windows\system32\hejapive.dll

2009-12-14 21:43:36 195456 ------w- c:\windows\system32\MpSigStub.exe

2009-12-14 21:37:48 591632 ------w- c:\windows\system32\WinSSWebAgent.dll

==================== Find3M ====================

2009-12-15 00:10:37 5516 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-12-15 00:10:37 3428 --sha-w- c:\windows\system32\drivers\fidbox2.idx

2009-12-15 00:10:37 331552 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-12-15 00:10:37 25376 --sha-w- c:\windows\system32\drivers\fidbox2.dat

2009-12-13 21:28:42 0 ----a-w- c:\documents and settings\owner\settings.dat

2009-12-12 12:16:54 2713 --sh--w- c:\windows\system32\vepisegi.dll

2009-12-12 12:16:45 2713 --sh--w- c:\windows\system32\zivohoji.exe

2009-12-12 12:16:45 2713 --sh--w- c:\windows\system32\vukinave.exe

2009-12-12 12:16:45 2713 --sh--w- c:\windows\system32\nijezigo.dll

2009-12-12 12:16:45 2713 --sh--w- c:\windows\system32\gefatedo.dll

2009-12-10 12:16:12 2713 --sh--w- c:\windows\system32\zomopefi.dll

2009-12-10 12:16:00 2713 --sh--w- c:\windows\system32\wufewoga.exe

2009-12-10 12:16:00 2713 --sh--w- c:\windows\system32\veligeta.dll

2009-12-10 12:16:00 2713 --sh--w- c:\windows\system32\romopifo.dll

2009-12-10 12:16:00 2713 --sh--w- c:\windows\system32\putevama.exe

2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll

2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-08-23 23:52:20 54134 ----a-w- c:\program files\INSTALL.LOG

1601-01-01 00:03:28 92160 --sha-w- c:\windows\system32\bidafave.dll

1601-01-01 00:03:28 38912 --sha-w- c:\windows\system32\bomafisa.dll

2009-09-25 02:34:46 3 --sha-w- c:\windows\system32\bonafuwu.dll

2009-09-12 00:15:47 45568 --sha-w- c:\windows\system32\bujefazi.dll

2009-09-11 00:15:26 3 --sha-w- c:\windows\system32\bularigi.dll

2009-09-13 12:16:36 3 --sha-w- c:\windows\system32\dahowoze.dll

1601-01-01 00:03:28 38912 --sha-w- c:\windows\system32\depipeta.dll

2009-09-17 20:22:46 45568 --sha-w- c:\windows\system32\devibifa.dll

2009-09-28 04:37:31 3 --sha-w- c:\windows\system32\dimegavu.dll

2009-09-10 00:14:47 3 --sha-w- c:\windows\system32\dineloku.dll

2009-09-29 16:38:19 3 --sha-w- c:\windows\system32\dizokusu.dll

1601-01-01 00:03:28 39424 --sha-w- c:\windows\system32\doboguli.dll

2009-09-30 16:38:54 45568 --sha-w- c:\windows\system32\dojisiru.dll

1601-01-01 00:03:28 39424 --sha-w- c:\windows\system32\dunusoze.dll

2009-09-28 04:37:31 3 --sha-w- c:\windows\system32\fahulizi.dll

2009-09-08 21:14:19 91648 --sha-w- c:\windows\system32\fawazife.dll

2009-09-30 04:38:32 3 --sha-w- c:\windows\system32\fazonevu.dll

2009-09-24 02:34:21 3 --sha-w- c:\windows\system32\fipihuwe.dll

2009-09-27 04:36:52 3 --sha-w- c:\windows\system32\fiyulake.dll

2009-09-30 16:38:54 61440 --sha-w- c:\windows\system32\fubikulo.dll

2009-09-24 02:34:21 3 --sha-w- c:\windows\system32\gadalatu.dll

2009-09-10 00:14:47 3 --sha-w- c:\windows\system32\gahetula.dll

1601-01-01 00:03:28 38912 --sha-w- c:\windows\system32\gakejefu.dll

2009-09-24 14:34:39 3 --sha-w- c:\windows\system32\gehekije.dll

2009-09-11 12:15:39 45568 --sha-w- c:\windows\system32\geniweji.dll

2009-09-09 09:14:19 52736 --sha-w- c:\windows\system32\getoguko.dll

2009-09-29 04:38:02 3 --sha-w- c:\windows\system32\girubuko.dll

1601-01-01 00:03:28 39424 --sha-w- c:\windows\system32\giwayate.dll

1601-01-01 00:03:28 38912 --sha-w- c:\windows\system32\giyoyako.dll

2009-09-18 23:24:46 45568 --sha-w- c:\windows\system32\gomozulo.dll

2009-09-30 04:38:32 3 --sha-w- c:\windows\system32\gozetabo.dll

2009-09-17 20:22:46 3 --sha-w- c:\windows\system32\gukerise.dll

2009-09-09 09:14:19 38912 --sha-w- c:\windows\system32\habamahu.dll

2009-09-18 23:24:46 3 --sha-w- c:\windows\system32\halegulu.dll

2009-09-27 04:36:50 3 --sha-w- c:\windows\system32\hasijale.dll

2009-09-24 14:34:38 45568 --sha-w- c:\windows\system32\hepofogo.dll

1601-01-01 00:03:28 39424 --sha-w- c:\windows\system32\hifakimu.dll

2009-09-29 04:38:02 3 --sha-w- c:\windows\system32\higiripe.dll

2009-09-26 16:36:53 3 --sha-w- c:\windows\system32\hilozepi.dll

1601-01-01 00:03:28 38912 --sha-w- c:\windows\system32\hobulehi.dll

2009-09-19 23:25:34 3 --sha-w- c:\windows\system32\hosaloyu.dll

1601-01-01 00:03:28 38912 --sha-w- c:\windows\system32\hozevevo.dll

2009-09-19 23:25:34 3 --sha-w- c:\windows\system32\hufiwado.dll

2009-09-13 12:16:35 35328 --sha-w- c:\windows\system32\jakibise.exe

2009-09-09 09:14:22 52736 --sha-w- c:\windows\system32\jazuzulo.dll

1601-01-01 00:03:28 39936 --sha-w- c:\windows\system32\jejewogu.dll

2009-09-20 20:26:47 45568 --sha-w- c:\windows\system32\jepigebu.dll

1601-01-01 00:03:28 39424 --sha-w- c:\windows\system32\jewanesa.dll

2009-09-18 23:24:46 3 --sha-w- c:\windows\system32\jotewupo.dll

1601-01-01 00:03:28 38912 --sha-w- c:\windows\system32\juhodamo.dll

2009-09-11 12:15:40 3 --sha-w- c:\windows\system32\kaputigu.dll

2009-09-29 16:38:19 45568 --sha-w- c:\windows\system32\kenoriro.dll

2009-09-18 23:24:47 34816 --sha-w- c:\windows\system32\kihipudo.dll

2009-09-21 23:29:09 3 --sha-w- c:\windows\system32\koyegepa.dll

2009-09-14 12:17:11 3 --sha-w- c:\windows\system32\kupuruzi.dll

2009-09-16 14:20:36 3 --sha-w- c:\windows\system32\lafifefo.dll

2009-09-20 20:26:46 3 --sha-w- c:\windows\system32\ludonanu.dll

2009-09-26 04:36:46 47104 --sha-w- c:\windows\system32\lusaporu.dll

2009-09-26 16:36:53 3 --sha-w- c:\windows\system32\mayonibe.dll

2009-09-26 04:36:46 45568 --sha-w- c:\windows\system32\meyiveho.dll

2009-09-21 23:29:10 3 --sha-w- c:\windows\system32\mofavagu.dll

2009-09-28 04:37:31 45568 --sha-w- c:\windows\system32\mukoyila.dll

2009-09-30 16:38:54 38912 --sha-w- c:\windows\system32\mupofobe.dll

2009-09-08 21:14:19 52736 --sha-w- c:\windows\system32\nabitepo.dll

2009-09-26 04:36:46 22016 --sha-w- c:\windows\system32\nasemoho.exe

2009-09-09 09:14:22 52736 --sha-w- c:\windows\system32\nidovofu.dll

1601-01-01 00:03:28 38912 --sha-w- c:\windows\system32\nosesunu.dll

2009-09-13 00:16:12 3 --sha-w- c:\windows\system32\nubukege.dll

2009-09-14 12:17:11 3 --sha-w- c:\windows\system32\paviviwa.dll

2009-09-29 16:38:19 3 --sha-w- c:\windows\system32\pepomiyo.dll

2009-09-14 12:17:11 45568 --sha-w- c:\windows\system32\piyuniha.dll

2009-09-13 12:16:35 3 --sha-w- c:\windows\system32\pobirili.dll

2009-09-27 16:37:11 3 --sha-w- c:\windows\system32\pokumala.dll

1601-01-01 00:03:28 38912 --sha-w- c:\windows\system32\puyikeje.dll

2009-09-28 16:37:49 3 --sha-w- c:\windows\system32\rahozaye.dll

2009-09-26 04:36:46 3 --sha-w- c:\windows\system32\rajesone.dll

2009-09-24 02:34:21 45568 --sha-w- c:\windows\system32\rajobife.dll

1601-01-01 00:03:28 39424 --sha-w- c:\windows\system32\ramivufo.dll

1601-01-01 00:03:28 39424 --sha-w- c:\windows\system32\rujopoba.dll

1601-01-01 00:03:28 39424 --sha-w- c:\windows\system32\runemuju.dll

2009-09-12 00:15:47 3 --sha-w- c:\windows\system32\sapeyeza.dll

1601-01-01 00:03:28 38912 --sha-w- c:\windows\system32\sayuliwa.dll

2009-09-27 16:37:11 45568 --sha-w- c:\windows\system32\sizebodi.dll

1601-01-01 00:03:28 92160 --sha-w- c:\windows\system32\suziwavi.dll

2009-09-25 02:34:46 3 --sha-w- c:\windows\system32\suzobezu.dll

2009-09-16 14:20:36 3 --sha-w- c:\windows\system32\tadozolu.dll

1601-01-01 00:03:28 38912 --sha-w- c:\windows\system32\tayajizo.dll

2009-09-28 16:37:48 3 --sha-w- c:\windows\system32\tijamuse.dll

2009-09-20 20:26:46 31232 --sha-w- c:\windows\system32\tipenuno.exe

2009-09-17 20:22:46 3 --sha-w- c:\windows\system32\tizijore.dll

2009-09-11 12:15:39 3 --sha-w- c:\windows\system32\togavila.dll

2009-09-27 16:37:11 3 --sha-w- c:\windows\system32\vejorafa.dll

1601-01-01 00:03:28 39936 --sha-w- c:\windows\system32\vewelehu.dll

2009-09-14 00:16:54 3 --sha-w- c:\windows\system32\vihefowe.dll

2009-09-13 00:16:12 3 --sha-w- c:\windows\system32\vobilizo.dll

2009-09-08 21:14:19 39424 --sha-w- c:\windows\system32\vokovafo.dll

2009-09-12 00:15:47 52224 --sha-w- c:\windows\system32\vopulife.dll

2009-09-26 04:36:46 22016 --sha-w- c:\windows\system32\winlogon86.exe

2009-09-26 04:36:46 22016 --sha-w- c:\windows\system32\winupdate86.exe

2009-09-11 00:15:26 3 --sha-w- c:\windows\system32\wopoliro.dll

2009-09-28 16:37:48 45568 --sha-w- c:\windows\system32\wopuyajo.dll

2009-09-14 00:16:54 3 --sha-w- c:\windows\system32\wukojohe.dll

1601-01-01 00:03:28 38912 --sha-w- c:\windows\system32\wupebege.dll

1601-01-01 00:03:28 38912 --sha-w- c:\windows\system32\yakozake.dll

2009-09-24 14:34:39 3 --sha-w- c:\windows\system32\yibomosu.dll

1601-01-01 00:03:28 39424 --sha-w- c:\windows\system32\yitewovi.dll

1601-01-01 00:03:28 92672 --sha-w- c:\windows\system32\yopidigo.dll

1601-01-01 00:03:28 39424 --sha-w- c:\windows\system32\zagitiza.dll

2009-09-26 04:36:47 3 --sha-w- c:\windows\system32\zaluselo.dll

1601-01-01 00:03:28 38912 --sha-w- c:\windows\system32\zazukazi.dll

2009-09-13 12:16:36 45568 --sha-w- c:\windows\system32\zekekodu.dll

1601-01-01 00:03:28 38912 --sha-w- c:\windows\system32\zemugoku.dll

1601-01-01 00:03:28 93184 --sha-w- c:\windows\system32\zilalope.dll

2009-09-27 04:36:51 45568 --sha-w- c:\windows\system32\zodezaru.dll

1601-01-01 00:03:28 38400 --sha-w- c:\windows\system32\zolosuwu.dll

2009-09-12 00:15:47 3 --sha-w- c:\windows\system32\zonolayu.dll

2009-09-20 20:26:48 3 --sha-w- c:\windows\system32\zusemubi.dll

============= FINISH: 15:15:10.92 ===============

Link to post
Share on other sites

  • Staff

Hi,

Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.

Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.

So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

Please try this version of malwarebytes: Click the link here

Save it on your desktop. You'll see it will have a random name, and will look similar like this: mbamrandom.jpg

Doubleclick on it, so it will extract the files and will start Malwarebytes automatically.

In case the installer (random named file) won't run either, rename it to EXPLORER.EXE and try again.

When Malwarebytes opens, click the "Update" tab FIRST and select to check for updates in order to get the latest updates.

In case Malwarebytes doesn't open, search for the folder mbam-installer on your desktop, open it and doubleclick the file winlogon.exe which will be present in there. This should launch Malwarebytes.

Then perform a scan and let it remove what it found. Reboot afterwards (important).

After reboot, post the malwarebytes log together with a new HijackThislog.

In case you're having problems with above instructions, let me know.

Link to post
Share on other sites

Hi,

Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.

Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.

So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

Please try this version of malwarebytes: Click the link here

Save it on your desktop. You'll see it will have a random name, and will look similar like this: mbamrandom.jpg

Doubleclick on it, so it will extract the files and will start Malwarebytes automatically.

In case the installer (random named file) won't run either, rename it to EXPLORER.EXE and try again.

When Malwarebytes opens, click the "Update" tab FIRST and select to check for updates in order to get the latest updates.

In case Malwarebytes doesn't open, search for the folder mbam-installer on your desktop, open it and doubleclick the file winlogon.exe which will be present in there. This should launch Malwarebytes.

Then perform a scan and let it remove what it found. Reboot afterwards (important).

After reboot, post the malwarebytes log together with a new HijackThislog.

In case you're having problems with above instructions, let me know.

When doing this it said it could not create the winlogon.exe but then I did the search as suggested, found the exe and double clicked it, then it gave me a 730 0,0 error.

Link to post
Share on other sites

  • Staff

Ok,

Let's do something different...

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

Link to post
Share on other sites

Ok,

Let's do something different...

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

ComboFix 10-01-15.01 - Owner 01/15/2010 16:41:01.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.284 [GMT -5:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: Spyware Terminator *On-access scanning enabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\gimalija.dll

.

---- Previous Run -------

.

c:\windows\system32\gimalija.dll

.

((((((((((((((((((((((((( Files Created from 2009-12-15 to 2010-01-15 )))))))))))))))))))))))))))))))

.

2010-01-13 19:49 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-13 19:49 . 2009-12-03 21:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-26 05:51 . 2010-01-15 09:38 -------- d-----w- c:\program files\WinClamAVShield

2009-12-26 05:41 . 2010-01-15 19:40 -------- d-----w- c:\program files\Crawler

2009-12-26 05:24 . 2009-12-26 05:24 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe

2009-12-26 05:24 . 2009-12-26 05:24 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys

2009-12-26 05:24 . 2009-12-26 05:24 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys

2009-12-26 05:24 . 2010-01-12 23:14 -------- d-----w- c:\documents and settings\Owner\Application Data\Spyware Terminator

2009-12-26 05:24 . 2010-01-15 09:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator

2009-12-26 05:24 . 2010-01-15 21:39 -------- d-----w- c:\program files\Spyware Terminator

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-15 17:29 . 2008-06-07 22:35 -------- d-----w- c:\documents and settings\Owner\Application Data\Ahead

2010-01-13 19:51 . 2009-12-10 03:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-13 11:01 . 2008-08-27 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-12-26 05:29 . 2009-05-06 22:28 -------- d-----w- c:\program files\Coupons

2009-12-18 22:40 . 2009-11-22 23:21 -------- d-----w- c:\program files\PokerStars.NET

2009-12-16 02:33 . 2009-10-09 02:26 -------- d-----w- c:\program files\UltimateBet

2009-12-15 02:10 . 2009-12-15 02:10 0 ----a-w- c:\windows\nsreg.dat

2009-12-15 00:10 . 2009-12-14 04:03 5516 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-12-15 00:10 . 2009-12-14 04:03 3428 --sha-w- c:\windows\system32\drivers\fidbox2.idx

2009-12-15 00:10 . 2009-12-14 04:03 331552 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-12-15 00:10 . 2009-12-14 04:03 25376 --sha-w- c:\windows\system32\drivers\fidbox2.dat

2009-12-14 04:23 . 2009-12-14 03:40 -------- d-----w- c:\program files\Common Files\ParetoLogic

2009-12-14 04:23 . 2009-12-14 03:40 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic

2009-12-14 04:06 . 2009-12-14 04:06 125952 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe

2009-12-13 21:28 . 2009-12-13 21:28 0 ----a-w- c:\documents and settings\Owner\settings.dat

2009-12-10 05:22 . 2009-12-10 05:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage

2009-12-10 05:22 . 2009-12-10 05:22 -------- d-----w- c:\documents and settings\Owner\Application Data\Office Genuine Advantage

2009-12-10 04:59 . 2009-12-10 04:59 -------- d-----w- c:\program files\Trend Micro

2009-12-10 04:09 . 2009-12-10 03:39 -------- d-----w- c:\program files\Windows Live Safety Center

2009-12-10 04:03 . 2009-12-10 04:03 -------- d-----w- c:\documents and settings\Owner\Application Data\MalwareRemovalBot

2009-12-10 03:35 . 2008-08-27 00:48 27144 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-12-10 03:21 . 2008-06-08 01:23 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer

2009-12-10 03:14 . 2008-08-27 00:11 -------- d-----w- c:\program files\Microsoft Works

2009-12-10 02:19 . 2009-12-10 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2009-12-10 02:18 . 2009-12-10 02:18 -------- d-----w- c:\program files\Opera

2009-12-10 01:41 . 2008-06-07 22:28 -------- d-----w- c:\program files\AVG

2009-11-21 15:51 . 2008-03-26 14:57 471552 ----a-w- c:\windows\AppPatch\aclayers.dll

2009-11-03 01:42 . 2009-12-14 21:43 195456 ------w- c:\windows\system32\MpSigStub.exe

2009-10-29 07:45 . 2008-03-26 15:02 916480 ----a-w- c:\windows\system32\wininet.dll

2009-10-21 05:38 . 2008-03-26 14:59 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-21 05:38 . 2007-07-27 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-20 16:20 . 2008-03-26 14:59 265728 ----a-w- c:\windows\system32\drivers\http.sys

1601-01-01 00:03 . 1601-01-01 00:03 92160 --sha-w- c:\windows\system32\bidafave.dll

2009-09-25 02:34 . 2009-09-25 02:34 3 --sha-w- c:\windows\system32\bonafuwu.dll

2009-09-11 00:15 . 2009-09-11 00:15 3 --sha-w- c:\windows\system32\bularigi.dll

2009-09-13 12:16 . 2009-09-13 12:16 3 --sha-w- c:\windows\system32\dahowoze.dll

2009-09-17 20:22 . 2009-09-17 20:22 45568 --sha-w- c:\windows\system32\devibifa.dll

2009-09-28 04:37 . 2009-09-28 04:37 3 --sha-w- c:\windows\system32\dimegavu.dll

2009-09-10 00:14 . 2009-09-10 00:14 3 --sha-w- c:\windows\system32\dineloku.dll

2009-09-29 16:38 . 2009-09-29 16:38 3 --sha-w- c:\windows\system32\dizokusu.dll

2009-09-28 04:37 . 2009-09-28 04:37 3 --sha-w- c:\windows\system32\fahulizi.dll

2009-09-30 04:38 . 2009-09-30 04:38 3 --sha-w- c:\windows\system32\fazonevu.dll

2009-09-24 02:34 . 2009-09-24 02:34 3 --sha-w- c:\windows\system32\fipihuwe.dll

2009-09-27 04:36 . 2009-09-27 04:36 3 --sha-w- c:\windows\system32\fiyulake.dll

2009-09-24 02:34 . 2009-09-24 02:34 3 --sha-w- c:\windows\system32\gadalatu.dll

2009-09-10 00:14 . 2009-09-10 00:14 3 --sha-w- c:\windows\system32\gahetula.dll

2009-09-24 14:34 . 2009-09-24 14:34 3 --sha-w- c:\windows\system32\gehekije.dll

2009-09-29 04:38 . 2009-09-29 04:38 3 --sha-w- c:\windows\system32\girubuko.dll

2009-09-30 04:38 . 2009-09-30 04:38 3 --sha-w- c:\windows\system32\gozetabo.dll

2009-09-17 20:22 . 2009-09-17 20:22 3 --sha-w- c:\windows\system32\gukerise.dll

2009-09-18 23:24 . 2009-09-18 23:24 3 --sha-w- c:\windows\system32\halegulu.dll

2009-09-27 04:36 . 2009-09-27 04:36 3 --sha-w- c:\windows\system32\hasijale.dll

2009-09-29 04:38 . 2009-09-29 04:38 3 --sha-w- c:\windows\system32\higiripe.dll

2009-09-26 16:36 . 2009-09-26 16:36 3 --sha-w- c:\windows\system32\hilozepi.dll

2009-09-19 23:25 . 2009-09-19 23:25 3 --sha-w- c:\windows\system32\hosaloyu.dll

2009-09-19 23:25 . 2009-09-19 23:25 3 --sha-w- c:\windows\system32\hufiwado.dll

2009-09-18 23:24 . 2009-09-18 23:24 3 --sha-w- c:\windows\system32\jotewupo.dll

2009-09-11 12:15 . 2009-09-11 12:15 3 --sha-w- c:\windows\system32\kaputigu.dll

2009-09-21 23:29 . 2009-09-21 23:29 3 --sha-w- c:\windows\system32\koyegepa.dll

2009-09-14 12:17 . 2009-09-14 12:17 3 --sha-w- c:\windows\system32\kupuruzi.dll

2009-09-16 14:20 . 2009-09-16 14:20 3 --sha-w- c:\windows\system32\lafifefo.dll

2009-09-20 20:26 . 2009-09-20 20:26 3 --sha-w- c:\windows\system32\ludonanu.dll

2009-09-26 16:36 . 2009-09-26 16:36 3 --sha-w- c:\windows\system32\mayonibe.dll

2009-09-21 23:29 . 2009-09-21 23:29 3 --sha-w- c:\windows\system32\mofavagu.dll

2009-09-26 04:36 . 2009-09-26 04:36 22016 --sha-w- c:\windows\system32\nasemoho.exe

2009-09-13 00:16 . 2009-09-13 00:16 3 --sha-w- c:\windows\system32\nubukege.dll

2009-09-14 12:17 . 2009-09-14 12:17 3 --sha-w- c:\windows\system32\paviviwa.dll

2009-09-29 16:38 . 2009-09-29 16:38 3 --sha-w- c:\windows\system32\pepomiyo.dll

2009-09-13 12:16 . 2009-09-13 12:16 3 --sha-w- c:\windows\system32\pobirili.dll

2009-09-27 16:37 . 2009-09-27 16:37 3 --sha-w- c:\windows\system32\pokumala.dll

2009-09-28 16:37 . 2009-09-28 16:37 3 --sha-w- c:\windows\system32\rahozaye.dll

2009-09-26 04:36 . 2009-09-26 04:36 3 --sha-w- c:\windows\system32\rajesone.dll

2009-09-12 00:15 . 2009-09-12 00:15 3 --sha-w- c:\windows\system32\sapeyeza.dll

2009-09-25 02:34 . 2009-09-25 02:34 3 --sha-w- c:\windows\system32\suzobezu.dll

2009-09-16 14:20 . 2009-09-16 14:20 3 --sha-w- c:\windows\system32\tadozolu.dll

2009-09-28 16:37 . 2009-09-28 16:37 3 --sha-w- c:\windows\system32\tijamuse.dll

2009-09-20 20:26 . 2009-09-20 20:26 31232 --sha-w- c:\windows\system32\tipenuno.exe

2009-09-17 20:22 . 2009-09-17 20:22 3 --sha-w- c:\windows\system32\tizijore.dll

2009-09-11 12:15 . 2009-09-11 12:15 3 --sha-w- c:\windows\system32\togavila.dll

2009-09-27 16:37 . 2009-09-27 16:37 3 --sha-w- c:\windows\system32\vejorafa.dll

2009-09-14 00:16 . 2009-09-14 00:16 3 --sha-w- c:\windows\system32\vihefowe.dll

2009-09-13 00:16 . 2009-09-13 00:16 3 --sha-w- c:\windows\system32\vobilizo.dll

2009-09-11 00:15 . 2009-09-11 00:15 3 --sha-w- c:\windows\system32\wopoliro.dll

2009-09-14 00:16 . 2009-09-14 00:16 3 --sha-w- c:\windows\system32\wukojohe.dll

2009-09-24 14:34 . 2009-09-24 14:34 3 --sha-w- c:\windows\system32\yibomosu.dll

1601-01-01 00:03 . 1601-01-01 00:03 92672 --sha-w- c:\windows\system32\yopidigo.dll

2009-09-26 04:36 . 2009-09-26 04:36 3 --sha-w- c:\windows\system32\zaluselo.dll

1601-01-01 00:03 . 1601-01-01 00:03 93184 --sha-w- c:\windows\system32\zilalope.dll

2009-09-12 00:15 . 2009-09-12 00:15 3 --sha-w- c:\windows\system32\zonolayu.dll

2009-09-20 20:26 . 2009-09-20 20:26 3 --sha-w- c:\windows\system32\zusemubi.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-12-26 3037696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-12-26 2166784]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSetActiveDesktop"= 1 (0x1)

"NoActiveDesktopChanges"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\DirecTV\\DirecTV\\DIRECTV2PC.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [12/26/2009 12:24 AM 142592]

R2 ntk_dtv;ntk_dtv;c:\program files\DirecTV\DirecTV\Kernel\DMP\ntk_dtv.sys [3/2/2009 6:55 PM 72688]

S1 zjugyzfi;zjugyzfi;\??\c:\windows\system32\drivers\zjugyzfi.sys --> c:\windows\system32\drivers\zjugyzfi.sys [?]

S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [6/7/2008 7:23 PM 20160]

S4 CLDTVHNService;CLDTVHNService;c:\program files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [3/2/2009 6:55 PM 72736]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-04-19 17:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

2010-01-13 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

2010-01-15 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]

.

.

------- Supplementary Scan -------

.

IE: Crawler Search - tbr:iemenu

TCP: {73D222CD-EF58-41B0-AE4C-291599C09EBE} = 193.104.110.38,4.2.2.1,24.197.97.137 24.197.97.135

Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\yacvvs6i.default\

FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORPHANS REMOVED - - - -

BHO-{82998fa0-8f78-4123-b89f-ff973ebdde67} - nidovofu.dll

HKLM-Run-kukilevam - c:\windows\system32\hazafupe.dll

HKLM-Run-suzuhapevi - jazuzulo.dll

SharedTaskScheduler-{bf8f4e63-4f30-4f0c-8ab5-4878be3ca409} - c:\windows\system32\didirose.dll

SharedTaskScheduler-{91a453aa-8974-4c80-8ac2-3083111e39e4} - c:\windows\system32\kuwihefa.dll

SharedTaskScheduler-{d77a793f-da0d-4946-a2b8-5089fb202ef3} - c:\windows\system32\darezolu.dll

SharedTaskScheduler-{5c0e107d-d6f9-48d3-9013-199868fbf623} - c:\windows\system32\hetasegu.dll

SharedTaskScheduler-{f597fa42-7cb1-4c3c-92b1-61829357faab} - c:\windows\system32\gimalija.dll

SharedTaskScheduler-{aac02796-34ba-483d-9753-25aba431bc85} - c:\windows\system32\gimalija.dll

SharedTaskScheduler-{9faf67a6-09cd-463e-ae09-d28ca560973d} - c:\windows\system32\dabilili.dll

SharedTaskScheduler-{8977c21e-a234-4c36-98da-48bd724cce55} - c:\windows\system32\hazafupe.dll

SSODL-kolopivat-{bf8f4e63-4f30-4f0c-8ab5-4878be3ca409} - c:\windows\system32\didirose.dll

SSODL-tihigedem-{91a453aa-8974-4c80-8ac2-3083111e39e4} - c:\windows\system32\kuwihefa.dll

SSODL-lusimivak-{d77a793f-da0d-4946-a2b8-5089fb202ef3} - c:\windows\system32\darezolu.dll

SSODL-bajalugur-{5c0e107d-d6f9-48d3-9013-199868fbf623} - c:\windows\system32\hetasegu.dll

SSODL-fuvarapur-{f597fa42-7cb1-4c3c-92b1-61829357faab} - c:\windows\system32\gimalija.dll

SSODL-kadidefed-{aac02796-34ba-483d-9753-25aba431bc85} - c:\windows\system32\gimalija.dll

SSODL-fidulafuj-{9faf67a6-09cd-463e-ae09-d28ca560973d} - c:\windows\system32\dabilili.dll

SSODL-bawunerib-{8977c21e-a234-4c36-98da-48bd724cce55} - c:\windows\system32\hazafupe.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-15 16:45

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,55,d5,70,b0,7b,45,f3,4b,b9,9a,39,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,55,d5,70,b0,7b,45,f3,4b,b9,9a,39,\

.

Completion time: 2010-01-15 16:48:17

ComboFix-quarantined-files.txt 2010-01-15 21:48

Pre-Run: 130,134,552,576 bytes free

Post-Run: 130,098,630,656 bytes free

- - End Of File - - 51CDD4536FA47AA036EBE98559203FE7

Link to post
Share on other sites

  • Staff

Hi,

* Open notepad - don't use any other texteditor than notepad or the script will fail.

Copy/paste the text in the quotebox below into notepad:

File::

c:\windows\system32\drivers\zjugyzfi.sys

c:\windows\system32\bidafave.dll

c:\windows\system32\bonafuwu.dll

c:\windows\system32\bularigi.dll

c:\windows\system32\dahowoze.dll

c:\windows\system32\devibifa.dll

c:\windows\system32\dimegavu.dll

c:\windows\system32\dineloku.dll

c:\windows\system32\dizokusu.dll

c:\windows\system32\fahulizi.dll

c:\windows\system32\fazonevu.dll

c:\windows\system32\fipihuwe.dll

c:\windows\system32\fiyulake.dll

c:\windows\system32\gadalatu.dll

c:\windows\system32\gahetula.dll

c:\windows\system32\gehekije.dll

c:\windows\system32\girubuko.dll

c:\windows\system32\gozetabo.dll

c:\windows\system32\gukerise.dll

c:\windows\system32\halegulu.dll

c:\windows\system32\hasijale.dll

c:\windows\system32\higiripe.dll

c:\windows\system32\hilozepi.dll

c:\windows\system32\hosaloyu.dll

c:\windows\system32\hufiwado.dll

c:\windows\system32\jotewupo.dll

c:\windows\system32\kaputigu.dll

c:\windows\system32\koyegepa.dll

c:\windows\system32\kupuruzi.dll

c:\windows\system32\lafifefo.dll

c:\windows\system32\ludonanu.dll

c:\windows\system32\mayonibe.dll

c:\windows\system32\mofavagu.dll

c:\windows\system32\nasemoho.exe

c:\windows\system32\nubukege.dll

c:\windows\system32\paviviwa.dll

c:\windows\system32\pepomiyo.dll

c:\windows\system32\pobirili.dll

c:\windows\system32\pokumala.dll

c:\windows\system32\rahozaye.dll

c:\windows\system32\rajesone.dll

c:\windows\system32\sapeyeza.dll

c:\windows\system32\suzobezu.dll

c:\windows\system32\tadozolu.dll

c:\windows\system32\tijamuse.dll

c:\windows\system32\tipenuno.exe

c:\windows\system32\tizijore.dll

c:\windows\system32\togavila.dll

c:\windows\system32\vejorafa.dll

c:\windows\system32\vihefowe.dll

c:\windows\system32\vobilizo.dll

c:\windows\system32\wopoliro.dll

c:\windows\system32\wukojohe.dll

c:\windows\system32\yibomosu.dll

c:\windows\system32\yopidigo.dll

c:\windows\system32\zaluselo.dll

c:\windows\system32\zilalope.dll

c:\windows\system32\zonolayu.dll

c:\windows\system32\zusemubi.dll

Driver::

zjugyzfi

Registry::

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSetActiveDesktop"=-

"NoActiveDesktopChanges"=-

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScript.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.