Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Malware won't allow me to install malwarebyte. can't open the

Started by el_jack , May 04 2011 10:52 AM

This topic is locked

#1
el_jack

Posted 04 May 2011 - 10:52 AM

Member

Member
110 posts

I have a virus that will not allow Malwarebyte to run. it does not install properly. The virus sends messages that the system has been infected. It installs and cuts off during the updates. I click on the desktop icon and it "searches for missing shortcut. I don't know how to work around this situation. If someone has had this problem and a possesses workable solution please lead me in the right direction. olt.com ran but found nothing. The virus won't allow notepad.txt to launch. I found some strange names in the startup tab in system configuration Utility. The items are: msilojzb, Usiqevoyoxaj and laninejo. They are all Rondll32.exe

system windows professional x 64
dell inspirion 1501

Thanks alot

#2
Essexboy

Posted 04 May 2011 - 01:39 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi there first try this and then follow up with the analysis scan

Download RogueKiller to your desktop

Quit all running programs
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
When prompted, type 1 and validate
The RKreport.txt shall be generated next to the executable.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

THEN

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs

#3
el_jack

Posted 04 May 2011 - 03:20 PM

Member

Topic Starter
Member
110 posts

Hello

I ran the rogue killer. the virus stops it soon after i select 1 to start the scan. The otl runs its course but the virus will not allow notepad to open so it can not save the results.

How do I open notepad or how can the system open it for the otl app?

Thanks

#4
Essexboy

Posted 04 May 2011 - 03:25 PM

GeekU Moderator

Retired Staff
69,964 posts

Did you rename roguekiller to winlogon ?

Could you try in safe mode if that fails

#5
el_jack

Posted 04 May 2011 - 03:47 PM

Member

Topic Starter
Member
110 posts

here is the results from the roguekiller. I changed the name as suggested and it worked thanks

RogueKiller V5.1.0 [05/02/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows XP (5.1.2600 SerWStarted in : Normal mode
User: HHA [Admin rights]
Mode: Scan -- Date : 05/04/2011 16:39:13

Bad processes: 1
[RESIDUE] laninejo.dll -- c:\windows\system32\laninejo.dll -> KILLED

Registry Entries: 23
[BLACKLIST DLL] HKCU\[...]\Run : notepad (rundll32.exe C:\WINDOWS\system32\config\SYSTEM~1\ntload.dll,_IWMPEvents@0) -> FOUND
[APPDT/TMP/DESKTOP] HKCU\[...]\Run : ygua8e7yhuiesfha876yfauy8fe (C:\DOCUME~1\HHA\LOCALS~1\Temp\ds00k.exe) -> FOUND
[APPDT/TMP/DESKTOP] HKCU\[...]\Run : asg984jgkfmgasi8ug98jgkfgfb (C:\DOCUME~1\HHA\LOCALS~1\Temp\win32.exe) -> FOUND
[APPDT/TMP/DESKTOP] HKCU\[...]\Run : kaxplaka (C:\Documents and Settings\HHA\Local Settings\Application Data\chgmna\uemjsysguard.exe) -> FOUND
[BLACKLIST DLL] HKLM\[...]\Run : notepad (rundll32.exe C:\WINDOWS\system32\notepad.dll,_IWMPEvents@0) -> FOUND
[APPDT/TMP/DESKTOP] HKLM\[...]\Run : kaxplaka (C:\Documents and Settings\HHA\Local Settings\Application Data\chgmna\uemjsysguard.exe) -> FOUND
[BLACKLIST DLL] HKLM\[...]\Run : yejokepor (Rundll32.exe "c:\windows\system32\laninejo.dll",a) -> FOUND
[BLACKLIST DLL] HKLM\[...]\Run : Wcaqiq (rundll32.exe "C:\WINDOWS\usiqevoyoxaj.dll",e) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-2174217116-4051744875-3750064960-1008[...]\Run : notepad (rundll32.exe C:\WINDOWS\system32\config\SYSTEM~1\ntload.dll,_IWMPEvents@0) -> FOUND
[APPDT/TMP/DESKTOP] HKUS\S-1-5-21-2174217116-4051744875-3750064960-1008[...]\Run : ygua8e7yhuiesfha876yfauy8fe (C:\DOCUME~1\HHA\LOCALS~1\Temp\ds00k.exe) -> FOUND
[APPDT/TMP/DESKTOP] HKUS\S-1-5-21-2174217116-4051744875-3750064960-1008[...]\Run : asg984jgkfmgasi8ug98jgkfgfb (C:\DOCUME~1\HHA\LOCALS~1\Temp\win32.exe) -> FOUND
[APPDT/TMP/DESKTOP] HKUS\S-1-5-21-2174217116-4051744875-3750064960-1008[...]\Run : kaxplaka (C:\Documents and Settings\HHA\Local Settings\Application Data\chgmna\uemjsysguard.exe) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{CB06DD94-72C7-4901-A89D-DDE55C5C7F21} : NameServer (83.149.115.157,4.2.2.1) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{DE51BFCB-C3B7-42F4-9531-F5A2408AF616} : NameServer (83.149.115.157,4.2.2.1) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{CB06DD94-72C7-4901-A89D-DDE55C5C7F21} : NameServer (83.149.115.157,4.2.2.1) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{DE51BFCB-C3B7-42F4-9531-F5A2408AF616} : NameServer (83.149.115.157,4.2.2.1) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (1) -> FOUND
[HJPOL] HKCU\[...]\Explorer : NoFolderOptions (1) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> FOUND

HOSTS File:
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#6
el_jack

Posted 04 May 2011 - 04:46 PM

Member

Topic Starter
Member
110 posts

hello here is the otl.text file there was no extras.txt file that was generated the roguekiller txt is above this post

Thanks

OTL logfile created on: 5/4/2011 5:19:32 PM - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\HHA\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
5.00 Gb Paging File | 3.00 Gb Available in Paging File | 53.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.14 Gb Total Space | 24.84 Gb Free Space | 48.57% Space Free | Partition Type: NTFS
Drive D: | 103.43 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 1.92 Gb Total Space | 1.90 Gb Free Space | 99.23% Space Free | Partition Type: FAT32

Computer Name: HHA01 | User Name: HHA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/04 10:48:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HHA\Desktop\OTL.com
PRC - [2009/12/14 10:48:06 | 000,019,968 | ---- | M] () -- C:\WINDOWS\system32\winupdate86.exe
PRC - [2009/09/09 12:48:03 | 000,042,496 | ---- | M] (PROMO Software) -- C:\WINDOWS\system32\drivers\smss.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/01/11 20:54:31 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/09/20 15:13:46 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2007/09/20 15:11:53 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/05 11:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/11/05 10:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006/09/22 11:06:26 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/01/02 16:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2004/11/03 16:03:00 | 000,125,528 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1190319181\EE\AOLHostManager.exe
PRC - [2004/11/03 16:03:00 | 000,110,680 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1190319181\EE\AOLServiceHost.exe
PRC - [2004/10/20 08:40:04 | 000,034,904 | R--- | M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
PRC - [2004/10/20 08:40:04 | 000,010,328 | R--- | M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/10/18 17:42:18 | 000,079,448 | ---- | M] () -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
PRC - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 15:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PRC - [2004/08/04 05:00:00 | 000,042,496 | ---- | M] (Netopsystems AG) -- C:\WINDOWS\system32\FastNetSrv.exe

========== Modules (SafeList) ==========

MOD - [2099/01/01 12:00:00 | 000,093,696 | -HS- | M] () -- C:\WINDOWS\system32\laninejo.dll
MOD - [2011/05/04 10:48:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HHA\Desktop\OTL.com
MOD - [2009/09/22 10:52:50 | 000,053,760 | -HS- | M] () -- C:\WINDOWS\system32\wowuputi.dll
MOD - [2009/03/21 09:18:57 | 000,029,696 | -HS- | M] (Microsoft) -- C:\WINDOWS\system32\notepad.dll
MOD - [2007/03/08 10:36:28 | 000,176,128 | ---- | M] () -- C:\WINDOWS\usiqevoyoxaj.dll
MOD - [2006/08/25 08:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2005/07/07 14:26:04 | 000,004,608 | R--- | M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\WLHook.dll
MOD - [2004/08/04 05:00:00 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lz32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/05/19 16:17:14 | 001,475,936 | ---- | M] (Trend Micro Inc.) [Disabled | Stopped] -- C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe -- (PcCtlCom)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/09/20 15:11:53 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/11/09 16:04:02 | 000,566,872 | ---- | M] (Trend Micro Inc.) [Disabled | Stopped] -- C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe -- (tmproxy)
SRV - [2006/11/09 16:03:42 | 000,923,216 | ---- | M] (Trend Micro Inc.) [Disabled | Stopped] -- C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe -- (TmPfw)
SRV - [2006/09/25 15:26:26 | 000,345,696 | ---- | M] (Trend Micro Inc.) [Disabled | Stopped] -- C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe -- (Tmntsrv)
SRV - [2004/10/20 08:40:04 | 000,010,328 | R--- | M] (America Online) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2004/08/04 05:00:00 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\6to4v32.dll -- (6to4)
SRV - [2004/08/04 05:00:00 | 000,042,496 | ---- | M] (Netopsystems AG) [Auto | Running] -- C:\WINDOWS\system32\FastNetSrv.exe -- (fastnetsrv)

========== Driver Services (SafeList) ==========

DRV - [2009/09/11 01:34:00 | 000,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cb381f72.sys -- (cb381f72)
DRV - [2008/11/26 18:42:42 | 000,205,328 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2008/11/26 18:42:40 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2008/11/26 18:39:56 | 001,195,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint)
DRV - [2007/12/05 15:47:42 | 000,020,640 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{FBEA8B78-1B22F121-05040000})
DRV - [2007/09/20 15:13:49 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2007/04/19 11:09:42 | 000,194,048 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2007/04/19 11:09:42 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2007/04/19 11:09:42 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2007/03/16 10:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/09 16:04:20 | 000,280,392 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2006/11/09 16:04:20 | 000,073,288 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2006/10/11 12:43:56 | 001,777,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/09/22 11:06:26 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/17 13:55:16 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/08/12 16:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/14 23:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2004/08/04 05:00:00 | 000,002,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\winsts.sys -- (winsts)
DRV - [2003/01/10 15:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/11/26 14:54:58 | 000,016,936 | ---- | M] (Smith Micro Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMNDIS5.sys -- (SMNDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070920
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070920

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070920
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070920
IE - HKU\.DEFAULT\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070920
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070920
IE - HKU\S-1-5-18\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2174217116-4051744875-3750064960-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070920
IE - HKU\S-1-5-21-2174217116-4051744875-3750064960-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2174217116-4051744875-3750064960-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2174217116-4051744875-3750064960-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-2174217116-4051744875-3750064960-1008\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKU\S-1-5-21-2174217116-4051744875-3750064960-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

FF - HKLM\software\mozilla\Firefox\Extensions\\{412156D7-BA37-447D-A2BB-690F26A6ED62}: C:\Documents and Settings\HHA\Local Settings\Application Data\{412156D7-BA37-447D-A2BB-690F26A6ED62} [2009/09/09 00:46:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{70792061-6446-436C-BC17-AE8A4069451A}: C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{70792061-6446-436C-BC17-AE8A4069451A}\ [2009/12/08 17:25:41 | 000,000,000 | ---D | M]

[2009/10/19 17:21:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HHA\Application Data\Mozilla\Extensions
[2009/10/19 17:21:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HHA\Application Data\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2174217116-4051744875-3750064960-1008\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [%PROVIDERID%] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Acrobat Speed Launch] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Synchronizer] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AOL Spyware Protection] C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe ()
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (America Online)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1190319181\EE\AOLHostManager.exe (America Online, Inc.)
O4 - HKLM..\Run: [kaxplaka] C:\Documents and Settings\HHA\Local Settings\Application Data\chgmna\uemjsysguard.exe (tzuk)
O4 - HKLM..\Run: [My Web Search Bar] C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O4 - HKLM..\Run: [notepad] C:\WINDOWS\System32\notepad.dll (Microsoft)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Wcaqiq] C:\WINDOWS\usiqevoyoxaj.dll ()
O4 - HKLM..\Run: [winupdate86.exe] C:\WINDOWS\system32\winupdate86.exe ()
O4 - HKLM..\Run: [yejokepor] C:\WINDOWS\System32\laninejo.dll ()
O4 - HKU\S-1-5-21-2174217116-4051744875-3750064960-1008..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\Documents and Settings\HHA\Local Settings\Temp\win32.exe ()
O4 - HKU\S-1-5-21-2174217116-4051744875-3750064960-1008..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-2174217116-4051744875-3750064960-1008..\Run: [kaxplaka] C:\Documents and Settings\HHA\Local Settings\Application Data\chgmna\uemjsysguard.exe (tzuk)
O4 - HKU\S-1-5-21-2174217116-4051744875-3750064960-1008..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKU\S-1-5-21-2174217116-4051744875-3750064960-1008..\Run: [notepad] C:\WINDOWS\system32\config\systemprofile\ntload.dll (Microsoft)
O4 - HKU\S-1-5-21-2174217116-4051744875-3750064960-1008..\Run: [ygua8e7yhuiesfha876yfauy8fe] C:\Documents and Settings\HHA\Local Settings\Temp\ds00k.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware99\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\HHA\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2174217116-4051744875-3750064960-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2174217116-4051744875-3750064960-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-21-2174217116-4051744875-3750064960-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...etup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O20 - AppInit_DLLs: (c:\windows\system32\laninejo.dll) - C:\WINDOWS\system32\laninejo.dll ()
O20 - AppInit_DLLs: (wowuputi.dll) - C:\WINDOWS\System32\wowuputi.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (rundll32.exe) - File not found
O20 - HKLM Winlogon: Shell - (tapi.nfo) - File not found
O20 - HKLM Winlogon: Shell - (beforeglav) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\drivers\smss.exe) - C:\WINDOWS\system32\drivers\smss.exe (PROMO Software)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: detuwilij - {48c7b3db-bac5-428c-9f93-c1c82c947b21} - File not found
O21 - SSODL: disobegos - {88c75c06-bd09-4655-acba-d832dbedac8b} - File not found
O21 - SSODL: fanewotey - {27ba87b9-2632-478b-af65-427c79bf61f9} - File not found
O21 - SSODL: gadenetow - {1954b358-7c61-4686-8962-a1d952ae35f1} - File not found
O21 - SSODL: gezafuvep - {7bd12508-c15b-411d-a691-832c44e9176b} - File not found
O21 - SSODL: mosiyefir - {7664a25b-9585-46dd-89ab-473eed64e42d} - File not found
O21 - SSODL: ribuwusun - {3710be37-86ca-4bc8-a551-26166b3b6666} - C:\WINDOWS\system32\laninejo.dll ()
O21 - SSODL: tiduyugun - {b40ff048-f3f2-4011-a5c8-1d14e5b27d35} - File not found
O21 - SSODL: vafayumem - {03e9f8fc-4a62-4a33-a6d3-b92e42f415b6} - File not found
O22 - SharedTaskScheduler: {03e9f8fc-4a62-4a33-a6d3-b92e42f415b6} - tokatiluy - File not found
O22 - SharedTaskScheduler: {1954b358-7c61-4686-8962-a1d952ae35f1} - tokatiluy - File not found
O22 - SharedTaskScheduler: {27ba87b9-2632-478b-af65-427c79bf61f9} - tokatiluy - File not found
O22 - SharedTaskScheduler: {3710be37-86ca-4bc8-a551-26166b3b6666} - gahurihor - C:\WINDOWS\system32\laninejo.dll ()
O22 - SharedTaskScheduler: {48c7b3db-bac5-428c-9f93-c1c82c947b21} - mujuzedij - File not found
O22 - SharedTaskScheduler: {7664a25b-9585-46dd-89ab-473eed64e42d} - jugezatag - File not found
O22 - SharedTaskScheduler: {7bd12508-c15b-411d-a691-832c44e9176b} - mujuzedij - File not found
O22 - SharedTaskScheduler: {88c75c06-bd09-4655-acba-d832dbedac8b} - gahurihor - File not found
O22 - SharedTaskScheduler: {b40ff048-f3f2-4011-a5c8-1d14e5b27d35} - gahurihor - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\HHA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HHA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2a728b85-d96a-11de-81d6-001c23905199}\Shell\AutoRun\command - "" = E:\podcastready.exe
O33 - MountPoints2\{bb81f444-3399-11de-bfc9-001c23905199}\Shell\AutoRun\command - "" = explorer .
O33 - MountPoints2\{bb81f444-3399-11de-bfc9-001c23905199}\Shell\mobile\command - "" = E:\MobileLaunch.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - C:\WINDOWS\system32\6to4v32.dll ()
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 30 Days ==========

[2011/05/04 17:18:19 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HHA\Desktop\OTL.com
[2011/05/04 16:38:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HHA\Desktop\RK_Quarantine
[2011/05/04 16:15:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/04 16:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/04 16:15:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/04 16:15:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware99
[2011/05/01 21:52:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/01 21:51:50 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\HHA\Desktop\mbam-setup-1.50.1.1100.exe
[2011/05/01 19:03:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/05/01 19:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HHA\Application Data\Malwarebytes
[2011/05/01 19:00:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/05 20:59:06 | 000,958,464 | ---- | C] (ASC - AntiSpyware) -- C:\Program Files\adc32.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\HHA\Desktop\*.tmp files -> C:\Documents and Settings\HHA\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2099/01/01 12:00:00 | 000,093,696 | -HS- | M] () -- C:\WINDOWS\System32\laninejo.dll
[2099/01/01 12:00:00 | 000,061,440 | -HS- | M] () -- C:\WINDOWS\System32\hovebipu.dll
[2099/01/01 12:00:00 | 000,045,568 | -HS- | M] () -- C:\WINDOWS\System32\yatewefa.dll
[2099/01/01 12:00:00 | 000,045,568 | -HS- | M] () -- C:\WINDOWS\System32\mumonuwi.dll
[2099/01/01 12:00:00 | 000,045,568 | -HS- | M] () -- C:\WINDOWS\System32\mokojela.dll
[2099/01/01 12:00:00 | 000,039,424 | -HS- | M] () -- C:\WINDOWS\System32\zahasila.dll
[2099/01/01 12:00:00 | 000,039,424 | -HS- | M] () -- C:\WINDOWS\System32\wipalego.dll
[2099/01/01 12:00:00 | 000,039,424 | -HS- | M] () -- C:\WINDOWS\System32\senukare.dll
[2099/01/01 12:00:00 | 000,039,424 | -HS- | M] () -- C:\WINDOWS\System32\fedoniko.dll
[2011/05/04 17:34:04 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\jarowara
[2011/05/04 17:27:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe
[2011/05/04 17:07:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe
[2011/05/04 17:00:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\zvfgyied.job
[2011/05/04 16:47:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe
[2011/05/04 16:27:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
[2011/05/04 16:15:39 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/04 16:07:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2011/05/04 15:47:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2011/05/04 15:31:23 | 000,492,646 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/04 15:31:23 | 000,090,500 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/04 15:27:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/04 15:27:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\winhelper86.dll
[2011/05/04 15:27:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\AVR10.exe
[2011/05/04 15:27:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
[2011/05/04 15:26:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/04 15:26:12 | 2011,213,824 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/04 15:15:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\2995.exe
[2011/05/04 14:38:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\491.exe
[2011/05/04 14:18:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9961.exe
[2011/05/04 13:58:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16827.exe
[2011/05/04 13:38:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23281.exe
[2011/05/04 13:18:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\28145.exe
[2011/05/04 12:58:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5705.exe
[2011/05/04 12:38:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24464.exe
[2011/05/04 12:18:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26962.exe
[2011/05/04 11:58:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\29358.exe
[2011/05/04 11:02:22 | 000,000,223 | RHS- | M] () -- C:\boot.ini
[2011/05/04 10:48:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HHA\Desktop\OTL.com
[2011/05/04 10:44:45 | 000,550,912 | ---- | M] () -- C:\Documents and Settings\HHA\Desktop\winlogon.exe
[2011/05/04 09:39:03 | 000,002,415 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dell Support Center.lnk
[2011/05/04 09:08:31 | 000,001,146 | ---- | M] () -- C:\WINDOWS\Pqanofepohebaf.dat
[2011/05/02 00:16:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4292.exe
[2011/05/01 23:56:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16056.exe
[2011/05/01 23:36:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24361.exe
[2011/05/01 23:16:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5686.exe
[2011/05/01 22:56:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\20550.exe
[2011/05/01 21:51:20 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\HHA\Desktop\mbam-setup-1.50.1.1100.exe
[2011/05/01 18:37:01 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\HHA\settings.dat
[2011/05/01 18:09:46 | 000,958,464 | ---- | M] (ASC - AntiSpyware) -- C:\Program Files\adc32.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\HHA\Desktop\*.tmp files -> C:\Documents and Settings\HHA\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,093,696 | -HS- | C] () -- C:\WINDOWS\System32\laninejo.dll
[2099/01/01 12:00:00 | 000,061,440 | -HS- | C] () -- C:\WINDOWS\System32\hovebipu.dll
[2099/01/01 12:00:00 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\yatewefa.dll
[2099/01/01 12:00:00 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\mumonuwi.dll
[2099/01/01 12:00:00 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\mokojela.dll
[2099/01/01 12:00:00 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\zahasila.dll
[2099/01/01 12:00:00 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\wipalego.dll
[2099/01/01 12:00:00 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\senukare.dll
[2099/01/01 12:00:00 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\fedoniko.dll
[2011/05/04 16:38:07 | 000,550,912 | ---- | C] () -- C:\Documents and Settings\HHA\Desktop\winlogon.exe
[2011/05/04 16:15:39 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/04 15:15:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\2995.exe
[2011/05/04 14:38:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\491.exe
[2011/05/04 14:18:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\9961.exe
[2011/05/04 13:58:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\16827.exe
[2011/05/02 00:16:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\4292.exe
[2011/05/01 23:56:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\16056.exe
[2011/05/01 23:36:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24361.exe
[2011/05/01 23:16:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5686.exe
[2011/05/01 22:56:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\20550.exe
[2011/05/01 18:35:28 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\HHA\settings.dat
[2010/02/05 21:57:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
[2010/02/05 21:37:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2009/12/30 13:00:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24464.exe
[2009/12/29 14:52:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15724.exe
[2009/12/29 14:32:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19169.exe
[2009/12/29 13:32:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2009/12/26 20:31:46 | 000,002,098 | -HS- | C] () -- C:\WINDOWS\System32\vejasoso.dll
[2009/12/26 20:31:46 | 000,002,098 | -HS- | C] () -- C:\WINDOWS\System32\domagihi.dll
[2009/12/22 17:30:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\23281.exe
[2009/12/22 17:10:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\28145.exe
[2009/12/21 13:48:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5705.exe
[2009/12/21 13:08:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26962.exe
[2009/12/21 12:48:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\29358.exe
[2009/12/21 12:28:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11478.exe
[2009/12/21 11:27:44 | 000,005,201 | -HS- | C] () -- C:\WINDOWS\System32\yasofemo.dll
[2009/12/14 11:02:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\winhelper86.dll
[2009/12/14 11:02:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\AVR10.exe
[2009/12/14 11:02:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\41.exe
[2009/12/14 10:48:07 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\winupdate86.exe
[2009/12/14 10:48:07 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\winlogon86.exe
[2009/09/29 09:31:37 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\kuhunuze.dll
[2009/09/28 10:27:39 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\wotologa.dll
[2009/09/23 11:26:18 | 000,018,504 | ---- | C] () -- C:\Documents and Settings\HHA\Local Settings\Application Data\olukicuc.dat
[2009/09/23 11:26:18 | 000,018,459 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\aceqib.vbs
[2009/09/23 11:26:18 | 000,017,858 | ---- | C] () -- C:\WINDOWS\System32\wukedonuq.dll
[2009/09/23 11:26:18 | 000,017,383 | ---- | C] () -- C:\Program Files\Common Files\ledenify._sy
[2009/09/23 11:26:18 | 000,016,864 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vyhiradaz.db
[2009/09/23 11:26:18 | 000,016,531 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\daweqovogo.reg
[2009/09/23 11:26:18 | 000,014,924 | ---- | C] () -- C:\Documents and Settings\HHA\Application Data\hinifiba.com
[2009/09/23 11:26:18 | 000,014,423 | ---- | C] () -- C:\WINDOWS\System32\orezy.sys
[2009/09/23 11:26:18 | 000,013,818 | ---- | C] () -- C:\Documents and Settings\HHA\Local Settings\Application Data\hifon.reg
[2009/09/23 11:26:18 | 000,013,217 | ---- | C] () -- C:\Program Files\Common Files\ycibe.lib
[2009/09/23 11:26:18 | 000,012,725 | ---- | C] () -- C:\WINDOWS\melo.sys
[2009/09/23 11:26:18 | 000,011,784 | ---- | C] () -- C:\WINDOWS\vagy.exe
[2009/09/23 11:26:18 | 000,011,218 | ---- | C] () -- C:\WINDOWS\ehetec.sys
[2009/09/23 11:26:18 | 000,010,905 | ---- | C] () -- C:\Program Files\Common Files\yhywiro.inf
[2009/09/23 11:26:18 | 000,010,600 | ---- | C] () -- C:\Program Files\Common Files\piqe.dat
[2009/09/23 09:48:00 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\jayamuja.dll
[2009/09/22 10:52:50 | 000,053,760 | -HS- | C] () -- C:\WINDOWS\System32\wowuputi.dll
[2009/09/22 10:52:50 | 000,053,760 | -HS- | C] () -- C:\WINDOWS\System32\sawuzowu.dll
[2009/09/22 10:52:50 | 000,053,760 | -HS- | C] () -- C:\WINDOWS\System32\raripizu.dll
[2009/09/22 10:52:12 | 000,053,760 | -HS- | C] () -- C:\WINDOWS\System32\juresuwe.dll
[2009/09/22 10:52:12 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\zavipava.dll
[2009/09/15 15:26:30 | 000,019,690 | ---- | C] () -- C:\Documents and Settings\HHA\Local Settings\Application Data\huwurifi.pif
[2009/09/15 15:26:30 | 000,018,644 | ---- | C] () -- C:\Program Files\Common Files\hurew.db
[2009/09/15 15:26:30 | 000,017,527 | ---- | C] () -- C:\Program Files\Common Files\cugynofu.sys
[2009/09/15 15:26:30 | 000,013,514 | ---- | C] () -- C:\WINDOWS\akuqu.sys
[2009/09/15 15:26:30 | 000,013,117 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\desyruli.sys
[2009/09/15 15:26:30 | 000,011,865 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hegagisa.vbs
[2009/09/15 15:26:30 | 000,011,092 | ---- | C] () -- C:\Program Files\Common Files\zadavyfece.pif
[2009/09/15 15:26:30 | 000,010,465 | ---- | C] () -- C:\WINDOWS\larykiwas.dat
[2009/09/15 15:26:30 | 000,010,332 | ---- | C] () -- C:\Documents and Settings\HHA\Application Data\gapugeja.dl
[2009/09/15 15:26:29 | 000,017,117 | ---- | C] () -- C:\Program Files\Common Files\liqehib.reg
[2009/09/15 15:26:29 | 000,013,114 | ---- | C] () -- C:\Program Files\Common Files\oxag.ban
[2009/09/15 11:38:00 | 000,018,912 | ---- | C] () -- C:\Documents and Settings\HHA\Local Settings\Application Data\dicaki._sy
[2009/09/15 11:38:00 | 000,018,492 | ---- | C] () -- C:\Program Files\Common Files\lubob.dl
[2009/09/15 11:38:00 | 000,017,585 | ---- | C] () -- C:\WINDOWS\pyruvot.com
[2009/09/15 11:38:00 | 000,016,874 | ---- | C] () -- C:\Documents and Settings\HHA\Application Data\orurati.lib
[2009/09/15 11:38:00 | 000,016,455 | ---- | C] () -- C:\Documents and Settings\HHA\Application Data\nywipeset._dl
[2009/09/15 11:38:00 | 000,015,118 | ---- | C] () -- C:\Documents and Settings\HHA\Local Settings\Application Data\jipa.inf
[2009/09/15 11:38:00 | 000,014,401 | ---- | C] () -- C:\Documents and Settings\HHA\Application Data\ebulegurul.dat
[2009/09/15 11:38:00 | 000,013,444 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ozudyhudo.dat
[2009/09/15 11:38:00 | 000,012,714 | ---- | C] () -- C:\Documents and Settings\HHA\Local Settings\Application Data\umequl.dll
[2009/09/15 11:38:00 | 000,012,047 | ---- | C] () -- C:\Program Files\Common Files\ypymy.scr
[2009/09/15 11:38:00 | 000,011,205 | ---- | C] () -- C:\Documents and Settings\HHA\Local Settings\Application Data\hukahyl.scr
[2009/09/15 11:38:00 | 000,010,497 | ---- | C] () -- C:\Documents and Settings\HHA\Application Data\ibavakuno._sy
[2009/09/14 20:11:19 | 000,018,735 | ---- | C] () -- C:\Program Files\Common Files\ajawyv.vbs
[2009/09/14 20:11:19 | 000,015,599 | ---- | C] () -- C:\Documents and Settings\HHA\Application Data\qotuqo.scr
[2009/09/14 20:11:19 | 000,013,586 | ---- | C] () -- C:\Program Files\Common Files\ikebyrige.sys
[2009/09/14 20:11:19 | 000,012,061 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ipepiru.db
[2009/09/14 20:11:18 | 000,019,067 | ---- | C] () -- C:\Program Files\Common Files\yjatylin.bin
[2009/09/14 20:11:18 | 000,018,157 | ---- | C] () -- C:\WINDOWS\System32\rixojysa.bin
[2009/09/14 20:11:18 | 000,017,753 | ---- | C] () -- C:\Documents and Settings\HHA\Application Data\qepagyhyc.lib
[2009/09/14 20:11:18 | 000,016,929 | ---- | C] () -- C:\WINDOWS\epebagek.sys
[2009/09/14 20:11:18 | 000,016,192 | ---- | C] () -- C:\Program Files\Common Files\tizihigys._sy
[2009/09/14 20:11:18 | 000,012,848 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\opinuvaqyt.reg
[2009/09/14 20:11:18 | 000,012,504 | ---- | C] () -- C:\Program Files\Common Files\vusovysof.bin
[2009/09/14 20:11:18 | 000,012,186 | ---- | C] () -- C:\Program Files\Common Files\anir._dl
[2009/09/14 20:11:18 | 000,012,044 | ---- | C] () -- C:\WINDOWS\System32\acyjeravob.dat
[2009/09/14 20:11:18 | 000,011,364 | ---- | C] () -- C:\WINDOWS\odatojefi.bin
[2009/09/14 10:54:02 | 000,005,241 | -HS- | C] () -- C:\WINDOWS\System32\rinavegi.dll
[2009/09/14 10:54:01 | 000,005,241 | -HS- | C] () -- C:\WINDOWS\System32\zozegura.dll
[2009/09/14 10:54:01 | 000,005,241 | -HS- | C] () -- C:\WINDOWS\System32\wahajepo.dll
[2009/09/10 22:37:50 | 000,018,974 | ---- | C] () -- C:\Documents and Settings\HHA\Application Data\zamejiqiza.pif
[2009/09/10 22:37:50 | 000,016,314 | ---- | C] () -- C:\Documents and Settings\HHA\Application Data\jepavuva.scr
[2009/09/10 22:37:50 | 000,014,197 | ---- | C] () -- C:\WINDOWS\System32\losyvos.dat
[2009/09/10 22:37:50 | 000,012,855 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\neriz.dll
[2009/09/10 22:37:50 | 000,012,825 | ---- | C] () -- C:\Program Files\Common Files\cuvovy.vbs
[2009/09/10 22:37:50 | 000,010,102 | ---- | C] () -- C:\WINDOWS\ufoxadaka.com
[2009/09/09 21:15:33 | 000,018,809 | ---- | C] () -- C:\Documents and Settings\HHA\Local Settings\Application Data\qepu.dat
[2009/09/09 21:15:33 | 000,017,651 | ---- | C] () -- C:\Documents and Settings\HHA\Application Data\obucymezas.reg
[2009/09/09 21:15:33 | 000,013,589 | ---- | C] () -- C:\Program Files\Common Files\nufarumiw.reg
[2009/09/09 21:15:33 | 000,013,290 | ---- | C] () -- C:\Program Files\Common Files\nete._dl
[2009/09/09 21:15:33 | 000,013,002 | ---- | C] () -- C:\Documents and Settings\HHA\Application Data\ewuqohy.dat
[2009/09/09 21:15:33 | 000,012,600 | ---- | C] () -- C:\Documents and Settings\HHA\Local Settings\Application Data\obyny.sys
[2009/09/09 21:15:33 | 000,011,476 | ---- | C] () -- C:\WINDOWS\iruqyjiweq.exe
[2009/09/09 21:15:33 | 000,010,492 | ---- | C] () -- C:\Program Files\Common Files\fizef.dat
[2009/09/09 21:15:33 | 000,010,413 | ---- | C] () -- C:\WINDOWS\mamove.com
[2009/09/09 21:15:33 | 000,010,328 | ---- | C] () -- C:\Documents and Settings\HHA\Application Data\vijiqa.lib
[2009/09/09 12:48:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\cb381f72.sys
[2009/09/09 00:47:33 | 000,001,146 | ---- | C] () -- C:\WINDOWS\Pqanofepohebaf.dat
[2008/02/06 10:48:42 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\HHA\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/06 10:45:36 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\HHA\Local Settings\Application Data\fusioncache.dat
[2007/09/20 15:30:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/09/20 15:12:53 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/09/20 14:58:25 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2007/09/20 14:58:25 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/09/20 14:50:11 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/09/20 14:50:10 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2007/09/20 14:50:09 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/09/20 14:22:28 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007/09/20 14:22:26 | 000,136,650 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/09/20 14:22:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2007/09/20 14:22:20 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 17:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 17:06:43 | 000,314,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 17:00:36 | 000,176,128 | ---- | C] () -- C:\WINDOWS\usiqevoyoxaj.dll
[2004/08/11 17:00:36 | 000,044,544 | ---- | C] () -- C:\WINDOWS\fgrdsy.dll
[2004/08/11 17:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 17:00:28 | 000,492,646 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 17:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 17:00:28 | 000,090,500 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 17:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 17:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 17:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 17:00:25 | 000,020,594 | ---- | C] () -- C:\WINDOWS\batmeter16.dll
[2004/08/11 17:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 17:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 17:00:19 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\6to4v32.dll
[2004/08/11 17:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 17:00:19 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\winsts.sys
[2004/08/11 17:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 17:00:04 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 05:00:00 | 000,000,006 | ---- | C] () -- C:\WINDOWS\System32\FInstall.sys

========== LOP Check ==========

[2008/08/07 11:38:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2007/09/20 15:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/10/19 16:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/05/04 15:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HHA\Application Data\LimeWire
[2008/07/31 14:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HHA\Application Data\Smith Micro
[2008/11/04 14:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HHA\Application Data\Viewpoint
[2009/09/28 11:57:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HHA\Application Data\Xerox
[2011/05/04 17:00:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\zvfgyied.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe
[2009/12/22 12:13:43 | 000,028,164 | -H-- | M] () MD5=E75E3BD7C1F2EF823E27EF9A78C7C7FE -- C:\Documents and Settings\HHA\Local Settings\Temp\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
[2010/01/07 15:10:16 | 000,024,580 | -H-- | M] () MD5=27EFD55079FF2937ACE5E2F4BB8A0BDF -- C:\Documents and Settings\HHA\Local Settings\Temp\winlogon.exe
[2011/05/04 10:44:45 | 000,550,912 | ---- | M] () MD5=9D0592645172CA066350B6F96572132D -- C:\Documents and Settings\HHA\Desktop\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -rb [2006/08/31 11:30:01 | 000,016,984 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -hb [2006/08/31 11:30:01 | 000,016,984 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -sb [2006/08/31 11:30:01 | 000,016,984 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AMERIC~1.0\aol.exe [2006/08/31 11:30:01 | 000,050,776 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2004/08/04 05:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2004/08/04 05:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2004/08/04 05:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2004/08/04 05:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -rb [2006/08/31 11:30:01 | 000,016,984 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -hb [2006/08/31 11:30:01 | 000,016,984 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -sb [2006/08/31 11:30:01 | 000,016,984 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AMERIC~1.0\aol.exe [2006/08/31 11:30:01 | 000,050,776 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2004/08/04 05:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2004/08/04 05:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2004/08/04 05:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2004/08/04 05:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation)

< End of report >

#7
Essexboy

Posted 05 May 2011 - 10:35 AM

GeekU Moderator

Retired Staff
69,964 posts

Please run Rogue killer again with option 2 this time. Then run the following OTL fix

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
PRC - [2009/12/14 10:48:06 | 000,019,968 | ---- | M] () -- C:\WINDOWS\system32\winupdate86.exe
PRC - [2009/09/09 12:48:03 | 000,042,496 | ---- | M] (PROMO Software) -- C:\WINDOWS\system32\drivers\smss.exe
MOD - [2099/01/01 12:00:00 | 000,093,696 | -HS- | M] () -- C:\WINDOWS\system32\laninejo.dll
MOD - [2009/09/22 10:52:50 | 000,053,760 | -HS- | M] () -- C:\WINDOWS\system32\wowuputi.dll
MOD - [2007/03/08 10:36:28 | 000,176,128 | ---- | M] () -- C:\WINDOWS\usiqevoyoxaj.dll
SRV - [2004/08/04 05:00:00 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\6to4v32.dll -- (6to4)
DRV - [2009/09/11 01:34:00 | 000,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cb381f72.sys -- (cb381f72)
DRV - [2004/08/04 05:00:00 | 000,002,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\winsts.sys -- (winsts)
IE - HKU\S-1-5-21-2174217116-4051744875-3750064960-1008\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKU\S-1-5-21-2174217116-4051744875-3750064960-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O4 - HKLM..\Run: [%PROVIDERID%] File not found
O4 - HKLM..\Run: [kaxplaka] C:\Documents and Settings\HHA\Local Settings\Application Data\chgmna\uemjsysguard.exe (tzuk)
O4 - HKLM..\Run: [My Web Search Bar] C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O4 - HKLM..\Run: [notepad] C:\WINDOWS\System32\notepad.dll (Microsoft)
O4 - HKLM..\Run: [Wcaqiq] C:\WINDOWS\usiqevoyoxaj.dll ()
O4 - HKLM..\Run: [winupdate86.exe] C:\WINDOWS\system32\winupdate86.exe ()
O4 - HKLM..\Run: [yejokepor] C:\WINDOWS\System32\laninejo.dll ()
O4 - HKU\S-1-5-21-2174217116-4051744875-3750064960-1008..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\Documents and Settings\HHA\Local Settings\Temp\win32.exe ()
O4 - HKU\S-1-5-21-2174217116-4051744875-3750064960-1008..\Run: [kaxplaka] C:\Documents and Settings\HHA\Local Settings\Application Data\chgmna\uemjsysguard.exe (tzuk)
O4 - HKU\S-1-5-21-2174217116-4051744875-3750064960-1008..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKU\S-1-5-21-2174217116-4051744875-3750064960-1008..\Run: [notepad] C:\WINDOWS\system32\config\systemprofile\ntload.dll (Microsoft)
O4 - HKU\S-1-5-21-2174217116-4051744875-3750064960-1008..\Run: [ygua8e7yhuiesfha876yfauy8fe] C:\Documents and Settings\HHA\Local Settings\Temp\ds00k.exe ()
O7 - HKU\S-1-5-21-2174217116-4051744875-3750064960-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-21-2174217116-4051744875-3750064960-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O20 - AppInit_DLLs: (c:\windows\system32\laninejo.dll) - C:\WINDOWS\system32\laninejo.dll ()
O20 - AppInit_DLLs: (wowuputi.dll) - C:\WINDOWS\System32\wowuputi.dll ()
O20 - HKLM Winlogon: Shell - (rundll32.exe) - File not found
O20 - HKLM Winlogon: Shell - (tapi.nfo) - File not found
O20 - HKLM Winlogon: Shell - (beforeglav) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\drivers\smss.exe) - C:\WINDOWS\system32\drivers\smss.exe (PROMO Software)
O21 - SSODL: detuwilij - {48c7b3db-bac5-428c-9f93-c1c82c947b21} - File not found
O21 - SSODL: disobegos - {88c75c06-bd09-4655-acba-d832dbedac8b} - File not found
O21 - SSODL: fanewotey - {27ba87b9-2632-478b-af65-427c79bf61f9} - File not found
O21 - SSODL: gadenetow - {1954b358-7c61-4686-8962-a1d952ae35f1} - File not found
O21 - SSODL: gezafuvep - {7bd12508-c15b-411d-a691-832c44e9176b} - File not found
O21 - SSODL: mosiyefir - {7664a25b-9585-46dd-89ab-473eed64e42d} - File not found
O21 - SSODL: ribuwusun - {3710be37-86ca-4bc8-a551-26166b3b6666} - C:\WINDOWS\system32\laninejo.dll ()
O21 - SSODL: tiduyugun - {b40ff048-f3f2-4011-a5c8-1d14e5b27d35} - File not found
O21 - SSODL: vafayumem - {03e9f8fc-4a62-4a33-a6d3-b92e42f415b6} - File not found
O22 - SharedTaskScheduler: {03e9f8fc-4a62-4a33-a6d3-b92e42f415b6} - tokatiluy - File not found
O22 - SharedTaskScheduler: {1954b358-7c61-4686-8962-a1d952ae35f1} - tokatiluy - File not found
O22 - SharedTaskScheduler: {27ba87b9-2632-478b-af65-427c79bf61f9} - tokatiluy - File not found
O22 - SharedTaskScheduler: {3710be37-86ca-4bc8-a551-26166b3b6666} - gahurihor - C:\WINDOWS\system32\laninejo.dll ()
O22 - SharedTaskScheduler: {48c7b3db-bac5-428c-9f93-c1c82c947b21} - mujuzedij - File not found
O22 - SharedTaskScheduler: {7664a25b-9585-46dd-89ab-473eed64e42d} - jugezatag - File not found
O22 - SharedTaskScheduler: {7bd12508-c15b-411d-a691-832c44e9176b} - mujuzedij - File not found
O22 - SharedTaskScheduler: {88c75c06-bd09-4655-acba-d832dbedac8b} - gahurihor - File not found
O22 - SharedTaskScheduler: {b40ff048-f3f2-4011-a5c8-1d14e5b27d35} - gahurihor - File not found
O33 - MountPoints2\{bb81f444-3399-11de-bfc9-001c23905199}\Shell\AutoRun\command - "" = explorer .
NetSvcs: 6to4 - C:\WINDOWS\system32\6to4v32.dll ()
[2010/02/05 20:59:06 | 000,958,464 | ---- | C] (ASC - AntiSpyware) -- C:\Program Files\adc32.dll
[2099/01/01 12:00:00 | 000,093,696 | -HS- | M] () -- C:\WINDOWS\System32\laninejo.dll
[2099/01/01 12:00:00 | 000,061,440 | -HS- | M] () -- C:\WINDOWS\System32\hovebipu.dll
[2099/01/01 12:00:00 | 000,045,568 | -HS- | M] () -- C:\WINDOWS\System32\yatewefa.dll
[2099/01/01 12:00:00 | 000,045,568 | -HS- | M] () -- C:\WINDOWS\System32\mumonuwi.dll
[2099/01/01 12:00:00 | 000,045,568 | -HS- | M] () -- C:\WINDOWS\System32\mokojela.dll
[2099/01/01 12:00:00 | 000,039,424 | -HS- | M] () -- C:\WINDOWS\System32\zahasila.dll
[2099/01/01 12:00:00 | 000,039,424 | -HS- | M] () -- C:\WINDOWS\System32\wipalego.dll
[2099/01/01 12:00:00 | 000,039,424 | -HS- | M] () -- C:\WINDOWS\System32\senukare.dll
[2099/01/01 12:00:00 | 000,039,424 | -HS- | M] () -- C:\WINDOWS\System32\fedoniko.dll
[2011/05/04 17:34:04 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\jarowara
[2011/05/04 17:27:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe
[2011/05/04 17:07:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe
[2011/05/04 17:00:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\zvfgyied.job
[2011/05/04 16:47:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe
[2011/05/04 16:27:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
[2011/05/04 16:07:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2011/05/04 15:47:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2011/05/04 15:27:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\winhelper86.dll
[2011/05/04 15:27:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\AVR10.exe
[2011/05/04 15:27:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
[2011/05/04 15:15:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\2995.exe
[2011/05/04 14:38:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\491.exe
[2011/05/04 14:18:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9961.exe
[2011/05/04 13:58:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16827.exe
[2011/05/04 13:38:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23281.exe
[2011/05/04 13:18:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\28145.exe
[2011/05/04 12:58:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5705.exe
[2011/05/04 12:38:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24464.exe
[2011/05/04 12:18:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26962.exe
[2011/05/04 11:58:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\29358.exe
[2011/05/04 09:08:31 | 000,001,146 | ---- | M] () -- C:\WINDOWS\Pqanofepohebaf.dat
[2011/05/02 00:16:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4292.exe
[2011/05/01 23:56:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16056.exe
[2011/05/01 23:36:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24361.exe
[2011/05/01 23:16:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5686.exe
[2011/05/01 22:56:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\20550.exe
[2011/05/01 18:09:46 | 000,958,464 | ---- | M] (ASC - AntiSpyware) -- C:\Program Files\adc32.dll
[2099/01/01 12:00:00 | 000,093,696 | -HS- | C] () -- C:\WINDOWS\System32\laninejo.dll
[2099/01/01 12:00:00 | 000,061,440 | -HS- | C] () -- C:\WINDOWS\System32\hovebipu.dll
[2099/01/01 12:00:00 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\yatewefa.dll
[2099/01/01 12:00:00 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\mumonuwi.dll
[2099/01/01 12:00:00 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\mokojela.dll
[2099/01/01 12:00:00 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\zahasila.dll
[2099/01/01 12:00:00 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\wipalego.dll
[2099/01/01 12:00:00 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\senukare.dll
[2099/01/01 12:00:00 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\fedoniko.dll
[2011/05/04 15:15:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\2995.exe
[2011/05/04 14:38:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\491.exe
[2011/05/04 14:18:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\9961.exe
[2011/05/04 13:58:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\16827.exe
[2011/05/02 00:16:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\4292.exe
[2011/05/01 23:56:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\16056.exe
[2011/05/01 23:36:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24361.exe
[2011/05/01 23:16:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5686.exe
[2011/05/01 22:56:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\20550.exe
[2010/02/05 21:57:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
[2010/02/05 21:37:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2009/12/30 13:00:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24464.exe
[2009/12/29 14:52:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15724.exe
[2009/12/29 14:32:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19169.exe
[2009/12/29 13:32:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2009/12/26 20:31:46 | 000,002,098 | -HS- | C] () -- C:\WINDOWS\System32\vejasoso.dll
[2009/12/26 20:31:46 | 000,002,098 | -HS- | C] () -- C:\WINDOWS\System32\domagihi.dll
[2009/12/22 17:30:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\23281.exe
[2009/12/22 17:10:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\28145.exe
[2009/12/21 13:48:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5705.exe
[2009/12/21 13:08:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26962.exe
[2009/12/21 12:48:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\29358.exe
[2009/12/21 12:28:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11478.exe
[2009/12/21 11:27:44 | 000,005,201 | -HS- | C] () -- C:\WINDOWS\System32\yasofemo.dll
[2009/12/14 11:02:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\winhelper86.dll
[2009/12/14 11:02:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\AVR10.exe
[2009/12/14 11:02:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\41.exe
[2009/12/14 10:48:07 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\winupdate86.exe
[2009/12/14 10:48:07 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\winlogon86.exe
[2009/09/29 09:31:37 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\kuhunuze.dll
[2009/09/28 10:27:39 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\wotologa.dll
[2009/09/23 11:26:18 | 000,018,504 | ---- | C] () -- C:\Documents and Settings\HHA\Local Settings\Application Data\olukicuc.dat
[2009/09/23 11:26:18 | 000,018,459 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\aceqib.vbs
[2009/09/23 11:26:18 | 000,017,858 | ---- | C] () -- C:\WINDOWS\System32\wukedonuq.dll
[2009/09/23 11:26:18 | 000,017,383 | ---- | C] () -- C:\Program Files\Common Files\ledenify._sy
[2009/09/23 11:26:18 | 000,016,864 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vyhiradaz.db
[2009/09/23 11:26:18 | 000,016,531 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\daweqovogo.reg
[2009/09/23 11:26:18 | 000,014,924 | ---- | C] () -- C:\Documents and Settings\HHA\Application Data\hinifiba.com
[2009/09/23 11:26:18 | 000,014,423 | ---- | C] () -- C:\WINDOWS\System32\orezy.sys
[2009/09/23 11:26:18 | 000,013,818 | ---- | C] () -- C:\Documents and Settings\HHA\Local Settings\Application Data\hifon.reg
[2009/09/23 11:26:18 | 000,013,217 | ---- | C] () -- C:\Program Files\Common Files\ycibe.lib
[2009/09/23 11:26:18 | 000,012,725 | ---- | C] () -- C:\WINDOWS\melo.sys
[2009/09/23 11:26:18 | 000,011,784 | ---- | C] () -- C:\WINDOWS\vagy.exe
[2009/09/23 11:26:18 | 000,011,218 | ---- | C] () -- C:\WINDOWS\ehetec.sys
[2009/09/23 11:26:18 | 000,010,905 | ---- | C] () -- C:\Program Files\Common Files\yhywiro.inf
[2009/09/23 11:26:18 | 000,010,600 | ---- | C] () -- C:\Program Files\Common Files\piqe.dat
[2009/09/23 09:48:00 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\jayamuja.dll
[2009/09/22 10:52:50 | 000,053,760 | -HS- | C] () -- C:\WINDOWS\System32\wowuputi.dll
[2009/09/22 10:52:50 | 000,053,760 | -HS- | C] () -- C:\WINDOWS\System32\sawuzowu.dll
[2009/09/22 10:52:50 | 000,053,760 | -HS- | C] () -- C:\WINDOWS\System32\raripizu.dll
[2009/09/22 10:52:12 | 000,053,760 | -HS- | C] () -- C:\WINDOWS\System32\juresuwe.dll
[2009/09/22 10:52:12 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\zavipava.dll
[2009/09/15 15:26:30 | 000,019,690 | ---- | C] () -- C:\Documents and Settings\HHA\Local Settings\Application Data\huwurifi.pif
[2009/09/15 15:26:30 | 000,018,644 | ---- | C] () -- C:\Program Files\Common Files\hurew.db
[2009/09/15 15:26:30 | 000,017,527 | ---- | C] () -- C:\Program Files\Common Files\cugynofu.sys
[2009/09/15 15:26:30 | 000,013,514 | ---- | C] () -- C:\WINDOWS\akuqu.sys
[2009/09/15 15:26:30 | 000,013,117 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\desyruli.sys
[2009/09/15 15:26:30 | 000,011,865 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hegagisa.vbs
[2009/09/15 15:26:30 | 000,011,092 | ---- | C] () -- C:\Program Files\Common Files\zadavyfece.pif
[2009/09/15 15:26:30 | 000,010,465 | ---- | C] () -- C:\WINDOWS\larykiwas.dat
[2009/09/15 15:26:30 | 000,010,332 | ---- | C] () -- C:\Documents and Settings\HHA\Application Data\gapugeja.dl
[2009/09/15 15:26:29 | 000,017,117 | ---- | C] () -- C:\Program Files\Common Files\liqehib.reg
[2009/09/15 15:26:29 | 000,013,114 | ---- | C] () -- C:\Program Files\Common Files\oxag.ban
[2009/09/15 11:38:00 | 000,018,912 | ---- | C] () -- C:\Documents and Settings\HHA\Local Settings\Application Data\dicaki._sy
[2009/09/15 11:38:00 | 000,018,492 | ---- | C] () -- C:\Program Files\Common Files\lubob.dl
[2009/09/15 11:38:00 | 000,017,585 | ---- | C] () -- C:\WINDOWS\pyruvot.com
[2009/09/15 11:38:00 | 000,016,874 | ---- | C] () -- C:\Documents and Settings\HHA\Application Data\orurati.lib
[2009/09/15 11:38:00 | 000,016,455 | ---- | C] () -- C:\Documents and Settings\HHA\Application Data\nywipeset._dl
[2009/09/15 11:38:00 | 000,015,118 | ---- | C] () -- C:\Documents and Settings\HHA\Local Settings\Application Data\jipa.inf
[2009/09/15 11:38:00 | 000,014,401 | ---- | C] () -- C:\Documents and Settings\HHA\Application Data\ebulegurul.dat
[2009/09/15 11:38:00 | 000,013,444 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ozudyhudo.dat
[2009/09/15 11:38:00 | 000,012,714 | ---- | C] () -- C:\Documents and Settings\HHA\Local Settings\Application Data\umequl.dll
[2009/09/15 11:38:00 | 000,012,047 | ---- | C] () -- C:\Program Files\Common Files\ypymy.scr
[2009/09/15 11:38:00 | 000,011,205 | ---- | C] () -- C:\Documents and Settings\HHA\Local Settings\Application Data\hukahyl.scr
[2009/09/15 11:38:00 | 000,010,497 | ---- | C] () -- C:\Documents and Settings\HHA\Application Data\ibavakuno._sy
[2009/09/14 20:11:19 | 000,018,735 | ---- | C] () -- C:\Program Files\Common Files\ajawyv.vbs
[2009/09/14 20:11:19 | 000,015,599 | ---- | C] () -- C:\Documents and Settings\HHA\Application Data\qotuqo.scr
[2009/09/14 20:11:19 | 000,013,586 | ---- | C] () -- C:\Program Files\Common Files\ikebyrige.sys
[2009/09/14 20:11:19 | 000,012,061 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ipepiru.db
[2009/09/14 20:11:18 | 000,019,067 | ---- | C] () -- C:\Program Files\Common Files\yjatylin.bin
[2009/09/14 20:11:18 | 000,018,157 | ---- | C] () -- C:\WINDOWS\System32\rixojysa.bin
[2009/09/14 20:11:18 | 000,017,753 | ---- | C] () -- C:\Documents and Settings\HHA\Application Data\qepagyhyc.lib
[2009/09/14 20:11:18 | 000,016,929 | ---- | C] () -- C:\WINDOWS\epebagek.sys
[2009/09/14 20:11:18 | 000,016,192 | ---- | C] () -- C:\Program Files\Common Files\tizihigys._sy
[2009/09/14 20:11:18 | 000,012,848 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\opinuvaqyt.reg
[2009/09/14 20:11:18 | 000,012,504 | ---- | C] () -- C:\Program Files\Common Files\vusovysof.bin
[2009/09/14 20:11:18 | 000,012,186 | ---- | C] () -- C:\Program Files\Common Files\anir._dl
[2009/09/14 20:11:18 | 000,012,044 | ---- | C] () -- C:\WINDOWS\System32\acyjeravob.dat
[2009/09/14 20:11:18 | 000,011,364 | ---- | C] () -- C:\WINDOWS\odatojefi.bin
[2009/09/14 10:54:02 | 000,005,241 | -HS- | C] () -- C:\WINDOWS\System32\rinavegi.dll
[2009/09/14 10:54:01 | 000,005,241 | -HS- | C] () -- C:\WINDOWS\System32\zozegura.dll
[2009/09/14 10:54:01 | 000,005,241 | -HS- | C] () -- C:\WINDOWS\System32\wahajepo.dll
[2009/09/10 22:37:50 | 000,018,974 | ---- | C] () -- C:\Documents and Settings\HHA\Application Data\zamejiqiza.pif
[2009/09/10 22:37:50 | 000,016,314 | ---- | C] () -- C:\Documents and Settings\HHA\Application Data\jepavuva.scr
[2009/09/10 22:37:50 | 000,014,197 | ---- | C] () -- C:\WINDOWS\System32\losyvos.dat
[2009/09/10 22:37:50 | 000,012,855 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\neriz.dll
[2009/09/10 22:37:50 | 000,012,825 | ---- | C] () -- C:\Program Files\Common Files\cuvovy.vbs
[2009/09/10 22:37:50 | 000,010,102 | ---- | C] () -- C:\WINDOWS\ufoxadaka.com
[2009/09/09 21:15:33 | 000,018,809 | ---- | C] () -- C:\Documents and Settings\HHA\Local Settings\Application Data\qepu.dat
[2009/09/09 21:15:33 | 000,017,651 | ---- | C] () -- C:\Documents and Settings\HHA\Application Data\obucymezas.reg
[2009/09/09 21:15:33 | 000,013,589 | ---- | C] () -- C:\Program Files\Common Files\nufarumiw.reg
[2009/09/09 21:15:33 | 000,013,290 | ---- | C] () -- C:\Program Files\Common Files\nete._dl
[2009/09/09 21:15:33 | 000,013,002 | ---- | C] () -- C:\Documents and Settings\HHA\Application Data\ewuqohy.dat
[2009/09/09 21:15:33 | 000,012,600 | ---- | C] () -- C:\Documents and Settings\HHA\Local Settings\Application Data\obyny.sys
[2009/09/09 21:15:33 | 000,011,476 | ---- | C] () -- C:\WINDOWS\iruqyjiweq.exe
[2009/09/09 21:15:33 | 000,010,492 | ---- | C] () -- C:\Program Files\Common Files\fizef.dat
[2009/09/09 21:15:33 | 000,010,413 | ---- | C] () -- C:\WINDOWS\mamove.com
[2009/09/09 21:15:33 | 000,010,328 | ---- | C] () -- C:\Documents and Settings\HHA\Application Data\vijiqa.lib
[2009/09/09 12:48:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\cb381f72.sys
[2009/09/09 00:47:33 | 000,001,146 | ---- | C] () -- C:\WINDOWS\Pqanofepohebaf.dat
[2011/05/04 17:00:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\zvfgyied.job

:Files
ipconfig /flushdns /c
C:\Program Files\MyWebSearch

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

NEXT

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

#8
el_jack

Posted 05 May 2011 - 01:13 PM

Member

Topic Starter
Member
110 posts

hello

on the otl program I paste the porttion you instructed but it keeps getting hung up at
SRV - [2004/08/04 05:00:00 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\6to4v32.dll -- (6to4)

It does not move from there. What should I do about this. or is it running it's course with out indication.

Thanks

#9
Essexboy

Posted 05 May 2011 - 01:21 PM

GeekU Moderator

Retired Staff
69,964 posts

Stop OTL then delete this line from the OTL fix and then rerun the fix. I will kill it another way

SRV - [2004/08/04 05:00:00 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\6to4v32.dll -- (6to4)

#10
el_jack

Posted 05 May 2011 - 01:35 PM

Member

Topic Starter
Member
110 posts

hey

the line after the one i deleted is stuck. should I delete it too

#11
Essexboy

Posted 05 May 2011 - 01:41 PM

GeekU Moderator

Retired Staff
69,964 posts

Did you run Roguekiller option 2 first ?

#12
el_jack

Posted 05 May 2011 - 01:53 PM

Member

Topic Starter
Member
110 posts

ok I ran the roguekiller option 2

and the line
under the deleted line ran then the next line is stuck

#13
Essexboy

Posted 05 May 2011 - 01:57 PM

GeekU Moderator

Retired Staff
69,964 posts

OK time to get rough I feel

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

#14
el_jack

Posted 05 May 2011 - 02:14 PM

Member

Topic Starter
Member
110 posts

I did what you suggested

combofix will not load a message comes up during install "It appears you have a corrupted version..."

#15
Essexboy

Posted 05 May 2011 - 02:19 PM

GeekU Moderator

Retired Staff
69,964 posts

OK we can be nothing if not tenacious

Delete your current copy of combofix and then do this

Download Combofix from any of the links below. You must rename it before saving rename it to Gotcha before saving it to your desktop.

Link 1
Link 2

==================================
Posted Image