Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Virtumonde Infection

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Virtumonde Infection

Unread postby churchmouse » June 7th, 2009, 5:25 pm

Hello,

Spyware doctor keeps finding this infection, but it doesn't seem to be able to get it out. I've had numerous problems and I'm not sure it's all related but here it goes. I.E. is completely disabled and I can't even install a new version of I.E. 8. I'm using firefox. No windows updates, and my computer crashes every few weeks and i can't get online my connection is disabled. I have to limp to system restore and go back a few months in time. Zone Alarm won't open for me, and windows installer keeps trying to install HP desktop drivers. I have to hit control alt delete to make it stop. It's enough to make you crazy. Thank you in advance for any help. Here is my log file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:53:19 PM, on 6/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ErrorRepairTool\ErrorRepairTool.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://accelerator.bellsouth.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 82.98.231.89 url.adtrgt.com
O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {55107032-3184-40e1-a409-8859ce1ffc7e} - C:\WINDOWS\system32\tukibazi.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [000000af] rundll32.exe "C:\WINDOWS\system32\dojiralo.dll",b
O4 - HKLM\..\Run: [hozogipuyu] Rundll32.exe "C:\WINDOWS\system32\zagubura.dll",s
O4 - HKLM\..\Run: [c4a09990] rundll32.exe "C:\WINDOWS\system32\gizuruku.dll",b
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [CPMc793aa0c] Rundll32.exe "c:\windows\system32\zanamalo.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ErrorRepairTool] C:\Program Files\ErrorRepairTool\ErrorRepairTool.exe -boot
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [000000af] rundll32.exe "C:\WINDOWS\system32\dojiralo.dll",b
O4 - HKUS\S-1-5-19\..\Run: [hozogipuyu] Rundll32.exe "C:\WINDOWS\system32\zagubura.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [hozogipuyu] Rundll32.exe "C:\WINDOWS\system32\zagubura.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [hozogipuyu] Rundll32.exe "C:\WINDOWS\system32\telonapi.dll",s (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [hozogipuyu] Rundll32.exe "C:\WINDOWS\system32\telonapi.dll",s (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O14 - IERESET.INF: START_PAGE_URL=http://home.bellsouth.net
O15 - Trusted Zone: http://*.runescape.com
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/sh ... Loader.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... 0.15-3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/be ... eweled.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3313560734
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install ... stallX.CAB
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/fa ... lyfeud.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player ... taller.exe
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://spinpalace.microgaming.com/spin ... lashAX.cab
O20 - AppInit_DLLs: xaeufa.dll C:\WINDOWS\system32\rileruse.dll iovpaj.dll nkbxfc.dll twkjty.dll mgccir.dll hljlrq.dll yecycc.dll nujnoq.dll kabfbo.dll c:\windows\system32\bigitita.dll tnudxt.dll hahdzr.dll c:\windows\system32\wudiyopi.dll c:\windows\system32\gizokoro.dll C:\WINDOWS\system32\gayujoje.dll c:\windows\system32\zanamalo.dll
O20 - Winlogon Notify: vtUooonL - vtUooonL.dll (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zanamalo.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zanamalo.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe

--
End of file - 8488 bytes
churchmouse
Active Member
 
Posts: 5
Joined: June 7th, 2009, 4:59 pm
Top
Advertisement
Register to Remove

Re: Virtumonde Infection

Unread postby Shaba » June 9th, 2009, 8:34 am

Hi churchmouse

Does Spyware Doctor have antivirus as well?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top

Re: Virtumonde Infection

Unread postby churchmouse » June 9th, 2009, 11:47 am

Good Morning Shaba,

Yes I have the full version of Spyware Doctor antivirus. This has been going on for awhile. I've kept the signature files up to date and run the program every couple of days. It deletes and fixes what it can but Virtumonde and other things keep coming back. I went to spyware doctor help forums. Another user suggested coming here for help with this.
churchmouse
Active Member
 
Posts: 5
Joined: June 7th, 2009, 4:59 pm
Top

Re: Virtumonde Infection

Unread postby Shaba » June 9th, 2009, 1:05 pm

Yes it is not able to remove it.

We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top

Re: Virtumonde Infection

Unread postby churchmouse » June 9th, 2009, 7:59 pm

Hi Shabe, :-)

I followed your instructions, and my computer is running super fast. Here is the information you requested, thank you for helping me. Hope it worked.

ComboFix 09-06-09.06 - Churchmouse 06/09/2009 19:21.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.262 [GMT -4:00]
Running from: c:\documents and settings\Churchmouse\Desktop\ComboFix.exe
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Churchmouse\Application Data\FunWebProducts
c:\documents and settings\Churchmouse\Application Data\FunWebProducts\Data\Churchmouse\avatar.dat
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\mwsoestb.dll.vzr
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\0001AEF8
c:\program files\MyWebSearch\bar\Cache\032233F3.bin
c:\program files\MyWebSearch\bar\Cache\03223701.bin
c:\program files\MyWebSearch\bar\Cache\032237DB.bin
c:\program files\MyWebSearch\bar\Cache\032238D5.bin
c:\program files\MyWebSearch\bar\Cache\0BF8FD54
c:\program files\MyWebSearch\bar\Cache\0BF90311.bin
c:\program files\MyWebSearch\bar\Cache\0BF91030.bin
c:\program files\MyWebSearch\bar\Cache\0BF91CC3.bin
c:\program files\MyWebSearch\bar\Cache\0BF91D9D.bin
c:\program files\MyWebSearch\bar\Cache\0BF91EE6.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search2
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Message\COMMON\ask_logo.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.htm
c:\program files\MyWebSearch\bar\Message\COMMON\center.htm
c:\program files\MyWebSearch\bar\Message\COMMON\index.htm
c:\program files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
c:\program files\MyWebSearch\bar\Message\COMMON\mws_logo.gif
c:\program files\MyWebSearch\bar\Message\COMMON\protect.htm
c:\program files\MyWebSearch\bar\Message\COMMON\shocked.gif
c:\program files\MyWebSearch\bar\Message\COMMON\stop.gif
c:\program files\MyWebSearch\bar\Message\COMMON\systray.htm
c:\program files\MyWebSearch\bar\Message\COMMON\systrayp.htm
c:\program files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
c:\program files\MyWebSearch\bar\Message\COMMON\warn.gif
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\setting2.htm.bak
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\program files\MyWebSearch\bar\Settings\settings.dat.bak
c:\windows\system32\~.exe
c:\windows\system32\abadedih.ini
c:\windows\system32\abowipop.ini
c:\windows\system32\adabaviy.ini
c:\windows\system32\adibigor.ini
c:\windows\system32\aevqlt.dll
c:\windows\system32\afofamuy.ini
c:\windows\system32\aguwomem.ini
c:\windows\system32\ahavoyud.ini
c:\windows\system32\ahicrx.dll
c:\windows\system32\akizayan.ini
c:\windows\system32\amimadug.ini
c:\windows\system32\anawefes.ini
c:\windows\system32\aomqtn.dll
c:\windows\system32\aoqrft.dll
c:\windows\system32\apisusef.ini
c:\windows\system32\aroyihun.ini
c:\windows\system32\asewowel.ini
c:\windows\system32\atenabiw.ini
c:\windows\system32\avawujew.ini
c:\windows\system32\avepufit.ini
c:\windows\system32\avinuwuh.ini
c:\windows\system32\awunogij.ini
c:\windows\system32\axdibdtc.dll
c:\windows\system32\ayayudas.ini
c:\windows\system32\azerevik.ini
c:\windows\system32\bavovayo.dll
c:\windows\system32\bebutepo.dll
c:\windows\system32\bekehutu.dll
c:\windows\system32\bevosami.dll
c:\windows\system32\bevozeti.dll
c:\windows\system32\bewisobe.dll
c:\windows\system32\bhmodl.dll
c:\windows\system32\bhyratev.dll
c:\windows\system32\biburuku.dll
c:\windows\system32\bifuzuwu.dll
c:\windows\system32\bofofevu.dll
c:\windows\system32\bohogumo.dll
c:\windows\system32\bokeneja.dll
c:\windows\system32\botanode.dll
c:\windows\system32\bovenage.dll
c:\windows\system32\boyeseti.dll
c:\windows\system32\brpvoa.dll
c:\windows\system32\bubefane.dll
c:\windows\system32\buhedina.dll
c:\windows\system32\buhepine.dll.vir
c:\windows\system32\buyopako.dll
c:\windows\system32\buyoyena.dll
c:\windows\system32\bxjisudc.ini
c:\windows\system32\caomxg.dll
c:\windows\system32\cbrlpl.dll
c:\windows\system32\ccdtan.dll
c:\windows\SYSTEM32\CdgNmnmp.ini
c:\windows\system32\CdgNmnmp.ini2
c:\windows\system32\clcczz.dll
c:\windows\system32\cvschv.dll
c:\windows\system32\cwlvlynb.ini
c:\windows\system32\cyrudm.dll
c:\windows\system32\dakulilo.dll
c:\windows\system32\ddcCVNgd.dll
c:\windows\system32\defariha.dll
c:\windows\system32\dehaziku.dll
c:\windows\system32\dezogewi.dll
c:\windows\system32\disidaji.dll
c:\windows\system32\dkfqahmu.dll
c:\windows\system32\dmerxqxd.dll
c:\windows\system32\dobafigi.dll
c:\windows\system32\dokakuru.dll
c:\windows\system32\dudinozu.dll
c:\windows\system32\dujufuro.exe
c:\windows\system32\dunulaju.dll
c:\windows\system32\duunbdnu.dll
c:\windows\system32\duvapame.exe
c:\windows\system32\duyovaha.dll
c:\windows\system32\ebohalaz.ini
c:\windows\system32\edihonay.ini
c:\windows\system32\edimakas.ini
c:\windows\system32\efelagiv.ini
c:\windows\system32\efvwrkau.ini
c:\windows\system32\ehabunuy.ini
c:\windows\system32\ejironij.ini
c:\windows\system32\ejujoney.ini
c:\windows\system32\emevetas.ini
c:\windows\system32\emohobum.ini
c:\windows\system32\enafebub.ini
c:\windows\system32\enimasol.ini
c:\windows\system32\eraqjy.dll
c:\windows\system32\erirejos.ini
c:\windows\system32\esgcpo.dll
c:\windows\system32\eyxxwk.dll
c:\windows\system32\ezideray.ini
c:\windows\system32\ezoteyiy.ini
c:\windows\system32\famuheno.dll
c:\windows\system32\fatopoze.dll
c:\windows\system32\faweziju.dll
c:\windows\system32\fccaWnMF.dll
c:\windows\system32\fedoniko.dll.vir
c:\windows\system32\feduyizo.dll
c:\windows\system32\fefiyiri.dll
c:\windows\system32\fenobeko.dll
c:\windows\system32\fesusipa.dll
c:\windows\system32\fhsibk.dll
c:\windows\system32\fijeroti.dll
c:\windows\system32\filpor.dll
c:\windows\system32\finelenu.dll
c:\windows\system32\fiwevoga.dll
c:\windows\system32\FMnWaccf.ini
c:\windows\SYSTEM32\FMnWaccf.ini2
c:\windows\system32\fogiguzu.dll
c:\windows\system32\fopijunu.dll
c:\windows\system32\forareri.dll
c:\windows\system32\fotuvoyi.dll
c:\windows\system32\fozehuka.exe
c:\windows\system32\frexrrmw.ini
c:\windows\system32\fubatuzo.exe
c:\windows\system32\fujatoki.dll
c:\windows\system32\funesabo.dll
c:\windows\system32\fuyayeka.dll
c:\windows\system32\fvxbfo.dll
c:\windows\system32\gakemojo.dll
c:\windows\system32\garizugo.dll
c:\windows\system32\gavurane.dll.tmp
c:\windows\system32\gayujoje.dll
c:\windows\system32\gesesabu.dll
c:\windows\system32\gibijayu.dll
c:\windows\system32\gijareso.dll
c:\windows\system32\gitadumi.dll
c:\windows\system32\givijomu.dll
c:\windows\system32\gizokoro.dll.vir
c:\windows\system32\gizuruku.dll
c:\windows\system32\gnndyicl.dll
c:\windows\system32\gudadamu.dll
c:\windows\system32\gudamima.dll
c:\windows\system32\guhehodi.dll
c:\windows\system32\gumupate.dll
c:\windows\system32\gvbufmii.ini
c:\windows\system32\hagijifa.dll
c:\windows\system32\hatakuvu.exe
c:\windows\system32\hatasefa.dll
c:\windows\system32\hedafatu.dll.vir
c:\windows\system32\hemafovi.dll
c:\windows\system32\hererubi.dll
c:\windows\system32\herifolu.dll
c:\windows\system32\herugife.dll
c:\windows\system32\heyehupi.dll
c:\windows\system32\hididofu.dll
c:\windows\system32\higihape.dll
c:\windows\system32\hijunavi.dll
c:\windows\system32\hiragege.dll
c:\windows\system32\hitakire.exe
c:\windows\system32\hmznef.dll
c:\windows\system32\hogumana.dll
c:\windows\system32\huclcl.dll
c:\windows\system32\hudufumi.dll
c:\windows\system32\huluvavi.dll
c:\windows\system32\husosaza.dll
c:\windows\system32\huwifolu.dll
c:\windows\system32\huwuniva.dll
c:\windows\system32\huyowoza.dll
c:\windows\system32\huyuvegi.dll
c:\windows\system32\hyhuya.dll
c:\windows\system32\ibupejim.ini
c:\windows\system32\icqjyk.dll
c:\windows\system32\idcguc.dll
c:\windows\system32\idipunus.ini
c:\windows\system32\ifeugbjn.dll
c:\windows\system32\ifokogen.ini
c:\windows\system32\ijgmit.dll
c:\windows\system32\ilubugih.ini
c:\windows\system32\imapekos.ini
c:\windows\system32\imudatig.ini
c:\windows\system32\imufuduh.ini
c:\windows\system32\inibiyom.ini
c:\windows\system32\ipiwufen.ini
c:\windows\system32\irxhmnal.ini
c:\windows\system32\itizehel.ini
c:\windows\system32\itupuwow.ini
c:\windows\system32\iusbvc.dll
c:\windows\system32\ivavuluh.ini
c:\windows\system32\ivovodop.ini
c:\windows\system32\iweyayes.ini
c:\windows\system32\iwitikop.ini
c:\windows\system32\iytcva.dll
c:\windows\system32\jaduzumi.dll
c:\windows\system32\jahasike.dll
c:\windows\system32\jajusema.dll
c:\windows\system32\japidahu.dll
c:\windows\system32\javojosu.dll
c:\windows\system32\jcejfs.dll
c:\windows\system32\jebojope.dll
c:\windows\system32\jeribejo.dll
c:\windows\system32\jezewisa.dll
c:\windows\system32\jimekaju.dll
c:\windows\system32\jimiwemo.dll
c:\windows\system32\jinorije.dll
c:\windows\system32\jisagoyi.dll
c:\windows\system32\jiyayuda.dll
c:\windows\system32\jkqdhz.dll
c:\windows\system32\jofaluju.dll
c:\windows\system32\jogopamo.dll
c:\windows\system32\jokigaju.dll
c:\windows\system32\junefare.dll
c:\windows\system32\juoiqmjq.ini
c:\windows\system32\jupisulu.dll
c:\windows\system32\juwekine.dll
c:\windows\system32\juwinamu.dll
c:\windows\system32\kabfbo.dll
c:\windows\system32\kabumure.dll
c:\windows\system32\kakegadi.dll
c:\windows\system32\kamileva.dll
c:\windows\system32\kasirora.dll
c:\windows\system32\kejowigi.dll
c:\windows\system32\kekiyala.dll
c:\windows\system32\kerfwrai.dll
c:\windows\system32\kinotava.exe
c:\windows\system32\kivereza.dll
c:\windows\system32\knirlfmy.dll
c:\windows\system32\kofidutu.dll
c:\windows\system32\kokuluga.dll
c:\windows\system32\kompxltv.dll
c:\windows\system32\konemabo.dll
c:\windows\system32\kuragihu.dll
c:\windows\system32\kxsovpyv.dll
c:\windows\system32\kztzap.dll
c:\windows\system32\lakenade.dll
c:\windows\system32\lawaragu.dll
c:\windows\system32\lawireyo.dll
c:\windows\system32\leforoju.dll
c:\windows\system32\lepekisu.dll
c:\windows\system32\levujiku.dll
c:\windows\system32\lewowesa.dll
c:\windows\system32\liborazo.dll
c:\windows\system32\limevovo.dll
c:\windows\system32\lisabavo.dll
c:\windows\system32\lisepeyo.dll
c:\windows\system32\litikene.dll
c:\windows\system32\liwafuso.dll
c:\windows\system32\lizatefa.dll
c:\windows\system32\lofuwogi.dll
c:\windows\system32\losamine.dll
c:\windows\system32\lotonene.dll
c:\windows\system32\lowakoda.dll
c:\windows\system32\lowofato.dll
c:\windows\system32\ltdnjwxr.ini
c:\windows\system32\ltrrelwb.dll
c:\windows\system32\lubapuju.dll
c:\windows\system32\ludivade.dll
c:\windows\system32\luvigaki.dll
c:\windows\system32\lznkli.dll
c:\windows\system32\majumode.dll
c:\windows\system32\mawivawo.dll
c:\windows\system32\mebarepo.dll
c:\windows\system32\memovovo.dll
c:\windows\system32\memowuga.dll
c:\windows\system32\mfnaaisk.dll
c:\windows\system32\mijepubi.dll
c:\windows\system32\mizalaza.dll
c:\windows\system32\mokasepi.dll
c:\windows\system32\mosowisi.exe
c:\windows\system32\moyibini.dll
c:\windows\system32\mvgpmyae.ini
c:\windows\system32\nadusajo.dll
c:\windows\system32\narerope.dll
c:\windows\system32\nayazika.dll
c:\windows\system32\nchkfyvn.dll
c:\windows\system32\nckrii.dll
c:\windows\system32\ndsaiwyc.ini
c:\windows\system32\neduwozi.dll
c:\windows\system32\nefuwipi.dll
c:\windows\system32\nehakite.dll
c:\windows\system32\neletato.dll
c:\windows\system32\nemewiba.dll
c:\windows\system32\nevoputo.dll
c:\windows\system32\ngajhw.dll
c:\windows\system32\nhpkkx.dll
c:\windows\system32\nhykck.dll
c:\windows\system32\niihwt.dll
c:\windows\system32\nlhgqa.dll
c:\windows\system32\nneuvc.dll
c:\windows\system32\nobiyaki.dll
c:\windows\system32\notijiku.dll
c:\windows\system32\noyufayo.dll
c:\windows\system32\nujanuku.dll
c:\windows\system32\nukatojo.dll
c:\windows\system32\nuruhola.dll
c:\windows\system32\nuzomoyu.dll
c:\windows\system32\nvyfkhcn.ini
c:\windows\system32\nztebo.dll
c:\windows\system32\odnudb.dll
c:\windows\system32\ofpaxvew.dll
c:\windows\system32\ogevoviw.ini
c:\windows\system32\ogosevir.ini
c:\windows\system32\ojasudan.ini
c:\windows\system32\ojebirej.ini
c:\windows\system32\okapoyub.ini
c:\windows\system32\okebonef.ini
c:\windows\system32\olarijod.ini
c:\windows\system32\omapogoj.ini
c:\windows\system32\omasiras.ini
c:\windows\system32\omosawuw.ini
c:\windows\system32\oneleyot.ini
c:\windows\system32\onobihep.ini
c:\windows\system32\openebir.ini
c:\windows\system32\oqxljshg.ini
c:\windows\system32\osufawil.ini
c:\windows\system32\oteraget.ini
c:\windows\SYSTEM32\OUCLVvut.ini
c:\windows\SYSTEM32\OUCLVvut.ini2
c:\windows\system32\ovabasil.ini
c:\windows\system32\ovekosot.ini
c:\windows\system32\oxarivht.ini
c:\windows\system32\oxlbccmf.dll
c:\windows\system32\oyisofil.ini
c:\windows\system32\pagudoru.dll
c:\windows\system32\pananini.dll
c:\windows\system32\parahuri.dll
c:\windows\system32\paviviwa.dll
c:\windows\system32\pdughs.dll
c:\windows\system32\pedenaku.dll
c:\windows\system32\pegoyoja.dll
c:\windows\system32\pehibono.dll
c:\windows\system32\pelivase.dll
c:\windows\system32\pfdncx.dll
c:\windows\system32\pfjklo.dll
c:\windows\system32\piralume.dll
c:\windows\system32\plldghro.dll
c:\windows\system32\pmnmNgdC.dll
c:\windows\system32\pnqognod.ini
c:\windows\system32\pobojohe.dll
c:\windows\system32\podovovi.dll
c:\windows\system32\popiwoba.dll
c:\windows\system32\posiseyu.dll
c:\windows\system32\potibubi.dll
c:\windows\system32\powipogi.exe
c:\windows\system32\pqvincmx.ini
c:\windows\system32\psyvnfwy.dll
c:\windows\system32\pureleye.dll
c:\windows\system32\pxlhplms.dll
c:\windows\system32\qfrwlyij.dll
c:\windows\system32\qjmqiouj.dll
c:\windows\system32\qmatvi.dll
c:\windows\system32\qqbohu.dll
c:\windows\system32\qydceg.dll
c:\windows\system32\radimati.exe
c:\windows\system32\ragogoka.dll
c:\windows\system32\ralanagu.dll
c:\windows\system32\ramuzovi.dll
c:\windows\system32\ravayifu.exe
c:\windows\system32\rehosaki.dll
c:\windows\system32\rerurepo.dll
c:\windows\system32\retoseti.dll
c:\windows\system32\rezuyero.dll
c:\windows\system32\rfmxdv.dll
c:\windows\system32\ribigode.dll
c:\windows\system32\rijipiku.dll
c:\windows\system32\rivesogo.dll
c:\windows\system32\rivikela.dll
c:\windows\system32\rotawugo.dll
c:\windows\system32\rudadiza.dll
c:\windows\system32\rujazeke.dll
c:\windows\system32\rukezagu.dll
c:\windows\system32\rulisofo.dll
c:\windows\system32\rutobuki.dll
c:\windows\system32\rvmgpgmh.ini
c:\windows\system32\rvoepncg.dll
c:\windows\system32\sateveme.dll
c:\windows\system32\sefewana.dll
c:\windows\system32\seleziga.dll
c:\windows\system32\seyayewi.dll
c:\windows\system32\sirifiwi.dll
c:\windows\system32\snxhak.dll
c:\windows\system32\sofofuhi.dll
c:\windows\system32\sogzts.dll
c:\windows\system32\sojerire.dll
c:\windows\system32\sokepami.dll
c:\windows\system32\soremeno.dll
c:\windows\system32\sosazeri.dll
c:\windows\system32\sovowuyi.dll
c:\windows\system32\stmrvswh.ini
c:\windows\system32\suhireje.dll.tmp
c:\windows\system32\sunupidi.dll
c:\windows\system32\surebota.dll
c:\windows\system32\sutuyeju.dll
c:\windows\system32\tabisape.dll
c:\windows\system32\tancslvg.ini
c:\windows\system32\tatetimo.dll
c:\windows\system32\tavahozu.dll
c:\windows\system32\tegareto.dll
c:\windows\system32\tewetopi.dll
c:\windows\system32\tewipuyi.dll
c:\windows\system32\tfrcfc.dll
c:\windows\system32\tfshsr.dll
c:\windows\system32\tguwvf.dll
c:\windows\system32\tibipaku.dll
c:\windows\system32\tifajuze.dll
c:\windows\system32\tifupeva.dll
c:\windows\system32\tijojepe.dll
c:\windows\system32\tirirnbc.ini
c:\windows\system32\tiwurufe.dll.tmp
c:\windows\system32\tizomahu.dll
c:\windows\system32\tnudxt.dll
c:\windows\system32\tofanuwo.dll
c:\windows\system32\tofulupa.dll
c:\windows\system32\tokivafa.dll
c:\windows\system32\tosokevo.dll
c:\windows\system32\toyeleno.dll
c:\windows\system32\tozajuye.dll
c:\windows\system32\tozewala.exe
c:\windows\system32\tubijeki.dll
c:\windows\system32\tuffanjf.ini
c:\windows\system32\tugokubu.dll
c:\windows\system32\tukibazi.dll
c:\windows\system32\tulaplrk.ini
c:\windows\system32\tupumogu.dll
c:\windows\system32\tutepega.exe
c:\windows\system32\tuvVLCUO.dll
c:\windows\system32\tuwihavo.exe
c:\windows\system32\tuyuvela.dll.vir
c:\windows\system32\uaaalm.dll
c:\windows\system32\ubomofow.ini
c:\windows\system32\ubpifk.dll
c:\windows\system32\ueemqa.dll
c:\windows\SYSTEM32\UEfPAcdd.ini
c:\windows\system32\UEfPAcdd.ini2
c:\windows\system32\ufusolog.ini
c:\windows\system32\ugibukaz.ini
c:\windows\system32\ugomuput.ini
c:\windows\system32\uhamozit.ini
c:\windows\system32\ujagikoj.ini
c:\windows\system32\ujenayub.ini
c:\windows\system32\ujizewaf.ini
c:\windows\system32\ujulafoj.ini
c:\windows\system32\ukanedep.ini
c:\windows\system32\ukuruzig.ini
c:\windows\system32\ulofireh.ini
c:\windows\system32\umxxvp.dll
c:\windows\system32\unmxbb.dll
c:\windows\system32\urodugap.ini
c:\windows\system32\urusuhev.ini
c:\windows\system32\usojovaj.ini
c:\windows\system32\utudifok.ini
c:\windows\system32\utufulur.ini
c:\windows\system32\uwuzufib.ini
c:\windows\system32\uyayevay.ini
c:\windows\system32\uyesisop.ini
c:\windows\system32\uyjulo.dll
c:\windows\system32\uzusoliz.ini
c:\windows\system32\uzvqgk.dll
c:\windows\system32\vabjkb.dll
c:\windows\system32\vajapaso.dll
c:\windows\system32\valafuwe.dll
c:\windows\system32\vapudabi.dll
c:\windows\system32\vazaaj.dll
c:\windows\system32\vazoguti.dll
c:\windows\system32\vebiwoju.dll
c:\windows\system32\vegapaye.dll
c:\windows\system32\vehusuru.dll
c:\windows\system32\vekesuwo.dll
c:\windows\system32\veketaha.dll
c:\windows\system32\vigalefe.dll
c:\windows\system32\vijogojo.dll
c:\windows\system32\vikuyomo.dll
c:\windows\system32\visoziyo.dll
c:\windows\system32\vitirunu.dll
c:\windows\system32\vmotfx.dll
c:\windows\system32\vnkjoo.dll
c:\windows\system32\vodiyuvu.dll
c:\windows\system32\vogujesi.dll
c:\windows\system32\voliyeyo.dll
c:\windows\system32\vowowono.dll
c:\windows\system32\vpxkmtey.ini
c:\windows\system32\vpyjnlok.dll
c:\windows\system32\vubebiye.dll
c:\windows\system32\vujufiko.dll
c:\windows\system32\vunakifa.dll
c:\windows\system32\vunogazu.dll
c:\windows\system32\vvrrebee.dll
c:\windows\system32\wafiguvu.dll
c:\windows\system32\wajivepe.dll
c:\windows\system32\wapoyali.dll
c:\windows\system32\wazuloro.dll
c:\windows\system32\wcsgcwbm.dll
c:\windows\system32\wejuwava.dll
c:\windows\system32\wemafuni.dll
c:\windows\system32\wepakezu.dll
c:\windows\system32\wepanibe.dll
c:\windows\system32\wepejapu.dll
c:\windows\system32\wevagofo.dll
c:\windows\system32\wevetora.dll
c:\windows\system32\wewusigo.dll
c:\windows\system32\wgafzj.dll
c:\windows\system32\wghfql.dll
c:\windows\system32\wibaneta.dll
c:\windows\system32\wibijomi.dll
c:\windows\system32\wifufulu.dll
c:\windows\system32\wigimogo.dll
c:\windows\system32\wimiraje.dll
c:\windows\system32\winudasu.dll
c:\windows\system32\wivipijo.dll
c:\windows\system32\wivovego.dll
c:\windows\system32\wiwijadu.dll
c:\windows\system32\wofomobu.dll
c:\windows\system32\wolayuga.dll
c:\windows\system32\wowuputi.dll
c:\windows\system32\wpv871232248398.cpx
c:\windows\system32\wuyogoti.exe
c:\windows\system32\wyabhg.dll
c:\windows\system32\xbdNnXyb.ini
c:\windows\system32\xbdNnXyb.ini2
c:\windows\system32\xelduu.dll
c:\windows\system32\xlkkxb.dll
c:\windows\system32\xmcnivqp.dll
c:\windows\system32\xstwhj.dll
c:\windows\system32\yanohide.dll
c:\windows\system32\yaredize.dll
c:\windows\system32\yasijote.dll
c:\windows\system32\yaveyayu.dll
c:\windows\system32\yelameda.dll
c:\windows\system32\yemibumi.dll
c:\windows\system32\yenojuje.dll
c:\windows\system32\yetevato.dll
c:\windows\system32\yetmkxpv.dll
c:\windows\system32\yezamase.exe
c:\windows\system32\yhnsoy.dll
c:\windows\system32\yhpmbv.dll
c:\windows\system32\yirawuda.dll
c:\windows\system32\yitudude.dll
c:\windows\system32\yivabada.dll
c:\windows\system32\yiyetoze.dll
c:\windows\system32\yjsvwf.dll
c:\windows\system32\yohujoku.dll
c:\windows\system32\yonetaso.dll
c:\windows\system32\yorupota.dll
c:\windows\system32\yowefise.dll
c:\windows\system32\yoyamama.dll
c:\windows\system32\yudedawo.dll
c:\windows\system32\yudufiyo.dll
c:\windows\system32\yufarugo.dll
c:\windows\system32\yuinfbwg.dll
c:\windows\system32\yukojuni.dll
c:\windows\system32\yumafofa.dll
c:\windows\system32\yunubahe.dll
c:\windows\system32\yuwegiju.dll
c:\windows\system32\ywfnvysp.ini
c:\windows\system32\zagubura.dll
c:\windows\system32\zakubigu.dll
c:\windows\system32\zanamalo.dll
c:\windows\system32\zaruhore.dll
c:\windows\system32\zavipava.dll
c:\windows\system32\zavuzogo.dll
c:\windows\system32\zegofuho.dll
c:\windows\system32\zelutire.dll
c:\windows\system32\zenoyovo.dll
c:\windows\system32\zepuwuvi.dll
c:\windows\system32\zesanido.dll
c:\windows\system32\zfhfqp.dll
c:\windows\system32\zibuyiri.dll
c:\windows\system32\zigoboyu.dll
c:\windows\system32\zilosuzu.dll
c:\windows\system32\zimuroha.dll
c:\windows\system32\zoniraji.dll
c:\windows\system32\zotovebu.dll
c:\windows\system32\zoyatufi.dll
c:\windows\system32\zukumuha.dll
c:\windows\system32\zuyijuli.dll
c:\windows\system32\zuzahovo.dll
c:\windows\Tasks\efkvcvsc.job
c:\windows\wiaserviv.log
C:\xcrashdump.dat

.
((((((((((((((((((((((((( Files Created from 2009-05-09 to 2009-06-09 )))))))))))))))))))))))))))))))
.

2009-06-07 20:52 . 2009-06-07 20:52 -------- d-----w- c:\program files\Trend Micro
2009-06-07 13:01 . 2009-06-07 13:01 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-09 23:06 . 2008-07-29 21:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-09 13:06 . 2008-07-29 21:41 -------- d-----w- c:\program files\Spyware Doctor
2009-06-09 04:01 . 2009-06-09 04:01 0 ----a-w- c:\windows\system32\oyisofil.tmp
2009-06-09 02:36 . 2009-04-16 02:50 66936 --sha-w- c:\windows\dlinfo_0.drv
2009-06-07 13:39 . 2006-03-24 22:01 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-06-06 16:32 . 2009-04-26 20:38 -------- d-----w- c:\program files\LimeWire
2009-05-13 23:47 . 2009-02-13 23:47 63488 --sha-w- c:\windows\system32\fonatege.exe
2009-05-11 22:42 . 2009-02-11 22:42 65024 --sha-w- c:\windows\system32\fidofepu.exe
2009-05-04 21:38 . 2006-05-17 20:56 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-04-28 22:16 . 2009-04-28 22:16 152576 ----a-w- c:\documents and settings\Churchmouse\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-26 18:28 . 2009-04-26 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-26 18:28 . 2008-07-20 18:51 -------- d-----w- c:\program files\iTunes
2009-04-26 18:27 . 2009-04-26 18:23 -------- d-----w- c:\program files\Common Files\Apple
2009-04-26 18:26 . 2009-04-26 18:26 -------- d-----w- c:\program files\Bonjour
2009-04-26 18:25 . 2009-04-26 18:25 -------- d-----w- c:\program files\QuickTime
2009-04-26 18:21 . 2009-04-26 18:21 -------- d-----w- c:\program files\Apple Software Update
2009-04-26 18:18 . 2008-08-05 10:53 22598975 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-04-26 17:53 . 2008-07-20 18:52 -------- d-----w- c:\documents and settings\Churchmouse\Application Data\Apple Computer
2009-04-20 04:46 . 2009-02-24 22:46 39200 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2009-04-20 04:46 . 2009-02-24 22:46 33056 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2009-04-20 04:46 . 2009-02-24 22:45 12576 ----a-w- c:\windows\system32\drivers\TfKbMon.sys
2009-04-20 04:46 . 2009-02-24 22:45 51488 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2009-04-20 04:46 . 2009-04-01 03:42 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-04-13 03:32 . 2009-04-13 03:32 -------- d-----w- c:\documents and settings\Churchmouse\Application Data\MSNInstaller
2009-04-12 01:43 . 2009-04-12 01:43 86528 ----a-w- c:\windows\bnetunin.exe
2009-04-12 01:43 . 2009-04-12 01:43 61440 ----a-w- c:\windows\diabunin.exe
2009-04-11 14:32 . 2009-04-11 14:32 -------- d-----w- c:\program files\Microsoft Silverlight
2009-04-11 14:06 . 2004-11-26 16:54 -------- d-----w- c:\documents and settings\Joe Bernhard\Application Data\Aim
2009-04-11 14:03 . 2009-04-11 13:53 -------- d-----w- c:\documents and settings\Joe Bernhard\Application Data\ErrorRepairTool
2009-04-10 22:16 . 2009-01-10 22:16 63488 --sha-w- c:\windows\system32\kaduhaki.exe
2009-04-09 09:57 . 2009-01-09 09:57 61440 --sha-w- c:\windows\system32\bodonope.exe
2009-04-08 21:00 . 2009-01-08 21:00 61440 --sha-w- c:\windows\system32\tasurizo.exe
2009-04-07 03:56 . 2009-01-07 03:56 61440 --sha-w- c:\windows\system32\hemenozu.exe
2009-04-07 03:56 . 2009-01-07 03:56 103936 --sha-w- c:\windows\system32\vulaloji.dll.vir
2009-04-05 02:41 . 2009-04-05 02:41 45056 ----a-w- c:\documents and settings\Joe Bernhard\Application Data\Sun\Java\Deployment\cache\6.0\6\1b458086-1a39e335-n\winflash.dll
2009-04-05 02:41 . 2009-04-05 02:41 27648 ----a-w- c:\documents and settings\Joe Bernhard\Application Data\Sun\Java\Deployment\cache\6.0\51\10a671b3-5e5b3f7b-n\draghelp.dll
2009-04-04 14:53 . 2009-01-04 14:53 61440 --sha-w- c:\windows\system32\kogujiru.exe
2009-04-04 02:53 . 2009-01-04 02:53 61440 --sha-w- c:\windows\system32\kowatapi.exe
2009-04-03 00:45 . 2009-03-22 01:52 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-03 00:39 . 2009-04-03 00:39 152576 ----a-w- c:\documents and settings\Churchmouse\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
2009-04-02 20:53 . 2009-01-02 20:53 61440 --sha-w- c:\windows\system32\honomige.exe
2009-04-02 20:29 . 2009-04-02 20:29 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-01 02:02 . 2009-01-01 02:02 105984 --sha-w- c:\windows\system32\wudiyopi.dll.vir
2009-03-31 14:02 . 1601-01-01 00:12 61440 --sha-w- c:\windows\system32\hokozoli.exe
2009-03-29 00:58 . 1601-01-01 00:12 61440 --sha-w- c:\windows\system32\yumafofa.exe
2009-03-28 13:01 . 1601-01-01 00:12 61440 --sha-w- c:\windows\system32\marokeru.exe
2009-03-26 19:23 . 2009-04-26 18:23 36864 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-03-26 19:23 . 2009-04-26 18:23 1900544 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-03-26 09:47 . 1601-01-01 00:12 103936 --sha-w- c:\windows\system32\peritohu.dll.vir
2009-03-24 23:15 . 1601-01-01 00:12 107008 --sha-w- c:\windows\system32\vewaboji.dll.vir
2009-03-22 01:58 . 2009-03-22 01:58 503808 ----a-w- c:\documents and settings\Churchmouse\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-27aa25d4-n\msvcp71.dll
2009-03-22 01:58 . 2009-03-22 01:58 348160 ----a-w- c:\documents and settings\Churchmouse\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-27aa25d4-n\msvcr71.dll
2009-03-22 01:58 . 2009-03-22 01:58 499712 ----a-w- c:\documents and settings\Churchmouse\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-27aa25d4-n\jmc.dll
2009-03-22 01:41 . 2009-03-22 01:41 152576 ----a-w- c:\documents and settings\Churchmouse\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
2009-03-20 08:49 . 1601-01-01 00:12 107520 --sha-w- c:\windows\system32\dusatalo.dll.vir
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 20:32 . 2008-01-29 16:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-16 20:59 . 1601-01-01 00:12 105984 --sha-w- c:\windows\system32\bigitita.dll.vir
2009-03-12 21:00 . 2009-03-12 21:00 2713 --sh--w- c:\windows\system32\nawugeli.dll
2009-02-09 22:02 . 2009-02-09 22:02 2713 --sh--w- c:\windows\SYSTEM32\davagadu.dll
2009-03-10 20:59 . 2009-03-10 20:59 2713 --sh--w- c:\windows\SYSTEM32\diyahema.dll
2009-03-11 20:59 . 2009-03-11 20:59 2713 --sh--w- c:\windows\SYSTEM32\fohakibi.dll
2009-02-12 08:06 . 2009-02-12 08:06 2713 --sh--w- c:\windows\SYSTEM32\juzoteji.dll
2009-03-07 15:54 . 2009-03-07 15:54 2713 --sh--w- c:\windows\SYSTEM32\kuwalobe.dll
2009-01-08 21:57 . 2009-01-08 21:57 61440 --sha-w- c:\windows\SYSTEM32\modisemi.exe
2009-03-05 00:23 . 2009-03-05 00:23 2713 --sh--w- c:\windows\SYSTEM32\nayuvime.dll
1601-01-01 00:12 . 1601-01-01 00:12 72326 --sha-w- c:\windows\SYSTEM32\sivagami.dll.vir
2009-03-08 14:11 . 2009-03-08 14:11 2713 --sh--w- c:\windows\SYSTEM32\sumonibe.dll
2009-03-11 08:59 . 2009-03-11 08:59 2713 --sh--w- c:\windows\SYSTEM32\tifakapu.dll
2009-03-04 12:23 . 2009-03-04 12:23 2713 --sh--w- c:\windows\SYSTEM32\vumehijo.dll
2009-02-02 00:10 . 2009-02-02 00:10 2713 --sh--w- c:\windows\SYSTEM32\widujuda.dll
2009-02-10 16:24 . 2009-02-10 16:24 2713 --sh--w- c:\windows\SYSTEM32\yubihimo.dll
2009-02-08 02:54 . 2007-10-01 19:26 33069600 --sha-w- c:\windows\SYSTEM32\DRIVERS\fidbox.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"ErrorRepairTool"="c:\program files\ErrorRepairTool\ErrorRepairTool.exe" [2009-04-02 36708352]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]

c:\documents and settings\Churchmouse\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2004-12-25 225280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoNetSetup"= 0 (0x0)
"NoNetSetupIDPage"= 0 (0x0)
"NoNetSetupSecurityPage"= 0 (0x0)
"NoWorkgroupContents"= 0 (0x0)
"NoEntireNetwork"= 0 (0x0)
"NoFileSharingControl"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
"RestrictRun"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\SYSTEM32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\1157429076\\ee\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\1157429076\\ee\\aolsoftware.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\DellSupport\\DSAgnt.exe"=
"c:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe"=
"c:\\Program Files\\ErrorRepairTool\\ErrorRepairTool.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Spyware Doctor\\pctsTray.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Diablo\\diablo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [3/31/2009 11:42 PM 130936]
R0 TfFsMon;TfFsMon;c:\windows\SYSTEM32\DRIVERS\TfFsMon.sys [2/24/2009 6:45 PM 51488]
R0 TfSysMon;TfSysMon;c:\windows\SYSTEM32\DRIVERS\TfSysMon.sys [2/24/2009 6:46 PM 39200]
R1 pctgntdi;pctgntdi;c:\windows\SYSTEM32\DRIVERS\pctgntdi.sys [3/31/2009 11:42 PM 159600]
S3 brfilt;Brother MFC Filter Driver;c:\windows\SYSTEM32\DRIVERS\BrFilt.sys [11/8/2004 6:57 PM 2944]
S3 brparimg;Brother Multi Function Parallel Image driver;c:\windows\SYSTEM32\DRIVERS\BrParImg.sys [11/8/2004 6:57 PM 3168]
S3 BrParWdm;Brother WDM Parallel Driver;c:\windows\SYSTEM32\DRIVERS\BrParwdm.sys [11/8/2004 6:57 PM 39552]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\SYSTEM32\DRIVERS\BrSerWdm.sys [11/8/2004 6:57 PM 60416]
S3 pctplsg;pctplsg;c:\windows\SYSTEM32\DRIVERS\pctplsg.sys [3/31/2009 11:41 PM 64392]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [7/29/2008 5:41 PM 348752]
S3 TfNetMon;TfNetMon;c:\windows\SYSTEM32\DRIVERS\TfNetMon.sys [2/24/2009 6:46 PM 33056]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
S3 TMPassthruMP;TMPassthruMP; [x]
S4 ASKService;ASKService; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-06-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-06-09 c:\windows\Tasks\ErrorRepairTool Scan.job
- c:\program files\ErrorRepairTool\ErrorRepairTool.exe [2009-04-02 16:22]
.
- - - - ORPHANS REMOVED - - - -

BHO-{55107032-3184-40e1-a409-8859ce1ffc7e} - c:\windows\system32\tukibazi.dll
HKCU-Run-000000af - c:\windows\system32\dojiralo.dll
HKLM-Run-hozogipuyu - c:\windows\system32\zagubura.dll
HKLM-Run-CPMc793aa0c - c:\windows\system32\wafiguvu.dll
HKLM-Run-c4a09990 - c:\windows\system32\popiwoba.dll
HKU-Default-Run-hozogipuyu - c:\windows\system32\telonapi.dll
Notify-vtUooonL - vtUooonL.dll


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = about:blank
mStart Page = about:blank
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = hxxp://accelerator.bellsouth.net/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
Trusted Zone: runescape.com
FF - ProfilePath - c:\documents and settings\Churchmouse\Application Data\Mozilla\Firefox\Profiles\u9kidwnw.default\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-09 19:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(756)
c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll

- - - - - - - > 'explorer.exe'(1100)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\windows\system32\browselc.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\WMASF.DLL
c:\windows\system32\wpdshext.dll
c:\windows\system32\Audiodev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SYSTEM32\IMAPI.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SYSTEM32\WSCNTFY.EXE
c:\windows\SYSTEM32\msiexec.exe
c:\windows\SYSTEM32\msiexec.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-06-09 19:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-09 23:38

Pre-Run: 46,922,452,992 bytes free
Post-Run: 48,130,351,104 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

881 --- E O F --- 2009-01-15 14:02


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:55:55 PM, on 6/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://accelerator.bellsouth.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ErrorRepairTool] C:\Program Files\ErrorRepairTool\ErrorRepairTool.exe -boot
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O14 - IERESET.INF: START_PAGE_URL=http://home.bellsouth.net
O15 - Trusted Zone: http://*.runescape.com
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/sh ... Loader.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/be ... eweled.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3313560734
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install ... stallX.CAB
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/fa ... lyfeud.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player ... taller.exe
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://spinpalace.microgaming.com/spin ... lashAX.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe

--
End of file - 6213 bytes
churchmouse
Active Member
 
Posts: 5
Joined: June 7th, 2009, 4:59 pm
Top

Re: Virtumonde Infection

Unread postby Shaba » June 10th, 2009, 12:07 am

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Image

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top

Re: Virtumonde Infection

Unread postby churchmouse » June 10th, 2009, 7:17 am

Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
Battle.net
Bonjour
Critical Update for Windows Media Player 11 (KB959772)
Diablo
ErrorRepairTool
HijackThis 2.0.2
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
HP Product Assistant
HP Update
HyperLoad - QB Shootout (NabiscoWorld)
iTunes
Java(TM) 6 Update 12
Java(TM) 6 Update 7
LimeWire 5.1.2
Microsoft .NET Framework 2.0
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Mozilla Firefox (3.0.10)
MSN Toolbar
MSXML 4.0 SP2 (KB954430)
OpenOffice.org Installer 1.0
QuickTime
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Spyware Doctor 6.0
Uniblue RegistryBooster 2
Uniblue System Tweaker
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC 9.0 Runtime
Windows XP Service Pack 3
churchmouse
Active Member
 
Posts: 5
Joined: June 7th, 2009, 4:59 pm
Top

Re: Virtumonde Infection

Unread postby Shaba » June 10th, 2009, 7:42 am

As per forum rules, all p2p programs have to be uninstalled.

So please uninstall LimeWire 5.1.2 and post back a fresh uninstall list.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top

Re: Virtumonde Infection

Unread postby churchmouse » June 10th, 2009, 7:23 pm

dobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
Battle.net
Bonjour
Critical Update for Windows Media Player 11 (KB959772)
Diablo
ErrorRepairTool
HijackThis 2.0.2
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
HP Product Assistant
HP Update
HyperLoad - QB Shootout (NabiscoWorld)
iTunes
Java(TM) 6 Update 12
Java(TM) 6 Update 7
Microsoft .NET Framework 2.0
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Mozilla Firefox (3.0.10)
MSN Toolbar
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
OpenOffice.org Installer 1.0
QuickTime
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Spyware Doctor 6.0
Uniblue RegistryBooster 2
Uniblue System Tweaker
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC 9.0 Runtime
Windows XP Service Pack 3
churchmouse
Active Member
 
Posts: 5
Joined: June 7th, 2009, 4:59 pm
Top

Re: Virtumonde Infection

Unread postby Shaba » June 11th, 2009, 12:06 am

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    File::
c:\windows\system32\oyisofil.tmp
c:\windows\system32\fonatege.exe
c:\windows\system32\fidofepu.exe
c:\windows\system32\kaduhaki.exe
c:\windows\system32\bodonope.exe
c:\windows\system32\tasurizo.exe
c:\windows\system32\hemenozu.exe
c:\windows\system32\vulaloji.dll.vir
c:\windows\system32\kowatapi.exe
c:\windows\system32\honomige.exe
c:\windows\system32\wudiyopi.dll.vir
c:\windows\system32\hokozoli.exe
c:\windows\system32\yumafofa.exe
c:\windows\system32\marokeru.exe
c:\windows\system32\peritohu.dll.vir
c:\windows\system32\vewaboji.dll.vir
c:\windows\system32\dusatalo.dll.vir
c:\windows\system32\bigitita.dll.vir
c:\windows\system32\nawugeli.dll
c:\windows\SYSTEM32\davagadu.dll
c:\windows\SYSTEM32\diyahema.dll
c:\windows\SYSTEM32\fohakibi.dll
c:\windows\SYSTEM32\juzoteji.dll
c:\windows\SYSTEM32\kuwalobe.dll
c:\windows\SYSTEM32\modisemi.exe
c:\windows\SYSTEM32\nayuvime.dll
c:\windows\SYSTEM32\sivagami.dll.vir
c:\windows\SYSTEM32\sumonibe.dll
c:\windows\SYSTEM32\tifakapu.dll
c:\windows\SYSTEM32\vumehijo.dll
c:\windows\SYSTEM32\widujuda.dll
c:\windows\SYSTEM32\yubihimo.dll

Folder::
c:\program files\LimeWire

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-
"c:\\Program Files\\ErrorRepairTool\\ErrorRepairTool.exe"=-

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top

Re: Virtumonde Infection

Unread postby Shaba » June 16th, 2009, 2:35 pm

Due to lack of response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top
Advertisement
Register to Remove
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 202 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index