Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

TROJAN-BNK.Win32.Keylogger.gen

Started by josh.lax , Apr 27 2010 05:45 PM

Please log in to reply

#1
josh.lax

Posted 27 April 2010 - 05:45 PM

Member

Member
13 posts

I just received it. I've recently solved a virus through you all in my previous case about a month ago I think.

Please help as soon as possible. I am still trying to use my computer to study and it is very slow. I will check my posts twice a day. I have a whole bunch of the programs from previous effort to fix my computer.

Thank you very much. i am turning off my computer and checking later tonight.

something i noticed:

- i saw some files that are sort of deleted i think. my computer boots up and i saw a couple of these things pop up.

#2
RKinner

Posted 29 April 2010 - 08:48 PM

Malware Expert

Expert
24,625 posts

If you have been here before you should know that if you follow the guide:
http://www.geekstogo...uide-t2852.html
and copy and paste your logs you will get help a lot faster.

Ron

#3
josh.lax

Posted 02 May 2010 - 03:52 AM

Member

Topic Starter
Member
13 posts

HEY THANKS ALOT. I HAVE ALL INFO EXCEPT FOR MBAM, MY COUSIN WAS MESSING WITH MY COMPUTER AND I DON'T KNOW WHAT HAPPEN. IS THERE A WAY FOR ME TO GET YOU THAT INFO FROM MBAM LOG?

THANK YOU FOR YOUR TIME.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-01 23:50:35
Windows 6.0.6001 Service Pack 1
Running: gmer.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3dea74cc
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3dea7631
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00214f498f09
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00214f498f09@001fcd6808a2 0x21 0x2F 0x9F 0x3C ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3dea74cc (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3dea7631 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00214f498f09 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00214f498f09@001fcd6808a2 0x21 0x2F 0x9F 0x3C ...

---- Files - GMER 1.0.15 ----

File C:\Users\Me\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UMSZ40HG\PC_protect[2].exe (size mismatch) 131276/0 bytes executable

---- EOF - GMER 1.0.15 ----

AS FOR THE MBAM I WASN'T ABLE TO SAVE THE LOG. MY COUSIN WAS MESSING WITH THE COMPUTER AND HE MESSED IT UP. IS THERE A WAY TO GET THAT INFORMATION TO YOU?

OTL logfile created on: 5/2/2010 4:44:18 AM - Run 4
OTL by OldTimer - Version 3.1.37.2 Folder = C:\Users\Me\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 47.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.84 Gb Total Space | 151.82 Gb Free Space | 33.38% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOSH
Current User Name: Me
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Users\Me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\adb9_32.exe ()
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Users\Me\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files\Sony\VAIO Care\listener.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\vVX3000.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe ()
PRC - C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe ()
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWi.exe ()
PRC - C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe ()
PRC - C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe (Sony Electronics, Inc.)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)
PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

========== Modules (SafeList) ==========

MOD - C:\Users\Me\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\collsvc.exe (Intel Corporation)
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe ()
SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe ()
SRV:64bit: - (BthServ) -- C:\Windows\SysNative\bthserv.dll ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (RtkAudioService) -- C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (QBCFMonitorService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (QBFCService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (IviRegMgr) -- c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/02 08:34:14 | 000,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople_f08
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople_f08
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.3
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:3.7.0
FF - prefs.js..extensions.enabledItems: {A8E43E05-AC29-4CCA-8D9B-5B2B6B63D085}:1.9.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010/03/06 00:16:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/04 13:17:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/04 13:17:00 | 000,000,000 | ---D | M]

[2009/04/08 03:18:16 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Mozilla\Extensions
[2010/05/01 17:14:37 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\ou9ff785.default\extensions
[2009/09/02 10:59:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\ou9ff785.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/04/10 17:25:00 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\ou9ff785.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/07/27 19:36:14 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\ou9ff785.default\extensions\[email protected]
[2009/07/27 19:36:14 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\ou9ff785.default\extensions\[email protected]\chrome
[2010/03/19 18:27:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AML] C:\Program Files (x86)\Sony\VAIO Launcher\AML.exe (Sony)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SmartWiHelper] C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VAIOMyMemCenter] C:\Program Files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe File not found
O4 - HKLM..\Run: [VAIORegistration] C:\Program Files\Sony\First Experience\WelcomeLauncher.exe (Sony Electronics, Inc.)
O4 - HKLM..\Run: [VAIOSurvey] C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe ()
O4 - HKLM..\Run: [VWLASU] C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [rinfri] C:\Users\Me\AppData\Local\Temp\msfdjgqe.DLL File not found
O4 - HKCU..\Run: [vaxvsj] C:\Users\Me\AppData\Local\Temp\msfwbiul.DLL File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -Mozilla\5.0_( File not found
O4 - Startup: C:\Users\Me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\adb9_32.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.50.0.1 10.50.0.2 10.50.0.3
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Me\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Me\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2c44bb71-3f29-11de-96f1-001dba25fde3}\Shell\AutoRun\command - "" = H:\setupSNK.exe -- File not found
O33 - MountPoints2\{3a278e7e-0502-11df-811f-00214f498f09}\Shell - "" = AutoRun
O33 - MountPoints2\{3a278e7e-0502-11df-811f-00214f498f09}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{94c5e1f9-a617-11de-9578-00214f498f09}\Shell - "" = AutoRun
O33 - MountPoints2\{94c5e1f9-a617-11de-9578-00214f498f09}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{b6df1e06-1758-11df-9319-00214f498f09}\Shell\AutoRun\command - "" = H:\SALU\KNOW\taN.exe -- File not found
O33 - MountPoints2\{b6df1e06-1758-11df-9319-00214f498f09}\Shell\open\command - "" = H:\SALU\KNOW\taN.exe -- File not found
O33 - MountPoints2\{e59424d9-adeb-11de-8a01-00214f498f09}\Shell\AutoRun\command - "" = H:\SALU\KNOW\taN.exe -- File not found
O33 - MountPoints2\{e59424d9-adeb-11de-8a01-00214f498f09}\Shell\open\command - "" = H:\SALU\KNOW\taN.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2008/01/20 22:06:38 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll ()
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll ()
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/20 22:08:35 | 000,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/05/01 17:33:16 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Me\Desktop\mbam-setup.exe
[2010/05/01 17:32:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/05/01 17:31:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/05/01 17:06:05 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Me\Desktop\erunt_setup.exe
[2010/05/01 03:04:18 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Me\Desktop\TFC.exe
[2010/05/01 02:25:09 | 000,000,000 | ---D | C] -- C:\ProgramData\degijebu
[2010/05/01 02:25:04 | 000,000,000 | ---D | C] -- C:\ProgramData\henemate
[2010/05/01 02:25:00 | 000,000,000 | ---D | C] -- C:\ProgramData\zewobihu
[2010/05/01 02:25:00 | 000,000,000 | ---D | C] -- C:\ProgramData\moyajamu
[2010/04/28 12:13:17 | 000,000,000 | ---D | C] -- C:\ProgramData\mamakubu
[2010/04/28 12:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\tineraka
[2010/04/28 12:13:05 | 000,000,000 | ---D | C] -- C:\ProgramData\ladobenu
[2010/04/28 12:13:05 | 000,000,000 | ---D | C] -- C:\ProgramData\javojosu
[2010/04/26 11:30:01 | 000,000,000 | ---D | C] -- C:\Users\Me\AppData\Local\{A8E43E05-AC29-4CCA-8D9B-5B2B6B63D085}
[2010/04/26 11:27:50 | 000,000,000 | ---D | C] -- C:\ProgramData\vifuveyu
[2010/04/26 11:27:50 | 000,000,000 | ---D | C] -- C:\ProgramData\totanozi
[2010/04/26 11:27:50 | 000,000,000 | ---D | C] -- C:\ProgramData\netijupo
[2010/04/26 11:27:47 | 000,000,000 | ---D | C] -- C:\Users\Me\AppData\Local\Windows Server
[6 C:\Users\Me\Desktop\*.tmp files -> C:\Users\Me\Desktop\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/05/02 04:44:36 | 004,456,448 | -HS- | M] () -- C:\Users\Me\ntuser.dat
[2010/05/02 04:29:03 | 000,102,200 | ---- | M] () -- C:\Users\Me\AppData\Roaming\wpp.exe
[2010/05/02 04:25:34 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/02 04:25:34 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/02 04:24:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/02 03:21:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/02 02:40:00 | 000,007,521 | ---- | M] () -- C:\Users\Me\Desktop\utsa lax invoice.pdf
[2010/05/02 02:02:48 | 000,042,480 | ---- | M] () -- C:\Users\Me\Desktop\Need List Lacrosse.docx
[2010/05/01 20:25:43 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/01 20:25:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/01 20:25:26 | 4260,405,248 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/01 20:24:39 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/05/01 20:24:37 | 000,524,288 | -HS- | M] () -- C:\Users\Me\ntuser.dat{62c67666-33e6-11df-a6a6-001dba25fde3}.TMContainer00000000000000000001.regtrans-ms
[2010/05/01 20:24:37 | 000,065,536 | -HS- | M] () -- C:\Users\Me\ntuser.dat{62c67666-33e6-11df-a6a6-001dba25fde3}.TM.blf
[2010/05/01 20:24:36 | 003,600,590 | -H-- | M] () -- C:\Users\Me\AppData\Local\IconCache.db
[2010/05/01 17:52:44 | 000,000,120 | ---- | M] () -- C:\Users\Me\AppData\Local\Axaxe.dat
[2010/05/01 17:50:31 | 002,392,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/05/01 17:36:23 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Me\Desktop\mbam-setup.exe
[2010/05/01 17:31:48 | 000,000,763 | ---- | M] () -- C:\Users\Me\Desktop\NTREGOPT.lnk
[2010/05/01 17:31:48 | 000,000,744 | ---- | M] () -- C:\Users\Me\Desktop\ERUNT.lnk
[2010/05/01 17:06:45 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Me\Desktop\erunt_setup.exe
[2010/05/01 03:09:18 | 000,000,000 | ---- | M] () -- C:\Users\Me\AppData\Local\Oxumefo.bin
[2010/05/01 03:05:04 | 000,004,100 | -H-- | M] () -- C:\ProgramData\tibesiwe
[2010/05/01 03:04:24 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\Me\Desktop\TFC.exe
[2010/05/01 02:25:10 | 000,048,136 | ---- | M] () -- C:\Users\Me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\adb9_32.exe
[2010/05/01 01:25:59 | 000,012,808 | -HS- | M] () -- C:\ProgramData\w1vjs2h771
[2010/05/01 01:25:58 | 000,012,808 | -HS- | M] () -- C:\Users\Me\AppData\Local\w1vjs2h771
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/28 13:46:38 | 000,023,915 | ---- | M] () -- C:\Users\Me\Desktop\To SGA.docx
[2010/04/26 11:14:11 | 000,024,863 | ---- | M] () -- C:\Users\Me\Desktop\Slightly_Stoopid___Discography__7_Albums_.torrent
[2010/04/26 03:10:14 | 3507,637,727 | ---- | M] () -- C:\Users\Me\Desktop\Nike.Skateboarding.Debacle.1080p.BluRay.x264-NoGrp.mkv
[2010/04/23 00:46:19 | 002,441,327 | ---- | M] () -- C:\Users\Me\Desktop\attachments_2010_04_23.zip
[2010/04/21 23:16:53 | 000,022,212 | ---- | M] () -- C:\Users\Me\Desktop\24907_1439933961358_1323307512_1195793_145109_n.jpg
[2010/04/20 11:42:51 | 000,016,178 | ---- | M] () -- C:\Users\Me\Desktop\2009 - 2010 Roster Information.xlsx
[2010/04/19 21:29:59 | 000,091,136 | ---- | M] () -- C:\Users\Me\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[6 C:\Users\Me\Desktop\*.tmp files -> C:\Users\Me\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/02 02:40:00 | 000,007,521 | ---- | C] () -- C:\Users\Me\Desktop\utsa lax invoice.pdf
[2010/05/01 23:14:05 | 000,293,376 | ---- | C] () -- C:\Users\Me\Desktop\gmer.exe
[2010/05/01 17:31:48 | 000,000,763 | ---- | C] () -- C:\Users\Me\Desktop\NTREGOPT.lnk
[2010/05/01 17:31:48 | 000,000,744 | ---- | C] () -- C:\Users\Me\Desktop\ERUNT.lnk
[2010/05/01 02:25:13 | 000,000,000 | ---- | C] () -- C:\Users\Me\AppData\Roaming\wpp.exe
[2010/05/01 02:25:10 | 000,048,136 | ---- | C] () -- C:\Users\Me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\adb9_32.exe
[2010/04/26 11:30:02 | 000,000,120 | ---- | C] () -- C:\Users\Me\AppData\Local\Axaxe.dat
[2010/04/26 11:30:02 | 000,000,000 | ---- | C] () -- C:\Users\Me\AppData\Local\Oxumefo.bin
[2010/04/26 11:27:52 | 000,012,808 | -HS- | C] () -- C:\Users\Me\AppData\Local\w1vjs2h771
[2010/04/26 11:27:52 | 000,012,808 | -HS- | C] () -- C:\ProgramData\w1vjs2h771
[2010/04/26 11:14:10 | 000,024,863 | ---- | C] () -- C:\Users\Me\Desktop\Slightly_Stoopid___Discography__7_Albums_.torrent
[2010/04/23 00:45:52 | 002,441,327 | ---- | C] () -- C:\Users\Me\Desktop\attachments_2010_04_23.zip
[2010/04/21 23:16:53 | 000,022,212 | ---- | C] () -- C:\Users\Me\Desktop\24907_1439933961358_1323307512_1195793_145109_n.jpg
[2010/03/20 06:03:17 | 000,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/03/15 17:36:20 | 000,000,680 | ---- | C] () -- C:\Users\Me\AppData\Local\d3d9caps.dat
[2010/03/15 13:37:59 | 000,011,190 | -HS- | C] () -- C:\Users\Me\AppData\Local\hlKouAiI
[2010/03/15 13:37:59 | 000,011,190 | -HS- | C] () -- C:\ProgramData\hlKouAiI
[2010/02/18 20:50:44 | 000,001,460 | ---- | C] () -- C:\Users\Me\AppData\Local\d3d9caps64.dat
[2010/01/26 11:27:50 | 000,004,100 | -H-- | C] () -- C:\ProgramData\tibesiwe
[2009/09/18 12:13:05 | 000,028,089 | ---- | C] () -- C:\Users\Me\AppData\Local\dd_depcheckdotnetfx30.txt
[2009/09/18 12:12:49 | 000,001,578 | ---- | C] () -- C:\Users\Me\AppData\Local\uxeventlog.txt
[2009/09/18 12:12:49 | 000,000,604 | ---- | C] () -- C:\Users\Me\AppData\Local\dd_dotnetfx3error.txt
[2009/09/18 12:12:48 | 000,031,794 | ---- | C] () -- C:\Users\Me\AppData\Local\dd_dotnetfx3install.txt
[2009/05/11 05:08:51 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2009/05/11 05:07:40 | 000,020,102 | ---- | C] () -- C:\Program Files (x86)\Readme.txt
[2009/05/11 05:07:40 | 000,010,960 | ---- | C] () -- C:\Program Files (x86)\EULA.txt
[2009/05/11 05:07:40 | 000,000,730 | ---- | C] () -- C:\Program Files (x86)\INSTALL.LOG
[2009/04/10 17:24:10 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/04/10 16:49:12 | 000,091,136 | ---- | C] () -- C:\Users\Me\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/11 19:07:23 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008/08/04 16:21:12 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/11/26 21:56:28 | 000,151,415 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== LOP Check ==========

[2009/11/19 19:44:46 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Antares
[2009/12/19 14:17:25 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Azureus
[2010/04/26 11:29:44 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\BitTorrent
[2009/07/20 16:33:54 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2009/09/18 08:47:53 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\DAEMON Tools Pro
[2010/04/13 11:21:50 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Deusty
[2009/04/17 20:35:09 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\InterVideo
[2009/07/28 14:50:51 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\IrfanView
[2009/11/19 19:31:45 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\PACE Anti-Piracy
[2009/11/16 03:05:39 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Red Alert 3
[2010/05/01 20:24:38 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2008/01/20 21:50:15 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2008/08/12 13:24:07 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/05/01 20:25:26 | 4260,405,248 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/30 21:01:26 | 000,921,624 | ---- | M] () -- C:\img2-001.raw
[2009/02/11 18:54:29 | 000,000,187 | ---- | M] () -- C:\Installer_Setup.log
[2005/09/23 03:39:38 | 000,894,976 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/05/01 20:25:24 | 279,044,095 | -HS- | M] () -- C:\pagefile.sys
[2009/02/11 18:48:02 | 000,393,222 | ---- | M] () -- C:\vcredist_x86.log

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys
< End of report >

#4
RKinner

Posted 02 May 2010 - 08:53 AM

Malware Expert

Expert
24,625 posts

MBAM log:
C:\Users\Me\AppData\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

but if you can't find it just run it again. This time have it do a FULL SCAN. Will take about an hour.

Copy the text between the lines of stars by highlighting and Ctrl + c
***************************************************************************************************
:OTL
O4 - HKCU..\Run: [rinfri] C:\Users\Me\AppData\Local\Temp\msfdjgqe.DLL File not found
O4 - HKCU..\Run: [vaxvsj] C:\Users\Me\AppData\Local\Temp\msfwbiul.DLL File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -Mozilla\5.0_( File not found
O4 - Startup: C:\Users\Me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\adb9_32.exe ()
[2010/05/01 02:25:09 | 000,000,000 | ---D | C] -- C:\ProgramData\degijebu
[2010/05/01 02:25:04 | 000,000,000 | ---D | C] -- C:\ProgramData\henemate
[2010/05/01 02:25:00 | 000,000,000 | ---D | C] -- C:\ProgramData\zewobihu
[2010/05/01 02:25:00 | 000,000,000 | ---D | C] -- C:\ProgramData\moyajamu
[2010/04/28 12:13:17 | 000,000,000 | ---D | C] -- C:\ProgramData\mamakubu
[2010/04/28 12:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\tineraka
[2010/04/28 12:13:05 | 000,000,000 | ---D | C] -- C:\ProgramData\ladobenu
[2010/04/28 12:13:05 | 000,000,000 | ---D | C] -- C:\ProgramData\javojosu
[2010/04/26 11:30:01 | 000,000,000 | ---D | C] -- C:\Users\Me\AppData\Local\{A8E43E05-AC29-4CCA-8D9B-5B2B6B63D085}
[2010/04/26 11:27:50 | 000,000,000 | ---D | C] -- C:\ProgramData\vifuveyu
[2010/04/26 11:27:50 | 000,000,000 | ---D | C] -- C:\ProgramData\totanozi
[2010/04/26 11:27:50 | 000,000,000 | ---D | C] -- C:\ProgramData\netijupo
[2010/04/26 11:27:47 | 000,000,000 | ---D | C] -- C:\Users\Me\AppData\Local\Windows Server

:Files
C:\Users\Me\AppData\Roaming\wpp.exe
C:\ProgramData\degijebu
C:\ProgramData\henemate
C:\ProgramData\zewobihu
C:\ProgramData\moyajamu
C:\ProgramData\mamakubu
C:\ProgramData\tineraka
C:\ProgramData\ladobenu
C:\ProgramData\javojosu
C:\Users\Me\AppData\Local\{A8E43E05-AC29-4CCA-8D9B-5B2B6B63D085}
C:\ProgramData\vifuveyu
C:\ProgramData\totanozi
C:\ProgramData\netijupo
C:\Users\Me\AppData\Local\Windows Server
C:\ProgramData\w1vjs2h771
C:\Users\Me\AppData\Local\w1vjs2h771
C:\Users\Me\AppData\Local\hlKouAiI
C:\ProgramData\hlKouAiI
C:\ProgramData\tibesiwe
C:\Users\Me\AppData\Local\Axaxe.dat
C:\Users\Me\AppData\Local\Oxumefo.bin
C:\Users\Me\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

:Commands
[purity]
[emptytemp]
[Reboot]

*******************************************************************

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish

Also try BitDefender's online scan:

http://www.bitdefend...nline/free.html

Ron

#5
josh.lax

Posted 03 May 2010 - 07:53 AM

Member

Topic Starter
Member
13 posts

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

5/2/2010 7:09:35 PM
mbam-log-2010-05-02 (19-09-35).txt

Scan type: Full scan (C:\|)
Objects scanned: 298629
Time elapsed: 1 hour(s), 23 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\ProgramData\degijebu\degijebu.exe (Trojan.Inject) -> No action taken.
C:\ProgramData\henemate\henemate.exe (Rogue.Installer) -> No action taken.
C:\ProgramData\javojosu\javojosu.exe (Trojan.Dropper.Gen) -> No action taken.
C:\ProgramData\ladobenu\ladobenu.exe (Rogue.Installer) -> No action taken.
C:\ProgramData\mamakubu\mamakubu.exe (Trojan.Inject) -> No action taken.
C:\Users\Me\AppData\Local\VirtualStore\Windows\SysWOW64\net.net (Trojan.Downloader) -> No action taken.
C:\Users\Me\AppData\Roaming\Microsoft\Windows\Templates\memory.tmp (Trojan.Dropper) -> No action taken.
C:\Users\Me\Desktop\OLD COMPUTER\Need.for.Speed.Underground.2\Keygen\nfsu2 keygen.exe (Trojan.Downloader) -> No action taken.

______________________________________________________________________________________________________

OTL logfile created on: 5/2/2010 7:30:31 PM - Run 5
OTL by OldTimer - Version 3.1.37.2 Folder = C:\Users\Me\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.84 Gb Total Space | 150.77 Gb Free Space | 33.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOSH
Current User Name: Me
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Users\Me\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files\Sony\VAIO Care\listener.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\vVX3000.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe ()
PRC - C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe ()
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWi.exe ()
PRC - C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe ()
PRC - C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe (Sony Electronics, Inc.)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)
PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

========== Modules (SafeList) ==========

MOD - C:\Users\Me\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\collsvc.exe (Intel Corporation)
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe ()
SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe ()
SRV:64bit: - (BthServ) -- C:\Windows\SysNative\bthserv.dll ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (RtkAudioService) -- C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (QBCFMonitorService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (QBFCService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (IviRegMgr) -- c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/02 08:34:14 | 000,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople_f08
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople_f08
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.3
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:3.7.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010/03/06 00:16:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/04 13:17:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/04 13:17:00 | 000,000,000 | ---D | M]

[2009/04/08 03:18:16 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Mozilla\Extensions
[2010/05/01 17:14:37 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\ou9ff785.default\extensions
[2009/09/02 10:59:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\ou9ff785.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/04/10 17:25:00 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\ou9ff785.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/07/27 19:36:14 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\ou9ff785.default\extensions\[email protected]
[2009/07/27 19:36:14 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\ou9ff785.default\extensions\[email protected]\chrome
[2010/03/19 18:27:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AML] C:\Program Files (x86)\Sony\VAIO Launcher\AML.exe (Sony)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SmartWiHelper] C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VAIOMyMemCenter] C:\Program Files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe File not found
O4 - HKLM..\Run: [VAIORegistration] C:\Program Files\Sony\First Experience\WelcomeLauncher.exe (Sony Electronics, Inc.)
O4 - HKLM..\Run: [VAIOSurvey] C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe ()
O4 - HKLM..\Run: [VWLASU] C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Me\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Me\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2c44bb71-3f29-11de-96f1-001dba25fde3}\Shell\AutoRun\command - "" = H:\setupSNK.exe -- File not found
O33 - MountPoints2\{3a278e7e-0502-11df-811f-00214f498f09}\Shell - "" = AutoRun
O33 - MountPoints2\{3a278e7e-0502-11df-811f-00214f498f09}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{94c5e1f9-a617-11de-9578-00214f498f09}\Shell - "" = AutoRun
O33 - MountPoints2\{94c5e1f9-a617-11de-9578-00214f498f09}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{b6df1e06-1758-11df-9319-00214f498f09}\Shell\AutoRun\command - "" = H:\SALU\KNOW\taN.exe -- File not found
O33 - MountPoints2\{b6df1e06-1758-11df-9319-00214f498f09}\Shell\open\command - "" = H:\SALU\KNOW\taN.exe -- File not found
O33 - MountPoints2\{e59424d9-adeb-11de-8a01-00214f498f09}\Shell\AutoRun\command - "" = H:\SALU\KNOW\taN.exe -- File not found
O33 - MountPoints2\{e59424d9-adeb-11de-8a01-00214f498f09}\Shell\open\command - "" = H:\SALU\KNOW\taN.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/05/01 17:33:16 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Me\Desktop\mbam-setup.exe
[2010/05/01 17:32:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/05/01 17:31:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/05/01 17:06:05 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Me\Desktop\erunt_setup.exe
[2010/05/01 03:04:18 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Me\Desktop\TFC.exe
[6 C:\Users\Me\Desktop\*.tmp files -> C:\Users\Me\Desktop\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/05/02 19:30:05 | 004,456,448 | -HS- | M] () -- C:\Users\Me\ntuser.dat
[2010/05/02 19:23:23 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/02 19:23:21 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/02 19:23:20 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/02 19:23:20 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/02 19:23:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/02 19:23:09 | 4260,405,248 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/02 19:22:17 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/05/02 19:22:16 | 000,524,288 | -HS- | M] () -- C:\Users\Me\ntuser.dat{62c67666-33e6-11df-a6a6-001dba25fde3}.TMContainer00000000000000000001.regtrans-ms
[2010/05/02 19:22:16 | 000,065,536 | -HS- | M] () -- C:\Users\Me\ntuser.dat{62c67666-33e6-11df-a6a6-001dba25fde3}.TM.blf
[2010/05/02 19:21:12 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/02 04:53:25 | 003,631,365 | -H-- | M] () -- C:\Users\Me\AppData\Local\IconCache.db
[2010/05/02 02:40:00 | 000,007,521 | ---- | M] () -- C:\Users\Me\Desktop\utsa lax invoice.pdf
[2010/05/02 02:02:48 | 000,042,480 | ---- | M] () -- C:\Users\Me\Desktop\Need List Lacrosse.docx
[2010/05/01 17:50:31 | 002,392,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/05/01 17:36:23 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Me\Desktop\mbam-setup.exe
[2010/05/01 17:31:48 | 000,000,763 | ---- | M] () -- C:\Users\Me\Desktop\NTREGOPT.lnk
[2010/05/01 17:31:48 | 000,000,744 | ---- | M] () -- C:\Users\Me\Desktop\ERUNT.lnk
[2010/05/01 17:06:45 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Me\Desktop\erunt_setup.exe
[2010/05/01 03:04:24 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\Me\Desktop\TFC.exe
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/28 13:46:38 | 000,023,915 | ---- | M] () -- C:\Users\Me\Desktop\To SGA.docx
[2010/04/26 11:14:11 | 000,024,863 | ---- | M] () -- C:\Users\Me\Desktop\Slightly_Stoopid___Discography__7_Albums_.torrent
[2010/04/26 03:10:14 | 3507,637,727 | ---- | M] () -- C:\Users\Me\Desktop\Nike.Skateboarding.Debacle.1080p.BluRay.x264-NoGrp.mkv
[2010/04/23 00:46:19 | 002,441,327 | ---- | M] () -- C:\Users\Me\Desktop\attachments_2010_04_23.zip
[2010/04/21 23:16:53 | 000,022,212 | ---- | M] () -- C:\Users\Me\Desktop\24907_1439933961358_1323307512_1195793_145109_n.jpg
[2010/04/20 11:42:51 | 000,016,178 | ---- | M] () -- C:\Users\Me\Desktop\2009 - 2010 Roster Information.xlsx
[6 C:\Users\Me\Desktop\*.tmp files -> C:\Users\Me\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/02 02:40:00 | 000,007,521 | ---- | C] () -- C:\Users\Me\Desktop\utsa lax invoice.pdf
[2010/05/01 23:14:05 | 000,293,376 | ---- | C] () -- C:\Users\Me\Desktop\gmer.exe
[2010/05/01 17:31:48 | 000,000,763 | ---- | C] () -- C:\Users\Me\Desktop\NTREGOPT.lnk
[2010/05/01 17:31:48 | 000,000,744 | ---- | C] () -- C:\Users\Me\Desktop\ERUNT.lnk
[2010/04/26 11:14:10 | 000,024,863 | ---- | C] () -- C:\Users\Me\Desktop\Slightly_Stoopid___Discography__7_Albums_.torrent
[2010/04/23 00:45:52 | 002,441,327 | ---- | C] () -- C:\Users\Me\Desktop\attachments_2010_04_23.zip
[2010/04/21 23:16:53 | 000,022,212 | ---- | C] () -- C:\Users\Me\Desktop\24907_1439933961358_1323307512_1195793_145109_n.jpg
[2010/03/20 06:03:17 | 000,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/03/15 17:36:20 | 000,000,680 | ---- | C] () -- C:\Users\Me\AppData\Local\d3d9caps.dat
[2010/02/18 20:50:44 | 000,001,460 | ---- | C] () -- C:\Users\Me\AppData\Local\d3d9caps64.dat
[2009/09/18 12:13:05 | 000,028,089 | ---- | C] () -- C:\Users\Me\AppData\Local\dd_depcheckdotnetfx30.txt
[2009/09/18 12:12:49 | 000,001,578 | ---- | C] () -- C:\Users\Me\AppData\Local\uxeventlog.txt
[2009/09/18 12:12:49 | 000,000,604 | ---- | C] () -- C:\Users\Me\AppData\Local\dd_dotnetfx3error.txt
[2009/09/18 12:12:48 | 000,031,794 | ---- | C] () -- C:\Users\Me\AppData\Local\dd_dotnetfx3install.txt
[2009/05/11 05:08:51 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2009/05/11 05:07:40 | 000,020,102 | ---- | C] () -- C:\Program Files (x86)\Readme.txt
[2009/05/11 05:07:40 | 000,010,960 | ---- | C] () -- C:\Program Files (x86)\EULA.txt
[2009/05/11 05:07:40 | 000,000,730 | ---- | C] () -- C:\Program Files (x86)\INSTALL.LOG
[2009/04/10 17:24:10 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/02/11 19:07:23 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008/08/04 16:21:12 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/11/26 21:56:28 | 000,151,415 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== LOP Check ==========

[2009/11/19 19:44:46 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Antares
[2009/12/19 14:17:25 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Azureus
[2010/04/26 11:29:44 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\BitTorrent
[2009/07/20 16:33:54 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2009/09/18 08:47:53 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\DAEMON Tools Pro
[2010/04/13 11:21:50 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Deusty
[2009/04/17 20:35:09 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\InterVideo
[2009/07/28 14:50:51 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\IrfanView
[2009/11/19 19:31:45 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\PACE Anti-Piracy
[2009/11/16 03:05:39 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Red Alert 3
[2010/05/02 19:22:17 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

____________________________________________________________________________________________________

C:\_OTL\MovedFiles\03182010_032529\C_Users\Me\AppData\Local\67479614.dll a variant of Win32/Kryptik.DVR trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\05022010_191122\C_ProgramData\moyajamu\moyajamu.exe a variant of Win32/Adware.PCProtector.B application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\05022010_191122\C_ProgramData\netijupo\netijupo.dll Win32/Adware.Virtumonde.NEK application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\05022010_191122\C_ProgramData\tineraka\tineraka.exe a variant of Win32/Adware.PCProtector.B application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\05022010_191122\C_ProgramData\totanozi\totanozi.dll Win32/Adware.Virtumonde.NEK application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\05022010_191122\C_ProgramData\zewobihu\zewobihu.exe a variant of Win32/Olmarik.YG trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\05022010_191122\C_Users\Me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\adb9_32.exe a variant of Win32/Adware.PCProtector.B application cleaned by deleting - quarantined
________________________________________________________________________________________

QuickScan Beta 32-bit v0.9.9.19
-------------------------------
Scan date: Mon May 03 08:51:39 2010
Machine ID: 723B3745

No infection found.
-------------------

Processes
---------
<unsigned> 4544 C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWi.exe
<unsigned> AutoLaunchWLASU 3784 C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
<unsigned> CCP 2872 C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
<unsigned> Intel Sample Collector Service 3732 C:\Program Files\Sony\VAIO Care\listener.exe
<unsigned> Java™ Platform SE 6 3668 C:\Program Files (x86)\Java\jre1.6.0\bin\jusched.exe
<unsigned> Kinoubi.UI.UIManager2 4352 C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
<unsigned> PowerISO Virtual Drive Manager 2808 C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
<unsigned> PowerManager 4336 C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
<unsigned> ThirdPartyAppMgr 4344 C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe

<verified> BrowserPlusCore 4036 C:\Users\Me\AppData\Local\Yahoo!\BrowserPlus\2.7.1\BrowserPlusCore.exe
<verified> Firefox 5760 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
<verified> ISB Utility 3648 C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
<verified> iTunes 1428 C:\Program Files (x86)\iTunes\iTunesHelper.exe
<verified> Microsoft LifeCam 2368 C:\Windows\vVX3000.exe
<verified> Skype 1536 C:\Program Files (x86)\Skype\Phone\Skype.exe
<verified> Yahoo! Messenger 5480 C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe

Network activity
----------------
Process firefox.exe (5760) connected on port 5050 (Yahoo Messenger) --> 69.147.84.91
Process firefox.exe (5760) connected on port 80 (HTTP) --> 206.190.52.34
Process firefox.exe (5760) connected on port 80 (HTTP) --> 206.190.52.34
Process firefox.exe (5760) connected on port 80 (HTTP) --> 74.125.157.148
Process firefox.exe (5760) connected on port 80 (HTTP) --> 24.143.192.57
Process firefox.exe (5760) connected on port 80 (HTTP) --> 24.143.192.8
Process firefox.exe (5760) connected on port 80 (HTTP) --> 68.142.213.156
Process firefox.exe (5760) connected on port 80 (HTTP) --> 74.125.159.101
Process firefox.exe (5760) connected on port 80 (HTTP) --> 96.7.76.20
Process firefox.exe (5760) connected on port 80 (HTTP) --> 96.7.69.115
Process firefox.exe (5760) connected on port 80 (HTTP) --> 199.7.51.190

Autoruns and critical files
---------------------------
<unsigned> C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe
<unsigned> AML C:\Program Files (x86)\Sony\VAIO Launcher\AML.exe
<unsigned> AutoLaunchWLASU C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
<unsigned> Catalyst® Control Center c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
<unsigned> Java™ Platform SE 6 C:\Program Files (x86)\Java\jre1.6.0\bin\jusched.exe
<unsigned> PowerISO Virtual Drive Manager C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
<unsigned> QuickTime C:\Program Files (x86)\QuickTime\QTTask.exe
<unsigned> SmartWi Helper C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe
<unsigned> VAIO Event Service C:\Windows\system32\VESWinlogon.dll
<unsigned> WelcomeLauncher C:\Program Files\Sony\First Experience\WelcomeLauncher.exe

<verified> Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
<verified> GrooveMonitor Utility C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
<verified> GrooveShellExtensions Module c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll
<verified> ISB Utility C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
<verified> iTunes C:\Program Files (x86)\iTunes\iTunesHelper.exe
<verified> Microsoft LifeCam C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
<verified> Microsoft® Windows® Operating System C:\Program Files\Windows Sidebar\sidebar.exe
<verified> Microsoft® Windows® Operating System C:\Windows\ehome\ehTray.exe
<verified> Microsoft® Windows® Operating System c:\windows\system32\browseui.dll
<verified> Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
<verified> QuickBooks Automatic Update C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
<verified> Skype C:\Program Files (x86)\Skype\Phone\Skype.exe
<verified> Windows® Internet Explorer c:\windows\syswow64\webcheck.dll
<verified> Yahoo! Messenger C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

Browser plugins
---------------
<unsigned> 3DVIA player C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll
<unsigned> Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll
<unsigned> Google Gears 0.5.36.0 c:\program files (x86)\google\google gears\internet explorer\0.5.36.0\gears.dll
<unsigned> npitunes.dll C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
<unsigned> QuickTime Plug-in 7.6 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> QuickTime Plug-in 7.6 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned> Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw.dll
<unsigned> The OpenSSL Toolkit C:\Program Files (x86)\Mozilla Firefox\plugins\libdivx.dll
<unsigned> The OpenSSL Toolkit C:\Program Files (x86)\Mozilla Firefox\plugins\ssldivx.dll

<verified> 2007 Microsoft Office system C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
<verified> AcroIEHelperShim Library c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
<verified> Adobe Acrobat C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll
<verified> Adobe Acrobat C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
<verified> BitDefender QuickScan C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\ou9ff785.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
<verified> BitDefender QuickScan C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\ou9ff785.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified> DivX Web Player C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll
<verified> DivX Web Player C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll
<verified> Google Update C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
<verified> GrooveShellExtensions Module c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll
<verified> Java™ Platform SE 6 c:\program files (x86)\java\jre1.6.0\bin\ssv.dll
<verified> Microsoft® Windows Media Player Firefox C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll
<verified> Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
<verified> Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
<verified> Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
<verified> Microsoft® Windows® Operating System C:\Windows\system32\wshbth.dll
<verified> Mozilla Default Plug-in C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
<verified> NPSWF32.dll C:\Windows\system32\Macromed\Flash\NPSWF32.dll
<verified> Windows Presentation Foundation c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified> Windows® Internet Explorer c:\windows\syswow64\ieframe.dll
<verified> Yahoo Application State Plugin C:\Program Files (x86)\Yahoo!\Shared\npYState.dll

Missing files
-------------
File not found: C:\Program Files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe
referenced in: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"VAIOMyMemCenter"
referenced in:

Scan
----
<unsigned> MD5: e1e71d80d078c576801b6fe2a29fcf85 c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
<unsigned> MD5: 1f5a570ad942dfcfe4500326abdd72b2 C:\Program Files (x86)\Bonjour\mdnsNSP.dll
<unsigned> MD5: e59cc8213abfe1b6c30ccc051a7cf058 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\iTunesMobileDevice.dll
<unsigned> MD5: bab30d2799754f6ea22f0b9076311793 C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
<unsigned> MD5: 0a2c21b3168f2efc3468b35ff5508cea C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
<unsigned> MD5: 227846995afeefa70d328bf5334a86a5 C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
<unsigned> MD5: a99d2c7e30ad63ef920a894131caf5f7 C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
<unsigned> MD5: 41c33fb4fd929fed732a00d2daef5be0 C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
<unsigned> MD5: f63102f289ae2039940b22e9b2a8e0bd C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe
<unsigned> MD5: dbf4f15ceaa754cfe2b167e6c7fe8314 C:\Program Files (x86)\Common Files\Sony Shared\Sony Utilities\SnyUtils.dll
<unsigned> MD5: cbcbe2233d21e9b278f95f5cb28bc8ae C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
<unsigned> MD5: 071634532066c2e29350d450c3412837 C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
<unsigned> MD5: 2a640dc735cb0112ac1dcd1e1549b27e C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
<unsigned> MD5: f511205ab7f4bd494934de614c4dcc2a C:\Program Files (x86)\Google\Google Gears\Firefox\lib\ff30\gears.dll
<unsigned> MD5: 432226e3e9c09a73f389a65dec49bb2f c:\program files (x86)\google\google gears\internet explorer\0.5.36.0\gears.dll
<unsigned> MD5: 33df4f19b0a5c0a66fdf5cc9d2848b8f C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
<unsigned> MD5: 33df4f19b0a5c0a66fdf5cc9d2848b8f C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> MD5: 33df4f19b0a5c0a66fdf5cc9d2848b8f C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> MD5: 33df4f19b0a5c0a66fdf5cc9d2848b8f C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> MD5: 33df4f19b0a5c0a66fdf5cc9d2848b8f C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> MD5: 33df4f19b0a5c0a66fdf5cc9d2848b8f C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> MD5: 33df4f19b0a5c0a66fdf5cc9d2848b8f C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> MD5: 2de7bc987ec12c2e7daf76466cdc296d C:\Program Files (x86)\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll
<unsigned> MD5: 980d1e904e059139f075711ece5bdcb8 C:\Program Files (x86)\iTunes\iTunesHelper.Resources\iTunesHelper.dll
<unsigned> MD5: c51dc246068604b974202ce440b25ce1 C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
<unsigned> MD5: ab74aa8defc1ca82759788a55b673629 C:\Program Files (x86)\Java\jre1.6.0\bin\jusched.exe
<unsigned> MD5: 86f1895ae8c5e8b17d99ece768a70732 C:\Program Files (x86)\Java\jre1.6.0\bin\msvcr71.dll
<unsigned> MD5: 07ad099218772aac61034351b75ad358 C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
<unsigned> MD5: 819173be1d108b5ad925ba1997eaeb4a C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
<unsigned> MD5: 5d10887c550ab149a7d0e0c2438b8655 C:\Program Files (x86)\Mozilla Firefox\plugins\libdivx.dll
<unsigned> MD5: 33df4f19b0a5c0a66fdf5cc9d2848b8f C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> MD5: 33df4f19b0a5c0a66fdf5cc9d2848b8f C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> MD5: 33df4f19b0a5c0a66fdf5cc9d2848b8f C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> MD5: 33df4f19b0a5c0a66fdf5cc9d2848b8f C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> MD5: 33df4f19b0a5c0a66fdf5cc9d2848b8f C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> MD5: 33df4f19b0a5c0a66fdf5cc9d2848b8f C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> MD5: 33df4f19b0a5c0a66fdf5cc9d2848b8f C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned> MD5: eed2ce7bd9e43b8500d906d944460d22 C:\Program Files (x86)\Mozilla Firefox\plugins\ssldivx.dll
<unsigned> MD5: 84e408bfd7ad685e7b247ad9bc7242f7 C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
<unsigned> MD5: 7027f35e3aa472ec230dbcf19e4165e6 C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
<unsigned> MD5: 1f95f072d1384b6c0f9245318d35b6a5 C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.qts
<unsigned> MD5: 797faf90b54a30e58feca28f241e1072 C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.dll
<unsigned> MD5: 11b257dc0e60b9e17ba48b18e545f446 C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.Resources\QuickTime.dll
<unsigned> MD5: 0ab3c83fcb8ef6f56e4fb22089f0d3b9 C:\Program Files (x86)\QuickTime\QTTask.exe
<unsigned> MD5: 9972a6ed4f2388dbfa8e0a96f6f3fdf1 C:\Program Files (x86)\Sony\VAIO Event Service\msvcr70.dll
<unsigned> MD5: 2ea0b8689fc9765dda4bc4af7696ac09 C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
<unsigned> MD5: 9f57ce4b941e1c58649095f3333e6c43 C:\Program Files (x86)\Sony\VAIO Launcher\AML.exe
<unsigned> MD5: e51449759ec41555a38689bd4f62ad76 C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe
<unsigned> MD5: 3ddd3c271409e869f1727ec6e2694c6c C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll
<unsigned> MD5: ee4228c1a3d86b1e5239c350734f6c5e C:\Program Files (x86)\Yahoo!\Messenger\res_msgr.dll
<unsigned> MD5: 180dfda6bc702736bd87493efeaa676c C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
<unsigned> MD5: 7a917120a62bcf2883fdd5c352447556 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
<unsigned> MD5: 7cd2f2c63693ef90b73f5362a52cae26 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
<unsigned> MD5: 34a547c5888b014be2a3d5893a61450d C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
<unsigned> MD5: de7fdc108ab4824778a4ddb207197328 C:\Program Files\Sony Corporation\SmartWi Connection Utility\DebugMsg.dll
<unsigned> MD5: 808a68d627faa71e4fd30cd1331b98f7 C:\Program Files\Sony Corporation\SmartWi Connection Utility\DictionaryLookup.dll
<unsigned> MD5: 975633b80a4eef70ca0d801d320c5046 C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.BtPower.dll
<unsigned> MD5: 5a2042c13ed0ae22287c2f9654132961 C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.Generic.dll
<unsigned> MD5: 23c0853cacf6f2ee374a0e05401da229 C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.NativeWifiThirdPartyApp.dll
<unsigned> MD5: 3f7f063bd3f625a2049981e75693c998 C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.TosBtThirdPartyApp.dll
<unsigned> MD5: 5453d1884b1ee8bbc906102e744d8de2 C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.WlanPower.dll
<unsigned> MD5: 594b483d3b0d56ea8c49ddf11aa65f02 C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Generic.dll
<unsigned> MD5: c73f7f8ff23befa743462eabbd3c89f5 C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Power.dll
<unsigned> MD5: 37fd621ddd6b5d3f00bf9171320f1a58 C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.ThirdPartyApp.dll
<unsigned> MD5: b6db6102ddef5471cadd7656d5e0a9a1 C:\Program Files\Sony Corporation\SmartWi Connection Utility\MessageXML.dll
<unsigned> MD5: 9a261fd511569642cf4bf083c89f296b C:\Program Files\Sony Corporation\SmartWi Connection Utility\NativeWifiWrap.dll
<unsigned> MD5: d856023d1705326ca013941821a8a83a C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
<unsigned> MD5: fc1a3a4c07913e48bd763ccae81820ac C:\Program Files\Sony Corporation\SmartWi Connection Utility\Resources.dll
<unsigned> MD5: 14e0304153bef02f0e6a83f555e12977 C:\Program Files\Sony Corporation\SmartWi Connection Utility\SendMessage.dll
<unsigned> MD5: b95eea1a3aa8fd956e9c8d360ea06697 C:\Program Files\Sony Corporation\SmartWi Connection Utility\SharedInterfaces.dll
<unsigned> MD5: 5ee7df6996d5b267701f2a5244099696 C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWi.exe
<unsigned> MD5: 9494ae1e84dcfff12f02b496beb0f390 C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe
<unsigned> MD5: a94afa11aeca1e965262af9ae8621a33 C:\Program Files\Sony Corporation\SmartWi Connection Utility\SnyUtilsWrapper.dll
<unsigned> MD5: 061e87ab8b13fc4c1b601e282eea78e0 C:\Program Files\Sony Corporation\SmartWi Connection Utility\SonyCommonLib.dll
<unsigned> MD5: 328c1ca416812f531daec77debb62927 C:\Program Files\Sony Corporation\SmartWi Connection Utility\SWBTH.dll
<unsigned> MD5: 4bb848e9f1a164188fdc437e3e2f82e1 C:\Program Files\Sony Corporation\SmartWi Connection Utility\SWCommon.dll
<unsigned> MD5: 75c182cf73c389ea952b0ac64eebed7d C:\Program Files\Sony Corporation\SmartWi Connection Utility\SWDEV.dll
<unsigned> MD5: 21df5b725cb155ad3e682ff0878a984f C:\Program Files\Sony Corporation\SmartWi Connection Utility\SWGadgetInterface.dll
<unsigned> MD5: 957177f6070d1be811b7d50f0097be14 C:\Program Files\Sony Corporation\SmartWi Connection Utility\SWLAN.dll
<unsigned> MD5: 2a0c9e4e3e7c3b3727d29c37b40253c3 C:\Program Files\Sony Corporation\SmartWi Connection Utility\SWSET.dll
<unsigned> MD5: 9f54ba700a86d08bf31f97f3ddb14256 C:\Program Files\Sony Corporation\SmartWi Connection Utility\SWTSK.dll
<unsigned> MD5: d90ddfbb11157ebf27bed8f11570f412 C:\Program Files\Sony Corporation\SmartWi Connection Utility\SystemPowerDLL.dll
<unsigned> MD5: b43838ffe6736af6fb8eb42bd69cba07 C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
<unsigned> MD5: 4b466182a06ba333f854eee8c54f577a C:\Program Files\Sony Corporation\SmartWi Connection Utility\TosBtWrap.dll
<unsigned> MD5: ac510875424a0adaa42659f8840a467d C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
<unsigned> MD5: d27bf775c0a88db6075e9dbad80307de C:\Program Files\Sony\First Experience\WelcomeLauncher.exe
<unsigned> MD5: 9a5fb8de6567bc86fccde2f0336857a3 C:\Program Files\Sony\VAIO Care\collsvc.exe
<unsigned> MD5: e5ce12ec87baab7d7f3b60dd3a653f1f C:\Program Files\Sony\VAIO Care\listener.exe
<unsigned> MD5: ff299bb033dc7b2fb3210f12869e344c C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
<unsigned> MD5: ecbf8cbd73adfcf351a17053cc4e2b01 C:\Program Files\Sony\VAIO Wireless Wizard\snyutilswrapper.dll
<unsigned> MD5: d9e6ff5e65f891f83d898b1d49e9c79e C:\Program Files\Sony\VAIO Wireless Wizard\veswrap.dll
<unsigned> MD5: f92fc494f7e9760802180b5493dd4f90 C:\Windows\system32\Adobe\Director\np32dsw.dll
<unsigned> MD5: 84b633c780df58fbf240f37ea776e9e7 C:\Windows\system32\VESWinlogon.dll
<unsigned> MD5: 3c7def3cbbca6284867aa4621d5d8a54 C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c\ATL80.dll
<unsigned> MD5: ccc2e312486ae6b80970211da472268b C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\mfc80u.dll
<unsigned> MD5: 9090454e6772f7cfbce240bf4dc5f7e8 C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80ENU.dll

No file uploaded.

Scan finished - communication took 7 sec
Total traffic - 0.05 MB sent, 1.41 KB recvd
Scanned 655 files and modules - 44 seconds

==============================================================================

#6
RKinner

Posted 03 May 2010 - 08:23 AM

Malware Expert

Expert
24,625 posts

When you ran OTL with the script from my last post did you hit Quick Scan instead of RUN FIX?

Please try it again and post the log the Run Fix gives you.

When you ran MBAM you forgot a step:

* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

Do it again please.

Also do an eset scan:

Go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish

Ron

#7
josh.lax

Posted 03 May 2010 - 10:07 AM

Member

Topic Starter
Member
13 posts

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\rinfri not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\vaxvsj not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Shockwave Updater not found.
File C:\Users\Me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\adb9_32.exe not found.
Folder C:\ProgramData\degijebu\ not found.
Folder C:\ProgramData\henemate\ not found.
Folder C:\ProgramData\zewobihu\ not found.
Folder C:\ProgramData\moyajamu\ not found.
Folder C:\ProgramData\mamakubu\ not found.
Folder C:\ProgramData\tineraka\ not found.
Folder C:\ProgramData\ladobenu\ not found.
Folder C:\ProgramData\javojosu\ not found.
Folder C:\Users\Me\AppData\Local\{A8E43E05-AC29-4CCA-8D9B-5B2B6B63D085}\ not found.
Folder C:\ProgramData\vifuveyu\ not found.
Folder C:\ProgramData\totanozi\ not found.
Folder C:\ProgramData\netijupo\ not found.
Folder C:\Users\Me\AppData\Local\Windows Server\ not found.
========== FILES ==========
File\Folder C:\Users\Me\AppData\Roaming\wpp.exe not found.
File\Folder C:\ProgramData\degijebu not found.
File\Folder C:\ProgramData\henemate not found.
File\Folder C:\ProgramData\zewobihu not found.
File\Folder C:\ProgramData\moyajamu not found.
File\Folder C:\ProgramData\mamakubu not found.
File\Folder C:\ProgramData\tineraka not found.
File\Folder C:\ProgramData\ladobenu not found.
File\Folder C:\ProgramData\javojosu not found.
File\Folder C:\Users\Me\AppData\Local\{A8E43E05-AC29-4CCA-8D9B-5B2B6B63D085} not found.
File\Folder C:\ProgramData\vifuveyu not found.
File\Folder C:\ProgramData\totanozi not found.
File\Folder C:\ProgramData\netijupo not found.
File\Folder C:\Users\Me\AppData\Local\Windows Server not found.
File\Folder C:\ProgramData\w1vjs2h771 not found.
File\Folder C:\Users\Me\AppData\Local\w1vjs2h771 not found.
File\Folder C:\Users\Me\AppData\Local\hlKouAiI not found.
File\Folder C:\ProgramData\hlKouAiI not found.
File\Folder C:\ProgramData\tibesiwe not found.
File\Folder C:\Users\Me\AppData\Local\Axaxe.dat not found.
File\Folder C:\Users\Me\AppData\Local\Oxumefo.bin not found.
C:\Users\Me\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Me
->Temp folder emptied: 133734260 bytes
->Temporary Internet Files folder emptied: 72836 bytes
->Java cache emptied: 36451 bytes
->FireFox cache emptied: 62240736 bytes
->Flash cache emptied: 1214 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 524288 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 56022 bytes

Total Files Cleaned = 188.00 mb

OTL by OldTimer - Version 3.1.37.2 log created on 05032010_092800

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP00000064083C8640A50997C2 not found!
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...

No malicious activity on scan with Malwarebytes.

#8
RKinner

Posted 03 May 2010 - 12:15 PM

Malware Expert

Expert
24,625 posts

Were you able to run Eset's scan?

Do you still see any problems?

Ron

#9
josh.lax

Posted 03 May 2010 - 07:59 PM

Member

Topic Starter
Member
13 posts

Eset's scanned for 3 hours and had nothing come up.

No more problems I don't think thanks. What should I do with all these programs that I downloaded to fix? should I uninstall and defrag. my comp.?

#10
RKinner

Posted 03 May 2010 - 09:44 PM

Malware Expert

Expert
24,625 posts

We need to clean up System Restore. Follow Jim's procedure here:
http://forum.aumha.o...581099691bf108f

You may not have the latest Java (6update20). Get the latest at:

http://www.java.com/...nload/index.jsp

Once you install it, go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol 2010 from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.4.
http://oldmcdonald.w...orun-eater-v24/
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.

If you use Firefox then get the AdBlock Plus Add-on.

You can uninstall or delete any tools we had you download and their logs.

To hide hidden files again:

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button.

Defrag is not as important as it used to be. You can look to see if it needs it but usually it doesn't.

Ron