nexplore and other popups plz help

Unknown · July 2009

First i would like to start out by saying thank you in advance For the last 3 or so weeks i have been getting popups from nexplore and other random websites its rather annoying. my HJT log is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:10:33 PM, on 7/25/2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7018b87c-3f37-4575-85dc-42b16f26ac88} - C:\WINDOWS\SysWow64\mopifobi.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files (x86)\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [pasoyuzayu] Rundll32.exe "C:\WINDOWS\SysWow64\mopifobi.dll",s
O4 - HKLM\..\Run: [CPM6f96c899] Rundll32.exe "c:\windows\system32\momozise.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230991094468
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\vafiyene.dll c:\windows\system32\momozise.dll
O20 - Winlogon Notify: awtuuuvv - awtuuuvv.dll (file missing)
O20 - Winlogon Notify: mlJCUoop - mlJCUoop.dll (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\SysWow64\momozise.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\SysWow64\momozise.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files (x86)\TVersity\Media Server\MediaServer.exe
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

--
End of file - 8749 bytes

chiaz · July 2009

Hello, and welcome to Icrontic.

You are using a 64-bit system, so we may encounter some problems during the malware removal process as most tools that we use are not compatible with 64-bit.
But I'll try my best.

First up, I notice that you don't have an anti-virus program on your PC. It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free anti-virus programs fully compatible with 64-bit. Be sure to only install one.

avast!.
AntiVir

==============================================================

Once you have downloaded an anti-virus program and installed it, let's have you download Malwarebytes' Anti-Malware from here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Post this log in your reply later.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK for either of the prompts and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

================================================================

Finally, download OTS.exe to your Desktop.
Note: You must be logged on to the system with an account that has Administrator privileges to run this program.

Close ALL OTHER PROGRAMS.
Double-click on OTS.exe to start the program.
Under Additional Scans click "Extras".
Do not change any other settings.
Now click the Run Scan button on the left side of the toolbar.
Let it run unhindered until it finishes.
When the scan is complete, Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here, along with the MBAM log.

For the OTS log, make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].
If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

theglitch · July 2009

Malwarebytes' Anti-Malware 1.39
Database version: 2502
Windows 5.2.3790 Service Pack 2

7/26/2009 10:03:04 AM
mbam-log-2009-07-26 (10-03-04).txt

Scan type: Quick Scan
Objects scanned: 131909
Time elapsed: 7 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\lokubaja.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm6f96c899 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pasoyuzayu (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\lokubaja.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\lokubaja.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\lokubaja.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\SysWOW64\lokubaja.dll (Trojan.BHO) -> Delete on reboot.

theglitch · July 2009

ots log was to long so i uploaded it

chiaz · July 2009

Double-click on OTS.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
Copy/Paste the information in the codebox below into the pane where it says "Paste Fix Here" and then click the green Run Fix button.

[Unregister Dlls]
[Processes - Non-Microsoft Only]
YN -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"pasoyuzayu" -> C:\WINDOWS\SysWow64\mopifobi.DLL [Rundll32.exe "C:\WINDOWS\SysWow64\mopifobi.dll",s] -> File not found
[Files/Folders - Created Within 30 Days]
C:\WINDOWS\SysWow64\momozise.dll
C:\WINDOWS\SysWow64\tuzeyopu.dll
C:\WINDOWS\SysWow64\vafiyene.dll
C:\WINDOWS\SysWow64\hahohetu.dll
C:\WINDOWS\SysWow64\hugimizu.dll
C:\WINDOWS\SysWow64\tajojeti.dll
C:\WINDOWS\SysWow64\leduwupe.dll
C:\WINDOWS\SysWow64\rutijoka.dll
C:\WINDOWS\SysWow64\herugife.dll
C:\WINDOWS\SysWow64\vuyenofo.dll 
C:\WINDOWS\SysWow64\sozivado.dll 
C:\WINDOWS\SysWow64\hojibuze.dll
C:\WINDOWS\SysWow64\rihipipa.dll 
C:\WINDOWS\SysWow64\yofetepo.dll 
C:\WINDOWS\SysWow64\wehowata.dll 
C:\WINDOWS\SysWow64\systeminfo3.dll 
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.
If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTS.exe will finish moving any files that could not be moved during the fix and Notepad will open with the final results at that time. Post that information back here.
I will review the information when it comes back in.
Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

==========================================================

Meanwhile, go to http://virusscan.jotti.org , click on Browse, and upload the following file for analysis:

C:\WINDOWS\SysWow64\drivers\srenum.sys

Then click Submit. Allow the file to be scanned, and then please Copy/Paste the results here for me to see.

If Jotti is busy, please go to http://www.virustotal.com.

theglitch · July 2009

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\%5bnanashi%5deureka_seven_-_05_%5b403784e8%5d.avi.avi_type=video%2fx-msvideo&pfid=never&url=file%3a%2f%2fd%3a%2fshows%2fanime%2feureka%2f&title=%5bNanashi%5dEureka_seveN_-_05_%5b403784E8%5d&ext=-1.avi not found!

Registry entries deleted on Reboot...

theglitch · July 2009

All Processes Killed
[Processes - Non-Microsoft Only]
[Files/Folders - Created Within 30 Days]
File OWS\SysWow64\momozise.dll not found!
File OWS\SysWow64\tuzeyopu.dll not found!
File OWS\SysWow64\vafiyene.dll not found!
File OWS\SysWow64\hahohetu.dll not found!
File OWS\SysWow64\hugimizu.dll not found!
File OWS\SysWow64\tajojeti.dll not found!
File OWS\SysWow64\leduwupe.dll not found!
File OWS\SysWow64\rutijoka.dll not found!
File OWS\SysWow64\herugife.dll not found!
File OWS\SysWow64\vuyenofo.dll not found!
File OWS\SysWow64\sozivado.dll not found!
File OWS\SysWow64\hojibuze.dll not found!
File OWS\SysWow64\rihipipa.dll not found!
File OWS\SysWow64\yofetepo.dll not found!
File OWS\SysWow64\wehowata.dll not found!
File OWS\SysWow64\systeminfo3.dll not found!
[Empty Temp Folders]

User: Administrator
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temp\%5bnanashi%5deureka_seven_-_05_%5b403784e8%5d.avi.avi_type=video%2fx-msvideo&pfid=never&url=file%3a%2f%2fd%3a%2fshows%2fanime%2feureka%2f&title=%5bNanashi%5dEureka_seveN_-_05_%5b403784E8%5d&ext=-1.avi scheduled to be deleted on reboot.
->Temp folder emptied: 243458048 bytes
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 10383545 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3845178 bytes
->Opera cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32768 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32768 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 245.81 mb

< End of fix log >
OTS by OldTimer - Version 3.0.10.1 fix logfile created on 07262009_182048

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\%5bnanashi%5deureka_seven_-_05_%5b403784e8%5d.avi.avi_type=video%2fx-msvideo&pfid=never&url=file%3a%2f%2fd%3a%2fshows%2fanime%2feureka%2f&title=%5bNanashi%5dEureka_seveN_-_05_%5b403784E8%5d&ext=-1.avi not found!

Registry entries deleted on Reboot...

theglitch · July 2009

I got the error Range check error

theglitch · July 2009

2009-07-07 Found nothing

2009-07-08 Found nothing

2009-07-07 Found nothing

2009-07-08 Found nothing

2009-07-06 Found nothing

2009-07-07 Found nothing

2009-07-06 Found nothing

2009-07-07 Found nothing

theglitch · July 2009

also i am still getting the same pop ups and when i start my comp i get a popup box that says
Rundll
error loading c:\WINDOWS\sysWow64\mopifobi.dll
the specfied module could not be found

chiaz · July 2009

OK, please run OTS and post the new log here.

theglitch · July 2009

here you go

chiaz · July 2009

Have not forgotten you yet - please give me some time while I consult an expert on this.

chiaz · July 2009

Hi theglitch,

Upload a File
Please download suspicious file packer from here

Unzip it to desktop, open it & paste in the list of files below, press next & it will create an archive (zip/cab file) on your desktop.

C:\WINDOWS\SysWow64\mopifobi.dll
C:\WINDOWS\SysWow64\jewonere.dll
C:\WINDOWS\SysWow64\hosopovo.dll
C:\WINDOWS\SysWow64\momozise.dll
C:\WINDOWS\SysWow64\tuzeyopu.dll
C:\WINDOWS\SysWow64\vafiyene.dll
C:\WINDOWS\SysWow64\hahohetu.dll
C:\WINDOWS\SysWow64\hugimizu.dll
C:\WINDOWS\SysWow64\tajojeti.dll
C:\WINDOWS\SysWow64\leduwupe.dll
C:\WINDOWS\SysWow64\rutijoka.dll
C:\WINDOWS\SysWow64\herugife.dll
C:\WINDOWS\SysWow64\vuyenofo.dll
C:\WINDOWS\SysWow64\sozivado.dll
C:\WINDOWS\SysWow64\hojibuze.dll
C:\WINDOWS\SysWow64\rihipipa.dll
C:\WINDOWS\SysWow64\yofetepo.dll
C:\WINDOWS\SysWow64\wehowata.dll
C:\WINDOWS\SysWow64\systeminfo3.dll

Now go to spykiller

Please start a new thread Titled File/s for chiaz /Katana
In the main text window please put the following link

http://icrontic.com/forum/showthread.php?t=84913

You may also add any comments you wish.
Then press attach and upload the zip/cab file that was created.

Files can be uploaded by anybody but not downloaded at all except for those users that have been given special permissions.
You DO NOT need to be a member to upload, anybody can upload the files

You can now delete SFP (exe and Zip) along with the .cab file that was created.

=======================================================================

Next, double-click on OTS.exe to start the program again (if you are running on Vista then right-click the program and choose Run as Administrator).
Copy/Paste the information in the codebox below into the pane where it says "Paste Fix Here" and then click the green Run Fix button.

[Unregister Dlls]
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {7018b87c-3f37-4575-85dc-42b16f26ac88} [HKLM] -> C:\WINDOWS\SysWow64\mopifobi.dll [Reg Error: Value error.]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YY -> C:\WINDOWS\system32\vafiyene.dll -> C:\WINDOWS\SysWow64\vafiyene.dll
YY -> c:\windows\system32\jewonere.dll -> C:\WINDOWS\SysWow64\jewonere.dll
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> awtuuuvv -> 
YN -> mlJCUoop -> 
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YY -> "{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}" [HKLM] -> c:\windows\SysWow64\jewonere.dll [SSODL]
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
YY -> "{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}" [HKLM] -> c:\windows\SysWow64\jewonere.dll [STS]
< 64bit-ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YN -> "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" [HKLM] -> []
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YN -> "{A7DB3B47-23B6-422F-9C9D-EB9C4CBA3EF6}" [HKLM] -> []
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
YN -> \{0a975b43-520d-11de-acb4-0018f3b3b160} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a975b43-520d-11de-acb4-0018f3b3b160}\Shell\AutoRun\command -> 
YN -> \{0a975b43-520d-11de-acb4-0018f3b3b160}\Shell\AutoRun\command\\"" -> I:\RECYCLED\BIN\ok.exe [I:\RECYCLED\BIN\ok.exe]
YN -> \{0a975b43-520d-11de-acb4-0018f3b3b160} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a975b43-520d-11de-acb4-0018f3b3b160}\Shell\open\command -> 
YN -> \{0a975b43-520d-11de-acb4-0018f3b3b160}\Shell\open\command\\"" -> I:\RECYCLED\BIN\ok.exe [I:\RECYCLED\BIN\ok.exe]
[Files/Folders - Created Within 30 Days]
NY -> jewonere.dll -> C:\WINDOWS\SysWow64\jewonere.dll
NY -> hosopovo.dll -> C:\WINDOWS\SysWow64\hosopovo.dll
NY -> momozise.dll -> C:\WINDOWS\SysWow64\momozise.dll
NY -> tuzeyopu.dll -> C:\WINDOWS\SysWow64\tuzeyopu.dll
NY -> vafiyene.dll -> C:\WINDOWS\SysWow64\vafiyene.dll
NY -> hahohetu.dll -> C:\WINDOWS\SysWow64\hahohetu.dll
NY -> hugimizu.dll -> C:\WINDOWS\SysWow64\hugimizu.dll
NY -> tajojeti.dll -> C:\WINDOWS\SysWow64\tajojeti.dll
NY -> leduwupe.dll -> C:\WINDOWS\SysWow64\leduwupe.dll
NY -> rutijoka.dll -> C:\WINDOWS\SysWow64\rutijoka.dll
NY -> herugife.dll -> C:\WINDOWS\SysWow64\herugife.dll
NY -> vuyenofo.dll -> C:\WINDOWS\SysWow64\vuyenofo.dll
NY -> sozivado.dll -> C:\WINDOWS\SysWow64\sozivado.dll
NY -> hojibuze.dll -> C:\WINDOWS\SysWow64\hojibuze.dll
NY -> rihipipa.dll -> C:\WINDOWS\SysWow64\rihipipa.dll
NY -> yofetepo.dll -> C:\WINDOWS\SysWow64\yofetepo.dll
NY -> wehowata.dll -> C:\WINDOWS\SysWow64\wehowata.dll
NY -> systeminfo3.dll -> C:\WINDOWS\SysWow64\systeminfo3.dll
[Files/Folders - Modified Within 30 Days]
NY -> vuvibefu -> C:\WINDOWS\SysWow64\vuvibefu
NY -> jewonere.dll -> C:\WINDOWS\SysWow64\jewonere.dll
NY -> bkblyvot.job -> C:\WINDOWS\tasks\bkblyvot.job
NY -> hosopovo.dll -> C:\WINDOWS\SysWow64\hosopovo.dll
NY -> momozise.dll -> C:\WINDOWS\SysWow64\momozise.dll
NY -> tuzeyopu.dll -> C:\WINDOWS\SysWow64\tuzeyopu.dll
NY -> tajojeti.dll -> C:\WINDOWS\SysWow64\tajojeti.dll
NY -> hugimizu.dll -> C:\WINDOWS\SysWow64\hugimizu.dll
NY -> leduwupe.dll -> C:\WINDOWS\SysWow64\leduwupe.dll
NY -> rutijoka.dll -> C:\WINDOWS\SysWow64\rutijoka.dll
NY -> vuyenofo.dll -> C:\WINDOWS\SysWow64\vuyenofo.dll
NY -> sozivado.dll -> C:\WINDOWS\SysWow64\sozivado.dll
NY -> rihipipa.dll -> C:\WINDOWS\SysWow64\rihipipa.dll
NY -> wehowata.dll -> C:\WINDOWS\SysWow64\wehowata.dll
[Alternate Data Streams]
NY -> @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.
If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTS.exe will finish moving any files that could not be moved during the fix and Notepad will open with the final results at that time. Post that information back here.

I will review the information when it comes back in.
Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

theglitch · July 2009

[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7018b87c-3f37-4575-85dc-42b16f26ac88}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7018b87c-3f37-4575-85dc-42b16f26ac88}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\system32\vafiyene.dll deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SysWow64\vafiyene.dll
C:\WINDOWS\SysWow64\vafiyene.dll NOT unregistered.
C:\WINDOWS\SysWow64\vafiyene.dll moved successfully.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\jewonere.dll scheduled to be deleted on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\SysWow64\jewonere.dll
C:\WINDOWS\SysWow64\jewonere.dll NOT unregistered.
C:\WINDOWS\SysWow64\jewonere.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtuuuvv\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mlJCUoop\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SSODL deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\ deleted successfully.
File c:\windows\SysWow64\jewonere.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\ deleted successfully.
File c:\windows\SysWow64\jewonere.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{A7DB3B47-23B6-422F-9C9D-EB9C4CBA3EF6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7DB3B47-23B6-422F-9C9D-EB9C4CBA3EF6}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a975b43-520d-11de-acb4-0018f3b3b160}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a975b43-520d-11de-acb4-0018f3b3b160}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a975b43-520d-11de-acb4-0018f3b3b160}\Shell\AutoRun\command\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a975b43-520d-11de-acb4-0018f3b3b160}\Shell\AutoRun\command not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a975b43-520d-11de-acb4-0018f3b3b160}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a975b43-520d-11de-acb4-0018f3b3b160}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a975b43-520d-11de-acb4-0018f3b3b160}\Shell\open\command\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a975b43-520d-11de-acb4-0018f3b3b160}\Shell\open\command not found.
[Files/Folders - Created Within 30 Days]
File C:\WINDOWS\SysWow64\jewonere.dll not found!
DllUnregisterServer procedure not found in C:\WINDOWS\SysWow64\hosopovo.dll
C:\WINDOWS\SysWow64\hosopovo.dll NOT unregistered.
C:\WINDOWS\SysWow64\hosopovo.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SysWow64\momozise.dll
C:\WINDOWS\SysWow64\momozise.dll NOT unregistered.
C:\WINDOWS\SysWow64\momozise.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SysWow64\tuzeyopu.dll
C:\WINDOWS\SysWow64\tuzeyopu.dll NOT unregistered.
C:\WINDOWS\SysWow64\tuzeyopu.dll moved successfully.
File C:\WINDOWS\SysWow64\vafiyene.dll not found!
DllUnregisterServer procedure not found in C:\WINDOWS\SysWow64\hahohetu.dll
C:\WINDOWS\SysWow64\hahohetu.dll NOT unregistered.
C:\WINDOWS\SysWow64\hahohetu.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SysWow64\hugimizu.dll
C:\WINDOWS\SysWow64\hugimizu.dll NOT unregistered.
C:\WINDOWS\SysWow64\hugimizu.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SysWow64\tajojeti.dll
C:\WINDOWS\SysWow64\tajojeti.dll NOT unregistered.
C:\WINDOWS\SysWow64\tajojeti.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SysWow64\leduwupe.dll
C:\WINDOWS\SysWow64\leduwupe.dll NOT unregistered.
C:\WINDOWS\SysWow64\leduwupe.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SysWow64\rutijoka.dll
C:\WINDOWS\SysWow64\rutijoka.dll NOT unregistered.
C:\WINDOWS\SysWow64\rutijoka.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SysWow64\herugife.dll
C:\WINDOWS\SysWow64\herugife.dll NOT unregistered.
C:\WINDOWS\SysWow64\herugife.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SysWow64\vuyenofo.dll
C:\WINDOWS\SysWow64\vuyenofo.dll NOT unregistered.
C:\WINDOWS\SysWow64\vuyenofo.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SysWow64\sozivado.dll
C:\WINDOWS\SysWow64\sozivado.dll NOT unregistered.
C:\WINDOWS\SysWow64\sozivado.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SysWow64\hojibuze.dll
C:\WINDOWS\SysWow64\hojibuze.dll NOT unregistered.
C:\WINDOWS\SysWow64\hojibuze.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SysWow64\rihipipa.dll
C:\WINDOWS\SysWow64\rihipipa.dll NOT unregistered.
C:\WINDOWS\SysWow64\rihipipa.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SysWow64\yofetepo.dll
C:\WINDOWS\SysWow64\yofetepo.dll NOT unregistered.
C:\WINDOWS\SysWow64\yofetepo.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SysWow64\wehowata.dll
C:\WINDOWS\SysWow64\wehowata.dll NOT unregistered.
C:\WINDOWS\SysWow64\wehowata.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\SysWow64\systeminfo3.dll
C:\WINDOWS\SysWow64\systeminfo3.dll NOT unregistered.
C:\WINDOWS\SysWow64\systeminfo3.dll moved successfully.
[Files/Folders - Modified Within 30 Days]
C:\WINDOWS\SysWow64\vuvibefu moved successfully.
File C:\WINDOWS\SysWow64\jewonere.dll not found!
C:\WINDOWS\tasks\bkblyvot.job moved successfully.
File C:\WINDOWS\SysWow64\hosopovo.dll not found!
File C:\WINDOWS\SysWow64\momozise.dll not found!
File C:\WINDOWS\SysWow64\tuzeyopu.dll not found!
File C:\WINDOWS\SysWow64\tajojeti.dll not found!
File C:\WINDOWS\SysWow64\hugimizu.dll not found!
File C:\WINDOWS\SysWow64\leduwupe.dll not found!
File C:\WINDOWS\SysWow64\rutijoka.dll not found!
File C:\WINDOWS\SysWow64\vuyenofo.dll not found!
File C:\WINDOWS\SysWow64\sozivado.dll not found!
File C:\WINDOWS\SysWow64\rihipipa.dll not found!
File C:\WINDOWS\SysWow64\wehowata.dll not found!
[Alternate Data Streams]
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9 deleted successfully.
< End of fix log >
OTS by OldTimer - Version 3.0.10.1 fix logfile created on 07282009_122935

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\jewonere.dll scheduled to be deleted on reboot.

theglitch · July 2009

i got the error
BAD IMAGE
The application or DLL C:\WINDOWS\SysWow64\systemindo2.dll is not a valid windows image. Please check this against you installation diskette.

theglitch · July 2009

i am still getting the same pop ups and when i start my comp i get a popup box that says
Rundll
error loading c:\WINDOWS\sysWow64\mopifobi.dll
the specfied module could not be found

theglitch · July 2009

also for the last few days when i go to google and click a link it takes me to a spam page 1/2 the time.

chiaz · July 2009

Let's see a new OTS log.

theglitch · July 2009

Ive been getting less popup but im still getting some im attaching the new OTS log here

chiaz · July 2009

Please update MBAM, and run a full scan with it. Remove everything found.

Once you've done that,

double-click on OTS.exe to start the program once more.
Copy/Paste the information in the codebox below into the pane where it says "Paste Fix Here" and then click the green Run Fix button.

[Registry - Safe List]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
YN -> C:\WINDOWS\system32\vafiyene.dll -> C:\WINDOWS\SysWow64\vafiyene.dll -> File not found
YN -> c:\windows\syswow64\jewonere.dll -> c:\windows\syswow64\jewonere.dll -> File not found
YN -> c:\windows\syswow64\momozise.dll -> c:\windows\syswow64\momozise.dll -> File not found
YN -> c:\windows\syswow64\leduwupe.dll -> c:\windows\syswow64\leduwupe.dll -> File not found
YN -> c:\windows\syswow64\herugife.dll -> c:\windows\syswow64\herugife.dll -> File not found
YN -> c:\windows\syswow64\sozivado.dll -> c:\windows\syswow64\sozivado.dll -> File not found
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler -> 
YN -> "{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}" [HKLM] -> c:\windows\SysWow64\galanata.dll [STS] -> File not found
[Files/Folders - Created Within 30 Days]
NY -> karobivi.dll -> C:\WINDOWS\SysWow64\karobivi.dll 
[Files/Folders - Modified Within 30 Days]
NY -> vuvibefu -> C:\WINDOWS\SysWow64\vuvibefu 
NY -> vebenone.dll -> C:\WINDOWS\SysWow64\vebenone.dll

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTS.exe will finish moving any files that could not be moved during the fix and Notepad will open with the final results at that time.

Post that information back here, a new OTS log, as well as let me know how your PC is running now.

theglitch · July 2009

[Registry - Safe List]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler -> not found.
[Files/Folders - Created Within 30 Days]
C:\WINDOWS\SysWow64\karobivi.dll moved successfully.
[Files/Folders - Modified Within 30 Days]
C:\WINDOWS\SysWow64\vuvibefu moved successfully.
C:\WINDOWS\SysWow64\vebenone.dll moved successfully.
< End of fix log >
OTS by OldTimer - Version 3.0.10.1 fix logfile created on 07302009_102923

chiaz · July 2009

How's your PC running now?

theglitch · July 2009

so far great

theglitch · July 2009

Thank you very much you fixed the issues i was having. Ill be referring people here

chiaz · July 2009

To remove all of the tools we used and the files and folders they created do the following:

StartOTS.exe
Click the CleanUp button

OTS.exe will delete any tools downloaded and files/folders created and then ask you to reboot so it can remove itself. Click Yes.

After that you are good to go.

chiaz · August 2009

Can I check if everything is running OK now?

nexplore and other popups plz help

Comments