jlv

Thank you for all your help.

I tried running Combofix /uninstall but I got an error message that said it could not find it, recheck spelling, etc. Should I continue to the other instructions, or do I need to resolve the combofix error first?

I ran the full system scan on MBAM and no malware. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4887 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 10/19/2010 11:57:14 PM mbam-log-2010-10-19 (23-57-14).txt Scan type: Full scan (C:\|) Objects scanned: 406362 Time elapsed: 3 hour(s), 50 minute(s), 7 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

========== REGISTRY ========== Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\rqpnljsys not found. Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\fccyaxdrv not found. Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\cbxvutdrv not found. Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\efcbywdrv not found. Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\rqpnljsys not found. Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\fccyaxdrv not found. Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\cbxvutdrv not found. Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\efcbywdrv not found. OTL by OldTimer - Version 3.2.15.2 log created on 10192010_200410

Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4875 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 10/18/2010 7:32:48 PM mbam-log-2010-10-18 (19-32-48).txt Scan type: Quick scan Objects scanned: 155958 Time elapsed: 10 minute(s), 10 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 8 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rqpnljsys (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fccyaxdrv (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cbxvutdrv (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\efcbywdrv (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rqpnljsys (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fccyaxdrv (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cbxvutdrv (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\efcbywdrv (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Do you want the OTL scan with the default settings, the settings from earlier, 30 or 90 days? I did the default OTL scan for 30 days and here are the results: OTL logfile created on: 10/18/2010 2:03:19 PM - Run 3 OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Joseph\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,023.00 Mb Total Physical Memory | 437.00 Mb Available Physical Memory | 43.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149.04 Gb Total Space | 58.08 Gb Free Space | 38.97% Space Free | Partition Type: NTFS Computer Name: SONY-LAPTOP | User Name: Joseph | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Joseph\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Unlocker\UnlockerAssistant.exe () PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.) PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe (Sonic Solutions) PRC - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe (Sonic Solutions) PRC - C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) PRC - C:\Program Files\Sony\HotKey Utility\HKServ.exe (Sony Corporation) PRC - C:\Program Files\Sony\HotKey Utility\HKWnd.exe (Sony Corporation) PRC - C:\Program Files\Sony\usbsircs\USBsircs.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) PRC - C:\Program Files\Sony\Giga Pocket\RM_SV.exe (Sony Corporation) PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation) PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe (Sony Corporation) PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Joseph\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\Program Files\Unlocker\UnlockerHook.dll () MOD - C:\Program Files\Mindjet\MindManager 8\msscript.ocx (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_062a651.dll () SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (ICDSPTSV) -- C:\WINDOWS\system32\IcdSptSv.exe (Sony Corporation) SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.) SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.) SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.) SRV - (RoxLiveShare) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe (Sonic Solutions) SRV - (RoxMediaDB) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe (Sonic Solutions) SRV - (RoxWatch) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe (Sonic Solutions) SRV - (RoxUPnPRenderer) -- C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe (Sonic Solutions) SRV - (RoxUpnpServer) -- C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe (Sonic Solutions) SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation) SRV - (VAIO Entertainment Aggregation and Control Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe (Sony Corporation) SRV - (VAIO Entertainment File Import Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (VAIO Entertainment UPnP Client Adapter) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe (Sony Corporation) SRV - (VAIOMediaPlatform-VideoServer-UPnP) VAIO Media Video Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-VideoServer-HTTP) VAIO Media Video Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation) SRV - (Sony TV Tuner Manager) -- C:\Program Files\Sony\Giga Pocket\RM_SV.exe (Sony Corporation) SRV - (Sony TV Tuner Controller) -- C:\Program Files\Sony\Giga Pocket\halsv.exe (Sony Corporation) SRV - (VAIOMediaPlatform-VideoServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe (Sony Corporation) ========== Driver Services (SafeList) ========== DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (Haspnt) -- C:\WINDOWS\system32\drivers\Haspnt.sys (Aladdin Knowledge Systems) DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.) DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (mferkdk) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys (McAfee, Inc.) DRV - (adfs) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys () DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys (Sonic Solutions) DRV - (pwd_2k) -- C:\WINDOWS\System32\drivers\Pwd_2k.sys (Sonic Solutions) DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\dvd_2k.sys (Sonic Solutions) DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\mmc_2k.sys (Sonic Solutions) DRV - (RxFilter) -- C:\WINDOWS\system32\drivers\RxFilter.sys (Sonic Solutions) DRV - (Hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.) DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.) DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (SPI) -- C:\WINDOWS\system32\drivers\SonyPI.sys (Sony Corporation) DRV - (lock) -- C:\WINDOWS\System32\drivers\lock.sys (Microsoft Corporation) DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation) DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.optimum.net/optonline IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - prefs.js..extensions.enabledItems: tmtoolbar@lexisnexis.com:1.0 FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/09 21:59:16 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/15 11:52:16 | 000,000,000 | ---D | M] [2009/04/12 22:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\Mozilla\Extensions [2010/10/17 23:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\Mozilla\Firefox\Profiles\z21ycqhs.default\extensions [2010/04/28 16:04:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Joseph\Application Data\Mozilla\Firefox\Profiles\z21ycqhs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/09/03 01:33:29 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Joseph\Application Data\Mozilla\Firefox\Profiles\z21ycqhs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/10/17 23:53:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/05/10 18:44:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2007/08/15 08:02:56 | 000,016,384 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\tmfftb.dll [2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll O1 HOSTS File: ([2009/04/07 14:15:06 | 000,304,232 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 10480 more lines... O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation) O2 - BHO: (Time Matters) - {00F17ECE-12DA-46A0-B541-BDE4EB7DF027} - C:\TMW8\tmietb.dll (LexisNexis, a division of Reed Elsevier Inc. ) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Time Matters) - {00F17ECE-12DA-46A0-B541-BDE4EB7DF027} - C:\TMW8\tmietb.dll (LexisNexis, a division of Reed Elsevier Inc. ) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation) O3 - HKLM\..\Toolbar: (Shepard's

Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: file "C:\WINDOWS\System32\geebcd.dll" not found! Deletion of file "C:\WINDOWS\System32\geebcd.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\System32\opomji.dll" not found! Deletion of file "C:\WINDOWS\System32\opomji.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\System32\ddaaaw.dll.vir" not found! Deletion of file "C:\WINDOWS\System32\ddaaaw.dll.vir" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate.

Avenger is not working. I turned off the virus protection programs. I then dragged the Avenger zip file and the avenger file from the desktop to the recycle bin. I then redownloaded the Avenger file zip file and extracted the Avenger files. I ran the program, pasted the code you geve me and executed. The program rebooted my computer and when it rebooted, I was told I could not find cleanup.exe. I ran a search, and it was not on computer. There was one, a 2007 file that was located in the McAfee subdirectory. I checked the c: drive manually and found a cleanup msdos batch file, but no exe. Any advice?

I am running into a problem with Avenger. My virus scan is reading the cleanup.exe as a trojan and automatically deleting it. I can't shut down the virus scan with task manager, do I need to shut down the virus programs with msconfig? When the program reboots, it says it is looking for cleanup.exe but cannot find it.

OTL logfile created on: 10/18/2010 8:25:33 AM - Run 2 OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Joseph\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,023.00 Mb Total Physical Memory | 404.00 Mb Available Physical Memory | 39.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149.04 Gb Total Space | 58.10 Gb Free Space | 38.99% Space Free | Partition Type: NTFS Computer Name: SONY-LAPTOP | User Name: Joseph | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Joseph\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Unlocker\UnlockerAssistant.exe () PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\McAfee\Common Framework\Mctray.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.) PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe (Sonic Solutions) PRC - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe (Sonic Solutions) PRC - C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) PRC - C:\Program Files\Sony\HotKey Utility\HKServ.exe (Sony Corporation) PRC - C:\Program Files\Sony\HotKey Utility\HKWnd.exe (Sony Corporation) PRC - C:\Program Files\Sony\usbsircs\USBsircs.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) PRC - C:\Program Files\Sony\Giga Pocket\RM_SV.exe (Sony Corporation) PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation) PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe (Sony Corporation) PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Joseph\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\Program Files\Unlocker\UnlockerHook.dll () MOD - C:\Program Files\Mindjet\MindManager 8\msscript.ocx (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_062a651.dll () SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (ICDSPTSV) -- C:\WINDOWS\system32\IcdSptSv.exe (Sony Corporation) SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.) SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.) SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.) SRV - (RoxLiveShare) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe (Sonic Solutions) SRV - (RoxMediaDB) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe (Sonic Solutions) SRV - (RoxWatch) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe (Sonic Solutions) SRV - (RoxUPnPRenderer) -- C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe (Sonic Solutions) SRV - (RoxUpnpServer) -- C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe (Sonic Solutions) SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation) SRV - (VAIO Entertainment Aggregation and Control Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe (Sony Corporation) SRV - (VAIO Entertainment File Import Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (VAIO Entertainment UPnP Client Adapter) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe (Sony Corporation) SRV - (VAIOMediaPlatform-VideoServer-UPnP) VAIO Media Video Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-VideoServer-HTTP) VAIO Media Video Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation) SRV - (Sony TV Tuner Manager) -- C:\Program Files\Sony\Giga Pocket\RM_SV.exe (Sony Corporation) SRV - (Sony TV Tuner Controller) -- C:\Program Files\Sony\Giga Pocket\halsv.exe (Sony Corporation) SRV - (VAIOMediaPlatform-VideoServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe (Sony Corporation) ========== Driver Services (SafeList) ========== DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (Haspnt) -- C:\WINDOWS\system32\drivers\Haspnt.sys (Aladdin Knowledge Systems) DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.) DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (mferkdk) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys (McAfee, Inc.) DRV - (adfs) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys () DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys (Sonic Solutions) DRV - (pwd_2k) -- C:\WINDOWS\System32\drivers\Pwd_2k.sys (Sonic Solutions) DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\dvd_2k.sys (Sonic Solutions) DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\mmc_2k.sys (Sonic Solutions) DRV - (RxFilter) -- C:\WINDOWS\system32\drivers\RxFilter.sys (Sonic Solutions) DRV - (Hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.) DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.) DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (SPI) -- C:\WINDOWS\system32\drivers\SonyPI.sys (Sony Corporation) DRV - (lock) -- C:\WINDOWS\System32\drivers\lock.sys (Microsoft Corporation) DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation) DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.optimum.net/optonline IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - prefs.js..extensions.enabledItems: tmtoolbar@lexisnexis.com:1.0 FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/09 21:59:16 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/15 11:52:16 | 000,000,000 | ---D | M] [2009/04/12 22:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\Mozilla\Extensions [2010/10/17 23:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\Mozilla\Firefox\Profiles\z21ycqhs.default\extensions [2010/04/28 16:04:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Joseph\Application Data\Mozilla\Firefox\Profiles\z21ycqhs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/09/03 01:33:29 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Joseph\Application Data\Mozilla\Firefox\Profiles\z21ycqhs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/10/17 23:53:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/05/10 18:44:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2007/08/15 08:02:56 | 000,016,384 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\tmfftb.dll [2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll O1 HOSTS File: ([2009/04/07 14:15:06 | 000,304,232 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 10480 more lines... O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation) O2 - BHO: (Time Matters) - {00F17ECE-12DA-46A0-B541-BDE4EB7DF027} - C:\TMW8\tmietb.dll (LexisNexis, a division of Reed Elsevier Inc. ) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Time Matters) - {00F17ECE-12DA-46A0-B541-BDE4EB7DF027} - C:\TMW8\tmietb.dll (LexisNexis, a division of Reed Elsevier Inc. ) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation) O3 - HKLM\..\Toolbar: (Shepard's

ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=9c1eb465cd40a047a3f87070dd023df7 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=false # utc_time=2010-10-17 09:48:05 # local_time=2010-10-17 05:48:05 (-0500, Eastern Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=253364 # found=5 # cleaned=5 # scan_time=9251 C:\Documents and Settings\Joseph\Desktop\unlocker1.9.0.exe Win32/Adware.ADON application (deleted - quarantined) B432447CF8E8C7A613FF0116402B67F9 C C:\WINDOWS\system32\ddaaaw.dll a variant of Win32/Agent.QXV trojan (cleaned by deleting (after the next restart) - quarantined) 35244CCC34F2DEEE7F588D162F56A948 C C:\WINDOWS\system32\jkjkjg.dll.vir a variant of Win32/Kryptik.FSJ trojan (cleaned by deleting - quarantined) 6F56CFA1936F073DFCFFA080001CF847 C C:\WINDOWS\system32\opomji.dll a variant of Win32/Kryptik.FCW trojan (cleaned by deleting (after the next restart) - quarantined) 209CA97A9587D38F657C5228ECF2F672 C C:\_OTL\MovedFiles\10162010_061824\C_WINDOWS\system32\opomji.dll a variant of Win32/Kryptik.FCW trojan (cleaned by deleting - quarantined) 209CA97A9587D38F657C5228ECF2F672 C

I am currently running the ESET Online Scan. Will send that report when finished. I wanted to make you aware that when the system rebooted after the malwarebytes scan, I got two error dialog boxes that said [Title Bar] RunDLL Red circle with X then it said: Error loading khgebc.dll The specified module could not be found [OK button] This is the same dll file that the malwarebytes was going to delete. This happens everytime I run the Malwarebytes, and I mention this so you are aware that this Trojan regenerates itself with a different name. Here is the Malwarebytes report: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4862 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 10/17/2010 2:54:32 PM mbam-log-2010-10-17 (14-54-32).txt Scan type: Quick scan Objects scanned: 155876 Time elapsed: 9 minute(s), 13 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 0 Registry Values Infected: 11 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\khgebc.dll (Trojan.Hiloti.Gen) -> Delete on reboot. Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\awutrqdrv (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mliihhdrv (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hgffcasys (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wvwvwvdrv (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jkhfdedrv (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\effdawsys (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\urrrqrdrv (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\byyabcdrv (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\effdawsys (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\urrrqrdrv (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\byyabcdrv (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\khgebc.dll (Trojan.Hiloti.Gen) -> Delete on reboot.

I checked the Rootkit Unhooker in the driver section, but there is no driver with that name. I searched by address and size as well.

SystemLook 04.09.10 by jpshortstuff Log created at 21:15 on 16/10/2010 by Joseph Administrator - Elevation successful ========== filefind ========== Searching for "vuvnngo.sys" No files found. -= EOF =-

I get another error message, a dialog box telling me file not found. I get the error message for both files. I also searched for file manually, and could not find either of them.