APPLICATION IS EXECUTED. THE FILE XXXXXX MAY BE INFECTED!

[johnkevinbebo]

Ive done a lot of researching on this virus but nothing seems to COMPLETELY get rid of it, it keeps coming back! First, Adobe stops working, then it comes up and says my computer is infected and Anti-Virus Pro comes up, which Ive read is an anti-virus rogue. When it does this, I cannot run ANY .exe programs except internet explorer and google chrome. When I try to open something it says, "The Application cannot be executed. ____.exe is infected." . What can I do?

[kpac]

http://www.computerhope.com/forum/index.php/topic,46313.0.html

[johnkevinbebo]

the link you gave me is saying that i should download antivirus programs and more. should i use another computer to download the file and transfer the file to my infected computer?

[kpac]

If you have to, yes. Then post the logs the programs create.

[johnkevinbebo]

OK .running the programs that I just downloaded is as hard as *censored* because the virus is blocking me. should i put my computer to a safe mode?

[kpac]

They should run in safe mode, so yeah, try that.

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If those rogue programs get in the way while you're trying to start the below programs do a CRTL,ALT, Delete all at the same time to bring up the Task Manager. Go to applications, select each program running and "end now". Those will be the rogue programs. They will stop until you reboot again. By that time, we should be rid of them.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
Save Rkill to your desktop.

There are 4 different versions. If one of them won't run then download and try to run the other one.
 
Vista and Win7 users need to right click Rkill and choose Run as Administrator
 

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.exe
Rkill.com
Rkill.scr
Rkill.pif

Once you've gotten one of them to run then try to immediately run the following.
 
Now download and Run exeHelper.

Please download exeHelper from Raktor to your desktop.

• Double-click on exeHelper.com to run the fix. A black window should pop up, press any key to close once the fix is completed. A log file named log.txt will be created in the directory where you ran exeHelper.com Attach the log.txt file to your next message.
  
  Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
  
  ===================================
  
  SUPERAntiSpyware
  
  If you already have SUPERAntiSpyware be sure to check for updates before scanning!
  
  Download SuperAntispyware Free Edition (SAS)
  * Double-click the icon on your desktop to run the installer.
  * When asked to Update the program definitions, click Yes
  * If you encounter any problems while downloading the updates, manually download and unzip them from here
  * Next click the Preferences button.
  
  •Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
  * Click the Scanning Control tab.
  * Under Scanner Options make sure only the following are checked:
  
  •Close browsers before scanning
  •Scan for tracking cookies
  •Terminate memory threats before quarantining
  •Please leave the others unchecked
  
  •Click the Close button to leave the control center screen.
  
  * On the main screen click Scan your computer
  * On the left check the box for the drive you are scanning.
  * On the right choose Perform Complete Scan
  * Click Next to start the scan. Please be patient while it scans your computer.
  * After the scan is complete a summary box will appear. Click OK
  * Make sure everything in the white box has a check next to it, then click Next
  * It will quarantine what it found and if it asks if you want to reboot, click Yes
  
  •To retrieve the removal information please do the following:
  •After reboot, double-click the SUPERAntiSpyware icon on your desktop.
  •Click Preferences. Click the Statistics/Logs tab.
  
  •Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  
  •It will open in your default text editor (preferably Notepad).
  •Save the notepad file to your desktop by clicking (in notepad) File > Save As...
  
  * Save the log somewhere you can easily find it. (normally the desktop)
  * Click close and close again to exit the program.
  *Copy and Paste the log in your post.
  
  ================================
  
  Please download Malwarebytes Anti-Malware from here.
  
  Double Click mbam-setup.exe to install the application.
  
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
    
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
    
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.
  Extra Note:
  
  If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  
  ===================================
  
  Please download: HiJackThis to your Desktop.
  
  • Double Click the HijackThis icon, located on your Desktop.
    
  • By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
  • Accept the license agreement.
  • Click Do a System Scan and Save a Logfile. Or, if you see a white screen, click Scan.
    
  • Please post the log in your next reply.
    

[johnkevinbebo]

OK ILL DO IT AS SOON AS I FINISH IT! 

[johnkevinbebo]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/01/2010 at 09:14 PM

Application Version : 4.38.1004

Core Rules Database Version : 4951
Trace Rules Database Version: 2763

Scan type       : Complete Scan
Total Scan Time : 00:58:53

Memory items scanned      : 330
Memory threats detected   : 0
Registry items scanned    : 11962
Registry threats detected : 5
File items scanned        : 126918
File threats detected     : 121

Trojan.Agent/Gen-Backdoor[FakeAlert]
   (x86) [hsfg9w8gujsokgahi8gysgnsdgefshyjy] C:\USERS\BERNABE'S\APPDATA\LOCAL\TEMP\SMSS.EXE
   C:\USERS\BERNABE'S\APPDATA\LOCAL\TEMP\SMSS.EXE
   C:\USERS\BERNABE'S\APPDATA\LOCAL\TEMP\DEBUG.EXE
   C:\USERS\BERNABE'S\APPDATA\LOCAL\TEMP\LOGIN.EXE
   C:\USERS\BERNABE'S\APPDATA\LOCAL\TEMP\LSASS.EXE
   C:\USERS\BERNABE'S\APPDATA\LOCAL\TEMP\SYSTEM.EXE

Trojan.Dropper/ADR-WV
   (x86) [userinit] C:\USERS\BERNABE'S\APPDATA\ROAMING\SDRA64.EXE
   C:\USERS\BERNABE'S\APPDATA\ROAMING\SDRA64.EXE

Trojan.Agent/Gen-Faldesc
   (x86) [asam] C:\USERS\BERNABE'S\APPDATA\LOCAL\ASAM.EXE
   C:\USERS\BERNABE'S\APPDATA\LOCAL\ASAM.EXE
   C:\USERS\BERNABE'S\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\VYLS5UVV\FJNVPK[1].HTM
   C:\USERS\BERNABE'S\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\Y6QI5Q05\HYPWHC[1].HTM
   C:\USERS\BERNABE'S\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\Y6QI5Q05\RVQXFN[1].HTM
   C:\USERS\BERNABE'S\APPDATA\LOCAL\SYSSVC.EXE
   C:\USERS\BERNABE'S\APPDATA\LOCAL\TEMP\DNKJWQLU.EXE

Adware.Tracking Cookie
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@apmebf[1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe'[email protected][6].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@eyewonder[2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe'[email protected][2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@adinterax[2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@2o7[1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@doubleclick[1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe'[email protected][3].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@pointroll[2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe'[email protected][1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@yieldmanager[1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe'[email protected][1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe'[email protected][3].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe'[email protected][1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@atdmt[1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@invitemedia[2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@adbrite[2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe'[email protected][1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@zedo[1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@247realmedia[1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe'[email protected][2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@insightexpressai[1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@mediaplex[2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@questionmarket[3].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@advertising[2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@adecn[1].txt
   C:\Users\Bernabe's\AppData\Local\Temp\Low\Cookies\bernabe's@doubleclick[1].txt
   C:\Users\Bernabe's\AppData\Local\Temp\Low\Cookies\bernabe's@lfstmedia[1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe'[email protected][1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe'[email protected][2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe'[email protected][1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe'[email protected][2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe'[email protected][4].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe'[email protected][5].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@questionmarket[2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe's@247realmedia[1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe'[email protected][2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe'[email protected][2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe'[email protected][2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe'[email protected][1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe's@adbrite[1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe'[email protected][1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe'[email protected][2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe'[email protected][1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe'[email protected][2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe'[email protected][2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe'[email protected][2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe'[email protected][2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe'[email protected][1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe's@advertising[1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe's@apmebf[1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe's@asianmedia[1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe's@atdmt[1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe's@casalemedia[1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe'[email protected][1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe's@chitika[2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe'[email protected][2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe's@collective-media[1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe'[email protected][2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe'[email protected][3].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe's@doubleclick[1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe'[email protected][2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe's@exitexchange[1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe's@eyewonder[1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe's@hitbox[1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe's@interclick[2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe's@invitemedia[2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe's@lfstmedia[2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe's@lucidmedia[2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe'[email protected][1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe'[email protected][1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe's@media6degrees[2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe'[email protected][1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe's@naiadsystems[1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe'[email protected][1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe's@penisbot[1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe's@pointroll[1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe's@realmedia[2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe'[email protected][2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe's@socialmedia[2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe's@specificclick[1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe's@specificmedia[2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe'[email protected][1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe's@tommydxxx[2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe'[email protected][1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe'[email protected][1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe'[email protected][2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe'[email protected][3].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe'[email protected][2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe'[email protected][2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe's@youporn[1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\Low\bernabe's@zedo[1].txt

Unclassified.Unknown Origin
   (x86) HKU\S-1-5-21-686985990-1959598884-796010101-1000\Software\Microsoft\Windows\CurrentVersion\Run#userinit [ C:\Users\Bernabe's\AppData\Roaming\sdra64.exe ]

Rogue.AntivirusSoft
   (x86) HKU\S-1-5-21-686985990-1959598884-796010101-1000\Software\avsoft

Adware.Vundo/Variant-X32[Header]
   C:\PROGRAMDATA\CMPBK3232.DLL
   C:\PROGRAMDATA\CRYPT3232.DLL
   C:\PROGRAMDATA\CSCAPI32.DLL
   C:\PROGRAMDATA\D3DIM70032.DLL
   C:\PROGRAMDATA\DFSCLI32.DLL
   C:\PROGRAMDATA\DISPLAY32.DLL
   C:\PROGRAMDATA\DMDSKRES232.DLL
   C:\PROGRAMDATA\DMDSKRES232.DLL39TUNXO36W1RC732.DLL
   C:\PROGRAMDATA\DMDSKRES232.DLL39TUNXO36W1RC732.DLLPCQ92BYHKG32.DLL
   C:\PROGRAMDATA\DMDSKRES232.DLL39TUNXO36W1RC732.DLLPCQ92BYHKG32.DLLXI4VUPUYGN0G32.DLL
   C:\PROGRAMDATA\DMDSKRES232.DLL39TUNXO36W1RC732.DLLPCQ92BYHKG32.DLLXI4VUPUYGN0G32.DLLA9Y8U32.DLL

Trojan.Agent/Gen-Small[Parvat]
   C:\USERS\BERNABE'S\APPDATA\LOCAL\TEMP\AMXOCRNSWE.EXE

Trojan.Dropper/Gen-NV
   C:\USERS\BERNABE'S\APPDATA\LOCAL\TEMP\AVP32.EXE

Trojan.Smitfraud Variant-Gen/Bensorty
   C:\USERS\BERNABE'S\APPDATA\LOCAL\TEMP\BICNW.DLL

Trojan.Downloader-Winlogon/FAS
   C:\USERS\BERNABE'S\APPDATA\LOCAL\TEMP\WINLOGON.EXE

Trojan.Agent/Gen-Falofn
   C:\USERS\BERNABE'S\APPDATA\LOCAL\TEMP\WRCAXONSME.EXE

Trojan.Agent/Gen-NET
   C:\USERS\BERNABE'S\APPDATA\LOCAL\VIRTUALSTORE\WINDOWS\SYSWOW64\NET.NET

[johnkevinbebo]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

6/1/2010 10:00:53 PM
mbam-log-2010-06-01 (22-00-53).txt

Scan type: Full scan (C:\|)
Objects scanned: 237632
Time elapsed: 25 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mcexecwin (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dxopoxry (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Bernabe's\AppData\Local\Temp\smxcwenaro.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Bernabe's\AppData\Local\nltnjatoq\abuxtbetssd.exe (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Bernabe's\AppData\Local\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

[johnkevinbebo]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:25 PM, on 6/1/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Safe mode

Running processes:
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTog1.dll
O2 - BHO: GameBox Toolbar - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - C:\Program Files (x86)\GameBox\gamebox_toolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PlaySushi - {21608B66-026F-4DCB-9244-0DACA328DCED} - C:\Program Files (x86)\PlaySushi\PSText.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTog1.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O3 - Toolbar: GameBox Toolbar - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - C:\Program Files (x86)\GameBox\gamebox_toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MyTOSHIBA] "C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe" /AUTO
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Camtasia Recorder] "C:\Program Files (x86)\TechSmith\Camtasia Studio 6\CamRecorder.exe" /m
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [M5T8QL3YW3] C:\Users\Bernabe's\AppData\Local\Temp\Xcl.exe
O4 - HKCU\..\Run: [hsfe8owijfisjhgs7ye39gjsoighsd7y3eu] C:\Users\Bernabe's\AppData\Local\Temp\cem6l.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: GameRanger.lnk = C:\Users\Bernabe's\AppData\Roaming\GameRanger\GameRanger\Data\GameRanger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: Go PlaySushi! - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files (x86)\PlaySushi\PSText.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O18 - Protocol: gameboxchrome - {494D4E3B-FA53-4487-8AF6-3F50FE1167A9} - C:\Program Files (x86)\GameBox\gamebox_toolbar.dll
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Gadget Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: TOSHIBA Modem region select service (RSELSVC) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: SAS Core Service (SASCORE) - SUPERAntiSpyware.com - C:\Users\Bernabe's\Desktop\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - Unknown owner - C:\windows\system32\ThpSrv.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 13549 bytes

[johnkevinbebo]

IS THAT ALL THE THINGS YOU NEED DAVE OR YOU NEED MORE THINGS THAT I DIDN'T TO PUT?

[johnkevinbebo]

SRY I FORGOT THIS...

exeHelper by Raktor
Build 20100414
Run at 20:02:24 on 06/01/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

[johnkevinbebo]

I just wanna ask what do i do to all the file that Malwarebytes, SUPERAntispyware etc. had cause i think they made plenty of files on my desktop now (like: PROCESSLIST, PROCESSLISTRELATED and more) should I delete them or keep them? 

And the computer cant connect to the internet, i mean i can connect to my router but when i open internet explorer it says "INTERNET EXPLORER CANNOT DISPLAY THE WEBPAGE" did i do something wrong during the process? or I can fix it?

[SuperDave]

I just wanna ask what do i do to all the file that Malwarebytes, SUPERAntispyware etc. had cause i think they made plenty of files on my desktop now (like: PROCESSLIST, PROCESSLISTRELATED and more) should I delete them or keep them? 

Just leave them there for now. We'll deal with them later.

And the computer cant connect to the internet, i mean i can connect to my router but when i open internet explorer it says "INTERNET EXPLORER CANNOT DISPLAY THE WEBPAGE" did i do something wrong during the process? or I can fix it?

I'll try to get that sorted out after I run some more scans.

GameBox Toobar is a program that comes bundled with spyware.

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.
GameBox
GameBox Toolbar and anything else related to GameBox.
Also, please uninstall PlaySushi or GameVance. it is also a program launched by GameVance. See here for more information.

=====================================

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: GameBox Toolbar - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - C:\Program Files (x86)\GameBox\gamebox_toolbar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O3 - Toolbar: GameBox Toolbar - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - C:\Program Files (x86)\GameBox\gamebox_toolbar.dll
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O9 - Extra button: Go PlaySushi! - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files (x86)\PlaySushi\PSText.dll
O18 - Protocol: gameboxchrome - {494D4E3B-FA53-4487-8AF6-3F50FE1167A9} - C:\Program Files (x86)\GameBox\gamebox_toolbar.dll

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

======================================

Download OTL to your desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* When the window appears, underneath Output at the top change it to Minimal Output.
* Check the boxes beside LOP Check and Purity Check.
* Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy and pate the contents of these files, one at a time, into your next reply.

Note: You may need two or more posts to fit them all in.