[sendme10]

I picked up some type of computer infection that appears to be called AntiMalware GO IE is not working but AOL is. malware bytes didn't pick up anything here is a rouge killer result:
RogueKiller V4.0.1 by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: dan [Admin rights]
Mode: Scan -- Time : 01/02/2011 17:00:40

Bad processes: 0

Registry Entries: 4
[APPDT/TMP/PF ROGUE] HKCU\[...]\Run : mhonbclv (C:\Users\dan\AppData\Local\Temp\qvkhlhqkm\onlbdiuhmof.exe) -> FOUND
[APPDT/TMP/PF ROGUE] HKUS\S-1-5-21-668587658-2659903005-2207730885-1000[...]\Run : mhonbclv (C:\Users\dan\AppData\Local\Temp\qvkhlhqkm\onlbdiuhmof.exe) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (http=127.0.0.1:33440) -> FOUND

HOSTS File:
127.0.0.1 localhost
::1 localhost


Finished




RogueKiller V4.0.1 by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: dan [Admin rights]
Mode: Scan -- Time : 28/02/2011 17:13:51

Bad processes: 0

Registry Entries: 4
[APPDT/TMP/PF ROGUE] HKCU\[...]\Run : mhonbclv (C:\Users\dan\AppData\Local\Temp\qvkhlhqkm\onlbdiuhmof.exe) -> FOUND
[APPDT/TMP/PF ROGUE] HKUS\S-1-5-21-668587658-2659903005-2207730885-1000[...]\Run : mhonbclv (C:\Users\dan\AppData\Local\Temp\qvkhlhqkm\onlbdiuhmof.exe) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (http=127.0.0.1:33440) -> FOUND

HOSTS File:
127.0.0.1 localhost
::1 localhost


Finished




RogueKiller V4.0.1 by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: dan [Admin rights]
Mode: Remove -- Time : 28/02/2011 17:14:51

Bad processes: 0

Registry Entries: 3
[APPDT/TMP/PF ROGUE] HKCU\[...]\Run : mhonbclv (C:\Users\dan\AppData\Local\Temp\qvkhlhqkm\onlbdiuhmof.exe) -> DELETED
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> NOT REMOVED, USE PROXYFIX
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (http=127.0.0.1:33440) -> NOT REMOVED, USE PROXYFIX

HOSTS File:
127.0.0.1 localhost
::1 localhost


Finished




RogueKiller V4.0.1 by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: dan [Admin rights]
Mode: Scan -- Time : 28/02/2011 17:24:36

Bad processes: 0

Registry Entries: 2
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (http=127.0.0.1:33440) -> FOUND

HOSTS File:
127.0.0.1 localhost
::1 localhost


Finished




RogueKiller V4.0.1 by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: dan [Admin rights]
Mode: Scan -- Time : 27/02/2011 22:11:40

Bad processes: 0

Registry Entries: 0

HOSTS File:
127.0.0.1 localhost
::1 localhost


Finished




RogueKiller V4.0.1 by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: dan [Admin rights]
Mode: Scan -- Time : 27/02/2011 22:15:09

Bad processes: 0

Registry Entries: 0

HOSTS File:
127.0.0.1 localhost
::1 localhost


Finished




RogueKiller V4.0.1 by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: dan [Admin rights]
Mode: Remove -- Time : 27/02/2011 22:15:28

Bad processes: 0

Registry Entries: 0

HOSTS File:
127.0.0.1 localhost
::1 localhost


Finished




RogueKiller V4.0.1 by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: dan [Admin rights]
Mode: Scan -- Time : 27/02/2011 22:29:46

Bad processes: 1
[APPDATA/TEMP/DESKTOP] HijackThis.exe -- c:\users\dan\desktop\hijackthis.exe -> KILLED

Registry Entries: 0

HOSTS File:
127.0.0.1 localhost
::1 localhost


Finished

[Advertisements]

In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.
Now Run OTL (Step 2 in the guidelines in the top post of the Malware Removal forum
http://www.geekstogo...uide-t2852.html )
and copy and paste both your OTL and Extras logs into a reply.



Ron

[RKinner]

In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.
Now Run OTL (Step 2 in the guidelines in the top post of the Malware Removal forum
http://www.geekstogo...uide-t2852.html )
and copy and paste both your OTL and Extras logs into a reply.



Ron