Fix result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by User (2016-04-09 20:57:26) Run:1
Running from C:\Documents and Settings\User\Desktop
Loaded Profiles: User (Available Profiles: User & Administrator & Guest)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
() C:\WINDOWS\svcho.exe
() C:\DOCUME~1\User\LOCALS~1\Temp\e.exe
() C:\DOCUME~1\User\LOCALS~1\Temp\_A00F1E6FF.exe
HKLM\...\Run: [Nrejidefayoq] => rundll32.exe "C:\WINDOWS\iwowuvubomure.dll",e
HKLM\...\Run: [qoqavedsucue] => C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\jlmjvkexubwmndts.dll"
HKLM\...\Run: [lsdefrag] => C:\DOCUME~1\User\LOCALS~1\Temp\statx.tmp <===== ATTENTION
HKLM\...\Run: [61208421] => C:\DOCUME~1\ALLUSE~1\APPLIC~1\61208421\61208421.exe
HKLM\...\Run: [net] => C:\WINDOWS\system32\net.net [37376 2009-10-24] (Privat)
HKLM\...\Run: [dutuzisab] => Rundll32.exe "c:\windows\system32\wazuhope.dll",a
Winlogon\Notify\20190562517: C:\WINDOWS\System32\dssenh32.dll [2009-02-01] ()
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
Winlogon\Notify\__c00EDA4F: C:\WINDOWS\system32\__c00EDA4F.dat [X]
Winlogon\Notify\__c00F4C32: C:\WINDOWS\system32\__c00F4C32.dat [2009-10-24] ()
HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\Run: [A00F1E6FF.exe] => C:\Documents and Settings\User\Local Settings\Temp\_A00F1E6FF.exe [45568 2009-02-05] () <===== ATTENTION
HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\Run: [A00F529D8D2.exe] => C:\DOCUME~1\User\LOCALS~1\Temp\_A00F529D8D2.exe <===== ATTENTION
HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\Run: [A00F29CC3.exe] => C:\DOCUME~1\User\LOCALS~1\Temp\_A00F29CC3.exe <===== ATTENTION
HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\Run: [A00F3678243.exe] => C:\DOCUME~1\User\LOCALS~1\Temp\_A00F3678243.exe <===== ATTENTION
HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\Run: [A00F611876E.exe] => C:\DOCUME~1\User\LOCALS~1\Temp\_A00F611876E.exe <===== ATTENTION
HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\Run: [A00FF21B530.exe] => C:\DOCUME~1\User\LOCALS~1\Temp\_A00FF21B530.exe <===== ATTENTION
HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\Run: [A00F20CC7.exe] => C:\DOCUME~1\User\LOCALS~1\Temp\_A00F20CC7.exe <===== ATTENTION
HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\Run: [A00F21BDB.exe] => C:\DOCUME~1\User\LOCALS~1\Temp\_A00F21BDB.exe <===== ATTENTION
HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\Run: [A00F5EA584D.exe] => C:\DOCUME~1\User\LOCALS~1\Temp\_A00F5EA584D.exe <===== ATTENTION
HKU\S--5-21-500823600-1963862842-10735164-1005\...\Run: [A00F6B3E048.exe] => C:\DOCUME~1\User\LOCALS~1\Temp\_A00F6B3E048.exe <===== ATTENTION
HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\Run: [A00FFE794A5.exe] => C:\DOCUME~1\User\LOCALS~1\Temp\_A00FFE794A5.exe <===== ATTENTION
HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\Run: [A00F33058.exe] => C:\DOCUME~1\User\LOCALS~1\Temp\_A00F33058.exe <===== ATTENTION
HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\Run: [A00FAD166C.exe] => C:\DOCUME~1\User\LOCALS~1\Temp\_A00FAD166C.exe <===== ATTENTION
HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\Run: [A00F30EBC10.exe] => C:\DOCUME~1\User\LOCALS~1\Temp\_A00F30EBC10.exe <===== ATTENTION
HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\Run: [A00FCF615B0.exe] => C:\DOCUME~1\User\LOCALS~1\Temp\_A00FCF615B0.exe <===== ATTENTION
HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\Run: [A00F467DE.exe] => C:\DOCUME~1\User\LOCALS~1\Temp\_A00F467DE.exe <===== ATTENTION
HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\Run: [A00F59C30DB.exe] => C:\DOCUME~1\User\LOCALS~1\Temp\_A00F59C30DB.exe <===== ATTENTION
HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\Run: [A00F267815.exe] => C:\DOCUME~1\User\LOCALS~1\Temp\_A00F267815.exe <===== ATTENTION
HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\Run: [A00F70A664E.exe] => C:\DOCUME~1\User\LOCALS~1\Temp\_A00F70A664E.exe <===== ATTENTION
HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\Run: [A00F6546C.exe] => C:\DOCUME~1\User\LOCALS~1\Temp\_A00F6546C.exe <===== ATTENTION
HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\Run: [A00F62A9D7D.exe] => C:\DOCUME~1\User\LOCALS~1\Temp\_A00F62A9D7D.exe <===== ATTENTION
HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\Run: [system tool] => C:\WINDOWS\sysguard.exe [364560 2009-03-05] ()
HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\Run: [A00F3BFC7.exe] => C:\DOCUME~1\User\LOCALS~1\Temp\_A00F3BFC7.exe <===== ATTENTION
HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\Run: [A00F28D80.exe] => C:\DOCUME~1\User\LOCALS~1\Temp\_A00F28D80.exe <===== ATTENTION
HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\Run: [PopRock] => C:\Documents and Settings\User\Local Settings\Temp\e.exe [152576 2009-10-24] () <===== ATTENTION
HKU\S-1-5-18\...\Run: [wow64main.exe] => C:\WINDOWS\TEMP\wow64main.exe <===== ATTENTION
AppInit_DLLs: C:\WINDOWS\System32\dssenh32.dll => C:\WINDOWS\System32\dssenh32.dll [135168 2009-02-01] ()
AppInit_DLLs: C:\WINDOWS\System32\dx8vb32.dll => C:\WINDOWS\System32\dx8vb32.dll [135168 2009-02-01] ()
AppInit_DLLs: C:\WINDOWS\System32\dssenh32.dll => C:\WINDOWS\System32\dssenh32.dll [135168 2009-02-01] ()
AppInit_DLLs: C:\WINDOWS\System32\dssenh32.dll => C:\WINDOWS\System32\dssenh32.dll [135168 2009-02-01] ()
AppInit_DLLs: C:\WINDOWS\System32\dssenh32.dll => C:\WINDOWS\System32\dssenh32.dll [135168 2009-02-01] ()
AppInit_DLLs: c:\windows\system32\wazuhope.dll => c:\windows\system32\wazuhope.dll [89088 2009-07-24] ()
AppInit_DLLs: C:\WINDOWS\System32\dssenh32.dll => C:\WINDOWS\System32\dssenh32.dll [135168 2009-02-01] ()
AppInit_DLLs: c:\windows\system32\sibofuda.dll => c:\windows\system32\sibofuda.dll [90112 2009-07-24] ()
AppInit_DLLs: ,C:\WINDOWS\System32\dssenh32.dll => C:\WINDOWS\System32\dssenh32.dll [135168 2009-02-01] ()
AppInit_DLLs: ,leyoyoji.dll => C:\WINDOWS\system32\leyoyoji.dll [52224 2009-07-24] ()
Lsa: [Notification Packages] scecli jmp32g.dll wojajugi.dll
SSODL: gevowedam - {63365df1-c369-4706-9306-02d0246e257d} - c:\windows\system32\sibofuda.dll ()
SSODL: sigiwosiz - {9205b1d0-62cd-4d46-a5d1-f6306e7c93c3} - c:\windows\system32\sibofuda.dll ()
SSODL: pefamulir - {7997c9c8-269f-4afb-affa-94e1481376ff} - c:\windows\system32\sibofuda.dll ()
SSODL: babumujeg - {c8ff3df5-e2bc-4989-ae32-e6f7b73b1037} - c:\windows\system32\wazuhope.dll ()
BHO: mysidesearch search enhancer -> {F1D79B94-03E2-863F-B0D2-84F9126676BA} -> C:\WINDOWS\system32\mcoqkzujlic.dll [2009-09-09] ()
FF DefaultSearchEngine: Yoog Search
FF DefaultSearchUrl: hxxp://www15.yoog.com/search.php?q=
FF SelectedSearchEngine: Yoog Search
FF Keyword.URL: hxxp://www15.yoog.com/search.php?q=
FF user.js: detected! => C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\mq3tdcno.default\user.js [2009-10-31]
C:\WINDOWS\System32\dssenh32.dll
C:\WINDOWS\System32\dx8vb32.dll
C:\WINDOWS\System32\dssenh32.dll
C:\WINDOWS\System32\dssenh32.dll
C:\WINDOWS\System32\dssenh32.dll
c:\windows\system32\wazuhope.dll
C:\WINDOWS\System32\dssenh32.dll
c:\windows\system32\sibofuda.dll
C:\WINDOWS\System32\dssenh32.dll
C:\WINDOWS\system32\leyoyoji.dll
C:\WINDOWS\svcho.exe
c:\windows\system32\wazuhope.dll
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
*****************

Restore point was successfully created.
C:\WINDOWS\svcho.exe
C:\WINDOWS\svcho.exe => No running process found
C:\DOCUME~1\User\LOCALS~1\Temp\e.exe
[1792] C:\DOCUME~1\User\LOCALS~1\Temp\e.exe => process closed successfully.
C:\DOCUME~1\User\LOCALS~1\Temp\_A00F1E6FF.exe
C:\DOCUME~1\User\LOCALS~1\Temp\_A00F1E6FF.exe => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Nrejidefayoq => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\qoqavedsucue => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\lsdefrag => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\61208421 => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\net => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\dutuzisab => value removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\20190562517" => key removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00EDA4F" => key removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00F4C32" => key removed successfully.
HKU\S-1-5-21-500823600-1963862842-10735164-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F1E6FF.exe => value removed successfully.
HKU\S-1-5-21-500823600-1963862842-10735164-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F529D8D2.exe => value removed successfully.
HKU\S-1-5-21-500823600-1963862842-10735164-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F29CC3.exe => value removed successfully.
HKU\S-1-5-21-500823600-1963862842-10735164-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F3678243.exe => value removed successfully.
HKU\S-1-5-21-500823600-1963862842-10735164-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F611876E.exe => value removed successfully.
HKU\S-1-5-21-500823600-1963862842-10735164-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00FF21B530.exe => value removed successfully.
HKU\S-1-5-21-500823600-1963862842-10735164-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F20CC7.exe => value removed successfully.
HKU\S-1-5-21-500823600-1963862842-10735164-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F21BDB.exe => value removed successfully.
HKU\S-1-5-21-500823600-1963862842-10735164-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F5EA584D.exe => value removed successfully.
HKU\S--5-21-500823600-1963862842-10735164-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F6B3E048.exe => value not found.
HKU\S-1-5-21-500823600-1963862842-10735164-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00FFE794A5.exe => value removed successfully.
HKU\S-1-5-21-500823600-1963862842-10735164-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F33058.exe => value removed successfully.
HKU\S-1-5-21-500823600-1963862842-10735164-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00FAD166C.exe => value removed successfully.
HKU\S-1-5-21-500823600-1963862842-10735164-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F30EBC10.exe => value removed successfully.
HKU\S-1-5-21-500823600-1963862842-10735164-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00FCF615B0.exe => value removed successfully.
HKU\S-1-5-21-500823600-1963862842-10735164-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F467DE.exe => value removed successfully.
HKU\S-1-5-21-500823600-1963862842-10735164-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F59C30DB.exe => value removed successfully.
HKU\S-1-5-21-500823600-1963862842-10735164-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F267815.exe => value removed successfully.
HKU\S-1-5-21-500823600-1963862842-10735164-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F70A664E.exe => value removed successfully.
HKU\S-1-5-21-500823600-1963862842-10735164-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F6546C.exe => value removed successfully.
HKU\S-1-5-21-500823600-1963862842-10735164-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F62A9D7D.exe => value removed successfully.
HKU\S-1-5-21-500823600-1963862842-10735164-1005\Software\Microsoft\Windows\CurrentVersion\Run\\system tool => value removed successfully.
HKU\S-1-5-21-500823600-1963862842-10735164-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F3BFC7.exe => value removed successfully.
HKU\S-1-5-21-500823600-1963862842-10735164-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F28D80.exe => value removed successfully.
HKU\S-1-5-21-500823600-1963862842-10735164-1005\Software\Microsoft\Windows\CurrentVersion\Run\\PopRock => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\wow64main.exe => value removed successfully.
"C:\WINDOWS\System32\dssenh32.dll" => Value data removed successfully..
"C:\WINDOWS\System32\dx8vb32.dll" => Value data removed successfully..
"C:\WINDOWS\System32\dssenh32.dll" => Value data not found.
"C:\WINDOWS\System32\dssenh32.dll" => Value data not found.
"C:\WINDOWS\System32\dssenh32.dll" => Value data not found.
"c:\windows\system32\wazuhope.dll" => Value data removed successfully..
"C:\WINDOWS\System32\dssenh32.dll" => Value data not found.
"c:\windows\system32\sibofuda.dll" => Value data removed successfully..
",C:\WINDOWS\System32\dssenh32.dll" => Value data not found.
",leyoyoji.dll" => Value data removed successfully..
HKLM\System\CurrentControlSet\Control\Lsa\\Notification Packages => value restored successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\gevowedam => value removed successfully.
"HKLM\Software\Classes\CLSID\{63365df1-c369-4706-9306-02d0246e257d}" => key removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\sigiwosiz => value removed successfully.
"HKLM\Software\Classes\CLSID\{9205b1d0-62cd-4d46-a5d1-f6306e7c93c3}" => key removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\pefamulir => value removed successfully.
"HKLM\Software\Classes\CLSID\{7997c9c8-269f-4afb-affa-94e1481376ff}" => key removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\babumujeg => value removed successfully.
"HKLM\Software\Classes\CLSID\{c8ff3df5-e2bc-4989-ae32-e6f7b73b1037}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1D79B94-03E2-863F-B0D2-84F9126676BA}" => key removed successfully.