Jump to content

multiple virus


Recommended Posts

Hi, my sisters netbook was running really slow so I figured it was from viruses. I was unable to run mbam in normal mode because it was so slow so I ran it in safe mode(attached files). I was able to run Dr. Web cure-it in safe mode and in its initial scan it removed alot more stuff. I then was able to boot into normal mode and ran a full scan with Dr Web and it picked even more, I have the log but it is 23mb. All of my latest mbam scans are showing that its clean.

Gmer freezes when I go to save the file and says its not responding.

Everything seems to be running alot better then it was when I first looked at it but with all the viruses that were on it there gotta be something that these scans did not find.

Mbam log

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4204

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/16/2010 10:56:26 AM

mbam-log-2010-06-16 (10-56-26).txt

Scan type: Quick scan

Objects scanned: 160583

Time elapsed: 7 minute(s), 52 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS log

DDS (Ver_10-03-17.01) - NTFSx86

Run by Jasmine Butler at 10:57:04.81 on Wed 06/16/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.592 [GMT -4:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\Acer\Acer VCM\RS_Service.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\PROGRA~1\LAUNCH~1\LManager.exe

C:\WINDOWS\WebCam\M3000\M3000Mnt.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\ooVoo\oovoo.exe

C:\Program Files\Acer\Acer VCM\AcerVCM.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\WINDOWS\system32\igfxext.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Carbonite\CarbonitePreinstaller.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!

\search protection\ysp.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program

files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No File

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program

files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [ooVoo.exe] c:\program files\oovoo\oovoo.exe /minimized

uRun: [startServiceMBCRKAS] "c:\documents and settings\jasmine butler.acer-330bb84976\local

settings\application data\mbcrkas\StartService.exe"

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [LManager] c:\progra~1\launch~1\LManager.exe

mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt

mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [WSG32] c:\windows\sagkl\WSG32.exe

mRun: [startServiceMBCRKAS] "c:\documents and settings\jasmine butler.acer-330bb84976\local

settings\application data\mbcrkas\StartService.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\docume~1\jasmin~1.ace\startm~1\programs\startup\onenot~1.lnk - c:\program

files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acervc~1.lnk - c:\program

files\acer\acer vcm\AcerVCM.exe

mPolicies-system: EnableLUA = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google

toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program

files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} -

c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} -

hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20

-windows-i586.cab

DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20

-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20

-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer

vcm\Skype4COM.dll

Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-3-12 237568]

R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet

Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-3-3 38912]

R3 M3000Srv;USB2.0 UVC WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [2009-6-6 145408]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-3-12 1684736]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009

-3-12 162816]

S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32

\drivers\Rts516xIR.sys [?]

=============== Created Last 30 ================

2010-06-15 18:37:03 0 ----a-w- c:\documents and settings\jasmine butler.acer-

330bb84976\defogger_reenable

2010-06-15 18:21:49 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys

2010-06-15 18:21:49 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2010-06-15 14:36:50 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-06-15 14:36:50 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-15 13:56:31 0 d-----w- c:\windows\ie8updates

2010-06-15 13:49:14 0 d-----w- c:\docume~1\jasmin~1.ace\applic~1\oovootb

2010-06-15 13:39:22 0 d-sh--w- c:\documents and settings\jasmine butler.acer-

330bb84976\PrivacIE

2010-06-15 13:31:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-06-15 13:31:13 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-15 13:31:13 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-06-12 19:44:31 0 d-----w- c:\documents and settings\jasmine butler.acer-

330bb84976\DoctorWeb

2010-06-12 15:07:47 0 d-sh--w- c:\documents and settings\jasmine butler.acer-

330bb84976\IECompatCache

2010-06-09 20:26:39 0 d-----w- c:\windows\pss

2010-06-09 20:02:18 0 d-sh--w- c:\documents and settings\jasmine butler.acer-

330bb84976\IETldCache

2010-06-09 19:54:54 0 dc-h--w- c:\windows\ie8

2010-06-09 17:48:11 0 d-----w- c:\docume~1\jasmin~1.ace\applic~1\Malwarebytes

2010-06-09 16:59:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-09 16:59:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-09 16:59:12 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-09 16:59:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-05-22 03:03:57 741376 ----a-w- c:\windows\WinGSD.exe

2010-05-22 03:03:18 741376 ----a-w- c:\windows\WinFSD.exe

2010-05-21 19:59:40 0 d-----w- C:\spoolerlogs

2010-05-20 04:17:12 5632 -c--a-w- c:\windows\system32\dllcache\smimsgif.dll

2010-05-20 04:16:44 5632 -c--a-w- c:\windows\system32\dllcache\smierrsy.dll

2010-05-20 04:16:35 15872 -c--a-w- c:\windows\system32\dllcache\smierrsm.dll

2010-05-20 04:16:32 10240 -c--a-w- c:\windows\system32\dllcache\snmpstup.dll

2010-05-20 04:16:32 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll

2010-05-20 04:16:26 61960 ----a-w- c:\windows\system32\wbem\snmpsmir.mof

2010-05-20 04:16:07 2094 ----a-w- c:\windows\system32\wbem\snmpreg.mof

2010-05-20 04:15:52 26236 ----a-w- c:\windows\system32\wins.mib

2010-05-20 04:15:37 49275 ----a-w- c:\windows\system32\wfospf.mib

2010-05-20 04:15:22 4332 ----a-w- c:\windows\system32\smi.mib

2010-05-20 04:15:01 38608 ----a-w- c:\windows\system32\nipx.mib

2010-05-20 04:14:47 34317 ----a-w- c:\windows\system32\msiprip2.mib

2010-05-20 04:14:42 13767 ----a-w- c:\windows\system32\msipbtp.mib

2010-05-20 04:14:31 581 ----a-w- c:\windows\system32\msft.mib

2010-05-20 04:14:28 10313 ----a-w- c:\windows\system32\mripsap.mib

2010-05-20 04:14:26 21386 ----a-w- c:\windows\system32\mipx.mib

2010-05-20 04:14:23 107882 ----a-w- c:\windows\system32\mib_ii.mib

2010-05-20 04:14:16 30448 ----a-w- c:\windows\system32\mcastmib.mib

2010-05-20 04:14:15 26100 ----a-w- c:\windows\system32\lmmib2.mib

2010-05-20 04:14:12 15799 ----a-w- c:\windows\system32\ipforwd.mib

2010-05-20 04:14:10 48593 ----a-w- c:\windows\system32\hostmib.mib

2010-05-20 04:14:04 4597 ----a-w- c:\windows\system32\dhcp.mib

2010-05-20 04:13:55 16617 ----a-w- c:\windows\system32\authserv.mib

2010-05-20 04:13:49 15597 ----a-w- c:\windows\system32\accserv.mib

2010-05-20 04:13:45 236544 -c--a-w- c:\windows\system32\dllcache\smi2smir.exe

2010-05-20 04:13:28 39936 -c--a-w- c:\windows\system32\dllcache\snmpthrd.dll

2010-05-20 04:13:28 39936 ----a-w- c:\windows\system32\wbem\snmpthrd.dll

2010-05-17 23:05:36 167936 ----a-w- c:\windows\WinDFG.exe

==================== Find3M ====================

2010-06-15 13:26:45 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys

2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-03-31 19:56:25 114688 ----a-w- c:\windows\WinSCO.exe

2010-03-31 19:53:27 264269 ----a-w- c:\windows\WinSCP.exe

2010-03-30 19:26:40 264269 ----a-w- C:\removeme.exe

2010-03-30 05:31:01 155648 --sh--r- c:\windows\Drivers.exe

2010-03-25 04:13:07 2808 ----a-w- c:\docume~1\jasmin~1.ace\applic~1\wklnhst.dat

2009-03-12 05:16:13 32768 --sha-w- c:\windows\system32\config\systemprofile\local

settings\application data\microsoft\feeds cache\index.dat

2009-09-30 11:09:31 32768 --sha-w- c:\windows\system32\config\systemprofile\local

settings\history\history.ie5\mshist012009093020091001\index.dat

2009-10-04 20:44:24 32768 --sha-w- c:\windows\temp\cookies\index.dat

2009-10-04 20:44:10 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat

2009-10-04 20:44:24 49152 --sha-w- c:\windows\temp\temporary internet

files\content.ie5\index.dat

============= FINISH: 10:57:40.17 ===============

Attach.txt

mbam_log_2010_06_09__14_52_04_.txt

mbam_log_2010_06_10__10_36_46_.txt

Link to post
Share on other sites

;)

  • Download Otl.exe to your desktop.
  • Double-Click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold

netsvcs

%SYSTEMDRIVE%\*.*

%systemroot%\*. /mp /s

CREATERESTOREPOINT

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\drivers\*.sys /90

  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

  • When the scan completes, it will open two notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Download GMER Antirootkit Here, click on Download EXE and save to your Desktop

  • Disconnect from the internet and disable all active protection so your security program drivers will not conflict with gmer's driver
  • Double-click Gmer.exe to run the program.
  • When the program opens, click the "Rootkit" Tab
  • On the right-side, check all the items to be scanned, but leave "Show All" unchecked
  • Select all drives that are connected to your system to be scanned
  • Click the Scan button
  • When the scan is finished, click Copy to save the scan log to the Windows clipboard
  • Open Notepad or a similar text editor
  • Paste the clipboard contents into a text file by clicking Edit | Paste or Ctl V
  • Save the gmer scan log and post it in your next reply.
  • Close Gmer
  • Open a command prompt (Start | run |type cmd and hit Enter)
    • Type or paste the following to unload the gmer driver:
    • net stop gmer
    • Hit Enter
    • Exit the command prompt.

    [*]Re-enable all active protection.

Link to post
Share on other sites

Here are the logs

OTL

OTL logfile created on: 6/18/2010 9:21:01 AM - Run 1

OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 617.00 Mb Available Physical Memory | 61.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 142.05 Gb Total Space | 120.51 Gb Free Space | 84.84% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: ACER-330BB84976

Current User Name: Jasmine Butler

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\ooVoo\ooVoo.exe (ooVoo LLC)

PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)

PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)

PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)

PRC - C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)

PRC - C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)

PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)

PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

PRC - C:\WINDOWS\WebCam\M3000\M3000Mnt.exe ()

PRC - C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation)

PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)

SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)

SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)

SRV - (RS_Service) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)

SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

SRV - (SNMP) -- C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Compbatt) -- C:\WINDOWS\system32\DRIVERS\compbatt.sys ()

DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)

DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)

DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics Incorporated)

DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV - (M3000Srv) -- C:\WINDOWS\system32\drivers\M3000KNT.sys ()

DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)

DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)

DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)

DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)

DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)

DRV - (DritekPortIO) -- C:\Program Files\Launch Manager\DPortIO.sys (Dritek System Inc.)

DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)

DRV - (DKbFltr) -- C:\WINDOWS\system32\drivers\DKbFltr.SYS (Dritek System Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/01/04 17:54:46 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/06/15 10:36:39 | 000,000,000 | ---D | M]

[2010/03/13 21:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Application Data\Mozilla\Extensions

[2010/03/13 21:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/06/15 09:09:15 | 000,000,789 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (no name) - {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No CLSID value found.

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [M3000Mnt] File not found

O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [startServiceMBCRKAS] C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Local Settings\Application Data\MBCRKAS\StartService.exe File not found

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)

O4 - HKLM..\Run: [WSG32] C:\WINDOWS\sagkl\WSG32.exe File not found

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)

O4 - HKCU..\Run: [startServiceMBCRKAS] C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Local Settings\Application Data\MBCRKAS\StartService.exe File not found

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk = C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)

O4 - Startup: C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplugin/win...fbootloader.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.74 65.32.5.75

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - Unable to read "AutoRun" value or value not present!

O32 - AutoRun File - [2009/03/12 01:07:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{1efc03a2-35dd-11df-a724-00235adc5b31}\Shell\AutoRun\command - "" = D:\cold\hott\

Link to post
Share on other sites

Here is the log it produced after the reboot and the OTL log

All processes killed

========== OTL ==========

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1efc03a2-35dd-11df-a724-00235adc5b31}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1efc03a2-35dd-11df-a724-00235adc5b31}\ not found.

File D:\cold\hott\

Link to post
Share on other sites

Everything is running well, I have a question though, there are 2 administrator(administrator and administrator.acer-330bb84976) folders in the documents and settings folder and 2 Jasmin(Jasmin Butler and Jasmin Butler.acer-330bb84976) in the same folder. Acer-330BB84976 is the computer name,does this seem normal?

Link to post
Share on other sites

I didn't want to delete anything, thats why I asked the question it just looks odd to me that there are 2 profiles. Here is whats in the Jasmin Butler folder

Application data

cookies

favorites

desktop

My Documents

Saved games

Templates

Ntuser.dat (hidden)

ntuser.dat.log (hidden)

could this have happened with all the viruses it had on it?

Link to post
Share on other sites

I didn't want to delete anything, thats why I asked the question it just looks odd to me that there are 2 profiles. Here is whats in the Jasmin Butler folder

Application data

cookies

favorites

desktop

My Documents

Saved games

Templates

Ntuser.dat (hidden)

ntuser.dat.log (hidden)

could this have happened with all the viruses it had on it?

Check and see if the same documents are in each My Documents Folder. I haven't see a virus replicate a profile, but its possible.

Link to post
Share on other sites

Hi,

The current profile has alot more files and the dates are current in the my documents folder than the jasmin butler folder. If you don't see any problem with this I want to just leave them there, it's not taking up much space on the drive. What about the viruses is it clean? Maybe we should just clean up what I did to get rid of them. Your thoughts?

Link to post
Share on other sites

i would just leave them.

I would like to do an online scan to be sure.

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take quite a long time to download.

  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases

    [*]Click on My Computer under the green Scan bar to the left to start the scan.

    [*]Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

    [*]Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.

    [*]Click View report... at the bottom.

    [*] Click the Save report... button.

    KasReport.png

    [*] Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

Link to post
Share on other sites

This is the first scan I've done since I posted, looks like it found more

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Friday, June 25, 2010

Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Friday, June 25, 2010 09:15:59

Records in database: 4303537

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

C:\

Scan statistics:

Objects scanned: 56768

Threats found: 9

Infected objects found: 61

Suspicious objects found: 0

Scan duration: 02:22:31

File name / Threat / Threats count

C:\Documents and Settings\Guest\Local Settings\Application Data\MBCRKAS\StartService.exe Infected: Trojan.Win32.Pincav.zxs 1

C:\Documents and Settings\Guest\wiefrwedx.exe Infected: Trojan.Win32.VBKrypt.adc 1

C:\Documents and Settings\Guest\wq3dsaei3pr.exe Infected: Trojan.Win32.VBKrypt.bfj 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\404cc9a0-236e66aa Infected: Exploit.Java.Agent.f 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\404cc9a0-236e66aa Infected: Trojan-Downloader.Java.Agent.cd 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\404cc9a0-236e66aa Infected: Trojan-Downloader.Java.OpenStream.al 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\43120580-68c7a813 Infected: Exploit.Java.Agent.f 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\470dc7c0-5b1ca727 Infected: Exploit.Java.Agent.f 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\470dc7c0-5b1ca727 Infected: Trojan-Downloader.Java.Agent.cd 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\470dc7c0-5b1ca727 Infected: Trojan-Downloader.Java.OpenStream.al 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\49e2ba29-2a2b6d8f Infected: Exploit.Java.Agent.f 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\49e2ba29-2a2b6d8f Infected: Trojan-Downloader.Java.Agent.cd 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\49e2ba29-2a2b6d8f Infected: Trojan-Downloader.Java.OpenStream.al 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\A0333371.dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\A0333372.dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\A0333373.dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\A0333374.dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\A0333375.dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\A0333376.dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\A0333377.dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\A0333378.dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\A0333379.dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\A0333380.dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\A0333381.dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\A0333382.dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\A0333383.dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\A0333384.dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\A0333385.dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\A0333386.dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\A0333387.dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\A0333388.dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\A0333389.dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\A0333390.dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\A0333391.dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\A0333392.dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\A0333393.dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\deecfcebdabbcbe(10).dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\deecfcebdabbcbe(11).dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\deecfcebdabbcbe(12).dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\deecfcebdabbcbe(13).dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\deecfcebdabbcbe(14).dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\deecfcebdabbcbe(15).dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\deecfcebdabbcbe(16).dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\deecfcebdabbcbe(17).dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\deecfcebdabbcbe(18).dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\deecfcebdabbcbe(19).dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\deecfcebdabbcbe(2).dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\deecfcebdabbcbe(20).dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\deecfcebdabbcbe(21).dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\deecfcebdabbcbe(22).dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\deecfcebdabbcbe(23).dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\deecfcebdabbcbe(3).dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\deecfcebdabbcbe(4).dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\deecfcebdabbcbe(5).dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\deecfcebdabbcbe(6).dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\deecfcebdabbcbe(7).dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\deecfcebdabbcbe(8).dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\deecfcebdabbcbe(9).dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\deecfcebdabbcbe.dll Infected: Worm.Win32.AutoRun.aern 1

C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb\Quarantine\hosts Infected: Trojan.Win32.Hosts.gen 1

C:\WINDOWS\Drivers.exe Infected: Trojan.Win32.VBKrypt.ij 1

Selected area has been scanned.

also ran a mbam quick scan

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4239

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/25/2010 1:43:50 PM

mbam-log-2010-06-25 (13-43-50).txt

Scan type: Quick scan

Objects scanned: 163377

Time elapsed: 8 minute(s), 30 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\startservicembcrkas (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\startservicembcrkas (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :otl
    O4 - HKLM..\Run: [WSG32] C:\WINDOWS\sagkl\WSG32.exe File not found
    :files
    C:\WINDOWS\WinSCP.exe
    C:\removeme.exe
    C:\WINDOWS\Drivers.exe
    C:\a6bddadfgsd.exe
    C:\Documents and Settings\Guest\Local Settings\Application Data\MBCRKAS\StartService.exe
    C:\Documents and Settings\Guest\wiefrwedx.exe
    C:\Documents and Settings\Guest\wq3dsaei3pr.exe
    :commands
    [emptytemp]
    [reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Link to post
Share on other sites

Here are the logs, the first one is after the reboot second is the quick scan

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WSG32 deleted successfully.

========== FILES ==========

C:\WINDOWS\WinSCP.exe moved successfully.

C:\removeme.exe moved successfully.

C:\WINDOWS\Drivers.exe moved successfully.

File\Folder C:\a6bddadfgsd.exe not found.

C:\Documents and Settings\Guest\Local Settings\Application Data\MBCRKAS\StartService.exe moved successfully.

C:\Documents and Settings\Guest\wiefrwedx.exe moved successfully.

C:\Documents and Settings\Guest\wq3dsaei3pr.exe moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Administrator.ACER-330BB84976

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 0 bytes

User: FAMILY

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Guest

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Jasmine Butler

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Jasmine Butler.ACER-330BB84976

->Temp folder emptied: 110824766 bytes

->Temporary Internet Files folder emptied: 20262585 bytes

->Java cache emptied: 128094 bytes

->Flash cache emptied: 405 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 0 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 106534 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 15232328 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 140.00 mb

OTL by OldTimer - Version 3.2.6.0 log created on 06262010_091432

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

_______________________________________________

OTL logfile created on: 6/26/2010 9:18:33 AM - Run 4

OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 648.00 Mb Available Physical Memory | 64.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 142.05 Gb Total Space | 120.80 Gb Free Space | 85.04% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: ACER-330BB84976

Current User Name: Jasmine Butler

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Minimal

Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\ooVoo\ooVoo.exe (ooVoo LLC)

PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)

PRC - C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)

PRC - C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)

PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)

PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

PRC - C:\WINDOWS\WebCam\M3000\M3000Mnt.exe ()

PRC - C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation)

PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

SRV - (RS_Service) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)

SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

SRV - (SNMP) -- C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Compbatt) -- C:\WINDOWS\system32\DRIVERS\compbatt.sys ()

DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)

DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics Incorporated)

DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV - (M3000Srv) -- C:\WINDOWS\system32\drivers\M3000KNT.sys ()

DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)

DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)

DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)

DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)

DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)

DRV - (DritekPortIO) -- C:\Program Files\Launch Manager\DPortIO.sys (Dritek System Inc.)

DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)

DRV - (DKbFltr) -- C:\WINDOWS\system32\drivers\DKbFltr.SYS (Dritek System Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[2010/03/13 21:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Application Data\Mozilla\Extensions

[2010/03/13 21:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/06/15 09:09:15 | 000,000,789 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (no name) - {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [M3000Mnt] File not found

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk = C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)

O4 - Startup: C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplugin/win...fbootloader.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.74 65.32.5.75

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - Unable to read "AutoRun" value or value not present!

O32 - AutoRun File - [2009/03/12 01:07:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{4b07acd2-b209-11de-a4b8-00235adc5b31}\Shell - "" = AutoRun

O33 - MountPoints2\{4b07acd2-b209-11de-a4b8-00235adc5b31}\Shell\AutoRun - "" = Auto&Play

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/06/22 09:14:57 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/06/18 09:31:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump

[2010/06/18 09:17:43 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Desktop\OTL.exe

[2010/06/15 10:37:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2010/06/15 10:36:36 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2010/06/15 10:34:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2010/06/15 10:33:58 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

[2010/06/15 10:33:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

[2010/06/15 10:33:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS

[2010/06/15 10:22:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

[2010/06/15 10:06:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google

[2010/06/15 09:56:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates

[2010/06/15 09:49:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Application Data\oovootb

[2010/06/15 09:39:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\PrivacIE

[2010/06/12 15:44:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\DoctorWeb

[2010/06/12 11:07:47 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\IECompatCache

[2010/06/09 16:26:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2010/06/09 16:02:18 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\IETldCache

[2010/06/09 15:54:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2010/06/09 13:48:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Application Data\Malwarebytes

[2010/06/09 12:59:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/06/09 12:59:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/06/09 12:59:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/06/09 12:59:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/05/31 13:06:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google

[2010/05/31 13:01:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google

[2010/05/21 23:03:57 | 000,741,376 | ---- | C] (DVfxrp) -- C:\WINDOWS\WinGSD.exe

[2010/05/21 23:03:18 | 000,741,376 | ---- | C] (DVfxrp) -- C:\WINDOWS\WinFSD.exe

[2010/05/21 15:59:40 | 000,000,000 | ---D | C] -- C:\spoolerlogs

[2010/05/17 19:05:36 | 000,167,936 | ---- | C] (AaKSyu5) -- C:\WINDOWS\WinDFG.exe

[2010/04/27 17:59:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Application Data\Facebook

[2010/04/18 11:30:17 | 000,000,000 | ---D | C] -- C:\found.003

[2010/04/17 18:21:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Local Settings\Application Data\MBCRKAS

[2010/04/16 17:24:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2010/04/16 17:24:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2010/04/15 22:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/04/15 13:56:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2010/04/15 13:56:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010/04/15 13:56:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2010/04/12 21:19:56 | 000,000,000 | RHSD | C] -- C:\SYSTEMFILES

[2009/03/11 08:53:14 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 90 Days ==========

[2010/06/26 09:15:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/06/26 09:15:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/06/26 09:15:41 | 1063,198,720 | -HS- | M] () -- C:\hiberfil.sys

[2010/06/26 09:15:06 | 004,456,448 | -H-- | M] () -- C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\NTUSER.DAT

[2010/06/26 09:15:06 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\ntuser.ini

[2010/06/25 15:53:32 | 004,304,566 | -H-- | M] () -- C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Local Settings\Application Data\IconCache.db

[2010/06/25 09:11:40 | 000,579,450 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/06/25 09:11:40 | 000,500,514 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/06/25 09:11:40 | 000,088,888 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/06/22 09:11:27 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/06/18 09:36:00 | 000,023,053 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF

[2010/06/18 09:18:33 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Desktop\0omqincp.exe

[2010/06/18 09:17:44 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Desktop\OTL.exe

[2010/06/15 14:37:03 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\defogger_reenable

[2010/06/15 14:36:28 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Desktop\dds.scr

[2010/06/15 14:36:13 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Desktop\Defogger.exe

[2010/06/15 10:17:02 | 000,248,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/06/15 10:06:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/06/15 09:26:45 | 000,010,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\compbatt.sys

[2010/06/15 09:09:15 | 000,000,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/06/12 15:30:04 | 042,730,616 | ---- | M] () -- C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Desktop\4k8t247w.exe

[2010/06/09 16:27:49 | 000,000,477 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/06/09 16:27:49 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/06/09 16:27:49 | 000,000,211 | RHS- | M] () -- C:\boot.ini

[2010/06/09 12:59:17 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/05/21 23:03:57 | 000,741,376 | ---- | M] (DVfxrp) -- C:\WINDOWS\WinGSD.exe

[2010/05/21 23:03:28 | 000,741,376 | ---- | M] (DVfxrp) -- C:\WINDOWS\WinFSD.exe

[2010/05/17 19:05:39 | 000,167,936 | ---- | M] (AaKSyu5) -- C:\WINDOWS\WinDFG.exe

[2010/05/01 18:28:51 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/04/29 18:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/04/29 18:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/04/25 00:31:56 | 000,013,162 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\58G3tyIDc

[2010/04/25 00:31:55 | 000,013,162 | -HS- | M] () -- C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Local Settings\Application Data\58G3tyIDc

[2010/04/25 00:31:54 | 000,016,196 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\192948760

[2010/04/15 13:32:15 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat

[2010/04/15 13:15:18 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT

[2010/04/15 09:59:39 | 000,000,197 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI

[2010/03/31 15:56:25 | 000,114,688 | ---- | M] () -- C:\WINDOWS\WinSCO.exe

[2010/03/28 16:00:21 | 000,000,372 | ---- | M] () -- C:\a6bddadfgsd.exe 1

========== Files Created - No Company Name ==========

[2010/06/18 09:18:30 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Desktop\0omqincp.exe

[2010/06/15 14:37:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\defogger_reenable

[2010/06/15 14:36:13 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Desktop\Defogger.exe

[2010/06/15 09:26:46 | 1063,198,720 | -HS- | C] () -- C:\hiberfil.sys

[2010/06/12 15:43:29 | 042,730,616 | ---- | C] () -- C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Desktop\4k8t247w.exe

[2010/06/12 15:33:58 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Desktop\dds.scr

[2010/06/09 12:59:17 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/05/20 00:15:52 | 000,026,236 | ---- | C] () -- C:\WINDOWS\System32\wins.mib

[2010/05/20 00:15:37 | 000,049,275 | ---- | C] () -- C:\WINDOWS\System32\wfospf.mib

[2010/05/20 00:15:22 | 000,004,332 | ---- | C] () -- C:\WINDOWS\System32\smi.mib

[2010/05/20 00:15:01 | 000,038,608 | ---- | C] () -- C:\WINDOWS\System32\nipx.mib

[2010/05/20 00:14:47 | 000,034,317 | ---- | C] () -- C:\WINDOWS\System32\msiprip2.mib

[2010/05/20 00:14:42 | 000,013,767 | ---- | C] () -- C:\WINDOWS\System32\msipbtp.mib

[2010/05/20 00:14:31 | 000,000,581 | ---- | C] () -- C:\WINDOWS\System32\msft.mib

[2010/05/20 00:14:28 | 000,010,313 | ---- | C] () -- C:\WINDOWS\System32\mripsap.mib

[2010/05/20 00:14:26 | 000,021,386 | ---- | C] () -- C:\WINDOWS\System32\mipx.mib

[2010/05/20 00:14:23 | 000,107,882 | ---- | C] () -- C:\WINDOWS\System32\mib_ii.mib

[2010/05/20 00:14:16 | 000,030,448 | ---- | C] () -- C:\WINDOWS\System32\mcastmib.mib

[2010/05/20 00:14:15 | 000,026,100 | ---- | C] () -- C:\WINDOWS\System32\lmmib2.mib

[2010/05/20 00:14:12 | 000,015,799 | ---- | C] () -- C:\WINDOWS\System32\ipforwd.mib

[2010/05/20 00:14:10 | 000,048,593 | ---- | C] () -- C:\WINDOWS\System32\hostmib.mib

[2010/05/20 00:14:04 | 000,004,597 | ---- | C] () -- C:\WINDOWS\System32\dhcp.mib

[2010/05/20 00:13:55 | 000,016,617 | ---- | C] () -- C:\WINDOWS\System32\authserv.mib

[2010/05/20 00:13:49 | 000,015,597 | ---- | C] () -- C:\WINDOWS\System32\accserv.mib

[2010/04/18 00:40:06 | 000,016,196 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\192948760

[2010/04/17 18:27:19 | 000,013,162 | -HS- | C] () -- C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Local Settings\Application Data\58G3tyIDc

[2010/04/17 18:27:19 | 000,013,162 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\58G3tyIDc

[2010/04/15 13:32:15 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/04/15 13:32:15 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2010/04/07 01:51:00 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2010/03/31 15:56:23 | 000,114,688 | ---- | C] () -- C:\WINDOWS\WinSCO.exe

[2010/03/28 15:59:41 | 000,000,372 | ---- | C] () -- C:\a6bddadfgsd.exe 1

[2010/03/04 23:22:10 | 000,000,118 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2009/06/06 18:03:40 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\M3000DIF.dll

[2009/06/06 18:03:40 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\M3000KNT.sys

[2009/06/06 18:03:40 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini

[2009/06/06 18:03:37 | 000,000,639 | ---- | C] () -- C:\WINDOWS\AutoSetFrequency.ini

[2009/03/12 02:47:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2009/03/12 01:55:36 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll

[2009/03/12 01:10:15 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2009/03/12 01:05:25 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2009/03/11 17:04:43 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\compbatt.sys

========== LOP Check ==========

[2009/03/12 02:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acer GameZone Console

[2009/12/07 19:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Arcade Lab

[2010/03/22 01:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier

[2010/01/03 20:51:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi

[2009/10/06 14:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hostsvr

[2009/10/05 19:47:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games

[2010/03/28 18:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009/10/26 17:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WSG32

[2009/11/19 11:15:34 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Application Data\.#

[2009/03/12 02:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Application Data\Acer

[2009/03/12 02:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Application Data\Acer GameZone Console

[2009/10/14 21:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Application Data\eSobi

[2010/04/27 17:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Application Data\Facebook

[2010/06/09 16:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Application Data\LimeWire

[2010/03/22 01:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Application Data\ooVoo Details

[2010/06/15 09:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Application Data\oovootb

[2009/10/07 03:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Application Data\SulusGames

[2009/03/12 02:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Application Data\Super-Cow

[2009/10/05 12:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jasmine Butler.ACER-330BB84976\Application Data\Template

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C491D31

@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D066AD2

@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02C1CB6D

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7091055F

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93C494CA

@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB689DEA

@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AB56A06

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:798A3728

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE16379

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF61E54

< End of report >

Link to post
Share on other sites

Glad to here it

OPen otl.exe and click on the Cleanup button.

Now that your system is clean you should SET A NEW RESTORE POINT to prevent future reinfection from the old restore point AFTER cleaning your system of any malware infection. Any trojans or spyware you picked up could have been saved in System Restore and are waiting to re-infect you. Since System Restore is a protected directory, your tools can not access it to delete files, trapping viruses inside. Setting a new restore point should be done to prevent any future reinfection from the old restore point and enable your computer to "roll-back" in case there is a future problem.

To SET A NEW RESTORE POINT:

1. Go to Start > Programs > Accessories > System Tools and click "System Restore".

2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

======================================

Here is some useful information on keeping your computer clean:

  1. Most important thing is to make sure Windows is kept up to date with the latest patches and updates from Windows Update
  2. How to update Adobe Acrobat Reader

    1. On your desktop, double-click on your Adobe icon.
    2. Click on Help.
    3. Click on Check for Updates.
    4. Visit my blog Here to view the video.

    5. How to update Jave SE Runtime
      1. Go to Start.
      2. Click on Control Panel
      3. Double-Click on the Java icon.
      4. Click on Update tab
      5. Click on Update Now.
      6. Visit my blog Here to view the video.

[*]Check out Tony Klein's "So how did i get infected in the first place" here

Link to post
Share on other sites

  • 4 weeks later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.