Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

a case of hacked remote control access

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

a case of hacked remote control access

Unread postby vlvlvl » February 25th, 2011, 10:09 pm

description
i noticed a few months ago that my computer has been behaving weirdly. it will all a sudden start behaving on its own, rendering me useless to use the computer and then it will auto rotate my laptop screen and use up all the battery within the few mins it occupies. at first, i googled it and they said it could be the battery fault, so i removed it and lived on just ac power. i also didn't realise that i did not install anti virus so i installed avg. but it became stranger last night when the person controlling the laptop was trying to look for something in my laptop. i also disabled the remote access setting under my computer>properties>remote access last night.

also tried downloading and running rootkitrevealer and always get this message - "Unable to install RootkitRevealer service: The service did not respond to the start or control request in a timely fashion."

os: windows 7
anti virus: avg 2010
browser: chrome v9
ran spybot, got nothing

hijackthis log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:54:44 AM, on 2/26/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Care\VCSpt.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Winstep\Nexus.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digsby\lib\digsby-app.exe
C:\Users\W\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Users\W\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\W\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\W\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\W\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\W\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\W\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\W\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\W\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\W\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\W\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\W\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\W\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\W\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\W\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\W\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\W\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\W\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\W\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Users\W\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Users\W\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\W\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\W\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\W\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\W\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Users\W\Desktop\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com.sg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [PMBVolumeWatcher] c:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\W\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Nexus] C:\Program Files\Winstep\Nexus.exe autostart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Digsby.lnk = C:\Program Files\Digsby\digsby.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: ADTULAIM - Sysinternals - http://www.sysinternals.com - C:\Users\W\AppData\Local\Temp\ADTULAIM.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: VAIO Care Performance Service (SampleCollector) - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCPerfService.exe
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe
O23 - Service: VAIO Media plus Database Manager (SOHDBSvr) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: VAIO Media plus Playlist Manager (SOHPlMgr) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VSNService - Sony Corporation - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\Program Files\Stardock\MyColors\VistaSrv.exe
O23 - Service: YLQRWXQ - Sysinternals - http://www.sysinternals.com - C:\Users\W\AppData\Local\Temp\YLQRWXQ.exe
O23 - Service: YVOPWSFIEF - Sysinternals - http://www.sysinternals.com - C:\Users\W\AppData\Local\Temp\YVOPWSFIEF.exe

--
End of file - 10995 bytes

would appreciate your reply. thanks for your time!
vlvlvl
Active Member
 
Posts: 4
Joined: February 25th, 2011, 9:44 pm
Advertisement
Register to Remove

Re: a case of hacked remote control access

Unread postby Carolyn » February 26th, 2011, 12:53 pm

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

Step 1

Image
Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.

-----------------------------------------------------

Step 2

GMER
The downloaded file will have a random name... this prevents malware from detecting and blocking it.
Please download GMER... random file name.exe by GMER. An alternate (zip file) download site.
Note: Do not run any programs while Gmer is running.
**Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
  1. Double click on the random named.exe to execute. If asked, allow the gmer.sys driver load.
    If using Vista, you must right click random named.exe and choose "Run As Administrator".
  2. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO <--- Important!
  3. On the right side panel, several boxes have been checked. Please UNCHECK the following: (see image below)
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All <-- don't miss this one

    Image
    Click on image to enlarge


  4. If you don't get a warning then... Click the Rootkit/Malware tab at the top of the GMER window.
  5. Click the Scan button.
  6. Once the scan has finished... click Save. The Save... window will open.
  7. Save the scan results as gmer.txt, save it to your Desktop.
  8. Double click on the desktop "gmer.txt" file, to open in Notepad.
  9. Copy and paste the contents of the file gmer.txt in your next reply.

-----------------------------------------------------

Please include the following logs in your next reply (post all logs as text, no attachments please):
  • DDS.txt
  • Attach.txt
  • gmer.txt
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: a case of hacked remote control access

Unread postby vlvlvl » February 27th, 2011, 1:04 am

DDS.txt ---

DDS (Ver_10-12-12.02) - NTFSx86
Run by W at 12:55:38.76 on Sun 02/27/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.150 [GMT 8:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Stardock\MyColors\VistaSrv.exe
C:\Program Files\Stardock\MyColors\WBVista.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Windows\System32\svchost.exe -k HPZ12
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Sony\VAIO Care\VCSpt.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Winstep\Nexus.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digsby\lib\digsby-app.exe
C:\Users\W\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\conhost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Users\W\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\W\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\W\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\W\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\W\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\W\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\W\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\W\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\W\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\W\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\W\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\W\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\W\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\W\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\W\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\W\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\W\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\W\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\W\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\W\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://google.com.sg/
uDefault_Page_URL = hxxp://sony.msn.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Google Update] "c:\users\w\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Nexus] c:\program files\winstep\Nexus.exe autostart
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
StartupFolder: c:\users\w\appdata\roaming\micros~1\windows\startm~1\programs\startup\digsby.lnk - c:\program files\digsby\digsby.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 SampleCollector;VAIO Care Performance Service;c:\program files\sony\vaio care\VCPerfService.exe [2010-10-31 187792]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2009-9-15 642416]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2010-2-20 529776]
R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\sony\vcm intelligent network service manager\VcmINSMgr.exe [2010-2-20 386416]
R2 VSNService;VSNService;c:\program files\sony\vaio smart network\VSNService.exe [2010-10-31 708608]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 21072]
R3 BTHprint;Microsoft Bluetooth Printer Class;c:\windows\system32\drivers\BTHPRINT.SYS [2009-7-14 50688]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-12-28 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-10-14 29472]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2010-3-29 130672]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver;c:\windows\system32\drivers\JME.sys [2009-12-17 92272]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-12-2 9344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Winstep Xtreme Service;Winstep Xtreme Service; [x]
S3 ADTULAIM;ADTULAIM;c:\users\w\appdata\local\temp\ADTULAIM.exe [2011-2-25 437120]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BRFD;BRFD;c:\users\w\appdata\local\temp\BRFD.exe [2011-2-26 506752]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\common files\sony shared\sohlib\SOHCImp.exe [2010-10-14 120104]
S3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files\common files\sony shared\sohlib\SOHDBSvr.exe [2010-10-14 70952]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\common files\sony shared\sohlib\SOHDms.exe [2010-10-14 427304]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\common files\sony shared\sohlib\SOHDs.exe [2010-10-14 75048]
S3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files\common files\sony shared\sohlib\SOHPlMgr.exe [2010-10-14 91432]
S3 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2010-10-14 513392]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2010-2-20 91504]
S3 VUAgent;VUAgent;c:\program files\sony\vaio update 5\VUAgent.exe [2010-10-14 746864]
S3 WUQ;WUQ;c:\users\w\appdata\local\temp\WUQ.exe [2011-2-26 592768]
S3 YLQRWXQ;YLQRWXQ;c:\users\w\appdata\local\temp\YLQRWXQ.exe [2011-2-26 543616]
S3 YVOPWSFIEF;YVOPWSFIEF;c:\users\w\appdata\local\temp\YVOPWSFIEF.exe [2011-2-25 490368]

=============== Created Last 30 ================

2011-02-26 16:40:13 -------- d-----w- c:\users\w\appdata\local\Diagnostics
2011-02-26 16:35:36 319488 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpfppw73.dll
2011-02-25 15:37:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-25 15:37:28 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-02-23 05:57:58 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-23 00:50:59 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 00:50:59 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-10 06:02:26 306688 ----a-w- c:\windows\IsUninst.exe
2011-02-09 13:20:33 2329088 ----a-w- c:\windows\system32\win32k.sys
2011-02-09 13:20:29 541184 ----a-w- c:\windows\system32\kerberos.dll
2011-02-09 13:20:23 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-02-09 13:18:54 1236992 ----a-w- c:\windows\system32\msxml3.dll
2011-02-09 13:18:51 80384 ----a-w- c:\windows\system32\davclnt.dll
2011-02-09 13:18:51 73728 ----a-w- c:\windows\system32\wscsvc.dll
2011-02-09 13:18:51 51200 ----a-w- c:\windows\system32\wscapi.dll
2011-02-09 13:18:51 350720 ----a-w- c:\windows\system32\winhttp.dll
2011-02-09 13:18:51 204800 ----a-w- c:\windows\system32\WebClnt.dll
2011-02-09 13:18:51 14336 ----a-w- c:\windows\system32\slwga.dll
2011-02-09 13:18:44 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-09 04:43:03 487424 ----a-w- c:\windows\system32\msvcp70.dll
2011-02-09 04:43:03 344064 ----a-w- c:\windows\system32\msvcr70.dll
2011-02-09 04:43:02 974848 ----a-w- c:\windows\system32\mfc70.dll
2011-02-09 04:43:01 -------- d-----w- c:\program files\AML Products
2011-02-09 02:44:40 -------- d-----w- c:\users\w\appdata\local\Programs
2011-02-09 01:10:50 -------- d-----w- c:\windows\system32\drivers\AVG
2011-02-09 01:10:50 -------- d-----w- c:\progra~2\AVG10
2011-02-09 01:08:56 -------- d-----w- c:\program files\AVG
2011-01-30 06:57:00 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

==================== Find3M ====================

2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-12-21 05:38:22 981504 ----a-w- c:\windows\system32\wininet.dll
2010-12-21 05:38:19 204288 ----a-w- c:\windows\system32\upnp.dll
2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll
2010-12-18 05:29:40 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 04:20:55 386048 ----a-w- c:\windows\system32\html.iec
2010-12-18 03:47:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-02 03:35:18 4280320 ----a-w- c:\windows\system32\GPhotos.scr

============= FINISH: 12:57:49.54 ===============


Attach.txt ---

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Starter
Boot Device: \Device\HarddiskVolume2
Install Date: 10/14/2010 4:40:19 AM
System Uptime: 2/27/2011 12:38:28 PM (0 hours ago)

Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Atom(TM) CPU N470 @ 1.83GHz | N/A | 1834/667mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 224 GiB total, 196.126 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP38: 2/7/2011 12:41:23 PM - Scheduled Checkpoint
RP39: 2/9/2011 9:07:33 AM - Installed AVG 2011
RP40: 2/9/2011 9:09:27 AM - Installed AVG 2011
RP42: 2/9/2011 10:46:10 AM - Installed Connect Service
RP43: 2/9/2011 9:27:46 PM - Removed Business Contact Manager for Outlook 2007 SP2
RP44: 2/9/2011 9:32:33 PM - Installed Skype Toolbars
RP45: 2/10/2011 3:01:08 AM - Windows Update
RP46: 2/17/2011 12:03:30 PM - Scheduled Checkpoint
RP47: 2/23/2011 1:57:28 PM - Windows Update

==== Installed Programs ======================


32 Bit HP CIO Components Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 9.4.2
AML Free Registry Cleaner 4.21
ArcSoft WebCam Companion 3
AVG 2011
Digsby
Google Chrome
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 22
JMicron Ethernet Adapter NDIS Driver
JMicron Flash Media Controller Driver
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.13)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nexus 10.9
OpenOffice.org 3.2
Picasa 3
PMB
Realtek High Definition Audio Driver
Setting Utility Series
Skype™ 5.0
Sony Home Network Library
Spybot - Search & Destroy
StarterBackgroundChanger
Synaptics Pointing Device Driver
VAIO Care
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata Intelligent Network Service Manager
VAIO Content Metadata Manager Settings
VAIO Content Metadata XML Interface Library
VAIO Content Monitoring Settings
VAIO Control Center
VAIO Data Restore Tool
VAIO Entertainment Platform
VAIO Event Service
VAIO Gate
VAIO Gate Default
VAIO Hardware Diagnostics
VAIO Manual
VAIO Media plus
VAIO Media plus Opening Movie
VAIO Original Function Settings
VAIO Power Management
VAIO Smart Network
VAIO Transfer Support
VAIO Update
VLC media player 1.1.5
WIDCOMM Bluetooth Software
Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool

==== Event Viewer Messages From Past Week ========

2/27/2011 12:39:19 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
2/27/2011 12:39:07 PM, Error: Service Control Manager [7000] - The Winstep Xtreme Service service failed to start due to the following error: The system cannot find the path specified.
2/26/2011 9:42:24 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the YLQRWXQ service to connect.
2/26/2011 9:42:24 AM, Error: Service Control Manager [7000] - The YLQRWXQ service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/26/2011 9:41:53 AM, Error: Service Control Manager [7030] - The YLQRWXQ service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
2/26/2011 10:08:47 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the WUQ service to connect.
2/26/2011 10:08:47 AM, Error: Service Control Manager [7000] - The WUQ service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/26/2011 10:08:16 AM, Error: Service Control Manager [7030] - The WUQ service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
2/26/2011 10:06:39 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the BRFD service to connect.
2/26/2011 10:06:39 AM, Error: Service Control Manager [7000] - The BRFD service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/26/2011 10:06:08 AM, Error: Service Control Manager [7030] - The BRFD service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
2/25/2011 11:35:12 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the ADTULAIM service to connect.
2/25/2011 11:35:12 PM, Error: Service Control Manager [7000] - The ADTULAIM service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/25/2011 11:34:42 PM, Error: Service Control Manager [7030] - The ADTULAIM service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
2/25/2011 11:34:32 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the YVOPWSFIEF service to connect.
2/25/2011 11:34:32 PM, Error: Service Control Manager [7000] - The YVOPWSFIEF service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/25/2011 11:34:02 PM, Error: Service Control Manager [7030] - The YVOPWSFIEF service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
2/23/2011 8:34:15 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
2/23/2011 1:54:36 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VzCdbSvc service.

==== End Of File ===========================


gmer.txt ---

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-27 13:02:52
Windows 6.1.7600
Running: efd60m55.exe; Driver: C:\Users\W\AppData\Local\Temp\kxliapob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA429F780]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA429F830]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA429F8D0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA429F970]

---- EOF - GMER 1.0.15 ----
vlvlvl
Active Member
 
Posts: 4
Joined: February 25th, 2011, 9:44 pm

Re: a case of hacked remote control access

Unread postby Carolyn » February 27th, 2011, 11:40 am

Hello again,

Uninstall Spybot Search & Destroy
  • Go to start > control panel > programs and features.

    Spybot Search & Destroy

  • Click Uninstall & then follow the prompts to remove it.

---------------------------------------


Please download Malwarebytes' Anti-Malware and save it to a convenient location.
  1. Double click on mbam-setup.exe to install it.
  2. Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
      Update Malwarebytes' Anti-Malware
      Launch Malwarebytes' Anti-Malware
  3. Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
  4. Select the Scanner tab. Click on Perform full scan, then click on Scan.
  5. Leave the default options as it is and click on Start Scan.
  6. When done, you will be prompted. Click OK, then click on Show Results.
  7. Check (tick) all items except items in the C:\System Volume Information folder and click on Remove Selected.
  8. After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.


Next,
Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please post the following:
  • The Malwarebytes' log
  • The OTL.txt logfile
  • The Extras.txt logfile
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: a case of hacked remote control access

Unread postby vlvlvl » February 27th, 2011, 11:23 pm

The Malwarebytes' log ---

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5898

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/28/2011 10:30:46 AM
mbam-log-2011-02-28 (10-30-46).txt

Scan type: Full scan (C:\|)
Objects scanned: 233695
Time elapsed: 55 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


The OTL.txt logfile ---
OTL logfile created on: 2/28/2011 10:46:33 AM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\W\Desktop\hijackthis
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 185.00 Mb Available Physical Memory | 18.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 36.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.27 Gb Total Space | 196.17 Gb Free Space | 87.47% Space Free | Partition Type: NTFS

Computer Name: USER-VAIO | User Name: W | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/28 10:42:52 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\W\Desktop\hijackthis\OTL.exe
PRC - [2011/01/07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/01/07 01:22:12 | 001,052,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/01/06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/12/05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/10/20 19:39:25 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Users\W\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/10/19 13:55:30 | 013,482,624 | ---- | M] (Winstep Software Technologies) -- C:\Program Files\Winstep\Nexus.exe
PRC - [2010/09/02 14:00:10 | 001,146,256 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCsystray.exe
PRC - [2010/08/12 15:15:34 | 000,187,792 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe
PRC - [2010/08/12 15:15:34 | 000,081,296 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCSpt.exe
PRC - [2010/08/12 10:30:56 | 001,463,664 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
PRC - [2010/08/11 08:46:06 | 001,901,968 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
PRC - [2010/08/11 08:46:06 | 000,708,608 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
PRC - [2010/05/28 11:14:24 | 000,205,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2010/05/18 13:38:46 | 000,075,776 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
PRC - [2010/02/20 10:19:26 | 000,386,416 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
PRC - [2010/02/20 10:19:24 | 000,529,776 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2010/01/21 20:31:32 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2009/12/01 10:19:58 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2009/10/31 13:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/24 18:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/09/15 10:24:08 | 000,206,336 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009/09/15 09:53:48 | 000,642,416 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2009/09/05 03:43:40 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/09/05 03:43:38 | 002,360,608 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/09/05 03:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/08/27 10:24:00 | 000,320,880 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2009/07/14 09:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 09:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/06/09 09:56:00 | 000,099,632 | ---- | M] () -- C:\Program Files\Stardock\MyColors\WBVista.exe
PRC - [2009/06/09 09:55:58 | 000,230,704 | ---- | M] (Stardock Corporation) -- C:\Program Files\Stardock\MyColors\VistaSrv.exe


========== Modules (SafeList) ==========

MOD - [2011/02/28 10:42:52 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\W\Desktop\hijackthis\OTL.exe
MOD - [2010/08/21 13:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Winstep Xtreme Service)
SRV - [2011/02/26 10:08:16 | 000,592,768 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- C:\Users\W\AppData\Local\Temp\WUQ.exe -- (WUQ)
SRV - [2011/02/26 10:06:04 | 000,506,752 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- C:\Users\W\AppData\Local\Temp\BRFD.exe -- (BRFD)
SRV - [2011/02/26 09:41:52 | 000,543,616 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- C:\Users\W\AppData\Local\Temp\YLQRWXQ.exe -- (YLQRWXQ)
SRV - [2011/02/25 23:34:41 | 000,437,120 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- C:\Users\W\AppData\Local\Temp\ADTULAIM.exe -- (ADTULAIM)
SRV - [2011/02/25 23:34:01 | 000,490,368 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- C:\Users\W\AppData\Local\Temp\YVOPWSFIEF.exe -- (YVOPWSFIEF)
SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/12 15:15:34 | 000,187,792 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV - [2010/08/12 10:30:56 | 000,746,864 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
SRV - [2010/08/11 08:46:06 | 000,708,608 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV - [2010/05/28 11:14:24 | 000,205,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/20 10:19:30 | 000,091,504 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2010/02/20 10:19:26 | 000,386,416 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV - [2010/02/20 10:19:24 | 000,529,776 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2009/12/17 23:51:10 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009/12/17 23:51:08 | 000,427,304 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009/12/17 23:51:08 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009/12/17 23:51:08 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009/12/17 23:51:08 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009/12/17 10:11:44 | 000,513,392 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2009/10/24 18:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/09/15 10:24:08 | 000,206,336 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/09/15 10:24:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/09/15 09:53:48 | 000,642,416 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009/09/05 03:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/09 09:55:58 | 000,230,704 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Stardock\MyColors\VistaSrv.exe -- (WindowBlinds)


========== Driver Services (SafeList) ==========

DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 15:27:54 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/03 15:24:18 | 000,021,072 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/03 15:24:16 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/03 15:24:12 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/02/20 04:28:10 | 000,130,672 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2009/12/28 13:55:35 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009/12/17 11:13:01 | 000,092,272 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\JME.sys -- (JME)
DRV - [2009/12/02 04:16:52 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2009/11/30 17:18:42 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/14 07:51:29 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BTHPRINT.SYS -- (BTHprint)
DRV - [2009/07/14 07:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1119705537-2747617819-3394321488-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony.msn.com
IE - HKU\S-1-5-21-1119705537-2747617819-3394321488-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1119705537-2747617819-3394321488-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://vaio-online.sony.com/ [binary data]
IE - HKU\S-1-5-21-1119705537-2747617819-3394321488-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1119705537-2747617819-3394321488-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1119705537-2747617819-3394321488-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com.sg/
IE - HKU\S-1-5-21-1119705537-2747617819-3394321488-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1119705537-2747617819-3394321488-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1119705537-2747617819-3394321488-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/02/09 09:11:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/07 07:36:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/12 14:34:25 | 000,000,000 | ---D | M]

[2011/02/09 21:32:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/27 13:24:34 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/10/27 13:24:34 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/10/27 13:24:34 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/10/27 13:24:34 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/11 05:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKU\S-1-5-21-1119705537-2747617819-3394321488-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] c:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKU\S-1-5-21-1119705537-2747617819-3394321488-1004..\Run: [Nexus] C:\Program Files\Winstep\Nexus.exe (Winstep Software Technologies)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\W\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Digsby.lnk = C:\Program Files\Digsby\digsby.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5ceda8ce-399b-11e0-ae46-544249124394}\Shell - "" = AutoRun
O33 - MountPoints2\{5ceda8ce-399b-11e0-ae46-544249124394}\Shell\AutoRun\command - "" = D:\setup.exe -a
O33 - MountPoints2\{d6e7e183-2c19-11e0-85d1-544249124394}\Shell - "" = AutoRun
O33 - MountPoints2\{d6e7e18e-2c19-11e0-85d1-544249124394}\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/28 09:33:03 | 000,000,000 | ---D | C] -- C:\Users\W\AppData\Roaming\Malwarebytes
[2011/02/28 09:32:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/02/28 09:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/28 09:32:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/02/28 09:32:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/02/28 09:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/27 00:40:13 | 000,000,000 | ---D | C] -- C:\Users\W\AppData\Local\Diagnostics
[2011/02/26 10:10:47 | 000,000,000 | ---D | C] -- C:\Users\W\Desktop\hijackthis
[2011/02/25 23:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/02/25 23:37:28 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/02/23 08:50:59 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/02/23 08:50:59 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/02/15 09:38:51 | 000,000,000 | ---D | C] -- C:\Users\W\Desktop\Music
[2011/02/10 14:02:26 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2011/02/09 21:20:33 | 002,329,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/02/09 21:20:23 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/02/09 21:20:23 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/02/09 21:19:58 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/02/09 21:19:56 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/02/09 21:19:55 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/02/09 21:19:53 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/02/09 21:19:51 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/02/09 21:19:50 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/02/09 21:19:47 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/02/09 21:19:47 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/02/09 21:19:46 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/02/09 21:19:37 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/02/09 21:19:36 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/02/09 21:19:28 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/02/09 21:19:27 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/02/09 21:19:04 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll
[2011/02/09 21:18:51 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2011/02/09 21:18:51 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011/02/09 21:18:51 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011/02/09 21:18:44 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/02/09 21:01:46 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Stardock
[2011/02/09 12:43:03 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp70.dll
[2011/02/09 12:43:03 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr70.dll
[2011/02/09 12:43:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AML Free Registry Cleaner
[2011/02/09 12:43:02 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc70.dll
[2011/02/09 12:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\AML Products
[2011/02/09 10:44:40 | 000,000,000 | ---D | C] -- C:\Users\W\AppData\Local\Programs
[2011/02/09 09:14:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/02/09 09:10:50 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/02/09 09:10:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/02/09 09:08:56 | 000,000,000 | ---D | C] -- C:\Program Files\AVG

========== Files - Modified Within 30 Days ==========

[2011/02/28 10:44:02 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1119705537-2747617819-3394321488-1004UA.job
[2011/02/28 09:38:45 | 000,009,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/28 09:38:45 | 000,009,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/28 09:35:45 | 000,670,886 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/28 09:35:45 | 000,124,044 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/28 09:31:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/28 09:30:52 | 796,655,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/28 09:21:54 | 107,372,918 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/02/23 18:03:49 | 000,173,793 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/02/19 19:44:08 | 000,000,840 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1119705537-2747617819-3394321488-1004Core.job
[2011/02/10 14:05:04 | 000,001,323 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2011/02/10 03:25:32 | 000,505,312 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/09 21:31:26 | 000,000,535 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2011/02/06 10:33:34 | 000,361,874 | ---- | M] () -- C:\test.xml
[2011/02/03 13:45:07 | 000,219,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys

========== Files Created - No Company Name ==========

[2011/02/28 09:21:54 | 107,372,918 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/02/23 18:03:49 | 000,173,793 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/02/10 14:05:04 | 000,001,323 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2011/02/10 14:05:03 | 000,001,134 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady 7.0.lnk
[2011/02/10 14:05:03 | 000,001,129 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 7.0.lnk
[2011/01/30 18:21:31 | 000,399,658 | ---- | C] () -- C:\Users\W\Documents\coolguide.pdf
[2011/01/13 21:15:36 | 000,004,608 | ---- | C] () -- C:\Users\W\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/28 19:21:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/21 21:16:37 | 000,501,054 | ---- | C] () -- C:\Users\W\AppData\Local\wps.bmp
[2010/10/20 20:13:16 | 000,185,476 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/07/14 12:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 12:33:53 | 000,505,312 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 10:05:48 | 000,670,886 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 10:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 10:05:48 | 000,124,044 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 10:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 10:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 10:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 07:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 07:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/11 05:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/06/09 09:55:58 | 000,057,904 | ---- | C] () -- C:\Windows\System32\wbload.dll

========== Files - Unicode (All) ==========
[2011/02/07 13:34:57 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\欐Ͱ
[2011/02/07 13:34:57 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\欐Ͱ

< End of report >


The Extras.txt logfile ---

OTL Extras logfile created on: 2/28/2011 10:46:33 AM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\W\Desktop\hijackthis
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 185.00 Mb Available Physical Memory | 18.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 36.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.27 Gb Total Space | 196.17 Gb Free Space | 87.47% Space Free | Partition Type: NTFS

Computer Name: USER-VAIO | User Name: W | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00721C5E-5B17-494C-95E5-208415864F62}" =
"{010237D8-8494-4E56-90CE-3194D3F521E6}" = VAIO Content Metadata Intelligent Network Service Manager
"{02CA6DE4-AA3F-4EA0-AF87-792C9BD50560}" = VAIO Content Metadata Intelligent Analyzing Manager
"{046885A1-B4AE-4459-A0D1-8C93706698D6}" =
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{0DAFB7D1-4E4D-4B28-A546-F2D44A6C1A37}" = Sony Home Network Library
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21E548DE-0C2B-4843-8A7B-E69B4CF8BA33}" = VAIO Content Metadata Manager Settings
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Monitoring Settings
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{27F9068F-27D3-42FF-BE10-94CC94F46F33}" = VAIO Content Metadata Manager Settings
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2D4753D1-8A4F-4F67-B5CD-0F6025ACD635}" = VAIO Content Metadata Intelligent Analyzing Manager
"{315F5FFC-1A5C-4A2A-B8E7-1C5B1174C198}_is1" = AML Free Registry Cleaner 4.21
"{34DC654E-6E43-4BFA-9E00-6C16CFA7B9F0}" = VAIO Data Restore Tool
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{554E34DB-1EDD-4CE4-B63D-9E9973C6FFA5}" = VAIO Care
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO Transfer Support
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6BF03C88-C06A-48DC-B9A1-FE72B24E5FA9}" = VAIO Media plus Opening Movie
"{6D8ED20E-E792-4DAC-BB66-009836CBD80B}" = VAIO Content Monitoring Settings
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{757AAD0E-5268-4D1C-8B4C-F2E09AEB008B}" = VAIO Content Metadata Manager Settings
"{79C3D1B6-32CB-43DF-BA80-CE48E7A2D6C7}" = VAIO Content Metadata Intelligent Network Service Manager
"{7D1DDBF1-2948-4603-B06A-0E36487CC857}" = VAIO Content Metadata XML Interface Library
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = VAIO Power Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83E57634-2041-4820-BB86-157C670EB18C}" = VAIO Content Metadata Intelligent Analyzing Manager
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8D95E97C-7D03-45BD-8CA3-95ECDA205650}" = VAIO Content Metadata Intelligent Network Service Manager
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91A6D749-5D55-4FB4-B65A-4B3B69F34725}" = VAIO Content Metadata XML Interface Library
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D8E26D-70CB-44DE-AE50-43095A39E5B2}" = VAIO Entertainment Platform
"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver
"{9DA53D22-D922-494C-B1D7-51CD9BCB9E4A}" = VAIO Hardware Diagnostics
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Settings
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA171A69-F942-40DA-AE3A-EA91026A1CAE}" = VAIO Manual
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C0BA3193-0D09-44F0-93AE-99B54956B85D}" = VAIO Content Metadata Intelligent Analyzing Manager
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1432614-6183-49E6-98E8-674485463CFE}" = VAIO Original Function Settings
"{F400E7EB-BF07-4D9C-8AAE-81DF98CAF3F2}" = VAIO Content Metadata XML Interface Library
"{F4C68898-EBA5-46A9-82B3-2D30426086BF}" = AVG 2011
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"AVG" = AVG 2011
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"BFEE6FC237B51D7CD2E0A40D81E188A6ED95001F" = Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405)
"Digsby" = Digsby
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Picasa 3" = Picasa 3
"StarterBackgroundChanger" = StarterBackgroundChanger
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winstep Xtreme_is1" = Nexus 10.9

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1119705537-2747617819-3394321488-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
vlvlvl
Active Member
 
Posts: 4
Joined: February 25th, 2011, 9:44 pm

Re: a case of hacked remote control access

Unread postby Carolyn » March 1st, 2011, 9:27 am

Registry Cleaners

I notice the presence of AML Free Registry Cleaner Registry Cleaner on your pc.

I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners
Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
The point we are trying to make is that the risk of using one far outweighs any benefit.
If it does work perfectly you will not see any difference
If it doesn't work properly you may end up with an expensive doorstop.


http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html
http://forums.whatthetech.com/Regcleaner_t42862.html

----------------------

Remove Programs
  • Go to start > control panel > programs and features.

    Adobe Reader 9.4.2
    AML Free Registry Cleaner
    Java(TM) 6 Update 22


  • Click Uninstall & then follow the prompts to remove them.

----------------------

Java SE Runtime Environment (JRE).

Please download from HERE
  • Find Java SE Runtime Environment (JRE) 6 Update 24.
  • Click the Download JRE button to the right.
  • Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click the Continue button.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Close all active windows.
  • Install the program.

----------------------

Update Adobe Reader

  • You should Download and Install the newest version of Adobe Reader for reading pdf files.
  • Older versions may have vulnerabilities that malware can use to infect your system.
  • Go Here to download and install Adobe Reader X (10.0.1).
    Note: Uncheck Free McAfee® Security Scan Plus (optional)

----------------------

Create a System Restore Point
  1. Right-click on Computer ... select Properties.
  2. In the left pane under Tasks ... click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection ...then choose Create.
  4. In the System Restore dialog box, type a description for the restore point ... click Create, again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK ...then close the System Restore dialog.
    Now you have a clean restore point to use if you need to restore your system.

----------------------

Disable AVG
Security programs can interfere with our tools and should be disabled before proceeding
  • Open AVG User Interface.
  • Double-click on the Resident Shield.
  • Un-tick the option Resident Shield active.
  • Save the changes.
  • Note: Don't forget to re-enable it after the fix.

----------------------

Run OTL Script
  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :OTL
    SRV - File not found [Auto | Stopped] -- -- (Winstep Xtreme Service)
    SRV - [2011/02/26 10:08:16 | 000,592,768 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- C:\Users\W\AppData\Local\Temp\WUQ.exe -- (WUQ)
    SRV - [2011/02/26 10:06:04 | 000,506,752 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- C:\Users\W\AppData\Local\Temp\BRFD.exe -- (BRFD)
    SRV - [2011/02/26 09:41:52 | 000,543,616 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- C:\Users\W\AppData\Local\Temp\YLQRWXQ.exe -- (YLQRWXQ)
    SRV - [2011/02/25 23:34:41 | 000,437,120 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- C:\Users\W\AppData\Local\Temp\ADTULAIM.exe -- (ADTULAIM)
    SRV - [2011/02/25 23:34:01 | 000,490,368 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- C:\Users\W\AppData\Local\Temp\YVOPWSFIEF.exe -- (YVOPWSFIEF)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
    [2011/02/25 23:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2011/02/25 23:37:28 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2011/02/07 13:34:57 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\??
    [2011/02/07 13:34:57 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\??
    
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall"=dword:00000001
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=dword:00000001
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall"=dword:00000001
    
    :Commands
    [emptytemp]
    [CREATERESTOREPOINT]
    

  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

----------------------

Please post the OTL report in your next reply along with a fresh OTL scan log and a description of how your computer is now behaving.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: a case of hacked remote control access

Unread postby vlvlvl » March 1st, 2011, 10:41 am

OTL --

All processes killed
========== OTL ==========
Service Winstep Xtreme Service stopped successfully!
Service Winstep Xtreme Service deleted successfully!
Service WUQ stopped successfully!
Service WUQ deleted successfully!
C:\Users\W\AppData\Local\Temp\WUQ.exe moved successfully.
Service BRFD stopped successfully!
Service BRFD deleted successfully!
C:\Users\W\AppData\Local\Temp\BRFD.exe moved successfully.
Service YLQRWXQ stopped successfully!
Service YLQRWXQ deleted successfully!
C:\Users\W\AppData\Local\Temp\YLQRWXQ.exe moved successfully.
Service ADTULAIM stopped successfully!
Service ADTULAIM deleted successfully!
C:\Users\W\AppData\Local\Temp\ADTULAIM.exe moved successfully.
Service YVOPWSFIEF stopped successfully!
Service YVOPWSFIEF deleted successfully!
C:\Users\W\AppData\Local\Temp\YVOPWSFIEF.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Malwarebytes' Anti-Malware not found.
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe moved successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\ProgramData\Spybot - Search & Destroy\Recovery folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Logs folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy folder moved successfully.
C:\Program Files\Spybot - Search & Destroy folder moved successfully.
File C:\Windows\System32\?? not found.
File C:\Windows\System32\?? not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\"EnableFirewall"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\"EnableFirewall"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\\"EnableFirewall"|dword:00000001 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: user
->Temp folder emptied: 374271724 bytes
->Temporary Internet Files folder emptied: 71850622 bytes
->Java cache emptied: 1130380 bytes
->FireFox cache emptied: 103204357 bytes
->Flash cache emptied: 2868 bytes

User: W
->Temp folder emptied: 22301321 bytes
->Temporary Internet Files folder emptied: 106159398 bytes
->Java cache emptied: 127639 bytes
->Google Chrome cache emptied: 377918165 bytes
->Flash cache emptied: 48620 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5626863 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1265810789 bytes

Total Files Cleaned = 2,221.00 mb



OTL by OldTimer - Version 3.2.22.2 log created on 03012011_223009

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


description ---
as i've mentioned in the initial description of the problem, that this problem happens sporadicly so. but so far, there hasn't been any attacks

question --
since i've removed AML registry entries and when i wish to clear any dead entries or clear cookies or clear recycle bin etc, what software would you advise me to use?
vlvlvl
Active Member
 
Posts: 4
Joined: February 25th, 2011, 9:44 pm

Re: a case of hacked remote control access

Unread postby Carolyn » March 2nd, 2011, 8:28 am

Hello,

I see in the OTL log that a file belonging to Malwarebytes' Anti-Malware was moved by mistake. Please reinstall Malwarebytes' Anti-Malware by double-clicking the file mbam-setup.exe that you downloaded earlier.

------------------------------------

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Hold down Control then click on the following link to open a new window to ESET online scannner
  • Then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic along with a fresh OTL log.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: a case of hacked remote control access

Unread postby Carolyn » March 5th, 2011, 12:56 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware