Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

autorun.aol

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

autorun.aol

Unread postby ajdemarco » February 18th, 2010, 3:07 pm

My computer has been infected by malware autorun.aol. It wants me to go to their site and download their virus removal tool and pay $40.00 to get rid of the malware they put on my machine. I get continual messages that whatever file I try to open is infected. It eventually open my browser and takes me to porno.com and some other porno type sites. It has disabled the windows installer and the control panel. The only way I can do anything is in safe mode. I have run Symantic EndPoint several times and it does not find anything. Below are the Hijackthis log and unistall_list. Appreciate any help you can give.

Andy

______________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23:34 AM, on 2/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Safe mode with network support

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Symantec AntiVirus\Smc.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
F:\Program Files\Symantec AntiVirus\Rtvscan.exe
F:\Program Files\Symantec AntiVirus\SmcGui.exe
F:\Program Files\Symantec AntiVirus\DoScan.exe
F:\Program Files\Symantec AntiVirus\SavUI.exe
F:\WINDOWS\explorer.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=F:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - F:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - F:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "F:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [athvsdij] F:\Documents and Settings\Wayne\Local Settings\Application Data\xflvfv\sdjlsftav.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-1454471165-2049760794-1801674531-1004\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe (User 'Kristin')
O4 - HKUS\S-1-5-21-1454471165-2049760794-1801674531-1004\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Kristin')
O4 - HKUS\S-1-5-21-1454471165-2049760794-1801674531-1004\..\Run: [prunnet] "F:\WINDOWS\system32\prunnet.exe" (User 'Kristin')
O4 - HKUS\S-1-5-21-1454471165-2049760794-1801674531-1004\..\Run: [AbacastDistributedOnDemand:11] F:\Documents and Settings\Kristin\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe -r:11 -x:1 (User 'Kristin')
O4 - HKUS\S-1-5-21-1454471165-2049760794-1801674531-1004\..\RunOnce: [FlashPlayerUpdate] F:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Kristin')
O4 - HKUS\S-1-5-21-1454471165-2049760794-1801674531-1005\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe (User 'Wayne')
O4 - HKUS\S-1-5-21-1454471165-2049760794-1801674531-500\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - Global Startup: HotSync Manager.lnk = F:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6445338640
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{932098D0-D1DC-43B2-8761-D097F6661B53}: NameServer = 10.0.0.8
O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Unknown owner - F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (file missing)
O23 - Service: FlipShare Service - Unknown owner - F:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McciCMService - Motive Communications, Inc. - F:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - F:\Program Files\Symantec AntiVirus\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - F:\Program Files\Symantec AntiVirus\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - F:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - F:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - F:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - F:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7006 bytes

________________________________________________________________________

Uninstall_list.txt

3ivx MPEG-4 5.0.3 (remove only)
Abacast Distributed On-Demand
Acrobat.com
Acrobat.com
Ad-Aware
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
AIM 6
Apple Mobile Device Support
Apple Software Update
Bonjour
CCleaner (remove only)
FlipShare
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
hp officejet v series
HP Photo Printing Software
HP Share-to-Web
iTunes
Java 2 Runtime Environment, SE v1.4.2_14
Java(TM) 6 Update 15
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
LiveUpdate 3.3 (Symantec Corporation)
Martini Recipes List
Massage Office Professional 1.0
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Mozilla Firefox (3.5.7)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
palmOne
PresentationEXPRESS(TM)
QuickTime
Realtek AC'97 Audio
SecondLife (remove only)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Smartparts Desktop
Symantec Endpoint Protection
Tax Forms Helper 2007 8.0
TuneUp Utilities 2009
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Verizon Broadband Toolbar (IE only)
Verizon Broadband Toolbar Firefox only
Verizon Help and Support Tool
VIA Platform Device Manager
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver
Viewpoint Media Player
VLC media player 0.9.2
Vz In Home Agent
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Xvid 1.1.3 final uninstall
ajdemarco
Regular Member
 
Posts: 47
Joined: February 18th, 2010, 2:45 pm
Top
Advertisement
Register to Remove

Re: autorun.aol

Unread postby deltalima » February 26th, 2010, 6:24 am

Hi ajdemarco,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Top

Re: autorun.aol

Unread postby deltalima » February 26th, 2010, 6:47 am

Hi ajdemarco,

Please boot the computer into Safe mode with network support

Download Rkill

Please download Rkill from one of the following links and save to your Desktop:

One, Two,Three or Four

Download OTL

Download OTL by Old Timer and save it to your Desktop.

Download GMER

Please download GMER Rootkit Scanner from here.

Now please Reboot into Normal mode

Run Rkill

  • Double click on Rkill.
  • A command window will open then disappear upon completion, this is normal.
  • A notepad windows will open, please post the contents in your next reply
  • This log can also be found at C:\rkill.log
  • Please leave Rkill on the Desktop until otherwise advised.

Note: If your security software warns about Rkill, please ignore and allow the download to continue.

Run OTL

  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Run GMER

  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log and the RKill log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Top

Re: autorun.aol

Unread postby ajdemarco » February 26th, 2010, 11:29 am

Funkymonkey,

Thanks for your help, hopefully I have run everything correctly. Here are the results.
Andy

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as AJ on 02/26/2010 at 7:00:18.


Processes terminated by Rkill or while it was running:


F:\Documents and Settings\Wayne\Local Settings\Application Data\xflvfv\sdjlsftav.exe
F:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
F:\Documents and Settings\AJ\Desktop\rkill.exe


Rkill completed on 02/26/2010 at 7:00:47.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-02-26 07:16:01
Windows 5.1.2600 Service Pack 3
Running: knlr42i1.exe; Driver: F:\DOCUME~1\AJ\LOCALS~1\Temp\awlyafod.sys


---- System - GMER 1.0.15 ----

Code \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwResetWriteWatch [0x8053FDCC]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----



OTL Extras logfile created on: 2/26/2010 7:08:41 AM - Run 1
OTL by OldTimer - Version 3.1.30.2 Folder = F:\Documents and Settings\AJ\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): f:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive C: | 279.46 Gb Total Space | 61.30 Gb Free Space | 21.94% Space Free | Partition Type: NTFS
Drive D: | 122.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 445.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 74.52 Gb Total Space | 21.10 Gb Free Space | 28.32% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PEOPLE-74CFDE58
Current User Name: AJ
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "F:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "F:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "F:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "F:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "F:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "F:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- F:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- F:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "F:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "F:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10508:TCP" = 10508:TCP:*:Enabled:BitComet 10508 TCP
"10508:UDP" = 10508:UDP:*:Enabled:BitComet 10508 UDP
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Program Files\Mozilla Firefox\firefox.exe" = F:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"F:\Program Files\Common Files\AOL\Loader\aolload.exe" = F:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"F:\Program Files\AIM6\aim6.exe" = F:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"F:\Program Files\Bonjour\mDNSResponder.exe" = F:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"F:\Program Files\iTunes\iTunes.exe" = F:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"F:\Documents and Settings\Kristin\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe" = F:\Documents and Settings\Kristin\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe:*:Enabled:Abacast Distributed On-Demand -- (Abacast, Inc.)
"F:\Documents and Settings\Kristin\Local Settings\Application Data\Abacast\Abaclient2.exe" = F:\Documents and Settings\Kristin\Local Settings\Application Data\Abacast\Abaclient2.exe:*:Enabled:Abaclient -- (Abacast, Inc.)
"F:\Program Files\Symantec AntiVirus\Smc.exe" = F:\Program Files\Symantec AntiVirus\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"F:\Program Files\Symantec AntiVirus\SNAC.EXE" = F:\Program Files\Symantec AntiVirus\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"F:\Program Files\Common Files\Symantec Shared\ccApp.exe" = F:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{06B594A0-2D2B-4376-94E4-13A0BD4A88F8}" = Symantec Endpoint Protection
"{0D3F9802-689F-9B6D-8E44-B55971F0CCBB}" = FlipShare
"{141F2872-D2F9-4A89-95D3-E222D1CBCC56}" = Vz In Home Agent
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142140}" = Java 2 Runtime Environment, SE v1.4.2_14
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{748F4870-8350-11D3-B0BF-080009FB4A19}" = HP Share-to-Web
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{924EB80F-C2BB-4B9F-8412-88BBA937393F}" = MobileMe Control Panel
"{99B60592-CEE2-43B4-BBFC-FAE049D13DA9}" = PresentationEXPRESS(TM)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E434580A-2D4A-4433-A81E-4BCAE86AD148}" = palmOne
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FDE97748-2050-47B1-9BDD-E049626FDE63}" = Smartparts Desktop
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"AbacastNode:11" = Abacast Distributed On-Demand
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"CCleaner" = CCleaner (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"HijackThis" = HijackThis 2.0.2
"hp officejet v series 1204559325" = hp officejet v series
"HP Photo Printing Software" = HP Photo Printing Software
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malware Sweeper_is1" = Malware Sweeper 2.3.0.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Martini Recipes List" = Martini Recipes List
"Massage_Office_Professional_1.0" = Massage Office Professional 1.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SecondLife" = SecondLife (remove only)
"Tax Forms Helper 2007_is1" = Tax Forms Helper 2007 8.0
"Verizon Broadband Toolbar Firefox only" = Verizon Broadband Toolbar Firefox only
"Verizon Help and Support" = Verizon Help and Support Tool
"verizon_broad" = Verizon Broadband Toolbar (IE only)
"VIA/S3G UniChrome Family Win2K/XP/Server2003 Display" = VIA/S3G Display Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.2
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/18/2010 3:53:15 PM | Computer Name = PEOPLE-74CFDE58 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: F:\Program Files\Symantec
AntiVirus\SavUI.exe Event Info: Terminate Process Action Taken: Logged Actor Process:
F:\Documents and Settings\Wayne\Local Settings\Application Data\xflvfv\sdjlsftav.exe
(PID 2504) Time: Thursday, February 18, 2010 11:53:15 AM

Error - 2/18/2010 3:53:16 PM | Computer Name = PEOPLE-74CFDE58 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: F:\Program Files\Symantec
AntiVirus\SavUI.exe Event Info: Terminate Process Action Taken: Logged Actor Process:
F:\Documents and Settings\Wayne\Local Settings\Application Data\xflvfv\sdjlsftav.exe
(PID 2504) Time: Thursday, February 18, 2010 11:53:16 AM

Error - 2/18/2010 3:53:17 PM | Computer Name = PEOPLE-74CFDE58 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: F:\Program Files\Symantec
AntiVirus\SavUI.exe Event Info: Terminate Process Action Taken: Logged Actor Process:
F:\Documents and Settings\Wayne\Local Settings\Application Data\xflvfv\sdjlsftav.exe
(PID 2504) Time: Thursday, February 18, 2010 11:53:17 AM

Error - 2/20/2010 7:54:55 PM | Computer Name = PEOPLE-74CFDE58 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Tracking Cookie in File: Unavailable by: Manual
scan. Action: Quarantine failed : Leave Alone failed. Action Description: The
file was deleted successfully.

Error - 2/21/2010 2:28:26 PM | Computer Name = PEOPLE-74CFDE58 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- The installer
has encountered an unexpected error installing this package. This may indicate
a problem with this package. The error code is 2721. The arguments are: DD_CA_RegIIS_X86.3643236F_FC70_11D3_A536_0090278A1BB8,
,

Error - 2/21/2010 2:28:26 PM | Computer Name = PEOPLE-74CFDE58 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'KB974417'
could not be installed. Error code 1603. Additional information is available in
the log file F:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\Microsoft .NET Framework
2.0-KB974417_20100221_182728328-Msi0.txt.

Error - 2/21/2010 2:28:27 PM | Computer Name = PEOPLE-74CFDE58 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb974417,
P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
2721.

Error - 2/21/2010 3:23:15 PM | Computer Name = PEOPLE-74CFDE58 | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 2/26/2010 11:06:09 AM | Computer Name = PEOPLE-74CFDE58 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'KB974417'
could not be installed. Error code 1603. Additional information is available in
the log file F:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\Microsoft .NET Framework
2.0-KB974417_20100226_150316962-Msi0.txt.

Error - 2/26/2010 11:06:15 AM | Computer Name = PEOPLE-74CFDE58 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb974417,
P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
0.

[ System Events ]
Error - 2/21/2010 3:41:15 PM | Computer Name = PEOPLE-74CFDE58 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/21/2010 3:41:24 PM | Computer Name = PEOPLE-74CFDE58 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/21/2010 11:06:53 PM | Computer Name = PEOPLE-74CFDE58 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/26/2010 10:49:31 AM | Computer Name = PEOPLE-74CFDE58 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/26/2010 10:50:37 AM | Computer Name = PEOPLE-74CFDE58 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl Fips intelppm SPBBCDrv SRTSP SRTSPX SYMTDI

Error - 2/26/2010 10:55:30 AM | Computer Name = PEOPLE-74CFDE58 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/26/2010 10:56:41 AM | Computer Name = PEOPLE-74CFDE58 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/26/2010 10:57:53 AM | Computer Name = PEOPLE-74CFDE58 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/26/2010 11:00:53 AM | Computer Name = PEOPLE-74CFDE58 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 2/26/2010 11:06:21 AM | Computer Name = PEOPLE-74CFDE58 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 2.0 Service Pack 2 Security Update
for Windows 2000, Windows Server 2003, and Windows XP (KB974417).


< End of report >

OTL logfile created on: 2/26/2010 7:08:40 AM - Run 1
OTL by OldTimer - Version 3.1.30.2 Folder = F:\Documents and Settings\AJ\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): f:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive C: | 279.46 Gb Total Space | 61.30 Gb Free Space | 21.94% Space Free | Partition Type: NTFS
Drive D: | 122.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 445.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 74.52 Gb Total Space | 21.10 Gb Free Space | 28.32% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PEOPLE-74CFDE58
Current User Name: AJ
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - F:\Documents and Settings\AJ\Desktop\OTL.exe (OldTimer Tools)
PRC - F:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - F:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
PRC - F:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
PRC - F:\Program Files\Verizon\McciTrayApp.exe (Motive Communications, Inc.)
PRC - F:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - F:\Program Files\Symantec AntiVirus\SmcGui.exe (Symantec Corporation)
PRC - F:\Program Files\Symantec AntiVirus\Smc.exe (Symantec Corporation)
PRC - F:\WINDOWS\system32\TUProgSt.exe (TuneUp Software)
PRC - F:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - F:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - F:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - F:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - F:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - F:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - F:\WINDOWS\system32\VTTrayp.exe (S3 Graphics Co., Ltd.)
PRC - F:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc)
PRC - F:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - F:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe ()


========== Modules (SafeList) ==========

MOD - F:\Documents and Settings\AJ\Desktop\OTL.exe (OldTimer Tools)
MOD - F:\Program Files\Common Files\Motive\McciContextHook_DSR.dll (Motive Communications, Inc.)


========== Win32 Services (SafeList) ==========

SRV - (clr_optimization_v2.0.50727_32) -- File not found
SRV - (JavaQuickStarterService) -- F:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (McciCMService) -- F:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
SRV - (FlipShare Service) -- F:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
SRV - (Symantec AntiVirus) -- F:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (SmcService) -- F:\Program Files\Symantec AntiVirus\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- F:\Program Files\Symantec AntiVirus\SNAC.EXE (Symantec Corporation)
SRV - (TuneUp.ProgramStatisticsSvc) -- F:\WINDOWS\system32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- F:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software)
SRV - (ccSetMgr) -- F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (UxTuneUp) -- F:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (LiveUpdate) -- F:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (iPod Service) -- F:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Bonjour Service) -- F:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (Viewpoint Manager Service) -- F:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (ose) -- F:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- F:\Program Files\Common Files\Symantec Shared\VirusDefs\20100214.004\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- F:\Program Files\Common Files\Symantec Shared\VirusDefs\20100214.004\NAVENG.SYS (Symantec Corporation)
DRV - (MREMP50) -- F:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- F:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (eeCtrl) -- F:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- F:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- F:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (WpsHelper) -- F:\WINDOWS\system32\drivers\WpsHelper.sys (Symantec Corporation)
DRV - (SysPlant) -- F:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys (Symantec Corporation)
DRV - (WPS) -- F:\WINDOWS\system32\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV - (SRTSPL) -- F:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- F:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- F:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation)
DRV - (COH_Mon) -- F:\WINDOWS\system32\drivers\COH_Mon.sys (Symantec Corporation)
DRV - (USBAAPL) -- F:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (Teefer2) -- F:\WINDOWS\system32\drivers\Teefer2.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SYMTDI) -- F:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- F:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (GEARAspiWDM) -- F:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (PalmUSBD) -- F:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
DRV - (Secdrv) -- F:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (MREMPR5) -- F:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.)
DRV - (MRENDIS5) -- F:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)
DRV - (Ptilink) -- F:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (xfilt) -- F:\WINDOWS\system32\DRIVERS\xfilt.sys (VIA Technologies,Inc)
DRV - (videX32) -- F:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
DRV - (viagfx) -- F:\WINDOWS\system32\drivers\vtmini.sys (Copyright (C) VIA/S3 Graphics Co, Ltd.)
DRV - (FETND5BV) -- F:\WINDOWS\system32\drivers\fetnd5bv.sys (VIA Technologies, Inc. )
DRV - (SISNIC) -- F:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- F:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ALCXSENS) -- F:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (FETNDIS) -- F:\WINDOWS\system32\drivers\fetnd5.sys (VIA Technologies, Inc. )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-1454471165-2049760794-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-1454471165-2049760794-1801674531-1003\S-1-5-21-1454471165-2049760794-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/|http://www.google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: F:\Program Files\Mozilla Firefox\components [2010/01/26 16:36:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins [2010/01/07 09:52:09 | 000,000,000 | ---D | M]

[2009/02/12 15:14:56 | 000,000,000 | ---D | M] -- F:\Documents and Settings\AJ\Application Data\Mozilla\Extensions
[2007/08/02 16:34:10 | 000,000,000 | ---D | M] -- F:\Documents and Settings\AJ\Application Data\Mozilla\Firefox\Profiles\ooxunp1l.default\extensions
[2010/02/17 19:20:53 | 000,000,000 | ---D | M] -- F:\Program Files\Mozilla Firefox\extensions
[2008/01/22 22:20:30 | 000,491,520 | ---- | M] (BitComet) -- F:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2006/01/18 11:50:00 | 000,319,488 | ---- | M] ( ) -- F:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2007/04/16 09:07:12 | 000,180,293 | ---- | M] () -- F:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2007/12/21 23:00:21 | 000,001,948 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\AOL Search.xml

O1 HOSTS File: ([2010/02/20 14:55:19 | 000,000,732 | ---- | M]) - F:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - F:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - F:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1454471165-2049760794-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1454471165-2049760794-1801674531-1003\..\Toolbar\WebBrowser: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - F:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O4 - HKLM..\Run: [AppleSyncNotifier] F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [athvsdij] F:\Documents and Settings\Wayne\Local Settings\Application Data\xflvfv\sdjlsftav.exe ()
O4 - HKLM..\Run: [ccApp] F:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DWQueuedReporting] F:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] F:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] F:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] F:\Program Files\Verizon\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [VTTrayp] F:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKU\S-1-5-21-1454471165-2049760794-1801674531-1003..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
O4 - HKLM..\RunOnce\Setup: [Registering ActiveScan 2.0 Components] F:\Program Files\Panda Security\ActiveScan 2.0\as2guiie.dll File not found
O4 - HKLM..\RunOnce\Setup: [Registering ActiveScan 2.0 Components.] F:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll File not found
O4 - HKLM..\RunOnce\Setup: [Registering ActiveScan 2.0 Components..] F:\Program Files\Panda Security\ActiveScan 2.0\libcomm.dll File not found
O4 - HKLM..\RunOnce\Setup: [Registering ActiveScan 2.0 Components...] F:\Program Files\Panda Security\ActiveScan 2.0\as2inst.dll File not found
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = F:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1454471165-2049760794-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - F:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 6445338640 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA} http://java.sun.com/products/plugin/aut ... s-i586.cab (Java Plug-in 1.4.2_14)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/sh ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: F:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: F:\WINDOWS\Web\Wallpaper\Bliss.bmp
O30 - LSA: Authentication Packages - (F:\WINDOWS\system32\pmnnOiJC) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/15 15:00:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/04/23 15:51:42 | 000,000,028 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - F:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/26 07:05:11 | 000,000,000 | ---D | C] -- F:\Documents and Settings\AJ\Desktop\Malware
[2010/02/26 07:01:35 | 000,000,000 | ---D | C] -- F:\WINDOWS\LastGood
[2010/02/26 06:56:26 | 000,549,888 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\AJ\Desktop\OTL.exe
[2010/02/18 12:03:44 | 001,140,472 | ---- | C] (Infragistics, Inc.) -- F:\WINDOWS\System32\IGUltraGrid20.ocx
[2010/02/18 12:03:44 | 000,512,688 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- F:\WINDOWS\System32\XceedCry.dll
[2010/02/18 12:03:44 | 000,131,856 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\MSADODC.ocx
[2010/02/18 12:03:43 | 001,435,272 | ---- | C] (Macromedia, Inc.) -- F:\WINDOWS\System32\Flash.ocx
[2010/02/18 12:03:43 | 000,423,784 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- F:\WINDOWS\System32\XceedBkp.dll
[2010/02/18 12:03:43 | 000,265,753 | ---- | C] (Ariad Software) -- F:\WINDOWS\System32\AS-Exp2.ocx
[2010/02/18 12:03:43 | 000,188,416 | ---- | C] (SoftShape Development) -- F:\WINDOWS\System32\actsplash.ocx
[2010/02/18 12:03:43 | 000,101,888 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\VB6STKIT.DLL
[2010/02/18 12:03:43 | 000,089,088 | ---- | C] (Ariad Software) -- F:\WINDOWS\System32\ProgressBar4.ocx
[2010/02/18 12:03:43 | 000,028,672 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\systray.ocx
[2010/02/18 12:03:43 | 000,010,752 | ---- | C] ( ) -- F:\WINDOWS\System32\md5.dll
[2010/02/18 12:03:41 | 000,000,000 | ---D | C] -- F:\Program Files\MalwareSweeper.com
[2010/02/18 12:01:21 | 000,000,000 | ---D | C] -- F:\Program Files\Microsoft Windows OneCare Live
[2010/02/18 11:21:31 | 000,000,000 | ---D | C] -- F:\Documents and Settings\AJ\Application Data\Malwarebytes
[2010/02/18 11:21:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/18 11:21:25 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbam.sys
[2010/02/18 11:21:25 | 000,000,000 | ---D | C] -- F:\Program Files\Malwarebytes' Anti-Malware
[2010/02/18 10:23:20 | 000,000,000 | ---D | C] -- F:\Program Files\Trend Micro
[2010/02/18 10:13:57 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- F:\Documents and Settings\AJ\Desktop\HJTInstall.exe
[2010/02/18 07:37:21 | 000,000,000 | ---D | C] -- F:\Documents and Settings\AJ\Local Settings\Application Data\PCHealth
[2010/02/17 19:44:18 | 000,000,000 | ---D | C] -- F:\Program Files\PC Medkit
[2010/02/17 19:35:28 | 000,000,000 | -HSD | C] -- F:\WINDOWS\CSC
[2010/02/17 17:33:55 | 000,000,000 | ---D | C] -- F:\Program Files\Panda Security
[2010/02/17 17:30:52 | 000,000,000 | ---D | C] -- F:\Documents and Settings\AJ\My Documents\Downloads
[2010/02/17 17:24:22 | 000,265,728 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\http.sys
[2010/02/17 17:24:22 | 000,075,776 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\strmfilt.dll
[2010/02/17 17:24:22 | 000,025,088 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\httpapi.dll
[2010/02/17 13:02:58 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\XPSViewer
[2010/02/17 13:02:52 | 000,000,000 | ---D | C] -- F:\Program Files\MSBuild
[2010/02/17 13:02:35 | 000,000,000 | ---D | C] -- F:\Program Files\Reference Assemblies
[2010/02/17 13:01:50 | 001,676,288 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\xpssvcs.dll
[2010/02/17 13:01:50 | 001,676,288 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010/02/17 13:01:50 | 000,597,504 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010/02/17 13:01:50 | 000,575,488 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/02/17 13:01:50 | 000,117,760 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\prntvpt.dll
[2010/02/17 13:01:50 | 000,089,088 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/02/17 10:20:39 | 000,989,696 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kernel32.dll
[2010/02/17 10:20:31 | 000,080,896 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\tlntsess.exe
[2010/02/17 10:20:31 | 000,076,288 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\telnet.exe
[2010/02/17 10:20:25 | 000,149,504 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\rastls.dll
[2010/02/17 10:20:25 | 000,079,872 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\raschap.dll
[2010/02/17 10:20:20 | 001,435,648 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\query.dll
[2010/02/17 10:20:10 | 000,033,280 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\csrsrv.dll
[2010/02/17 10:20:05 | 000,474,112 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\shlwapi.dll
[2010/02/17 10:19:58 | 000,132,096 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wkssvc.dll
[2010/02/17 10:19:46 | 000,345,600 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\localspl.dll
[2010/02/17 10:19:31 | 000,956,928 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msdtctm.dll
[2010/02/17 10:19:31 | 000,161,792 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msdtcuiu.dll
[2010/02/17 10:19:31 | 000,091,648 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\mtxoci.dll
[2010/02/17 10:19:31 | 000,066,560 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\mtxclu.dll
[2010/02/17 10:19:31 | 000,058,880 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msdtclog.dll
[2010/02/17 10:19:21 | 000,058,880 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msasn1.dll
[2010/02/17 10:19:16 | 000,017,920 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msyuv.dll
[2010/02/17 10:19:05 | 000,058,880 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\atl.dll
[2010/02/17 10:18:40 | 000,270,336 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\oakley.dll
[2010/02/17 10:18:35 | 000,084,992 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\avifil32.dll
[2010/02/17 10:18:35 | 000,011,264 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msrle32.dll
[2010/02/17 10:18:35 | 000,008,704 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\tsbyuv.dll
[2010/02/17 10:18:34 | 000,048,128 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\iyuv_32.dll
[2010/02/17 10:18:29 | 000,585,216 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\rpcrt4.dll
[2010/02/17 10:18:20 | 000,343,040 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\mspaint.exe
[2010/02/17 10:18:15 | 000,354,816 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\winhttp.dll
[2010/02/17 10:18:12 | 000,204,800 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\mswebdvd.dll
[2010/02/17 10:18:09 | 000,017,408 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\corpol.dll
[2010/02/17 10:18:01 | 000,078,336 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\ieencode.dll
[2010/02/17 10:15:51 | 008,461,312 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\shell32.dll
[2010/02/17 10:13:08 | 000,471,552 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\aclayers.dll
[2010/02/17 10:08:30 | 000,081,920 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fontsub.dll
[2010/02/17 10:08:29 | 000,119,808 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\t2embed.dll
[2010/02/16 19:01:33 | 000,147,456 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\schannel.dll
[2010/02/16 19:01:33 | 000,136,192 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msv1_0.dll
[2010/02/16 19:01:33 | 000,092,928 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\ksecdd.sys
[2010/02/16 19:01:33 | 000,056,832 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\secur32.dll
[2010/02/16 19:01:33 | 000,054,272 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wdigest.dll
[2010/02/16 19:01:32 | 000,730,112 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\lsasrv.dll
[2010/02/16 19:01:32 | 000,301,568 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kerberos.dll
[2010/02/07 12:48:04 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Documents\Hudson
[2009/06/30 13:26:27 | 000,000,000 | ---D | M] -- F:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/06/30 13:25:02 | 000,000,000 | --SD | M] -- F:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/01/05 12:41:00 | 000,000,000 | ---D | M] -- F:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/03/15 15:06:21 | 000,000,000 | ---D | M] -- F:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/03/15 15:00:04 | 000,000,000 | --SD | M] -- F:\Documents and Settings\LocalService\Application Data\Microsoft
[8 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]
[5 F:\WINDOWS\System32\*.tmp files -> F:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/26 07:07:03 | 002,359,296 | ---- | M] () -- F:\Documents and Settings\AJ\NTUSER.DAT
[2010/02/26 07:00:00 | 000,013,668 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl
[2010/02/26 06:59:23 | 000,000,006 | -H-- | M] () -- F:\WINDOWS\tasks\SA.DAT
[2010/02/26 06:59:12 | 000,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat
[2010/02/26 06:56:58 | 000,293,376 | ---- | M] () -- F:\Documents and Settings\AJ\Desktop\knlr42i1.exe
[2010/02/26 06:56:26 | 000,549,888 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\AJ\Desktop\OTL.exe
[2010/02/20 14:55:19 | 000,000,732 | ---- | M] () -- F:\WINDOWS\System32\drivers\etc\hosts
[2010/02/18 14:55:18 | 000,000,278 | -HS- | M] () -- F:\Documents and Settings\AJ\ntuser.ini
[2010/02/18 11:39:31 | 000,002,497 | ---- | M] () -- F:\Documents and Settings\AJ\Desktop\Microsoft Office Word 2003.lnk
[2010/02/18 11:34:19 | 004,768,656 | -H-- | M] () -- F:\Documents and Settings\AJ\Local Settings\Application Data\IconCache.db
[2010/02/18 10:40:33 | 000,002,521 | ---- | M] () -- F:\Documents and Settings\AJ\Desktop\Microsoft Office Outlook 2003.lnk
[2010/02/18 10:23:21 | 000,001,734 | ---- | M] () -- F:\Documents and Settings\AJ\Desktop\HijackThis.lnk
[2010/02/18 10:09:38 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- F:\Documents and Settings\AJ\Desktop\HJTInstall.exe
[2010/02/18 10:08:04 | 000,363,008 | ---- | M] () -- F:\Documents and Settings\AJ\Desktop\rkill.exe
[2010/02/18 07:34:22 | 000,512,960 | ---- | M] () -- F:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/18 07:34:22 | 000,435,260 | ---- | M] () -- F:\WINDOWS\System32\perfh009.dat
[2010/02/18 07:34:22 | 000,068,156 | ---- | M] () -- F:\WINDOWS\System32\perfc009.dat
[2010/02/18 03:30:43 | 000,001,374 | ---- | M] () -- F:\WINDOWS\imsins.BAK
[2010/02/17 19:59:15 | 000,000,336 | ---- | M] () -- F:\WINDOWS\tasks\PC Medkit.job
[2010/02/17 14:57:59 | 000,064,368 | ---- | M] () -- F:\Documents and Settings\AJ\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/17 14:45:48 | 000,244,720 | ---- | M] () -- F:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/14 19:06:43 | 000,002,137 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/02/11 11:22:14 | 000,000,664 | ---- | M] () -- F:\WINDOWS\System32\d3d9caps.dat
[2010/02/03 15:55:25 | 000,000,932 | ---- | M] () -- F:\WINDOWS\win.ini
[8 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]
[5 F:\WINDOWS\System32\*.tmp files -> F:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/26 06:56:57 | 000,293,376 | ---- | C] () -- F:\Documents and Settings\AJ\Desktop\knlr42i1.exe
[2010/02/18 12:03:43 | 000,389,120 | ---- | C] () -- F:\WINDOWS\System32\ACTSKN43.OCX
[2010/02/18 12:03:43 | 000,011,012 | ---- | C] () -- F:\WINDOWS\System32\threadapi.tlb
[2010/02/18 10:23:21 | 000,001,734 | ---- | C] () -- F:\Documents and Settings\AJ\Desktop\HijackThis.lnk
[2010/02/18 10:13:49 | 000,363,008 | ---- | C] () -- F:\Documents and Settings\AJ\Desktop\rkill.exe
[2010/02/17 19:44:23 | 000,000,336 | ---- | C] () -- F:\WINDOWS\tasks\PC Medkit.job
[2009/12/26 13:10:35 | 000,000,032 | ---- | C] () -- F:\WINDOWS\CD_Start.INI
[2009/09/30 12:07:19 | 018,527,244 | ---- | C] () -- F:\Documents and Settings\All Users\Application Data\vlc-1.0.2-win32.exe
[2008/12/30 15:35:17 | 001,307,941 | -HS- | C] () -- F:\WINDOWS\System32\nssvovqu.ini
[2008/12/29 14:59:09 | 001,307,941 | -HS- | C] () -- F:\WINDOWS\System32\vnhlxlgr.ini
[2008/12/24 08:17:33 | 001,746,192 | -HS- | C] () -- F:\WINDOWS\System32\whotxebs.ini
[2008/12/22 14:47:02 | 000,688,277 | -HS- | C] () -- F:\WINDOWS\System32\CJiOnnmp.ini2
[2008/12/22 14:47:02 | 000,688,277 | -HS- | C] () -- F:\WINDOWS\System32\CJiOnnmp.ini
[2008/03/03 07:27:16 | 000,000,020 | ---- | C] () -- F:\WINDOWS\Hposcv07.INI
[2008/02/18 22:33:34 | 000,446,352 | ---- | C] () -- F:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/11/11 16:36:50 | 000,003,328 | ---- | C] () -- F:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/08/06 12:07:30 | 000,008,784 | ---- | C] () -- F:\WINDOWS\System32\ractrlkeyhook.dll
[2007/07/03 05:32:37 | 000,765,952 | ---- | C] () -- F:\WINDOWS\System32\xvidcore.dll
[2007/07/03 05:32:36 | 000,180,224 | ---- | C] () -- F:\WINDOWS\System32\xvidvfw.dll
[2007/03/29 06:42:21 | 000,000,169 | ---- | C] () -- F:\WINDOWS\RtlRack.ini
[2007/03/26 20:06:48 | 000,000,164 | ---- | C] () -- F:\WINDOWS\avrack.ini
[2007/03/26 20:06:46 | 000,155,648 | ---- | C] () -- F:\WINDOWS\System32\RTLCPAPI.dll
[2007/03/23 01:59:36 | 000,000,000 | ---- | C] () -- F:\WINDOWS\vpc32.INI
[2007/03/23 01:58:23 | 000,000,376 | ---- | C] () -- F:\WINDOWS\ODBC.INI
[2004/09/17 16:37:42 | 000,061,440 | ---- | C] () -- F:\WINDOWS\System32\vuins32.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- F:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:D21D8AED
@Alternate Data Stream - 116 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >
ajdemarco
Regular Member
 
Posts: 47
Joined: February 18th, 2010, 2:45 pm
Top

Re: autorun.aol

Unread postby ajdemarco » February 26th, 2010, 12:49 pm

One additional note, when I go to turn the computer off it wants to install new security updates. I have avoided this by telling it to restart and then shutting off the power. I did not want to install anything new without your direction.
ajdemarco
Regular Member
 
Posts: 47
Joined: February 18th, 2010, 2:45 pm
Top

Re: autorun.aol

Unread postby deltalima » February 26th, 2010, 1:46 pm

Hi ajdemarco,

I have avoided this by telling it to restart and then shutting off the power. I did not want to install anything new without your direction


Good thinking, we will be able to run the updates once we have cleaned the infection.

Please Reboot into Normal mode

Run Rkill

  • Double click on Rkill.
  • A command window will open then disappear upon completion, this is normal.
  • A notepad windows will open, please post the contents in your next reply
  • This log can also be found at C:\rkill.log
  • Please leave Rkill on the Desktop until otherwise advised.

Malwarebytes Anti-Malware:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and select then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
  1. Launch Malwarebytes' Anti-Malware
  2. Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Top

Re: autorun.aol

Unread postby ajdemarco » February 26th, 2010, 2:43 pm

Okay, Here is the Rkill log and the error from Malwarebytes

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as AJ on 02/26/2010 at 10:08:10.


Processes terminated by Rkill or while it was running:


F:\Documents and Settings\AJ\Desktop\rkill.exe


Rkill completed on 02/26/2010 at 10:08:15.

Malware error code
error code 723 (2,0)

after a while malware came up and here is the result



Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

2/26/2010 10:41:35 AM
mbam-log-2010-02-26 (10-41-35).txt

Scan type: Quick Scan
Objects scanned: 167439
Time elapsed: 13 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 20
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 33

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{1dec989a-8b5a-4032-903a-50b1e071b77b} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{01b3b657-e7bf-4936-bf6e-c1cff3aaf0dd} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{34196f64-c524-4ae3-8572-0ae00843ef54} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{376193bc-493c-4b19-ac30-32ff54225ee7} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{453c3579-3a18-4b7e-8e11-abf856dfa67e} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b3f969a7-6c91-4594-a418-a042cce8be07} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bc3ce04b-b40b-481d-855f-f1165d4554d0} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{be641acd-9500-4ea8-b7cc-2534c95eb5d3} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c08cd4e6-ed0c-499b-a86a-23addf8f41be} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d994b6d8-32bf-4b39-afa6-a5701087dca4} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e6395f5e-8e54-4392-8bce-d433fb0b695e} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3064afbf-23b5-4794-a1d7-3c0d5188bead} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7be57914-454f-4149-bb0e-054194e64693} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a0df63d4-3c61-4fa8-ae92-aa4b3f794024} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bb044f38-e542-423b-9701-8d31957bd0ac} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d593aff0-9f4f-4e7d-886b-11e1bc63b98c} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{eec98240-0748-44fc-89f4-cb9216459e1f} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fb03e1ad-6946-4cf9-a2cb-d5c53dcf9583} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\engine.backupengine (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malware Sweeper_is1 (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
F:\Program Files\MalwareSweeper.com\MalwareSweeper (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
F:\Program Files\MalwareSweeper.com\MalwareSweeper\Patches (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
F:\Documents and Settings\All Users\Start Menu\Programs\MalwareSweeper.com (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
F:\Documents and Settings\All Users\Start Menu\Programs\MalwareSweeper.com\Malware Sweeper (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.

Files Infected:
F:\Documents and Settings\Administrator\My Documents\downloads\mwsw.exe (Rogue.Installer) -> Quarantined and deleted successfully.
F:\WINDOWS\system32\md5.dll (Malware.Trace) -> Quarantined and deleted successfully.
F:\Program Files\MalwareSweeper.com\MalwareSweeper\agent.exe (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
F:\Program Files\MalwareSweeper.com\MalwareSweeper\Alert.swf (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
F:\Program Files\MalwareSweeper.com\MalwareSweeper\browse.swf (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
F:\Program Files\MalwareSweeper.com\MalwareSweeper\db.ini (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
F:\Program Files\MalwareSweeper.com\MalwareSweeper\DB1.ms1 (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
F:\Program Files\MalwareSweeper.com\MalwareSweeper\DB2.ms1 (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
F:\Program Files\MalwareSweeper.com\MalwareSweeper\Def1.ms1 (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
F:\Program Files\MalwareSweeper.com\MalwareSweeper\Def2.ms1 (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
F:\Program Files\MalwareSweeper.com\MalwareSweeper\Engine.dll (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
F:\Program Files\MalwareSweeper.com\MalwareSweeper\English.inf (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
F:\Program Files\MalwareSweeper.com\MalwareSweeper\English.jpg (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
F:\Program Files\MalwareSweeper.com\MalwareSweeper\Errors.txt (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
F:\Program Files\MalwareSweeper.com\MalwareSweeper\Help.chm (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
F:\Program Files\MalwareSweeper.com\MalwareSweeper\hosts (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
F:\Program Files\MalwareSweeper.com\MalwareSweeper\Main.skn (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
F:\Program Files\MalwareSweeper.com\MalwareSweeper\Main.swf (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
F:\Program Files\MalwareSweeper.com\MalwareSweeper\MalSwep.exe (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
F:\Program Files\MalwareSweeper.com\MalwareSweeper\Message.swf (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
F:\Program Files\MalwareSweeper.com\MalwareSweeper\Purchase.swf (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
F:\Program Files\MalwareSweeper.com\MalwareSweeper\Scan Session.txt (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
F:\Program Files\MalwareSweeper.com\MalwareSweeper\scan.swf (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
F:\Program Files\MalwareSweeper.com\MalwareSweeper\Splash.spl (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
F:\Program Files\MalwareSweeper.com\MalwareSweeper\Trial.swf (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
F:\Program Files\MalwareSweeper.com\MalwareSweeper\unins000.dat (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
F:\Program Files\MalwareSweeper.com\MalwareSweeper\unins000.exe (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
F:\Program Files\MalwareSweeper.com\MalwareSweeper\update.cli (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
F:\Program Files\MalwareSweeper.com\MalwareSweeper\update.exe (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
F:\Documents and Settings\All Users\Start Menu\Programs\MalwareSweeper.com\Malware Sweeper.lnk (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
F:\Documents and Settings\All Users\Start Menu\Programs\MalwareSweeper.com\Malware Sweeper\Help.lnk (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
F:\Documents and Settings\All Users\Start Menu\Programs\MalwareSweeper.com\Malware Sweeper\Uninstall.lnk (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
F:\Documents and Settings\Administrator\Desktop\Malware Sweeper.lnk (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.


will restart as prompted
ajdemarco
Regular Member
 
Posts: 47
Joined: February 18th, 2010, 2:45 pm
Top

Re: autorun.aol

Unread postby deltalima » February 26th, 2010, 3:40 pm

Hi ajdemarco,

Please boot the computer into Safe mode with network support

Now run Malwarebytes and select the Updates tab and then click Check for updates

Do not run a scan.

Please Reboot into Normal mode

Run Rkill

Run Malwarebytes Anti-Malware and run a quick scan

Please post the log from Malwarebytes in your next reply
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Top

Re: autorun.aol

Unread postby ajdemarco » February 26th, 2010, 5:02 pm

Here are the results of the last Malware scan. I have not deleted anything yet until you tell me to.


Malwarebytes' Anti-Malware 1.44
Database version: 3796
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

2/26/2010 12:59:14 PM
mbam-log-2010-02-26 (12-59-03).txt

Scan type: Quick Scan
Objects scanned: 177967
Time elapsed: 13 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> No action taken.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\athvsdij (Trojan.FakeAlert.Gen) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
F:\Documents and Settings\Wayne\Local Settings\Temp\EyHB.exe (Trojan.FakeAlert) -> No action taken.
F:\Documents and Settings\Wayne\Local Settings\Temporary Internet Files\Content.IE5\40T2YBZE\eHbab1f296V03007f35002R3ce2be18102Tf1caa678Q000002f3901801F002a000aJ0f000601l0409K74474d4a3180[1] (Trojan.FakeAlert) -> No action taken.
ajdemarco
Regular Member
 
Posts: 47
Joined: February 18th, 2010, 2:45 pm
Top

Re: autorun.aol

Unread postby deltalima » February 26th, 2010, 5:08 pm

Hi ajdemarco,

I have not deleted anything yet until you tell me to


Yes go ahead and let Malwarebytes delete the detections.

Now please run a new HijackThis scan and post the log back here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Top

Re: autorun.aol

Unread postby ajdemarco » February 26th, 2010, 5:20 pm

deleted infected files, computer restarted and have run hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:39 PM, on 2/26/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Symantec AntiVirus\Smc.exe
F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\Flip Video\FlipShare\FlipShareService.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\Program Files\Common Files\Motive\McciCMService.exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Symantec AntiVirus\Rtvscan.exe
F:\WINDOWS\System32\TUProgSt.exe
F:\Program Files\Viewpoint\Common\ViewpointService.exe
F:\WINDOWS\system32\wuauclt.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\VTtrayp.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Verizon\McciTrayApp.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\palmOne\Hotsync.exe
F:\Program Files\Symantec AntiVirus\SmcGui.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Symantec AntiVirus\DoScan.exe
F:\Program Files\Symantec AntiVirus\SavUI.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=F:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - F:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - F:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "F:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: HotSync Manager.lnk = F:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6445338640
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{932098D0-D1DC-43B2-8761-D097F6661B53}: NameServer = 10.0.0.8
O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Unknown owner - F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (file missing)
O23 - Service: FlipShare Service - Unknown owner - F:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McciCMService - Motive Communications, Inc. - F:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - F:\Program Files\Symantec AntiVirus\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - F:\Program Files\Symantec AntiVirus\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - F:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - F:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - F:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - F:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6627 bytes
ajdemarco
Regular Member
 
Posts: 47
Joined: February 18th, 2010, 2:45 pm
Top

Re: autorun.aol

Unread postby deltalima » February 26th, 2010, 5:43 pm

Hi ajdemarco,

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :otl
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"10508:TCP" =-
"10508:UDP" =-
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Please let me know how the computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Top

Re: autorun.aol

Unread postby ajdemarco » February 26th, 2010, 5:59 pm

results of OTL

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirstRunDisabled" | 0 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10508:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10508:UDP deleted successfully.

OTL by OldTimer - Version 3.1.30.2 log created on 02262010_135843
ajdemarco
Regular Member
 
Posts: 47
Joined: February 18th, 2010, 2:45 pm
Top

Re: autorun.aol

Unread postby deltalima » February 26th, 2010, 6:28 pm

Hi ajdemarco,

  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs,
    highlight Viewpoint Media Player
    click Remove
  • Close the Add or Remove Programs and the Control Panel windows.

You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 9.3 are vulnerable.
  • Go HERE, UNCHECK any Free Add-Ons, and click Download to install the latest version of Adobe Acrobat Reader.
  • After it completes the Installation, close the Download Manager.

Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, & also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 18.
  • Download the latest version of Java Runtime Environment (JRE) 6 Here
  • Scroll down to where it says "JDK 6 Update 18 (JDK or JRE)"
  • Click the orange Download JRE button to the right
  • Select the Windows platform from the dropdown menu
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh
  • Click on the link to download Windows Offline Installation & save the file to your desktop
  • Close any programs you may have running - especially your web browser
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs & remove all older versions of Java
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions
  • Reboot your computer once all Java components are removed
  • Then from your desktop double-click on jre-6u18-windows-i586-p.exe to install the newest version

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply and also let me know how your computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Top

Re: autorun.aol

Unread postby ajdemarco » February 26th, 2010, 11:17 pm

Everything completes as instructed. Here is the file from the last scan

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, February 26, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, February 26, 2010 10:09:37
Records in database: 3651045
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 130548
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 03:11:16


File name / Threat / Threats count
F:\Documents and Settings\Wayne\Local Settings\Application Data\xflvfv\sdjlsftav.exe Infected: Trojan.Win32.FraudPack.alnv 1

Selected area has been scanned.
ajdemarco
Regular Member
 
Posts: 47
Joined: February 18th, 2010, 2:45 pm
Top
Advertisement
Register to Remove
Next
Topic locked

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 131 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index