Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Anti-Virus Pop-ups [Solved]

Started by c0mpn00b , Dec 25 2009 07:27 PM

  • This topic is locked This topic is locked

#1
c0mpn00b
Posted 25 December 2009 - 07:27 PM

c0mpn00b

    New Member

  • Member
  • Pip
  • 3 posts
Thank you so much in advance.

I did follow the required steps.

I'm trying to fix my dad's computer. He gets frequent anti-virus pop-ups, so I tried to install symantec anti-virus; however, the instillation had problems saying the program required C++ runtime to terminate (or something to that effect). So, then I tried to install MBAM, but the instillation ran into problems as well. I think the malware on my dad's computer is preventing me from taking steps to fix it. So I came here and followed as many as the required steps as I could.

I was able to complete the TFC step.

I was able to complete the system restore step.

I was able to complete the ERUNT step.

I was unable to complete the Malwarebytes' Anti-Malware (MBAM) step.

I was unable to complete the GMER Rootkit Scanner step.

I was able to complete the OTL log step and the results are posted below. Also, as I do this something called Sophos Anti-Virus has a popup from the taskbar saying (message 24 of 24) that File C:\WINDOWS\system32\zokipado.dll belongs to virus/spyware Troj/Virtum-Gen. I don't know if that is a genuine anti-virus program that he installed before or if it is Malware itself. Anyway, OTL is posted below:

OTL logfile created on: 12/25/2009 5:26:24 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\smhogen\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 527.00 Mb Available Physical Memory | 52.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 91.79 Gb Total Space | 53.25 Gb Free Space | 58.02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 560A142595
Current User Name: smhogen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/25 17:24:43 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\smhogen\Desktop\OTL.exe
PRC - [2009/12/25 16:37:29 | 00,184,320 | ---- | M] () -- C:\Program Files\Altiris\AClient\AClntUsr.EXE
PRC - [2009/12/25 12:40:52 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/16 22:49:10 | 00,066,560 | ---- | M] (tzuk) -- C:\WINDOWS\srsdllpro.exe
PRC - [2009/09/21 16:36:12 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/09/21 16:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/06 08:23:59 | 00,172,032 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
PRC - [2008/10/06 08:19:35 | 00,069,632 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2008/10/06 08:03:06 | 00,098,304 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2008/08/30 10:18:14 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/19 02:15:38 | 00,106,496 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
PRC - [2008/02/19 02:13:28 | 00,438,272 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
PRC - [2008/01/11 19:54:31 | 00,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2007/08/03 10:04:08 | 00,245,760 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
PRC - [2007/08/01 19:28:48 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/06/08 15:37:55 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2006/09/06 10:05:44 | 01,891,416 | ---- | M] (GARMIN Corp.) -- C:\Garmin\gStart.exe
PRC - [2006/04/14 16:21:00 | 05,005,388 | ---- | M] (Altiris, Inc.) -- C:\Program Files\Altiris\AClient\ACLIENT.EXE
PRC - [2006/04/06 10:51:04 | 00,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2006/03/24 15:30:44 | 00,282,624 | R--- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/03/21 18:03:00 | 00,143,428 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2005/11/07 05:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2004/02/13 17:35:44 | 00,233,472 | ---- | M] (Nikon Corporation) -- C:\Program Files\Nikon\NkView6\NkvMon.exe


========== Modules (SafeList) ==========

MOD - [2009/12/25 17:24:43 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\smhogen\Desktop\OTL.exe
MOD - [2009/09/25 14:02:56 | 00,092,160 | -HS- | M] () -- C:\WINDOWS\system32\kasirora.dll
MOD - [2009/09/11 22:06:52 | 00,051,712 | -HS- | M] () -- C:\WINDOWS\system32\paweharo.dll
MOD - [2009/09/11 22:06:52 | 00,051,712 | -HS- | M] () -- C:\WINDOWS\system32\fedoniko.dll
MOD - [2009/09/11 22:06:52 | 00,051,712 | -HS- | M] () -- C:\WINDOWS\system32\doheyesi.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/09/21 16:36:02 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/06/14 10:07:22 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/10/06 08:23:59 | 00,172,032 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2008/10/06 08:19:35 | 00,069,632 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2008/10/06 08:03:06 | 00,098,304 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2008/08/30 10:18:14 | 00,029,744 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103)
SRV - [2008/02/19 02:15:38 | 00,106,496 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2007/06/08 15:37:55 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/03/20 16:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2006/08/25 12:00:38 | 02,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/04/14 16:21:00 | 05,005,388 | ---- | M] (Altiris, Inc.) [Auto | Running] -- C:\Program Files\Altiris\AClient\AClient.exe -- (AClient)
SRV - [2006/03/21 18:03:00 | 00,143,428 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mesasports.org/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.mpsaz.org:8000

FF - HKLM\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Program Files\Common Files\fluxDVD\Download Manager\Mozilla [2008/07/19 16:11:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/25 12:41:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/25 12:41:08 | 00,000,000 | ---D | M]

[2009/07/31 21:20:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\smhogen\Application Data\Mozilla\Extensions
[2009/12/24 13:24:04 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/07/19 20:22:48 | 00,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de680400}
[2007/05/09 16:52:20 | 00,000,000 | ---D | M] (IE View Lite) -- C:\Program Files\Mozilla Firefox\extensions\{FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}
[2009/12/24 13:24:04 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\defaults\profile\extensions
[2009/08/26 07:59:31 | 00,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Program Files\Mozilla Firefox\defaults\profile\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/01 21:01:33 | 00,000,000 | ---D | M] (IE View Lite) -- C:\Program Files\Mozilla Firefox\defaults\profile\extensions\{FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}
[2007/03/02 06:17:24 | 00,095,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPAPIX.dll
[2007/01/17 04:18:04 | 00,095,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
[2007/12/19 05:57:38 | 00,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2007/07/02 08:42:20 | 00,103,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPMPDRM.dll
[2007/02/20 16:04:02 | 02,463,976 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Program Files\Common Files\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (no name) - {a3b4f889-77ad-4aa0-946c-f83b67a6502d} - C:\WINDOWS\System32\fedoniko.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CinemaNowMediaManagerApp] C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowShell.exe File not found
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [menekuzevi] C:\WINDOWS\System32\doheyesi.dll ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKLM..\Run: [wobewoyob] C:\WINDOWS\System32\kasirora.DLL ()
O4 - HKCU..\Run: [gStart] C:\Garmin\gStart.exe (GARMIN Corp.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [ttool] C:\WINDOWS\srsdllpro.exe (tzuk)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe (Nikon Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: mpsaz.org ([student] https in Local intranet)
O15 - HKCU\..Trusted Domains: mpsaz.org ([stuhs] https in Local intranet)
O15 - HKCU\..Trusted Domains: mpsaz.org ([stujr] https in Local intranet)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1173217972812 (WUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (c:\windows\system32\lavufanu.dll) - C:\WINDOWS\System32\lavufanu.dll File not found
O20 - AppInit_DLLs: (mezutilo.dll) - File not found
O20 - AppInit_DLLs: (paweharo.dll) - C:\WINDOWS\System32\paweharo.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\jiponite.dll) - C:\WINDOWS\System32\jiponite.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\rejanote.dll) - C:\WINDOWS\System32\rejanote.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\kasirora.dll) - C:\WINDOWS\system32\kasirora.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (logon.exe) - C:\WINDOWS\System32\logon.exe ()
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O21 - SSODL: liyikatal - {a68f9828-3a76-48c1-8155-50e1b910ff12} - C:\WINDOWS\System32\lavufanu.dll File not found
O21 - SSODL: misokivob - {f07a28ca-bb47-4a11-a897-2b78647b9550} - C:\WINDOWS\system32\kasirora.dll ()
O22 - SharedTaskScheduler: {a68f9828-3a76-48c1-8155-50e1b910ff12} - gahurihor - C:\WINDOWS\System32\lavufanu.dll File not found
O22 - SharedTaskScheduler: {f07a28ca-bb47-4a11-a897-2b78647b9550} - gahurihor - C:\WINDOWS\system32\kasirora.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/06 13:53:52 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b306e176-9d7b-11dd-bca2-00188bcfabe9}\Shell - "" = AutoRun
O33 - MountPoints2\{b306e176-9d7b-11dd-bca2-00188bcfabe9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b306e176-9d7b-11dd-bca2-00188bcfabe9}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{fe296b20-77d9-11dd-bc72-00188bcfabe9}\Shell\AutoRun\command - "" = E:\WDSetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/03/06 13:53:28 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (206158430208)

========== Files/Folders - Created Within 14 Days ==========

[2009/12/25 17:24:42 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\smhogen\Desktop\OTL.exe
[2009/12/25 16:45:46 | 04,844,272 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\smhogen\Desktop\mbam-setup(2).exe
[2009/12/25 16:45:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/25 16:44:45 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/12/25 16:26:22 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\smhogen\Desktop\erunt_setup.exe
[2009/12/25 16:26:07 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\smhogen\Desktop\SysRestorePoint.exe
[2009/12/25 16:24:41 | 00,410,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\smhogen\Desktop\TFC.exe
[2009/12/25 16:18:36 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/25 16:18:34 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/25 16:18:34 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/25 16:18:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/25 12:56:22 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/12/25 12:54:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smhogen\Local Settings\Application Data\Symantec
[2009/12/25 12:51:53 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009/12/25 12:51:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2009/12/25 12:51:39 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec AntiVirus
[2009/12/25 12:51:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/12/16 22:49:27 | 00,066,560 | ---- | C] (tzuk) -- C:\WINDOWS\srsdllpro.exe
[2009/11/21 19:50:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/10/28 15:25:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2009/07/22 03:00:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/06/15 07:10:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2008/09/16 03:10:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/07/19 16:48:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/07/19 16:36:50 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/07/14 19:11:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple

========== Files - Modified Within 14 Days ==========

[2009/12/25 17:27:12 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\yikopika
[2009/12/25 17:24:43 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\smhogen\Desktop\OTL.exe
[2009/12/25 17:16:45 | 00,086,571 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2009/12/25 17:16:45 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/25 17:16:30 | 00,001,336 | ---- | M] () -- C:\AClient.cfg
[2009/12/25 17:16:29 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/12/25 17:16:20 | 00,063,783 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml
[2009/12/25 17:16:17 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/12/25 17:16:03 | 00,000,298 | ---- | M] () -- C:\WINDOWS\tasks\odyfbkyi.job
[2009/12/25 17:16:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/25 17:15:58 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/25 16:50:44 | 00,284,915 | ---- | M] () -- C:\Documents and Settings\smhogen\Desktop\gmer.zip
[2009/12/25 16:47:07 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/25 16:46:18 | 04,844,272 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\smhogen\Desktop\mbam-setup(2).exe
[2009/12/25 16:44:45 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\smhogen\Desktop\NTREGOPT.lnk
[2009/12/25 16:44:45 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\smhogen\Desktop\ERUNT.lnk
[2009/12/25 16:29:35 | 04,980,736 | -H-- | M] () -- C:\Documents and Settings\smhogen\ntuser.dat
[2009/12/25 16:29:27 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\smhogen\ntuser.ini
[2009/12/25 16:26:24 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\smhogen\Desktop\erunt_setup.exe
[2009/12/25 16:26:07 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\smhogen\Desktop\SysRestorePoint.exe
[2009/12/25 16:24:42 | 00,410,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\smhogen\Desktop\TFC.exe
[2009/12/25 16:03:37 | 00,000,000 | ---- | M] () -- C:\WINDOWS\vpc32.INI
[2009/12/25 12:40:16 | 00,007,680 | ---- | M] () -- C:\Documents and Settings\smhogen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/24 17:22:12 | 00,060,416 | ---- | M] () -- C:\Documents and Settings\smhogen\Desktop\Athletics 2010-2011.doc
[2009/12/16 22:49:10 | 00,066,560 | ---- | M] (tzuk) -- C:\WINDOWS\srsdllpro.exe
[2009/12/16 22:29:19 | 00,076,800 | ---- | M] () -- C:\Documents and Settings\smhogen\Desktop\Product for MLK.doc

========== Files Created - No Company Name ==========

[2009/12/25 16:50:43 | 00,284,915 | ---- | C] () -- C:\Documents and Settings\smhogen\Desktop\gmer.zip
[2009/12/25 16:47:07 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/25 16:44:45 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\smhogen\Desktop\NTREGOPT.lnk
[2009/12/25 16:44:45 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\smhogen\Desktop\ERUNT.lnk
[2009/12/25 16:03:37 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2009/12/25 14:02:58 | 00,000,298 | ---- | C] () -- C:\WINDOWS\tasks\odyfbkyi.job
[2009/12/24 15:15:34 | 00,060,416 | ---- | C] () -- C:\Documents and Settings\smhogen\Desktop\Athletics 2010-2011.doc
[2009/12/16 22:29:19 | 00,076,800 | ---- | C] () -- C:\Documents and Settings\smhogen\Desktop\Product for MLK.doc
[2009/12/06 14:20:53 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\zomuhiwu.dll
[2009/11/01 20:36:39 | 00,018,941 | ---- | C] () -- C:\WINDOWS\microsoftdef.dll
[2009/09/25 14:02:56 | 00,092,160 | -HS- | C] () -- C:\WINDOWS\System32\kasirora.dll
[2009/09/25 14:02:56 | 00,061,440 | -HS- | C] () -- C:\WINDOWS\System32\tavegebi.dll
[2009/09/25 14:02:56 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\mejejaza.dll
[2009/09/25 02:02:21 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\vumehito.dll
[2009/09/24 14:05:05 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\vobulite.dll
[2009/09/24 14:05:05 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\muturebe.dll
[2009/09/19 04:23:26 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\gokefena.dll
[2009/09/19 04:23:26 | 00,037,888 | -HS- | C] () -- C:\WINDOWS\System32\medusuli.dll
[2009/09/18 16:23:11 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\dejufedu.dll
[2009/09/18 16:23:11 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\kuvimulo.dll
[2009/09/17 18:38:30 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\zifubogu.dll
[2009/09/17 18:38:30 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\sadotawa.dll
[2009/09/16 17:20:48 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\govegomu.dll
[2009/09/15 17:10:29 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\yokamuye.dll
[2009/09/15 17:10:29 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\majudusu.dll
[2009/09/14 11:42:37 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\kamideva.dll
[2009/09/13 22:48:57 | 00,092,160 | -HS- | C] () -- C:\WINDOWS\System32\letuyami.dll
[2009/09/13 22:48:57 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\jelulede.dll
[2009/09/13 10:49:07 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\piwihivo.dll
[2009/09/13 10:49:07 | 00,000,001 | -HS- | C] () -- C:\WINDOWS\System32\susopaya.dll
[2009/09/12 12:54:15 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\tewehipo.dll
[2009/09/12 12:54:15 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\zewewegi.dll
[2009/09/11 22:06:52 | 00,051,712 | -HS- | C] () -- C:\WINDOWS\System32\paweharo.dll
[2009/09/11 22:06:52 | 00,051,712 | -HS- | C] () -- C:\WINDOWS\System32\fedoniko.dll
[2009/09/11 22:06:52 | 00,051,712 | -HS- | C] () -- C:\WINDOWS\System32\doheyesi.dll
[2009/09/11 22:06:14 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\hesudobu.dll
[2009/09/11 22:06:14 | 00,051,712 | -HS- | C] () -- C:\WINDOWS\System32\rovoyato.dll
[2009/09/11 22:06:14 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\zoroviro.dll
[2009/09/06 14:18:52 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\buyenayo.dll
[2009/09/05 22:38:30 | 00,092,160 | -HS- | C] () -- C:\WINDOWS\System32\rosovoti.dll
[2009/09/05 22:38:30 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\jigedohu.dll
[2009/09/05 10:39:49 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\yemibumi.dll
[2009/08/29 19:30:45 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\wirijepi.dll
[2009/08/28 21:52:26 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\munemume.dll
[2009/08/28 09:53:18 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\tasasifu.dll
[2009/08/27 21:13:41 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\gupupehi.dll
[2009/08/27 09:14:58 | 00,092,672 | -HS- | C] () -- C:\WINDOWS\System32\yerehute.dll
[2009/08/27 09:14:58 | 00,052,224 | -HS- | C] () -- C:\WINDOWS\System32\doluwuhi.dll
[2009/08/27 09:14:58 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\hetuyevo.dll
[2009/08/22 20:06:56 | 00,092,160 | -HS- | C] () -- C:\WINDOWS\System32\filoloye.dll
[2009/08/22 20:06:56 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\wunipilo.dll
[2009/08/21 19:47:45 | 00,052,224 | -HS- | C] () -- C:\WINDOWS\System32\gedekuye.dll
[2009/08/21 19:47:45 | 00,044,544 | -HS- | C] () -- C:\WINDOWS\System32\loyuwisa.dll
[2009/08/21 19:47:45 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\tarozahi.dll
[2009/08/16 19:06:03 | 00,092,672 | -HS- | C] () -- C:\WINDOWS\System32\sazukojo.dll
[2009/08/16 19:06:03 | 00,051,200 | -HS- | C] () -- C:\WINDOWS\System32\dukotova.dll
[2009/08/16 19:06:02 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\dimadadu.dll
[2009/08/11 21:55:47 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\fovisuga.dll
[2009/08/10 20:03:54 | 00,051,712 | -HS- | C] () -- C:\WINDOWS\System32\yubuguyi.dll
[2009/08/10 20:03:54 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\zokipado.dll
[2009/08/09 20:49:35 | 00,051,200 | -HS- | C] () -- C:\WINDOWS\System32\matidaha.dll
[2009/08/09 20:49:35 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\jotumumu.dll
[2009/08/08 19:44:17 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\foyorere.dll
[2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/01 20:32:54 | 00,093,184 | -HS- | C] () -- C:\WINDOWS\System32\sinehotu.dll
[2009/08/01 20:32:54 | 00,052,224 | -HS- | C] () -- C:\WINDOWS\System32\pujawewo.dll
[2009/07/25 22:09:57 | 00,088,064 | -HS- | C] () -- C:\WINDOWS\System32\sodiluha.dll
[2008/01/18 15:59:23 | 00,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2008/01/18 15:59:23 | 00,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2008/01/18 15:59:23 | 00,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2008/01/18 15:59:09 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2008/01/18 15:59:09 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2008/01/18 15:59:09 | 00,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2008/01/18 15:59:08 | 00,008,975 | ---- | C] () -- C:\WINDOWS\HL-2040.INI
[2008/01/18 15:58:33 | 00,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/11/09 12:17:46 | 00,001,778 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/11/01 10:02:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpmnwun.ini
[2007/10/11 14:05:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2007/07/20 12:16:48 | 00,007,680 | ---- | C] () -- C:\Documents and Settings\smhogen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/11 10:37:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2007/06/11 10:37:02 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2007/06/08 15:47:13 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007/05/09 17:04:31 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/05/09 16:24:30 | 00,000,172 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/05/09 15:30:29 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/03/06 14:33:06 | 00,002,401 | ---- | C] () -- C:\WINDOWS\System32\drivers\AlKernel.sys
[2007/03/06 14:19:19 | 00,000,234 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/03/06 14:09:18 | 00,016,480 | R--- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/03/21 18:03:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/03/21 18:03:00 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/03/21 18:03:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/03/21 18:03:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/03/21 18:03:00 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

========== LOP Check ==========

[2008/07/19 16:11:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fluxDVD
[2008/10/17 17:33:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2008/07/19 16:11:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mpDRM
[2007/11/29 08:12:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2009/09/29 19:13:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/07 20:37:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007/06/23 18:55:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\smhogen\Application Data\Nikon
[2007/05/09 16:14:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\smhogen\Application Data\OfficeUpdate12
[2008/07/19 16:50:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\smhogen\Application Data\Snapfish
[2009/12/25 17:16:03 | 00,000,298 | ---- | M] () -- C:\WINDOWS\Tasks\odyfbkyi.job
[2009/12/25 17:16:17 | 00,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/13 11:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/13 11:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 00:56:44 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 00:56:46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:46 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >

OTL Extras logfile created on: 12/25/2009 5:26:24 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\smhogen\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 527.00 Mb Available Physical Memory | 52.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 91.79 Gb Total Space | 53.25 Gb Free Space | 58.02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 560A142595
Current User Name: smhogen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"1700:TCP" = 1700:TCP:*:Enabled:MioNet Remote Drive Access 0
"1701:TCP" = 1701:TCP:*:Enabled:MioNet Remote Drive Access 1
"1702:TCP" = 1702:TCP:*:Enabled:MioNet Remote Drive Access 2
"1703:TCP" = 1703:TCP:*:Enabled:MioNet Remote Drive Access 3
"1704:TCP" = 1704:TCP:*:Enabled:MioNet Remote Drive Access 4
"1705:TCP" = 1705:TCP:*:Enabled:MioNet Remote Drive Access 5
"1706:TCP" = 1706:TCP:*:Enabled:MioNet Remote Drive Access 6
"1707:TCP" = 1707:TCP:*:Enabled:MioNet Remote Drive Access 7
"1708:TCP" = 1708:TCP:*:Enabled:MioNet Remote Drive Access 8
"1709:TCP" = 1709:TCP:*:Enabled:MioNet Remote Drive Access 9
"1641:TCP" = 1641:TCP:*:Enabled:MioNet Remote Drive Verification
"1647:TCP" = 1647:TCP:*:Enabled:MioNet Storage Device Configuration
"5432:UDP" = 5432:UDP:*:Enabled:MioNet Storage Device Discovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Altiris\AClient\AClntUsr.EXE" = C:\Program Files\Altiris\AClient\AClntUsr.EXE:*:Enabled:AClntUsr - AClient Interactive User Service -- ()
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe" = C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe:*:Enabled:CinemaNow Media Manager -- File not found
"C:\Program Files\Hewlett-Packard\HP MediaSmart\Gateway\HPMediaSmartServicesGatewayService.exe" = C:\Program Files\Hewlett-Packard\HP MediaSmart\Gateway\HPMediaSmartServicesGatewayService.exe:*:Enabled:MediasmartService -- File not found
"C:\Program Files\Hewlett-Packard\HP MediaSmart\Gateway\HP MediaSmart Services Gateway.exe" = C:\Program Files\Hewlett-Packard\HP MediaSmart\Gateway\HP MediaSmart Services Gateway.exe:*:Enabled:MediaSmartTrayApp -- File not found
"C:\Program Files\MioNet\MioNetManager.exe" = C:\Program Files\MioNet\MioNetManager.exe:*:Enabled:MioNetManager -- File not found
"C:\Program Files\MioNet\jvm\bin\MioNet.exe" = C:\Program Files\MioNet\jvm\bin\MioNet.exe:*:Enabled:MioNet -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe:*:Enabled:Acrotray -- (Adobe Systems Inc.)
"C:\WINDOWS\Temp\rdlF.tmp.exe" = C:\WINDOWS\Temp\rdlF.tmp.exe:*:Enabled:rdlF.tmp -- File not found
"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" = C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe:*:Enabled:GoogleUpdaterService -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Disc 2
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{034759DA-E21A-4795-BFB3-C66D17FAD183}" = Sophos Anti-Virus
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{082BDF7B-4810-4599-BF0D-E3AC44EC8524}" = Microsoft ASP.NET 2.0 AJAX Extensions 1.0
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{14220DB1-DD96-4BCD-B3D5-03A4EA6631C4}" = RemoteCapture 2.7.5
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{2236B741-6631-49AE-B76E-3E14CA01CC87}" = RemoteCapture Task
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2D1C2321-8FDB-49B8-A66B-4008DC0B6B5D}" = File Viewer Utility 1.3.2
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{31A57C3E-30DD-421F-B5C7-974DACB0D05F}" = Canon Camera WIA Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.9
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A5D1A94-624A-4D20-B178-3A283B500370}" = Adobe Setup
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}" = Adobe Flash Player 9 Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92CA58DD-4475-461C-828B-4A832B1EC080}" = Noiseware Community Edition
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A29EA741-24F7-4C07-9B2C-06CB6491BE4A}" = Camera Window
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A349ACBB-BFFD-4A5B-9C26-062BB1EA98A1}" = Brother HL-2040
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}" = Nikon View 6
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}" = Canon PhotoRecord
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C347D234-93D8-4595-BDAA-C04638B23B48}" = Adobe Creative Suite 3 Web Premium
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE659AC8-EEF0-4115-AA0C-6500D194FB10}" = Garmin Training Center v5
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F11A403B-0DE9-4953-B790-7A2F014FBB2B}" = PhotoStitch
"{F2E6CAF1-D651-4A74-8CC6-D92FE81FDBCC}" = WD Drive Manager (x86)
"{FAF0DAD8-1EA7-4FEF-80E5-8D8D6EBD5A23}" = RAW Image Task
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.2 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_247961ef275e20c5cb073c36394ac32" = Add or Remove Adobe Creative Suite 3 Web Premium
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"ERUNT_is1" = ERUNT 1.1j
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"hpc470bc" = HP Color LaserJet 4700 PCL 6 (Black) (02/24/2007 61.071.661.41)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{14220DB1-DD96-4BCD-B3D5-03A4EA6631C4}" = Canon Utilities RemoteCapture 2.7
"InstallShield_{2236B741-6631-49AE-B76E-3E14CA01CC87}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{2D1C2321-8FDB-49B8-A66B-4008DC0B6B5D}" = Canon Utilities File Viewer Utility 1.3
"InstallShield_{31A57C3E-30DD-421F-B5C7-974DACB0D05F}" = Canon EOS Kiss REBEL 300D WIA Driver
"InstallShield_{A29EA741-24F7-4C07-9B2C-06CB6491BE4A}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{F11A403B-0DE9-4953-B790-7A2F014FBB2B}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{FAF0DAD8-1EA7-4FEF-80E5-8D8D6EBD5A23}" = Canon RAW Image Task for ZoomBrowser EX
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"VLC media player" = VLC media player 0.9.4
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/8/2009 12:06:25 PM | Computer Name = 560A142595 | Source = Google Update | ID = 20
Description =

Error - 10/8/2009 1:06:34 PM | Computer Name = 560A142595 | Source = Google Update | ID = 20
Description =

Error - 10/8/2009 2:06:34 PM | Computer Name = 560A142595 | Source = Google Update | ID = 20
Description =

Error - 10/8/2009 3:06:34 PM | Computer Name = 560A142595 | Source = Google Update | ID = 20
Description =

Error - 10/8/2009 4:06:34 PM | Computer Name = 560A142595 | Source = Google Update | ID = 20
Description =

Error - 10/8/2009 5:06:34 PM | Computer Name = 560A142595 | Source = Google Update | ID = 20
Description =

Error - 10/8/2009 6:06:34 PM | Computer Name = 560A142595 | Source = Google Update | ID = 20
Description =

Error - 10/8/2009 7:06:34 PM | Computer Name = 560A142595 | Source = Google Update | ID = 20
Description =

Error - 10/16/2009 11:40:51 AM | Computer Name = 560A142595 | Source = Google Update | ID = 20
Description =

Error - 10/16/2009 11:50:31 AM | Computer Name = 560A142595 | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 12/25/2009 7:51:31 PM | Computer Name = 560A142595 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 12/25/2009 7:51:31 PM | Computer Name = 560A142595 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\MFC80U.DLL.
Reference
error message: The operation completed successfully. .

Error - 12/25/2009 8:16:21 PM | Computer Name = 560A142595 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 12/25/2009 8:16:21 PM | Computer Name = 560A142595 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 12/25/2009 8:16:21 PM | Computer Name = 560A142595 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Western Digital\WD
Drive Manager\MFC80.DLL. Reference error message: The operation completed successfully.
.

Error - 12/25/2009 8:16:25 PM | Computer Name = 560A142595 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 12/25/2009 8:16:25 PM | Computer Name = 560A142595 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 12/25/2009 8:16:25 PM | Computer Name = 560A142595 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Western Digital\WD
Drive Manager\MFC80.DLL. Reference error message: The operation completed successfully.
.

Error - 12/25/2009 8:16:50 PM | Computer Name = 560A142595 | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0xc00d2781'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.

Error - 12/25/2009 8:16:50 PM | Computer Name = 560A142595 | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0xc00d2781'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.


< End of report >


Thank you.
  • 0

Advertisements

#2
fenzodahl512
Posted 25 December 2009 - 11:48 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
OTL Fix step

Open OTL then do below..

Copy/paste the following into the Costum Scans/Fixes box and then click on Run Fix button.

:processes
explorer.exe

:OTL
PRC - [2009/12/16 22:49:10 | 00,066,560 | ---- | M] (tzuk) -- C:\WINDOWS\srsdllpro.exe
MOD - [2009/09/25 14:02:56 | 00,092,160 | -HS- | M] () -- C:\WINDOWS\system32\kasirora.dll
MOD - [2009/09/11 22:06:52 | 00,051,712 | -HS- | M] () -- C:\WINDOWS\system32\paweharo.dll
MOD - [2009/09/11 22:06:52 | 00,051,712 | -HS- | M] () -- C:\WINDOWS\system32\fedoniko.dll
MOD - [2009/09/11 22:06:52 | 00,051,712 | -HS- | M] () -- C:\WINDOWS\system32\doheyesi.dll
O4 - HKLM..\Run: [menekuzevi] C:\WINDOWS\System32\doheyesi.dll ()
O4 - HKLM..\Run: [wobewoyob] C:\WINDOWS\System32\kasirora.DLL ()
O4 - HKCU..\Run: [ttool] C:\WINDOWS\srsdllpro.exe (tzuk)
O20 - AppInit_DLLs: (c:\windows\system32\lavufanu.dll) - C:\WINDOWS\System32\lavufanu.dll File not found
O20 - AppInit_DLLs: (mezutilo.dll) - File not found
O20 - AppInit_DLLs: (paweharo.dll) - C:\WINDOWS\System32\paweharo.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\jiponite.dll) - C:\WINDOWS\System32\jiponite.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\rejanote.dll) - C:\WINDOWS\System32\rejanote.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\kasirora.dll) - C:\WINDOWS\system32\kasirora.dll ()
O21 - SSODL: liyikatal - {a68f9828-3a76-48c1-8155-50e1b910ff12} - C:\WINDOWS\System32\lavufanu.dll File not found
O21 - SSODL: misokivob - {f07a28ca-bb47-4a11-a897-2b78647b9550} - C:\WINDOWS\system32\kasirora.dll ()
O22 - SharedTaskScheduler: {a68f9828-3a76-48c1-8155-50e1b910ff12} - gahurihor - C:\WINDOWS\System32\lavufanu.dll File not found
O22 - SharedTaskScheduler: {f07a28ca-bb47-4a11-a897-2b78647b9550} - gahurihor - C:\WINDOWS\system32\kasirora.dll ()
[2009/12/16 22:49:27 | 00,066,560 | ---- | C] (tzuk) -- C:\WINDOWS\srsdllpro.exe
[2009/12/25 17:27:12 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\yikopika
[2009/12/25 17:16:03 | 00,000,298 | ---- | M] () -- C:\WINDOWS\tasks\odyfbkyi.job
[2009/12/16 22:49:10 | 00,066,560 | ---- | M] (tzuk) -- C:\WINDOWS\srsdllpro.exe
[2009/12/25 14:02:58 | 00,000,298 | ---- | C] () -- C:\WINDOWS\tasks\odyfbkyi.job
[2009/12/06 14:20:53 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\zomuhiwu.dll
[2009/11/01 20:36:39 | 00,018,941 | ---- | C] () -- C:\WINDOWS\microsoftdef.dll
[2009/09/25 14:02:56 | 00,092,160 | -HS- | C] () -- C:\WINDOWS\System32\kasirora.dll
[2009/09/25 14:02:56 | 00,061,440 | -HS- | C] () -- C:\WINDOWS\System32\tavegebi.dll
[2009/09/25 14:02:56 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\mejejaza.dll
[2009/09/25 02:02:21 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\vumehito.dll
[2009/09/24 14:05:05 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\vobulite.dll
[2009/09/24 14:05:05 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\muturebe.dll
[2009/09/19 04:23:26 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\gokefena.dll
[2009/09/19 04:23:26 | 00,037,888 | -HS- | C] () -- C:\WINDOWS\System32\medusuli.dll
[2009/09/18 16:23:11 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\dejufedu.dll
[2009/09/18 16:23:11 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\kuvimulo.dll
[2009/09/17 18:38:30 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\zifubogu.dll
[2009/09/17 18:38:30 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\sadotawa.dll
[2009/09/16 17:20:48 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\govegomu.dll
[2009/09/15 17:10:29 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\yokamuye.dll
[2009/09/15 17:10:29 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\majudusu.dll
[2009/09/14 11:42:37 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\kamideva.dll
[2009/09/13 22:48:57 | 00,092,160 | -HS- | C] () -- C:\WINDOWS\System32\letuyami.dll
[2009/09/13 22:48:57 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\jelulede.dll
[2009/09/13 10:49:07 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\piwihivo.dll
[2009/09/13 10:49:07 | 00,000,001 | -HS- | C] () -- C:\WINDOWS\System32\susopaya.dll
[2009/09/12 12:54:15 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\tewehipo.dll
[2009/09/12 12:54:15 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\zewewegi.dll
[2009/09/11 22:06:52 | 00,051,712 | -HS- | C] () -- C:\WINDOWS\System32\paweharo.dll
[2009/09/11 22:06:52 | 00,051,712 | -HS- | C] () -- C:\WINDOWS\System32\fedoniko.dll
[2009/09/11 22:06:52 | 00,051,712 | -HS- | C] () -- C:\WINDOWS\System32\doheyesi.dll
[2009/09/11 22:06:14 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\hesudobu.dll
[2009/09/11 22:06:14 | 00,051,712 | -HS- | C] () -- C:\WINDOWS\System32\rovoyato.dll
[2009/09/11 22:06:14 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\zoroviro.dll
[2009/09/06 14:18:52 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\buyenayo.dll
[2009/09/05 22:38:30 | 00,092,160 | -HS- | C] () -- C:\WINDOWS\System32\rosovoti.dll
[2009/09/05 22:38:30 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\jigedohu.dll
[2009/09/05 10:39:49 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\yemibumi.dll
[2009/08/29 19:30:45 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\wirijepi.dll
[2009/08/28 21:52:26 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\munemume.dll
[2009/08/28 09:53:18 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\tasasifu.dll
[2009/08/27 21:13:41 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\gupupehi.dll
[2009/08/27 09:14:58 | 00,092,672 | -HS- | C] () -- C:\WINDOWS\System32\yerehute.dll
[2009/08/27 09:14:58 | 00,052,224 | -HS- | C] () -- C:\WINDOWS\System32\doluwuhi.dll
[2009/08/27 09:14:58 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\hetuyevo.dll
[2009/08/22 20:06:56 | 00,092,160 | -HS- | C] () -- C:\WINDOWS\System32\filoloye.dll
[2009/08/22 20:06:56 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\wunipilo.dll
[2009/08/21 19:47:45 | 00,052,224 | -HS- | C] () -- C:\WINDOWS\System32\gedekuye.dll
[2009/08/21 19:47:45 | 00,044,544 | -HS- | C] () -- C:\WINDOWS\System32\loyuwisa.dll
[2009/08/21 19:47:45 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\tarozahi.dll
[2009/08/16 19:06:03 | 00,092,672 | -HS- | C] () -- C:\WINDOWS\System32\sazukojo.dll
[2009/08/16 19:06:03 | 00,051,200 | -HS- | C] () -- C:\WINDOWS\System32\dukotova.dll
[2009/08/16 19:06:02 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\dimadadu.dll
[2009/08/11 21:55:47 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\fovisuga.dll
[2009/08/10 20:03:54 | 00,051,712 | -HS- | C] () -- C:\WINDOWS\System32\yubuguyi.dll
[2009/08/10 20:03:54 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\zokipado.dll
[2009/08/09 20:49:35 | 00,051,200 | -HS- | C] () -- C:\WINDOWS\System32\matidaha.dll
[2009/08/09 20:49:35 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\jotumumu.dll
[2009/08/08 19:44:17 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\foyorere.dll
[2009/08/01 20:32:54 | 00,093,184 | -HS- | C] () -- C:\WINDOWS\System32\sinehotu.dll
[2009/08/01 20:32:54 | 00,052,224 | -HS- | C] () -- C:\WINDOWS\System32\pujawewo.dll
[2009/07/25 22:09:57 | 00,088,064 | -HS- | C] () -- C:\WINDOWS\System32\sodiluha.dll

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]

Let it run the fix. A log will then pop-up to your screen after the fix finish.. If it needs a reboot, just let it.. Post that log in your next reply...





Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".


After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..
  • 0

#3
c0mpn00b
Posted 26 December 2009 - 03:24 PM

c0mpn00b

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thank you so much for the help. Here is the information you requested.

The OTL Log:

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== OTL ==========
No active process named srsdllpro.exe was found!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\menekuzevi deleted successfully.
C:\WINDOWS\system32\doheyesi.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\wobewoyob deleted successfully.
C:\WINDOWS\system32\kasirora.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ttool deleted successfully.
C:\WINDOWS\srsdllpro.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\lavufanu.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:mezutilo.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:paweharo.dll deleted successfully.
C:\WINDOWS\system32\paweharo.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\jiponite.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\rejanote.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\kasirora.dll deleted successfully.
File C:\WINDOWS\system32\kasirora.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\liyikatal deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a68f9828-3a76-48c1-8155-50e1b910ff12}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\misokivob not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f07a28ca-bb47-4a11-a897-2b78647b9550}\ not found.
File C:\WINDOWS\system32\kasirora.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{a68f9828-3a76-48c1-8155-50e1b910ff12} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a68f9828-3a76-48c1-8155-50e1b910ff12}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{f07a28ca-bb47-4a11-a897-2b78647b9550} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f07a28ca-bb47-4a11-a897-2b78647b9550}\ not found.
File C:\WINDOWS\system32\kasirora.dll not found.
File C:\WINDOWS\srsdllpro.exe not found.
C:\WINDOWS\system32\yikopika moved successfully.
C:\WINDOWS\tasks\odyfbkyi.job moved successfully.
File C:\WINDOWS\srsdllpro.exe not found.
File C:\WINDOWS\tasks\odyfbkyi.job not found.
C:\WINDOWS\system32\zomuhiwu.dll moved successfully.
C:\WINDOWS\microsoftdef.dll moved successfully.
File C:\WINDOWS\System32\kasirora.dll not found.
C:\WINDOWS\system32\tavegebi.dll moved successfully.
C:\WINDOWS\system32\mejejaza.dll moved successfully.
C:\WINDOWS\system32\vumehito.dll moved successfully.
C:\WINDOWS\system32\vobulite.dll moved successfully.
C:\WINDOWS\system32\muturebe.dll moved successfully.
C:\WINDOWS\system32\gokefena.dll moved successfully.
C:\WINDOWS\system32\medusuli.dll moved successfully.
C:\WINDOWS\system32\dejufedu.dll moved successfully.
C:\WINDOWS\system32\kuvimulo.dll moved successfully.
C:\WINDOWS\system32\zifubogu.dll moved successfully.
C:\WINDOWS\system32\sadotawa.dll moved successfully.
C:\WINDOWS\system32\govegomu.dll moved successfully.
C:\WINDOWS\system32\yokamuye.dll moved successfully.
C:\WINDOWS\system32\majudusu.dll moved successfully.
C:\WINDOWS\system32\kamideva.dll moved successfully.
C:\WINDOWS\system32\letuyami.dll moved successfully.
C:\WINDOWS\system32\jelulede.dll moved successfully.
C:\WINDOWS\system32\piwihivo.dll moved successfully.
C:\WINDOWS\system32\susopaya.dll moved successfully.
C:\WINDOWS\system32\tewehipo.dll moved successfully.
C:\WINDOWS\system32\zewewegi.dll moved successfully.
File C:\WINDOWS\System32\paweharo.dll not found.
C:\WINDOWS\system32\fedoniko.dll moved successfully.
File C:\WINDOWS\System32\doheyesi.dll not found.
C:\WINDOWS\system32\hesudobu.dll moved successfully.
C:\WINDOWS\system32\rovoyato.dll moved successfully.
C:\WINDOWS\system32\zoroviro.dll moved successfully.
C:\WINDOWS\system32\buyenayo.dll moved successfully.
C:\WINDOWS\system32\rosovoti.dll moved successfully.
C:\WINDOWS\system32\jigedohu.dll moved successfully.
C:\WINDOWS\system32\yemibumi.dll moved successfully.
C:\WINDOWS\system32\wirijepi.dll moved successfully.
C:\WINDOWS\system32\munemume.dll moved successfully.
C:\WINDOWS\system32\tasasifu.dll moved successfully.
C:\WINDOWS\system32\gupupehi.dll moved successfully.
C:\WINDOWS\system32\yerehute.dll moved successfully.
C:\WINDOWS\system32\doluwuhi.dll moved successfully.
C:\WINDOWS\system32\hetuyevo.dll moved successfully.
C:\WINDOWS\system32\filoloye.dll moved successfully.
C:\WINDOWS\system32\wunipilo.dll moved successfully.
C:\WINDOWS\system32\gedekuye.dll moved successfully.
C:\WINDOWS\system32\loyuwisa.dll moved successfully.
C:\WINDOWS\system32\tarozahi.dll moved successfully.
C:\WINDOWS\system32\sazukojo.dll moved successfully.
C:\WINDOWS\system32\dukotova.dll moved successfully.
C:\WINDOWS\system32\dimadadu.dll moved successfully.
C:\WINDOWS\system32\fovisuga.dll moved successfully.
C:\WINDOWS\system32\yubuguyi.dll moved successfully.
C:\WINDOWS\system32\zokipado.dll moved successfully.
C:\WINDOWS\system32\matidaha.dll moved successfully.
C:\WINDOWS\system32\jotumumu.dll moved successfully.
C:\WINDOWS\system32\foyorere.dll moved successfully.
C:\WINDOWS\system32\sinehotu.dll moved successfully.
C:\WINDOWS\system32\pujawewo.dll moved successfully.
C:\WINDOWS\system32\sodiluha.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: mrdutch
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: mrfst
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: smhogen
->Temp folder emptied: 930572 bytes
->Temporary Internet Files folder emptied: 367719 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes

User: student
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: teacher
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 3201970 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4.00 mb


OTL by OldTimer - Version 3.1.20.1 log created on 12262009_131716

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


The Combo-Fix Log:

ComboFix 09-12-26.01 - smhogen 12/26/2009 13:58:51.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.500 [GMT -7:00]
Running from: c:\documents and settings\smhogen\Desktop\Combo-Fix.exe
AV: Sophos Anti-Virus *On-access scanning disabled* (Outdated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Microsoft AData
c:\documents and settings\All Users\Microsoft AData\sysnet.dll
c:\documents and settings\All Users\Microsoft AData\t.sid
c:\program files\Personal Guard 2009
c:\program files\Personal Guard 2009\uninstalls.exe
c:\recycler\S-1-5-21-3216893141-2090366531-891339906-500
c:\windows\certsystem.exe
c:\windows\regred.exe
c:\windows\securits.com
c:\windows\spoov.exe
c:\windows\system32\jivuvomo.dll
c:\windows\system32\logon.exe
c:\windows\system32\ndisapi.dll
c:\windows\system32\pozimadu.dll
c:\windows\system32\wibotelo.dll
c:\windows\usexplorer.exe

----- BITS: Possible infected sites -----

hxxp://82.98.235.39
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NDISRD
-------\Service_NDISRD


((((((((((((((((((((((((( Files Created from 2009-11-26 to 2009-12-26 )))))))))))))))))))))))))))))))
.

2009-12-26 20:17 . 2009-12-26 20:17 -------- d-----w- C:\_OTL
2009-12-25 23:44 . 2009-12-25 23:45 -------- d-----w- c:\program files\ERUNT
2009-12-25 23:18 . 2009-12-03 23:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-25 23:18 . 2009-12-25 23:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-25 23:18 . 2009-12-25 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-25 23:18 . 2009-12-03 23:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-25 19:54 . 2009-12-25 19:54 -------- d-----w- c:\documents and settings\smhogen\Local Settings\Application Data\Symantec
2009-12-25 19:51 . 2009-12-25 23:06 -------- d-----w- c:\program files\Symantec
2009-12-25 19:51 . 2009-12-25 23:06 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-25 19:51 . 2009-12-25 23:06 -------- d-----w- c:\program files\Symantec AntiVirus
2009-12-25 19:51 . 2009-12-25 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-12-06 21:21 . 2009-12-06 21:21 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-12-06 21:20 . 2009-12-06 21:20 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-02 15:09 . 2007-03-06 21:33 2401 ----a-w- c:\windows\system32\drivers\AlKernel.sys
2009-12-02 14:57 . 2007-03-06 21:32 41 ----a-w- C:\AClient.dat
2009-11-28 20:34 . 2007-07-20 19:00 -------- d-----w- c:\program files\Google
2009-11-28 20:01 . 2007-06-08 22:41 -------- d-----w- c:\program files\Bonjour
2009-11-22 02:50 . 2008-09-01 04:02 -------- d-----w- c:\program files\Picasa2
2009-11-09 02:55 . 2009-11-09 02:55 -------- d-----w- c:\program files\Angle Interactive
2009-09-30 15:02 . 2007-03-06 21:11 86571 ----a-w- c:\windows\system32\nvModes.dat
2008-08-30 17:18 . 2007-07-20 19:04 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-09-26 20:17 . 2009-09-26 20:17 92160 --sha-w- c:\windows\system32\yibavisu.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-02 68856]
"gStart"="c:\garmin\gStart.exe" [2006-09-06 1891416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-22 7557120]
"nwiz"="nwiz.exe" [2006-03-22 1519616]
"NVHotkey"="nvHotkey.dll" [2006-03-22 73728]
"AClntUsr"="c:\program files\Altiris\AClient\AClntUsr.EXE" [2009-12-26 184320]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-06 49152]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-12 623992]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-30 29744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-02-19 438272]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2007-8-3 245760]
NkvMon.exe.lnk - c:\program files\Nikon\NkView6\NkvMon.exe [2007-6-23 233472]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Altiris\\AClient\\AClntUsr.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\Acrotray.exe"=
"c:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery

R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [12/5/2007 11:49 AM 104704]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [12/5/2007 11:49 AM 35584]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [10/6/2008 8:19 AM 69632]
R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [10/6/2008 8:03 AM 98304]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2/19/2008 2:15 AM 106496]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/20/2007 12:04 PM 29744]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [10/6/2008 8:15 AM 14976]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mesasports.org/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = proxy.mpsaz.org:8000
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

BHO-{a3b4f889-77ad-4aa0-946c-f83b67a6502d} - fedoniko.dll
HKLM-Run-CinemaNowMediaManagerApp - c:\program files\CinemaNow\CinemaNow Media Manager\CinemanowShell.exe
HKLM-Run-wobewoyob - c:\windows\system32\wibotelo.dll
SharedTaskScheduler-{bc1e729e-e33f-49e0-abcf-2484cd648399} - c:\windows\system32\kasirora.dll
SharedTaskScheduler-{903590f4-0a1a-4d7c-8349-5bf61a088707} - c:\windows\system32\wibotelo.dll
SSODL-fokedopov-{bc1e729e-e33f-49e0-abcf-2484cd648399} - c:\windows\system32\kasirora.dll
SSODL-jutivubif-{903590f4-0a1a-4d7c-8349-5bf61a088707} - c:\windows\system32\wibotelo.dll
Notify-NavLogon - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-26 14:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7d,b3,80,e9,42,9b,ad,41,86,3e,3e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7d,b3,80,e9,42,9b,ad,41,86,3e,3e,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4060)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\windows\system32\rundll32.exe
c:\program files\Altiris\AClient\AClient.exe
c:\windows\stsystra.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Sophos\AutoUpdate\ALsvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2009-12-26 14:20:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-26 21:20

Pre-Run: 57,065,541,632 bytes free
Post-Run: 56,774,135,808 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - D9BEDA0BEAC37FFA7F26E56550868B36


Thank you so much!
  • 0

#4
fenzodahl512
Posted 26 December 2009 - 04:35 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
OTL Fix step

Open OTL then do below..

Copy/paste the following into the Costum Scans/Fixes box and then click on Run Fix button.

:processes
explorer.exe

:files
c:\windows\system32\yibavisu.dll

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]

Let it run the fix. A log will then pop-up to your screen after the fix finish.. If it needs a reboot, just let it.. Post that log in your next reply...





Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

How's the computer now? :)
  • 0

#5
c0mpn00b
Posted 27 December 2009 - 03:24 AM

c0mpn00b

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thank you so much for your time! Things seem to be working much better. I haven't had a pop-up in the time I've been using it so far. MBAM and the ESET found a lot of problems, but hopefully they were fixed! Here are the requested logs.

OTL Log:

All processes killed
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== FILES ==========
c:\windows\system32\yibavisu.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: mrdutch
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: mrfst
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: smhogen
->Temp folder emptied: 17704 bytes
->Temporary Internet Files folder emptied: 1237081 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes

User: student
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: teacher
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 439 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.00 mb


OTL by OldTimer - Version 3.1.20.1 log created on 12262009_163401

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


MBAM Log:

Malwarebytes' Anti-Malware 1.42
Database version: 3436
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/26/2009 8:52:18 PM
mbam-log-2009-12-26 (20-52-18).txt

Scan type: Full Scan (C:\|)
Objects scanned: 297912
Time elapsed: 1 hour(s), 7 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 42

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\RD2010 (Rogue.RegDefender) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Angle Interactive\RD2010 (Rogue.RegDefender) -> Quarantined and deleted successfully.

Files Infected:
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Microsoft AData\sysnet.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\Personal Guard 2009\uninstalls.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A1D4CD48-4B0C-459E-8DEE-CC1C15014EAC}\RP424\A0089710.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A1D4CD48-4B0C-459E-8DEE-CC1C15014EAC}\RP425\A0090280.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A1D4CD48-4B0C-459E-8DEE-CC1C15014EAC}\RP425\A0090513.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A1D4CD48-4B0C-459E-8DEE-CC1C15014EAC}\RP425\A0090235.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A1D4CD48-4B0C-459E-8DEE-CC1C15014EAC}\RP425\A0090236.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A1D4CD48-4B0C-459E-8DEE-CC1C15014EAC}\RP425\A0090237.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A1D4CD48-4B0C-459E-8DEE-CC1C15014EAC}\RP425\A0090247.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A1D4CD48-4B0C-459E-8DEE-CC1C15014EAC}\RP425\A0090255.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A1D4CD48-4B0C-459E-8DEE-CC1C15014EAC}\RP425\A0090265.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A1D4CD48-4B0C-459E-8DEE-CC1C15014EAC}\RP425\A0090279.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A1D4CD48-4B0C-459E-8DEE-CC1C15014EAC}\RP425\A0090300.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A1D4CD48-4B0C-459E-8DEE-CC1C15014EAC}\RP425\A0090301.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A1D4CD48-4B0C-459E-8DEE-CC1C15014EAC}\RP425\A0090281.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A1D4CD48-4B0C-459E-8DEE-CC1C15014EAC}\RP425\A0090282.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A1D4CD48-4B0C-459E-8DEE-CC1C15014EAC}\RP425\A0090298.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A1D4CD48-4B0C-459E-8DEE-CC1C15014EAC}\RP425\A0090299.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A1D4CD48-4B0C-459E-8DEE-CC1C15014EAC}\RP425\A0090386.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A1D4CD48-4B0C-459E-8DEE-CC1C15014EAC}\RP425\A0090397.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A1D4CD48-4B0C-459E-8DEE-CC1C15014EAC}\RP425\A0090399.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A1D4CD48-4B0C-459E-8DEE-CC1C15014EAC}\RP425\A0090400.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A1D4CD48-4B0C-459E-8DEE-CC1C15014EAC}\RP425\A0090401.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A1D4CD48-4B0C-459E-8DEE-CC1C15014EAC}\RP425\A0090478.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A1D4CD48-4B0C-459E-8DEE-CC1C15014EAC}\RP426\A0090569.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A1D4CD48-4B0C-459E-8DEE-CC1C15014EAC}\RP427\A0090586.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A1D4CD48-4B0C-459E-8DEE-CC1C15014EAC}\RP431\A0090845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A1D4CD48-4B0C-459E-8DEE-CC1C15014EAC}\RP431\A0090849.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A1D4CD48-4B0C-459E-8DEE-CC1C15014EAC}\RP433\A0090980.exe (Rogue.RegDefender) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A1D4CD48-4B0C-459E-8DEE-CC1C15014EAC}\RP433\A0090989.exe (Rogue.RegDefender) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A1D4CD48-4B0C-459E-8DEE-CC1C15014EAC}\RP448\A0092849.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A1D4CD48-4B0C-459E-8DEE-CC1C15014EAC}\RP448\A0092850.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\srsdllpro.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\dimadadu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\fovisuga.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\matidaha.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\pujawewo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\sazukojo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\sodiluha.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\yubuguyi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\zokipado.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD2010\check.txt (Rogue.RegDefender) -> Quarantined and deleted successfully.


ESET Log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=9a14ea1b89aa284498ed3e6f4f761720
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-12-27 05:30:02
# local_time=2009-12-26 10:30:02 (-0700, US Mountain Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=8449 16775145 100 99 33200946 68108851 0 0
# scanned=144538
# found=41
# cleaned=41
# scan_time=3712
C:\Qoobox\Quarantine\C\WINDOWS\system32\_logon_.exe.zip a variant of Win32/Kryptik.AJB trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\buyenayo.dll a variant of Win32/Kryptik.BJG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\dejufedu.dll a variant of Win32/Adware.Virtumonde.NGN application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\doheyesi.dll a variant of Win32/Adware.SuperJuan.J application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\doluwuhi.dll a variant of Win32/Adware.SuperJuan.P application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\dukotova.dll a variant of Win32/Kryptik.BBO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\fedoniko.dll a variant of Win32/Adware.SuperJuan.J application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\filoloye.dll a variant of Win32/Kryptik.BEH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\foyorere.dll a variant of Win32/AntiAV.NDE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\gedekuye.dll a variant of Win32/Kryptik.BEH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\gokefena.dll a variant of Win32/Adware.Virtumonde.NGN application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\govegomu.dll a variant of Win32/KillAV.NHG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\gupupehi.dll Win32/KillAV.NFM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\hetuyevo.dll a variant of Win32/KillAV.NGW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\jelulede.dll a variant of Win32/KillAV.NGE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\jigedohu.dll a variant of Win32/Kryptik.BJG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\jotumumu.dll a variant of Win32/KillAV.NGO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\kamideva.dll a variant of Win32/KillAV.NGE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\kuvimulo.dll a variant of Win32/KillAV.NHI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\letuyami.dll a variant of Win32/Adware.Virtumonde.NFX application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\loyuwisa.dll a variant of Win32/KillAV.NGN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\majudusu.dll a variant of Win32/KillAV.NGE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\medusuli.dll a variant of Win32/KillAV.NHI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\munemume.dll a variant of Win32/Kryptik.BGQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\paweharo.dll a variant of Win32/Adware.SuperJuan.J application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\piwihivo.dll a variant of Win32/KillAV.NGE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\rosovoti.dll a variant of Win32/Kryptik.BJG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\rovoyato.dll a variant of Win32/Adware.SuperJuan.J application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\sadotawa.dll a variant of Win32/KillAV.NHG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\sinehotu.dll Win32/KillAV.NFM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\tarozahi.dll a variant of Win32/KillAV.NGN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\tasasifu.dll a variant of Win32/Kryptik.BGQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\tewehipo.dll a variant of Win32/Adware.Virtumonde.NFX application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\wirijepi.dll a variant of Win32/Kryptik.BGQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\wunipilo.dll a variant of Win32/Kryptik.BEH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\yemibumi.dll a variant of Win32/Kryptik.BJG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\yerehute.dll a variant of Win32/Adware.Virtumonde.NGL application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\yokamuye.dll a variant of Win32/Adware.Virtumonde.NFX application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\zewewegi.dll a variant of Win32/KillAV.NGE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\zifubogu.dll a variant of Win32/Adware.Virtumonde.NGM application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12262009_131716\C_WINDOWS\system32\zomuhiwu.dll a variant of Win32/Kryptik.BJG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  • 0

#6
fenzodahl512
Posted 27 December 2009 - 03:44 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Looks good to me.. Lets do some cleanup...


Please download OTC and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTC
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes



Please read these excellent articles write by my friends:
Preventing Malware and Safe Computing by Rorschach112
What makes your machine slow? by Artellos


Also, please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware


Read these great info's about safe internet surfing..

http://www.pcpitstop...safesurfing.asp
http://bluefive.pair...afe_surfing.htm




Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :)



Have a safe and happy computing day!


Regards
fenzodahl512
  • 0

#7
fenzodahl512
Posted 01 January 2010 - 02:08 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP