TechSpot

Google redirect and no folder options

Solved
By Wormjerry
Sep 8, 2010
  1. my first post, hi, iv read some of the other post on the site about my problem and figgured id ask for help. iv got the google redirect prob and even when i clicked forums link i was redirected to random sites also when i go to turn my hidden folders to show i dont have the folder options in the tool menu i use firefox and i have mcafee securitycenter. im doin an updated MWAM quick scan that ill post as a reply any others i need to d/l and scan?? thanks for any help in advance
     
  2. Wormjerry

    Wormjerry TS Rookie Topic Starter Posts: 59

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4567

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    9/7/2010 10:09:52 PM
    mbam-log-2010-09-07 (22-09-52).txt

    Scan type: Quick scan
    Objects scanned: 153371
    Time elapsed: 29 minute(s), 25 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 5
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{438244d7-80c5-400e-a0f4-04291218bca3} (Password.Stealer) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkeuf (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mketa (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkbuqc (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkerb (Trojan.Downloader) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\vyfjwk53.dll (Password.Stealer) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\axcrng.sys (Rootkit.Agent) -> Delete on reboot.
     
  3. Broni

    Broni Malware Annihilator Posts: 47,630   +267

  4. Wormjerry

    Wormjerry TS Rookie Topic Starter Posts: 59

    gmer is freezin when done running dds right now thanks
     
  5. Wormjerry

    Wormjerry TS Rookie Topic Starter Posts: 59

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Worm Jerry at 13:01:29.53 on Wed 09/08/2010
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_17
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.463 [GMT -7:00]

    AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\rundll32.exe
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\Explorer.EXE
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\WebCam\M3000\M3000Mnt.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Acer\Acer VCM\AcerVCM.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\Acer\Acer VCM\RS_Service.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    c:\PROGRA~1\mcafee\msc\mcshell.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Worm Jerry\My Documents\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://search.entru.com/?s=21982
    uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0809&m=aspire_one
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [HNURPOXRnsc] c:\docume~1\wormje~1\locals~1\temp\drweb.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [LManager] c:\progra~1\launch~1\LManager.exe
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt
    mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
    mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
    mRun: [<NO NAME>]
    mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
    mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [mrwcxnseao.tmp] "c:\docume~1\wormje~1\locals~1\temp\mrwcxnseao.tmp"
    mRun: [aoemxrnwcs.tmp] "c:\docume~1\wormje~1\locals~1\temp\aoemxrnwcs.tmp"
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
    uPolicies-explorer: Nofolderoptions = 1 (0x1)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
    LSP: c:\windows\system32\lsp113.dll
    DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\wormje~1\applic~1\mozilla\firefox\profiles\bz5lle5a.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.raiders.com/home/
    FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
    FF - plugin: c:\documents and settings\worm jerry\application data\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-5-21 214664]
    R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2010-8-8 33824]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-7-2 54760]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-5-21 203280]
    R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-5-21 359952]
    R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-5-21 144704]
    R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-3-11 237568]
    R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-3-3 38912]
    R3 M3000Srv;WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [2009-6-22 145408]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-5-21 79816]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-5-21 35272]
    S0 axcrng;axcrng; [x]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-23 135664]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-3-11 1684736]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-3-11 30192]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-5-21 34248]
    S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-5-21 40552]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-3-11 162816]
    S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
    S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-5-21 606736]

    =============== Created Last 30 ================

    2010-09-08 04:18:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-09-08 04:18:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-08 04:17:59 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-09-08 03:03:33 0 d-----w- c:\program files\Trend Micro
    2010-09-04 17:17:27 230 ----a-w- c:\windows\system32\spupdsvc.inf
    2010-09-04 00:33:07 0 d-----w- c:\program files\Spyware Doctor
    2010-09-04 00:33:07 0 d-----w- c:\program files\common files\PC Tools
    2010-09-03 23:36:43 0 d-----w- c:\program files\ESET
    2010-09-03 07:31:57 0 d-----w- c:\docume~1\wormje~1\applic~1\Malwarebytes
    2010-09-03 07:31:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-09-01 23:48:48 43454 ----a-w- c:\windows\system32\xkqon
    2010-09-01 17:24:15 4 ---ha-w- c:\windows\system32\iexplore.sy_
    2010-09-01 17:24:14 53098 ----a-w- c:\windows\system32\lsp113.dll
    2010-09-01 08:22:22 79360 --sha-r- c:\windows\system32\atmadmp.dll
    2010-09-01 08:21:39 200704 ----a-w- c:\windows\Bsizaa.exe
    2010-08-25 06:47:32 221184 ----a-w- c:\windows\system32\wmpns.dll
    2010-08-10 12:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-08-10 12:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts

    ==================== Find3M ====================

    2010-09-04 16:47:29 11648 ----a-w- c:\windows\system32\drivers\acpiec.sys
    2010-08-25 22:48:46 400 ----a-w- c:\docume~1\wormje~1\applic~1\wklnhst.dat
    2010-08-09 03:22:40 33824 ----a-w- c:\windows\system32\drivers\oreans32.sys
    2010-07-31 21:37:36 411368 ----a-w- c:\windows\system32\deploytk.dll
    2010-07-15 22:18:22 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
    2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:15:26 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-06-24 12:15:26 17408 ----a-w- c:\windows\system32\corpol.dll
    2010-06-24 12:10:44 667136 ----a-w- c:\windows\system32\wininet.dll
    2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2009-03-12 05:16:13 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
    2009-08-24 21:03:39 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009082420090825\index.dat

    ============= FINISH: 13:01:54.70 ===============
     
  6. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =======================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  7. Wormjerry

    Wormjerry TS Rookie Topic Starter Posts: 59

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Home Edition
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x00000004

    Kernel Drivers (total 129):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806FF000 \WINDOWS\system32\hal.dll
    0xF7CFD000 \WINDOWS\system32\KDCOM.DLL
    0xF7C0D000 \WINDOWS\system32\BOOTVID.dll
    0xF77AE000 ACPI.sys
    0xF7CFF000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF779D000 pci.sys
    0xF77FD000 isapnp.sys
    0xF7C11000 compbatt.sys
    0xF7C15000 \WINDOWS\system32\DRIVERS\BATTC.SYS
    0xF7DC5000 pciide.sys
    0xF7A7D000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF780D000 MountMgr.sys
    0xF777E000 ftdisk.sys
    0xF7A85000 PartMgr.sys
    0xF7C19000 ACPIEC.sys
    0xF7DC6000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    0xF781D000 VolSnap.sys
    0xF7766000 atapi.sys
    0xF7698000 iaStor.sys
    0xF782D000 disk.sys
    0xF783D000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF7678000 fltMgr.sys
    0xF784D000 PxHelp20.sys
    0xF765A000 TPkd.sys
    0xF7643000 KSecDD.sys
    0xF75B6000 Ntfs.sys
    0xF7589000 NDIS.sys
    0xF756F000 Mup.sys
    0xF6A02000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xF55E9000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
    0xF55D5000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF55AD000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xF5464000 \SystemRoot\system32\DRIVERS\athw.sys
    0xF791D000 \SystemRoot\system32\DRIVERS\l1c51x86.sys
    0xF7B2D000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xF5440000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF7B35000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF752B000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0xF792D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF7B3D000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
    0xF7B45000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF540F000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0xF7D31000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF793D000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
    0xF5393000 \SystemRoot\System32\Drivers\wdf01000.sys
    0xF7B0D000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF5B83000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0xF2649000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF7D89000 \SystemRoot\System32\Drivers\RootMdm.sys
    0xF7B15000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF354A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF5B7F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF0AF2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF353A000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF352A000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF7B1D000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF0A19000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF351A000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF7B25000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF2A46000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF2A3E000 \SystemRoot\system32\DRIVERS\RimSerial.sys
    0xF350A000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF7D8B000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF09F6000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF0998000 \SystemRoot\system32\DRIVERS\update.sys
    0xF7CE9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF240D000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xA7484000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xA5D17000 \SystemRoot\system32\drivers\RtkHDAud.sys
    0xA5CF3000 \SystemRoot\system32\drivers\portcls.sys
    0xA7474000 \SystemRoot\system32\drivers\drmk.sys
    0xA699B000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xA7709000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xA6D1F000 \SystemRoot\System32\Drivers\Null.SYS
    0xA7707000 \SystemRoot\System32\Drivers\Beep.SYS
    0xA6B21000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xA6B19000 \SystemRoot\System32\drivers\vga.sys
    0xA7705000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xA7703000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xA6B11000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xA6B09000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xA6993000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xA5C58000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xA5BFF000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xA5BD9000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xA5BB2000 \SystemRoot\System32\Drivers\Mpfp.sys
    0xA7414000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
    0xA5B8A000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xA6767000 \SystemRoot\System32\drivers\ws2ifsl.sys
    0xA5B68000 \SystemRoot\System32\drivers\afd.sys
    0xA6C98000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xA5B3D000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xA6C78000 \??\C:\WINDOWS\system32\drivers\oreans32.sys
    0xA5ACD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xA5A9A000 \SystemRoot\system32\drivers\mfehidk.sys
    0xA674F000 \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys
    0xA6C58000 \SystemRoot\System32\Drivers\Fips.SYS
    0xA5A76000 \SystemRoot\System32\Drivers\M3000KNT.sys
    0xA6C28000 \SystemRoot\System32\Drivers\STREAM.SYS
    0xA684C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xA5CDF000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xA6C18000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xA5CD7000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0xA5CD3000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xA59A8000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xF7CBD000 \SystemRoot\System32\drivers\Dxapi.sys
    0xA683C000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7E99000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF024000 \SystemRoot\System32\igxpgd32.dll
    0xBF012000 \SystemRoot\System32\igxprd32.dll
    0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
    0xF34FA000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xF6A52000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
    0xF7CED000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xA58DB000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xA5872000 \SystemRoot\System32\Drivers\HTTP.sys
    0xA574B000 \SystemRoot\system32\DRIVERS\srv.sys
    0xA52FE000 \SystemRoot\system32\drivers\wdmaud.sys
    0xA6C88000 \SystemRoot\system32\drivers\sysaudio.sys
    0xF2A26000 \SystemRoot\system32\drivers\mfebopk.sys
    0xA43BE000 \SystemRoot\system32\drivers\mfeavfk.sys
    0xA5030000 \SystemRoot\system32\drivers\mfesmfk.sys
    0xA3301000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 60):
    0 System Idle Process
    4 System
    456 C:\WINDOWS\system32\smss.exe
    512 csrss.exe
    744 C:\WINDOWS\system32\winlogon.exe
    796 C:\WINDOWS\system32\services.exe
    808 C:\WINDOWS\system32\lsass.exe
    960 C:\WINDOWS\system32\svchost.exe
    1044 svchost.exe
    1104 C:\WINDOWS\system32\svchost.exe
    1212 svchost.exe
    1244 svchost.exe
    1488 C:\WINDOWS\system32\spoolsv.exe
    1508 C:\WINDOWS\system32\rundll32.exe
    1596 svchost.exe
    1740 C:\WINDOWS\system32\svchost.exe
    1784 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    1844 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    1860 C:\Program Files\Java\jre6\bin\jqs.exe
    1944 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    2012 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    148 C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
    244 C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
    268 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
    412 C:\Program Files\McAfee\MPF\MpfSrv.exe
    556 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    980 C:\WINDOWS\system32\IoctlSvc.exe
    2428 C:\WINDOWS\explorer.exe
    2676 C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
    2800 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    2816 C:\WINDOWS\system32\hkcmd.exe
    2824 C:\WINDOWS\system32\igfxpers.exe
    2840 C:\WINDOWS\RTHDCPL.EXE
    2872 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    2884 C:\PROGRA~1\LAUNCH~1\LManager.exe
    3036 C:\WINDOWS\system32\igfxsrvc.exe
    3204 C:\WINDOWS\system32\ctfmon.exe
    3224 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    3280 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    3316 C:\WINDOWS\WebCam\M3000\M3000Mnt.exe
    3340 C:\Program Files\Windows Media Player\wmpnscfg.exe
    3456 C:\WINDOWS\system32\igfxext.exe
    3468 C:\Program Files\Acer\Acer VCM\AcerVCM.exe
    3548 C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    3836 C:\Program Files\Acer\Acer VCM\RS_Service.exe
    4012 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    1160 C:\WINDOWS\system32\svchost.exe
    2084 wmpnetwk.exe
    2308 C:\Program Files\Windows Live\Contacts\wlcomm.exe
    1540 C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    3352 alg.exe
    4796 C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    4996 C:\PROGRA~1\Yahoo!\Messenger\Ymsgr_tray.exe
    2628 C:\WINDOWS\system32\wuauclt.exe
    2788 mcupdmgr.exe
    5464 C:\Program Files\Acer\Acer VCM\VC.exe
    3384 C:\Program Files\Mozilla Firefox\firefox.exe
    1372 C:\PROGRA~1\McAfee\MSC\mcupdui.exe
    6016 C:\Program Files\McAfee\VirusScan\mcinsupd.exe
    6068 C:\Documents and Settings\Worm Jerry\My Documents\Downloads\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`c0200000 (NTFS)

    PhysicalDrive0 Model Number: HitachiHTS543216L9SA00, Rev: FB2OC40C

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


    Done!
     
  8. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Looks good, go on...
     
  9. Wormjerry

    Wormjerry TS Rookie Topic Starter Posts: 59

    ComboFix 10-09-09.04 - Worm Jerry 09/10/2010 23:26:09.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.557 [GMT -7:00]
    Running from: c:\documents and settings\Worm Jerry\My Documents\Downloads\ComboFix.exe
    AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Worm Jerry\Local Settings\Application Data\Windows Server
    c:\documents and settings\Worm Jerry\Local Settings\Application Data\Windows Server\flags.ini
    c:\documents and settings\Worm Jerry\Local Settings\Application Data\Windows Server\server.dat
    c:\documents and settings\Worm Jerry\Local Settings\Application Data\Windows Server\uses32.dat
    c:\windows\Bsizaa.exe
    c:\windows\system32\lsp113.dll

    c:\windows\system32\winlogon.exe . . . is infected!!

    c:\windows\explorer.exe . . . is infected!!

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_6TO4
    -------\Service_6to4


    ((((((((((((((((((((((((( Files Created from 2010-08-11 to 2010-09-11 )))))))))))))))))))))))))))))))
    .

    2010-09-08 04:18 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-09-08 04:18 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-08 04:17 . 2010-09-08 04:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-09-08 03:03 . 2010-09-08 03:03 388096 ----a-r- c:\documents and settings\Worm Jerry\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-09-08 03:03 . 2010-09-08 03:03 -------- d-----w- c:\program files\Trend Micro
    2010-09-04 00:33 . 2010-09-04 16:58 -------- d-----w- c:\program files\Spyware Doctor
    2010-09-04 00:33 . 2010-09-04 16:58 -------- d-----w- c:\program files\Common Files\PC Tools
    2010-09-04 00:32 . 2010-09-04 16:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-09-03 23:36 . 2010-09-03 23:36 -------- d-----w- c:\program files\ESET
    2010-09-03 07:31 . 2010-09-03 07:31 -------- d-----w- c:\documents and settings\Worm Jerry\Application Data\Malwarebytes
    2010-09-03 07:31 . 2010-09-03 07:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-09-02 05:19 . 2010-09-02 05:19 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
    2010-09-01 11:19 . 2010-09-01 11:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
    2010-09-01 08:22 . 2010-09-01 08:22 79360 --sha-r- c:\windows\system32\atmadmp.dll
    2010-09-01 03:19 . 2010-09-01 03:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Yahoo
    2010-09-01 03:18 . 2010-09-01 03:18 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
    2010-09-01 03:18 . 2010-09-01 03:18 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
    2010-08-31 21:01 . 2010-08-31 21:01 -------- d-----w- c:\documents and settings\Worm Jerry\Local Settings\Application Data\jlvviflwj
    2010-08-31 21:01 . 2010-08-31 21:01 -------- d-----w- c:\documents and settings\Worm Jerry\Local Settings\Application Data\gkswilkdc
    2010-08-31 21:01 . 2010-09-01 00:41 -------- d-----w- c:\documents and settings\Worm Jerry\Local Settings\Application Data\atnbhntdr
    2010-08-31 21:00 . 2010-08-31 21:00 -------- d-----w- c:\documents and settings\Worm Jerry\Local Settings\Application Data\moxgfsnhf
    2010-08-28 08:47 . 2010-09-04 17:06 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
    2010-08-25 06:47 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
    2010-08-20 18:57 . 2010-08-20 18:58 -------- d-----w- c:\program files\QuickTime
    2010-08-20 18:57 . 2010-08-20 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-08 05:12 . 2010-07-03 00:02 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-09-04 20:22 . 2010-05-22 01:04 -------- d-----w- c:\program files\McAfee
    2010-09-04 17:18 . 2010-03-06 01:23 -------- d-----w- c:\program files\Yahoo!
    2010-09-04 17:18 . 2010-03-06 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
    2010-09-04 17:14 . 2009-03-12 06:06 -------- d-----w- c:\program files\Google
    2010-09-04 17:10 . 2010-07-03 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
    2010-09-04 17:10 . 2010-01-22 20:52 -------- d-----w- c:\program files\Common Files\DivX Shared
    2010-09-04 17:09 . 2010-01-22 20:52 -------- d-----w- c:\program files\DivX
    2010-09-04 16:47 . 2001-08-17 13:57 11648 ----a-w- c:\windows\system32\drivers\acpiec.sys
    2010-09-03 08:47 . 2009-03-12 06:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Acer GameZone Console
    2010-08-28 09:52 . 2010-08-03 08:17 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
    2010-08-25 22:48 . 2010-03-24 06:06 400 ----a-w- c:\documents and settings\Worm Jerry\Application Data\wklnhst.dat
    2010-08-25 06:45 . 2009-12-13 08:42 -------- d-----w- c:\program files\Windows Media Connect 2
    2010-08-13 22:32 . 2010-05-06 04:52 76112 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-08-12 18:34 . 2009-03-12 06:01 -------- d-----w- c:\program files\Microsoft Works
    2010-08-12 18:13 . 2009-03-12 05:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-08-09 04:00 . 2010-08-09 03:17 -------- d-----w- c:\program files\Magestorm
    2010-08-09 03:22 . 2010-08-09 03:22 33824 ----a-w- c:\windows\system32\drivers\oreans32.sys
    2010-08-08 18:43 . 2009-08-24 21:56 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
    2010-08-03 17:08 . 2010-08-03 01:34 -------- d-----w- c:\program files\AVS4YOU
    2010-08-03 17:08 . 2010-08-03 01:34 -------- d-----w- c:\program files\Common Files\AVSMedia
    2010-08-03 08:17 . 2010-01-22 20:57 -------- d-----w- c:\documents and settings\Worm Jerry\Application Data\DivX
    2010-08-03 01:49 . 2010-08-03 01:49 -------- d-----w- c:\program files\InterLok
    2010-08-03 01:36 . 2010-08-03 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
    2010-08-03 01:36 . 2010-08-03 01:36 -------- d-----w- c:\documents and settings\Worm Jerry\Application Data\AVS4YOU
    2010-08-03 01:36 . 2009-08-24 21:09 76112 ----a-w- c:\documents and settings\Worm Jerry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-07-31 21:37 . 2010-07-31 21:38 411368 ----a-w- c:\windows\system32\deploytk.dll
    2010-07-31 21:37 . 2010-07-31 21:37 -------- d-----w- c:\program files\Java
    2010-07-31 21:37 . 2010-07-31 21:37 152576 ----a-w- c:\documents and settings\Worm Jerry\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
    2010-07-31 21:36 . 2010-07-31 21:35 79488 ----a-w- c:\documents and settings\Worm Jerry\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
    2010-07-22 03:58 . 2010-07-13 23:23 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-07-16 19:34 . 2010-07-16 19:30 -------- d-----w- c:\program files\Common Files\Adobe
    2010-07-15 22:18 . 2010-05-22 01:04 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
    2010-07-14 09:03 . 2010-07-14 09:03 -------- d-----w- c:\documents and settings\NetworkService\Application Data\DivX
    2010-06-30 12:31 . 2009-03-11 12:53 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:15 . 2009-03-11 12:53 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-06-24 12:15 . 2009-03-11 12:52 17408 ----a-w- c:\windows\system32\corpol.dll
    2010-06-24 12:10 . 2009-03-11 12:53 667136 ----a-w- c:\windows\system32\wininet.dll
    2010-06-23 13:44 . 2009-03-11 12:53 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-21 15:27 . 2009-03-11 12:53 354304 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-06-17 14:03 . 2009-03-11 12:53 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 14:31 . 2009-03-12 05:06 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    2010-06-14 07:41 . 2009-03-11 12:53 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2010-07-06 22:38 . 2010-07-06 22:38 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .

    ------- Sigcheck -------

    [-] 2008-04-14 . 77F4BE7A778F6330779784D64F0DE94D . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

    [-] 2008-04-14 . 08F7661C81DA72EF96B31217C211BC40 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-02-17 5244216]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-31 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "M3000Mnt"="M3000Rmv.dll " [X]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
    "RTHDCPL"="RTHDCPL.EXE" [2009-02-24 17529856]
    "AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-05 1430824]
    "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-30 875016]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-06 30192]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
    "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-07 236016]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
    "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-3-11 565248]
    InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-8-27 114688]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26666:TCP"= 26666:TCP:spport
    "24027:TCP"= 24027:TCP:spport
    "15825:TCP"= 15825:TCP:spport
    "24262:TCP"= 24262:TCP:spport
    "24152:TCP"= 24152:TCP:spport
    "11508:TCP"= 11508:TCP:spport

    R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [8/8/2010 8:22 PM 33824]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [5/21/2010 6:07 PM 203280]
    R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [3/11/2009 11:32 PM 237568]
    R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/3/2009 8:03 PM 38912]
    R3 M3000Srv;WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [6/22/2009 4:28 PM 145408]
    S0 axcrng;axcrng; [x]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/23/2010 1:39 AM 135664]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/11/2009 10:56 PM 1684736]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [3/11/2009 11:06 PM 30192]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [3/11/2009 10:54 PM 162816]
    S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-08-17 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

    2010-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-23 08:38]

    2010-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-23 08:38]

    2010-06-15 c:\windows\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2010-05-22 19:22]

    2010-09-01 c:\windows\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2010-05-22 19:22]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.entru.com/?s=21982
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
    FF - ProfilePath - c:\documents and settings\Worm Jerry\Application Data\Mozilla\Firefox\Profiles\bz5lle5a.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
    FF - plugin: c:\documents and settings\Worm Jerry\Application Data\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: c:\windows\system32\TVUAx\npTVUAx.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    - - - - ORPHANS REMOVED - - - -

    SafeBoot-klmdb.sys
    AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-09-10 23:36
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(744)
    c:\windows\system32\l3codeca.acm

    - - - - - - - > 'explorer.exe'(1720)
    c:\program files\McAfee\SiteAdvisor\saHook.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\rundll32.exe
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\progra~1\McAfee\MSC\mcmscsvc.exe
    c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
    c:\program files\McAfee\MPF\MPFSrv.exe
    c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
    c:\windows\system32\IoctlSvc.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\progra~1\mcafee.com\agent\mcagent.exe
    c:\windows\RTHDCPL.EXE
    c:\windows\system32\igfxsrvc.exe
    c:\windows\WebCam\M3000\M3000Mnt.exe
    c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
    c:\windows\system32\igfxext.exe
    c:\progra~1\Yahoo!\Messenger\ymsgr_tray.exe
    c:\program files\Windows Live\Contacts\wlcomm.exe
    .
    **************************************************************************
    .
    Completion time: 2010-09-10 23:42:30 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-09-11 06:42

    Pre-Run: 103,295,287,296 bytes free
    Post-Run: 103,161,827,328 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    - - End Of File - - 710852E4ABC619D9437FCF8938D2C30B
     
  10. Wormjerry

    Wormjerry TS Rookie Topic Starter Posts: 59

    after running combofix i restarted but now i have just limited or no connectivity on the netbook but i have my folder options back haha
     
  11. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    You're still seriously infected...

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box into the main textfield:
      Code:
      :filefind
      explorer.exe
      winlogon.exe
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt

    ======================================================================

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\atmadmp.dll
    
    
    Folder::
    c:\documents and settings\Worm Jerry\Local Settings\Application Data\jlvviflwj
    c:\documents and settings\Worm Jerry\Local Settings\Application Data\gkswilkdc
    c:\documents and settings\Worm Jerry\Local Settings\Application Data\atnbhntdr
    c:\documents and settings\Worm Jerry\Local Settings\Application Data\moxgfsnhf
    
    
    Driver::
    axcrng
    
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=-
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
     
  12. Wormjerry

    Wormjerry TS Rookie Topic Starter Posts: 59

    SystemLook 04.09.10 by jpshortstuff
    Log created at 12:54 on 11/09/2010 by Worm Jerry
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "explorer.exe"
    C:\WINDOWS\explorer.exe --a---- 1033728 bytes [12:53 11/03/2009] [12:00 14/04/2008] 08F7661C81DA72EF96B31217C211BC40

    Searching for "winlog.exe"
    No files found.

    -= EOF =-
     
  13. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Go on..............
     
  14. Wormjerry

    Wormjerry TS Rookie Topic Starter Posts: 59

    ComboFix 10-09-11.02 - Worm Jerry 09/11/2010 13:36:00.3.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.599 [GMT -7:00]
    Running from: c:\documents and settings\Worm Jerry\My Documents\ComboFix.exe
    Command switches used :: c:\documents and settings\Worm Jerry\My Documents\CFScript.txt.txt
    AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

    FILE ::
    "c:\windows\system32\atmadmp.dll"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Worm Jerry\Local Settings\Application Data\atnbhntdr
    c:\documents and settings\Worm Jerry\Local Settings\Application Data\gkswilkdc
    c:\documents and settings\Worm Jerry\Local Settings\Application Data\jlvviflwj
    c:\documents and settings\Worm Jerry\Local Settings\Application Data\moxgfsnhf
    c:\windows\system32\atmadmp.dll

    c:\windows\system32\winlogon.exe . . . is infected!!

    c:\windows\explorer.exe . . . is infected!!

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_AXCRNG
    -------\Service_axcrng


    ((((((((((((((((((((((((( Files Created from 2010-08-11 to 2010-09-11 )))))))))))))))))))))))))))))))
    .

    2010-09-08 04:18 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-09-08 04:18 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-08 04:17 . 2010-09-08 04:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-09-08 03:03 . 2010-09-08 03:03 388096 ----a-r- c:\documents and settings\Worm Jerry\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-09-08 03:03 . 2010-09-08 03:03 -------- d-----w- c:\program files\Trend Micro
    2010-09-04 00:33 . 2010-09-04 16:58 -------- d-----w- c:\program files\Spyware Doctor
    2010-09-04 00:33 . 2010-09-04 16:58 -------- d-----w- c:\program files\Common Files\PC Tools
    2010-09-04 00:32 . 2010-09-04 16:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-09-03 23:36 . 2010-09-03 23:36 -------- d-----w- c:\program files\ESET
    2010-09-03 07:31 . 2010-09-03 07:31 -------- d-----w- c:\documents and settings\Worm Jerry\Application Data\Malwarebytes
    2010-09-03 07:31 . 2010-09-03 07:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-09-02 05:19 . 2010-09-02 05:19 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
    2010-09-01 11:19 . 2010-09-01 11:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
    2010-09-01 03:19 . 2010-09-01 03:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Yahoo
    2010-09-01 03:18 . 2010-09-01 03:18 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
    2010-08-28 08:47 . 2010-09-04 17:06 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
    2010-08-25 06:47 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
    2010-08-20 18:57 . 2010-08-20 18:58 -------- d-----w- c:\program files\QuickTime
    2010-08-20 18:57 . 2010-08-20 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-08 05:12 . 2010-07-03 00:02 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-09-04 20:22 . 2010-05-22 01:04 -------- d-----w- c:\program files\McAfee
    2010-09-04 17:18 . 2010-03-06 01:23 -------- d-----w- c:\program files\Yahoo!
    2010-09-04 17:18 . 2010-03-06 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
    2010-09-04 17:14 . 2009-03-12 06:06 -------- d-----w- c:\program files\Google
    2010-09-04 17:10 . 2010-07-03 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
    2010-09-04 17:10 . 2010-01-22 20:52 -------- d-----w- c:\program files\Common Files\DivX Shared
    2010-09-04 17:09 . 2010-01-22 20:52 -------- d-----w- c:\program files\DivX
    2010-09-04 16:47 . 2001-08-17 13:57 11648 ----a-w- c:\windows\system32\drivers\acpiec.sys
    2010-09-03 08:47 . 2009-03-12 06:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Acer GameZone Console
    2010-08-28 09:52 . 2010-08-03 08:17 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
    2010-08-25 22:48 . 2010-03-24 06:06 400 ----a-w- c:\documents and settings\Worm Jerry\Application Data\wklnhst.dat
    2010-08-25 06:45 . 2009-12-13 08:42 -------- d-----w- c:\program files\Windows Media Connect 2
    2010-08-13 22:32 . 2010-05-06 04:52 76112 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-08-12 18:34 . 2009-03-12 06:01 -------- d-----w- c:\program files\Microsoft Works
    2010-08-12 18:13 . 2009-03-12 05:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-08-09 04:00 . 2010-08-09 03:17 -------- d-----w- c:\program files\Magestorm
    2010-08-09 03:22 . 2010-08-09 03:22 33824 ----a-w- c:\windows\system32\drivers\oreans32.sys
    2010-08-08 18:43 . 2009-08-24 21:56 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
    2010-08-03 17:08 . 2010-08-03 01:34 -------- d-----w- c:\program files\AVS4YOU
    2010-08-03 17:08 . 2010-08-03 01:34 -------- d-----w- c:\program files\Common Files\AVSMedia
    2010-08-03 08:17 . 2010-01-22 20:57 -------- d-----w- c:\documents and settings\Worm Jerry\Application Data\DivX
    2010-08-03 01:49 . 2010-08-03 01:49 -------- d-----w- c:\program files\InterLok
    2010-08-03 01:36 . 2010-08-03 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
    2010-08-03 01:36 . 2010-08-03 01:36 -------- d-----w- c:\documents and settings\Worm Jerry\Application Data\AVS4YOU
    2010-08-03 01:36 . 2009-08-24 21:09 76112 ----a-w- c:\documents and settings\Worm Jerry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-07-31 21:37 . 2010-07-31 21:38 411368 ----a-w- c:\windows\system32\deploytk.dll
    2010-07-31 21:37 . 2010-07-31 21:37 -------- d-----w- c:\program files\Java
    2010-07-31 21:37 . 2010-07-31 21:37 152576 ----a-w- c:\documents and settings\Worm Jerry\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
    2010-07-31 21:36 . 2010-07-31 21:35 79488 ----a-w- c:\documents and settings\Worm Jerry\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
    2010-07-22 03:58 . 2010-07-13 23:23 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-07-16 19:34 . 2010-07-16 19:30 -------- d-----w- c:\program files\Common Files\Adobe
    2010-07-15 22:18 . 2010-05-22 01:04 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
    2010-07-14 09:03 . 2010-07-14 09:03 -------- d-----w- c:\documents and settings\NetworkService\Application Data\DivX
    2010-06-30 12:31 . 2009-03-11 12:53 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:15 . 2009-03-11 12:53 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-06-24 12:15 . 2009-03-11 12:52 17408 ----a-w- c:\windows\system32\corpol.dll
    2010-06-24 12:10 . 2009-03-11 12:53 667136 ----a-w- c:\windows\system32\wininet.dll
    2010-06-23 13:44 . 2009-03-11 12:53 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-21 15:27 . 2009-03-11 12:53 354304 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-06-17 14:03 . 2009-03-11 12:53 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 14:31 . 2009-03-12 05:06 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    2010-06-14 07:41 . 2009-03-11 12:53 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2010-07-06 22:38 . 2010-07-06 22:38 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .

    ------- Sigcheck -------

    [-] 2008-04-14 . 77F4BE7A778F6330779784D64F0DE94D . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

    [-] 2008-04-14 . 08F7661C81DA72EF96B31217C211BC40 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
    .
    ((((((((((((((((((((((((((((( SnapShot@2010-09-11_06.37.12 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-09-11 20:42 . 2010-09-11 20:42 16384 c:\windows\Temp\Perflib_Perfdata_6d8.dat
    + 2010-09-11 07:09 . 2010-09-11 07:09 16384 c:\windows\Temp\Perflib_Perfdata_644.dat
    - 2009-03-11 12:53 . 2010-09-11 05:53 68734 c:\windows\system32\perfc009.dat
    + 2009-03-11 12:53 . 2010-09-11 07:13 68734 c:\windows\system32\perfc009.dat
    + 2010-09-11 19:46 . 2010-09-11 19:46 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2009-08-24 21:03 . 2010-09-11 06:13 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2009-08-24 21:03 . 2010-09-11 19:46 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2010-09-11 19:46 . 2010-09-11 19:46 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2009-03-11 12:53 . 2010-09-11 05:53 434598 c:\windows\system32\perfh009.dat
    + 2009-03-11 12:53 . 2010-09-11 07:13 434598 c:\windows\system32\perfh009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-02-17 5244216]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-31 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "M3000Mnt"="M3000Rmv.dll " [X]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
    "RTHDCPL"="RTHDCPL.EXE" [2009-02-24 17529856]
    "AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-05 1430824]
    "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-30 875016]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-06 30192]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
    "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-07 236016]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
    "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-3-11 565248]
    InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-8-27 114688]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26666:TCP"= 26666:TCP:spport
    "24027:TCP"= 24027:TCP:spport
    "15825:TCP"= 15825:TCP:spport
    "24262:TCP"= 24262:TCP:spport
    "24152:TCP"= 24152:TCP:spport
    "11508:TCP"= 11508:TCP:spport

    R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [8/8/2010 8:22 PM 33824]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [5/21/2010 6:07 PM 203280]
    R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [3/11/2009 11:32 PM 237568]
    R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/3/2009 8:03 PM 38912]
    R3 M3000Srv;WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [6/22/2009 4:28 PM 145408]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/23/2010 1:39 AM 135664]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/11/2009 10:56 PM 1684736]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [3/11/2009 11:06 PM 30192]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [3/11/2009 10:54 PM 162816]
    S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-08-17 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

    2010-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-23 08:38]

    2010-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-23 08:38]

    2010-06-15 c:\windows\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2010-05-22 19:22]

    2010-09-01 c:\windows\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2010-05-22 19:22]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.entru.com/?s=21982
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
    FF - ProfilePath - c:\documents and settings\Worm Jerry\Application Data\Mozilla\Firefox\Profiles\bz5lle5a.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
    FF - plugin: c:\documents and settings\Worm Jerry\Application Data\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: c:\windows\system32\TVUAx\npTVUAx.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-09-11 13:45
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(744)
    c:\windows\system32\l3codeca.acm

    - - - - - - - > 'explorer.exe'(544)
    c:\program files\McAfee\SiteAdvisor\saHook.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\progra~1\McAfee\MSC\mcmscsvc.exe
    c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
    c:\program files\McAfee\MPF\MPFSrv.exe
    c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
    c:\windows\system32\IoctlSvc.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\windows\system32\wscntfy.exe
    c:\progra~1\mcafee.com\agent\mcagent.exe
    c:\windows\RTHDCPL.EXE
    c:\windows\system32\igfxsrvc.exe
    c:\windows\WebCam\M3000\M3000Mnt.exe
    c:\windows\system32\igfxext.exe
    c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
    c:\program files\Windows Live\Contacts\wlcomm.exe
    c:\progra~1\Yahoo!\Messenger\ymsgr_tray.exe
    .
    **************************************************************************
    .
    Completion time: 2010-09-11 13:49:43 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-09-11 20:49

    Pre-Run: 103,144,464,384 bytes free
    Post-Run: 103,122,341,888 bytes free

    - - End Of File - - AB1423EBA704BFA99B93590798D05BFD
     
  15. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Do you have Windows XP CD?


    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    winlogon.exe
    explorer.exe
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  16. Wormjerry

    Wormjerry TS Rookie Topic Starter Posts: 59

    i dont have the windows xp cd it came pre installed its a netbook w/ no cd drive should i still follow with the last step??
     
  17. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Yes, please.
    I assume, you must have at least USB port?
     
  18. Wormjerry

    Wormjerry TS Rookie Topic Starter Posts: 59

    OTL logfile created on: 9/13/2010 11:27:50 AM - Run 1
    OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\Worm Jerry\My Documents
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,014.00 Mb Total Physical Memory | 481.00 Mb Available Physical Memory | 47.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 142.05 Gb Total Space | 96.06 Gb Free Space | 67.63% Space Free | Partition Type: NTFS
    Drive D: | 955.73 Mb Total Space | 5.00 Mb Free Space | 0.52% Space Free | Partition Type: FAT
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: WORMJERRY
    Current User Name: Worm Jerry
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/09/13 11:00:16 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Worm Jerry\My Documents\OTL.exe
    PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
    PRC - [2010/04/16 18:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
    PRC - [2010/02/17 16:52:00 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
    PRC - [2010/02/17 15:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
    PRC - [2010/02/11 12:36:12 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
    PRC - [2010/02/11 12:36:12 | 000,806,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcupdmgr.exe
    PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
    PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
    PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
    PRC - [2009/02/11 15:46:28 | 000,565,248 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
    PRC - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
    PRC - [2009/01/23 10:46:14 | 000,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    PRC - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    PRC - [2008/12/30 10:51:08 | 000,438,272 | ---- | M] (Oberon Media Inc.) -- C:\Program Files\Acer GameZone\Fizzball\Launch.exe
    PRC - [2008/12/30 00:09:54 | 000,875,016 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
    PRC - [2008/10/14 11:15:08 | 000,032,768 | ---- | M] () -- C:\WINDOWS\WebCam\M3000\M3000Mnt.exe
    PRC - [2008/07/17 16:45:04 | 000,114,688 | ---- | M] (InterVideo Inc.) -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    PRC - [2008/06/24 16:06:06 | 001,840,424 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    PRC - [2008/06/08 09:31:04 | 002,221,352 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
    PRC - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2008/04/15 17:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/02/27 18:00:10 | 000,170,520 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
    PRC - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
     
  19. Wormjerry

    Wormjerry TS Rookie Topic Starter Posts: 59

    ========== Modules (SafeList) ==========

    MOD - [2010/09/13 11:00:16 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Worm Jerry\My Documents\OTL.exe
    MOD - [2009/01/23 10:46:18 | 000,013,840 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll
    MOD - [2008/04/14 05:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2010/07/06 15:38:18 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
    SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
    SRV - [2010/04/28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
    SRV - [2010/02/24 13:16:08 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV - [2010/02/17 16:52:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
    SRV - [2010/02/17 15:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
    SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
    SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
    SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
    SRV - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
    SRV - [2009/01/23 10:46:14 | 000,203,280 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
    SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\Rts5161ccid.sys -- (USBCCID)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\Rts516xIR.sys -- (Rts516xIR)
    DRV - File not found [Kernel | On_Demand | Stopped] -- c:\acernb\int15.sys -- (int15.sys)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btwmodem.sys -- (btwmodem)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btwhid.sys -- (btwhid)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btport.sys -- (BTDriver)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\btaudio.sys -- (btaudio)
    DRV - [2010/08/08 20:22:40 | 000,033,824 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32)
    DRV - [2010/07/15 15:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
    DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
    DRV - [2010/02/17 16:52:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2010/02/17 16:52:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2010/02/17 16:52:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
    DRV - [2010/02/17 16:52:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2010/02/17 16:52:10 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
    DRV - [2009/05/21 14:39:54 | 000,090,472 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
    DRV - [2009/03/01 22:03:46 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
    DRV - [2009/02/25 20:17:52 | 001,344,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
    DRV - [2009/02/24 01:49:44 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2009/02/05 03:33:04 | 000,205,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
    DRV - [2009/02/02 23:42:30 | 000,162,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV - [2009/01/02 18:33:54 | 000,145,408 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\M3000KNT.sys -- (M3000Srv)
    DRV - [2008/08/05 05:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
    DRV - [2008/04/15 17:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
    DRV - [2008/04/14 05:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2008/04/14 05:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2008/04/14 05:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2008/04/14 05:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2008/04/14 05:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2008/04/14 05:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2008/04/14 05:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2008/04/14 05:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2008/04/14 05:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2008/04/14 05:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2008/04/14 05:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2008/04/14 05:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2008/04/14 05:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2008/04/14 05:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2008/04/14 05:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
    DRV - [2008/04/14 05:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2008/04/14 00:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/14 00:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2008/02/14 16:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
    DRV - [2007/08/26 21:58:18 | 000,074,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
    DRV - [2006/11/02 06:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
    DRV - [2006/01/04 00:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
    DRV - [2004/12/07 23:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.entru.com/?s=21982
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
    FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8

    FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/09/05 19:31:12 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/20 11:57:05 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/30 23:44:03 | 000,000,000 | ---D | M]

    [2009/08/24 14:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Mozilla\Extensions
    [2010/09/12 14:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Mozilla\Firefox\Profiles\bz5lle5a.default\extensions
    [2010/08/30 20:32:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Worm Jerry\Application Data\Mozilla\Firefox\Profiles\bz5lle5a.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2010/06/12 20:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Mozilla\Firefox\Profiles\bz5lle5a.default\extensions\firefox@tvunetworks.com
    [2010/08/12 12:40:44 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Application Data\Mozilla\Firefox\Profiles\bz5lle5a.default\searchplugins\search-the-web.xml
    [2010/09/10 23:01:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

    O1 HOSTS File: ([2010/09/11 13:45:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
     
  20. Wormjerry

    Wormjerry TS Rookie Topic Starter Posts: 59

    O4 - HKLM..\Run: [M3000Mnt] File not found
    O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
    O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
    O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
    O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
    O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk = C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/03/11 22:07:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (17183584330711040)

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/09/13 11:26:12 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Worm Jerry\My Documents\OTL.exe
    [2010/09/11 16:12:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Arcade Lab
    [2010/09/11 16:10:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/09/11 13:34:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/09/10 23:22:07 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/09/10 23:15:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/09/10 23:15:05 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/09/10 23:15:05 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/09/10 23:14:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/09/10 23:11:14 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/09/07 21:18:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/09/07 21:18:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/09/07 21:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/09/07 20:03:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010/09/03 17:33:07 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
    [2010/09/03 17:33:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
    [2010/09/03 17:32:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application
    Data\TEMP
    [2010/09/03 16:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2010/09/03 00:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Worm Jerry\Application Data\Malwarebytes
    [2010/09/03 00:31:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/09/02 22:07:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
    [2010/09/01 22:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
    [2010/09/01 04:19:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
    [2010/09/01 04:19:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
    [2010/08/31 20:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Yahoo
    [2010/08/31 20:19:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2010/08/31 20:18:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
    [2010/08/31 14:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2010/08/31 14:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2010/08/20 11:57:55 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2010/08/20 11:57:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
    [2010/08/08 20:17:21 | 000,000,000 | ---D | C] -- C:\Program Files\Magestorm
    [2010/08/04 09:52:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
    [2010/08/02 18:49:23 | 000,000,000 | ---D | C] -- C:\Program Files\InterLok
    [2010/08/02 18:36:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
    [2010/08/02 18:36:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Worm Jerry\Application Data\AVS4YOU
    [2010/08/02 18:34:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
    [2010/08/02 18:34:07 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
    [2010/07/31 14:37:29 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2010/07/31 14:35:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Worm Jerry\Application Data\Sun
    [2010/07/21 17:04:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Worm Jerry\Desktop\burningangel
    [2010/07/16 12:30:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
    [2010/07/14 02:03:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\DivX
    [2010/07/03 16:18:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
    [2010/07/02 17:20:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Worm Jerry\Tracing
    [2010/07/02 17:02:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
    [2010/07/02 17:00:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
    [2010/07/02 16:56:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
    [2010/07/01 02:38:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Worm Jerry\My Documents\ms_rockstar_sam
    [2010/06/16 22:49:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Worm Jerry\My Documents\NP_1198
    [2010/06/16 22:10:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Worm Jerry\My Documents\1204
    [2009/03/11 05:53:14 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll

    ========== Files - Modified Within 90 Days ==========

    [2010/09/13 11:00:16 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Worm Jerry\My Documents\OTL.exe
    [2010/09/12 23:49:07 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/09/11 13:57:40 | 000,511,030 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/09/11 13:57:40 | 000,434,598 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/09/11 13:57:40 | 000,068,734 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/09/11 13:55:03 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/09/11 13:52:28 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/09/11 13:52:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/09/11 13:52:23 | 1063,198,720 | -HS- | M] () -- C:\hiberfil.sys
    [2010/09/11 13:51:29 | 000,018,941 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
    [2010/09/11 13:51:28 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Worm Jerry\NTUSER.DAT
    [2010/09/11 13:51:28 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Worm Jerry\ntuser.ini
    [2010/09/11 13:51:21 | 004,306,626 | -H-- | M] () -- C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\IconCache.db
    [2010/09/11 13:45:28 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/09/11 13:45:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/09/11 12:52:16 | 003,842,655 | R--- | M] () -- C:\Documents and Settings\Worm Jerry\My Documents\ComboFix.exe
    [2010/09/11 12:45:56 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\SystemLook.exe
    [2010/09/10 23:22:12 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2010/09/08 07:42:24 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2010/09/07 21:18:06 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/09/07 20:04:36 | 000,002,457 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\HiJackThis.lnk
    [2010/09/06 19:56:05 | 001,891,254 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\untitled.bmp
    [2010/09/06 02:09:10 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/09/05 21:47:08 | 000,067,584 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/09/04 10:17:27 | 000,000,230 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
    [2010/09/01 16:48:48 | 000,043,454 | ---- | M] () -- C:\WINDOWS\System32\xkqon
    [2010/09/01 10:24:15 | 000,000,004 | -H-- | M] () -- C:\WINDOWS\System32\iexplore.sy_
    [2010/09/01 01:44:08 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
    [2010/08/30 23:44:04 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010/08/30 16:11:49 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\rsume(3).doc
    [2010/08/25 15:48:46 | 000,000,400 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Application Data\wklnhst.dat
     
  21. Wormjerry

    Wormjerry TS Rookie Topic Starter Posts: 59

    [2010/08/24 23:57:18 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2010/08/24 23:57:18 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\Windows Media Player.lnk
    [2010/08/24 23:56:28 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
    [2010/08/24 23:56:28 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
    [2010/08/24 23:40:24 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/08/21 13:51:11 | 000,000,115 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Application Data\default.pls
    [2010/08/19 16:09:37 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\My Documents\rsume slojobs.wps
    [2010/08/16 17:30:43 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/08/13 16:50:33 | 000,002,249 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Magestorm.lnk
    [2010/08/12 23:02:27 | 000,297,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/08/08 20:22:40 | 000,033,824 | ---- | M] () -- C:\WINDOWS\System32\drivers\oreans32.sys
    [2010/08/03 17:59:50 | 000,674,283 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\My Documents\justin app.pdf
    [2010/08/02 18:36:14 | 000,076,112 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2010/07/28 18:34:37 | 000,314,048 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\My Documents\Doc1.docx
    [2010/07/21 20:58:41 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/07/15 15:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys

    ========== Files Created - No Company Name ==========

    [2010/09/11 13:06:26 | 003,842,655 | R--- | C] () -- C:\Documents and Settings\Worm Jerry\My Documents\ComboFix.exe
    [2010/09/11 12:49:47 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\SystemLook.exe
    [2010/09/10 23:22:12 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/09/10 23:22:08 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/09/10 23:15:05 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/09/10 23:15:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/09/10 23:15:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/09/10 23:15:05 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/09/10 23:15:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/09/08 12:52:46 | 1063,198,720 | -HS- | C] () -- C:\hiberfil.sys
    [2010/09/07 21:18:06 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/09/07 20:03:36 | 000,002,457 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\HiJackThis.lnk
    [2010/09/06 19:56:04 | 001,891,254 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\untitled.bmp
    [2010/09/04 10:17:27 | 000,000,230 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
    [2010/09/01 16:48:48 | 000,043,454 | ---- | C] () -- C:\WINDOWS\System32\xkqon
    [2010/09/01 10:24:15 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\System32\iexplore.sy_
    [2010/08/30 22:26:12 | 000,010,210 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\thunder_3.wav
    [2010/08/25 15:52:59 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\rsume(3).doc
    [2010/08/08 20:22:40 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
    [2010/08/08 20:17:22 | 000,002,249 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Magestorm.lnk
    [2010/07/28 18:34:35 | 000,314,048 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\My Documents\Doc1.docx
    [2010/07/16 12:32:04 | 000,001,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010/07/14 02:02:14 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/07/13 16:23:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/05/19 17:12:01 | 000,000,087 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\FASTWiz.log
    [2010/03/23 23:06:38 | 000,000,400 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Application Data\wklnhst.dat
    [2009/08/29 02:05:19 | 000,000,115 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Application Data\default.pls
    [2009/08/29 02:04:39 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2009/08/27 23:52:03 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2009/08/27 23:52:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2009/08/27 23:52:03 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2009/08/27 23:52:02 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2009/08/27 23:52:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2009/08/27 23:52:02 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2009/08/27 14:01:20 | 000,067,584 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/06/22 16:28:46 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\M3000DIF.dll
    [2009/06/22 16:28:46 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\M3000KNT.sys
    [2009/06/22 16:28:46 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
    [2009/03/11 23:47:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2009/03/11 22:55:36 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
    [2009/03/11 22:10:15 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2009/03/11 22:05:25 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

    ========== LOP Check ==========

    [2010/09/03 01:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acer GameZone Console
    [2010/09/11 16:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Arcade Lab
    [2009/03/11 23:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
    [2009/12/05 20:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters Inc
    [2010/09/11 17:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/12/05 20:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
    [2009/03/11 23:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Acer
    [2009/03/11 23:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Acer GameZone Console
    [2010/05/30 00:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Facebook
    [2009/12/05 19:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\GetRightToGo
    [2009/10/10 23:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\InterVideo
    [2009/12/05 16:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Research In Motion
    [2009/03/11 23:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Super-Cow
    [2010/03/23 23:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Template
    [2010/06/15 01:28:24 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
    [2010/09/01 01:44:08 | 000,000,328 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/09/10 23:11:14 | 019,001,722 | ---- | M] () -- C:\1.txt
    [2009/03/11 22:07:49 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2009/08/24 14:09:26 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/09/10 23:22:12 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2010/09/11 13:49:43 | 000,018,967 | ---- | M] () -- C:\ComboFix.txt
    [2009/03/11 22:07:49 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010/09/11 13:52:23 | 1063,198,720 | -HS- | M] () -- C:\hiberfil.sys
    [2009/03/11 22:07:49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2009/02/18 02:26:30 | 000,002,016 | ---- | M] () -- C:\MOD01SET0J00P2000K.enc
    [2008/08/06 18:16:21 | 000,002,488 | ---- | M] () -- C:\MOD01WOS02ENP20001.enc
    [2009/03/11 22:07:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2008/04/14 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/04/14 05:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/09/11 13:52:20 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
    [2009/03/11 22:57:01 | 000,001,883 | ---- | M] () -- C:\RHDSetup.log
    [2009/06/22 16:30:20 | 000,000,190 | ---- | M] () -- C:\Setup.log
    [2010/09/03 17:29:06 | 000,051,208 | ---- | M] () -- C:\TDSSKiller.2.4.2.0_03.09.2010_17.26.44_log.txt

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/03/11 22:07:26 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
    [2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/04/17 00:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2010/05/19 17:32:07 | 000,001,682 | -H-- | M] () -- C:\Documents and Settings\Worm Jerry\Application Data\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2009/03/11 14:02:31 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2009/03/11 14:02:31 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2009/03/11 14:02:31 | 000,901,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2009/03/11 22:07:50 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/08/24 14:09:52 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Worm Jerry\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2009/03/11 22:10:30 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2008/03/10 14:48:26 | 002,939,142 | ---- | M] (Plaino ) -- C:\Documents and Settings\Worm Jerry\Desktop\FLVplayr.exe
    [2010/09/11 12:45:56 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\SystemLook.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >
    [2003/09/22 14:36:46 | 000,013,448 | ---- | M] () -- C:\WINDOWS\M3000Twn.src

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2010/09/11 12:52:16 | 003,842,655 | R--- | M] () -- C:\Documents and Settings\Worm Jerry\My Documents\ComboFix.exe
    [2010/05/21 17:34:31 | 002,993,776 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Worm Jerry\My Documents\DMSetup-Serial.exe
    [2010/09/13 11:00:16 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Worm Jerry\My Documents\OTL.exe
     
  22. Wormjerry

    Wormjerry TS Rookie Topic Starter Posts: 59

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2008/04/14 05:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/08/24 14:09:52 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Worm Jerry\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2010/09/02 12:06:52 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Worm Jerry\Cookies\desktop.ini
    [2010/09/12 23:58:49 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\Worm Jerry\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2009/01/30 17:40:22 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/14 05:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2007/04/03 00:37:24 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2007/04/03 00:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 07:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/14 00:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/14 06:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2007/04/03 00:37:24 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2007/04/03 00:37:24 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2007/04/03 00:37:26 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2007/04/03 00:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2007/04/03 00:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < MD5 for: EXPLORER.EXE >
    [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=08F7661C81DA72EF96B31217C211BC40 -- C:\WINDOWS\explorer.exe

    < MD5 for: WINLOGON.EXE >
    [2008/04/14 05:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=77F4BE7A778F6330779784D64F0DE94D -- C:\WINDOWS\system32\winlogon.exe

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF61E54
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C491D31
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB689DEA
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
    @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94213A87
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE16379
    < End of report >
     
  23. Wormjerry

    Wormjerry TS Rookie Topic Starter Posts: 59

    and the "Extra"
    OTL Extras logfile created on: 9/13/2010 11:27:50 AM - Run 1
    OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\Worm Jerry\My Documents
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,014.00 Mb Total Physical Memory | 481.00 Mb Available Physical Memory | 47.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 142.05 Gb Total Space | 96.06 Gb Free Space | 67.63% Space Free | Partition Type: NTFS
    Drive D: | 955.73 Mb Total Space | 5.00 Mb Free Space | 0.52% Space Free | Partition Type: FAT
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: WORMJERRY
    Current User Name: Worm Jerry
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22002
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "26666:TCP" = 26666:TCP:*:Enabled:spport
    "24027:TCP" = 24027:TCP:*:Enabled:spport
    "15825:TCP" = 15825:TCP:*:Enabled:spport
    "24262:TCP" = 24262:TCP:*:Enabled:spport
    "24152:TCP" = 24152:TCP:*:Enabled:spport
    "11508:TCP" = 11508:TCP:*:Enabled:spport

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
     
  24. Wormjerry

    Wormjerry TS Rookie Topic Starter Posts: 59

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
    "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
    "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
    "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
    "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{56A648C2-D185-46A9-BBFF-78AE7A503000}" = Webcam
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
    "{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{73C49216-72A6-42F6-BCD4-DAC5842CA744}" = Magestorm
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11109097}" = Luxor - Amun Rising
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111940693}" = Bookworm Adventures
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11198580}" = Fizzball
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113644907}" = Gold Miner Vegas
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113938743}" = Supercow
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115329757}" = Jewelleria
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = IntelĀ® Matrix Storage Manager
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
    "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
    "{9D2B0720-4787-437E-A949-97D01BF64BAE}_is1" = C:\Program Files\Acer GameZone\GameConsole
    "{A13800EC-419B-4127-9AD4-9678F8481033}" = Nero 8 Essentials
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B28759B8-5FC6-4F56-9C6C-6EDAD36455A9}" = Roxio Media Manager
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
    "{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
    "Acer Screensaver" = Acer ScreenSaver
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "BlackBerry_{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
    "Carbonite Setup Lite" = Carbonite Online Backup Setup
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "ESET Online Scanner" = ESET Online Scanner v3
    "Google Desktop" = Google Desktop
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
    "LManager" = Launch Manager
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
    "MSC" = McAfee SecurityCenter
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Yahoo! Messenger" = Yahoo! Messenger

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Facebook Plug-In" = Facebook Plug-In

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 9/11/2010 3:09:04 AM | Computer Name = WORMJERRY | Source = JavaQuickStarterService | ID = 1
    Description =

    Error - 9/11/2010 3:29:51 AM | Computer Name = WORMJERRY | Source = Application Hang | ID = 1002
    Description = Hanging application notepad.exe, version 5.1.2600.5512, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 9/11/2010 3:49:19 PM | Computer Name = WORMJERRY | Source = Google Update | ID = 20
    Description =

    Error - 9/11/2010 4:42:58 PM | Computer Name = WORMJERRY | Source = JavaQuickStarterService | ID = 1
    Description =

    Error - 9/11/2010 4:49:05 PM | Computer Name = WORMJERRY | Source = Google Update | ID = 20
    Description =

    Error - 9/11/2010 4:52:29 PM | Computer Name = WORMJERRY | Source = JavaQuickStarterService | ID = 1
    Description =

    Error - 9/11/2010 7:49:07 PM | Computer Name = WORMJERRY | Source = Google Update | ID = 20
    Description =

    Error - 9/12/2010 4:49:16 PM | Computer Name = WORMJERRY | Source = Google Update | ID = 20
    Description =

    Error - 9/13/2010 2:49:07 AM | Computer Name = WORMJERRY | Source = Google Update | ID = 20
    Description =

    Error - 9/13/2010 2:24:07 PM | Computer Name = WORMJERRY | Source = McLogEvent | ID = 5051
    Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
    longer than 90000 ms to complete a request. The process will be terminated. Thread
    id : 3748 (0xea4) Thread address : 0x7C8024DB Thread message : Build VSCORE.14.0.0.435
    / 5400.1158 Object being scanned = \Device\HarddiskVolume2\WINDOWS\explorer.exe

    by \??\C:\WINDOWS\system32\winlogon.exe 4(437)(0) 4(437)(0) 7200(437)(0) 7595(437)(0)

    7005(437)(0) 7004(437)(0) 5006(375)(0) 5004(375)(0)

    [ System Events ]
    Error - 9/11/2010 4:55:17 PM | Computer Name = WORMJERRY | Source = WMPNetworkSvc | ID = 866304
    Description = Service 'WMPNetworkSvc' did not start correctly because IUPnPDeviceFinder::StartAsyncFind(MediaRenderer)
    encountered error '0x80004005'. Verify that the UPnPHost service is running and
    that the UPnPHost component of Windows is installed properly.

    Error - 9/11/2010 4:55:33 PM | Computer Name = WORMJERRY | Source = DCOM | ID = 10010
    Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
    with DCOM within the required timeout.

    Error - 9/11/2010 4:55:33 PM | Computer Name = WORMJERRY | Source = Service Control Manager | ID = 7024
    Description = The Background Intelligent Transfer Service service terminated with
    service-specific error 2147952506 (0x8007277A).

    Error - 9/11/2010 4:56:03 PM | Computer Name = WORMJERRY | Source = DCOM | ID = 10010
    Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
    with DCOM within the required timeout.

    Error - 9/11/2010 4:56:03 PM | Computer Name = WORMJERRY | Source = Service Control Manager | ID = 7024
    Description = The Background Intelligent Transfer Service service terminated with
    service-specific error 2147952506 (0x8007277A).

    Error - 9/11/2010 4:56:33 PM | Computer Name = WORMJERRY | Source = DCOM | ID = 10010
    Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
    with DCOM within the required timeout.

    Error - 9/11/2010 4:56:36 PM | Computer Name = WORMJERRY | Source = Service Control Manager | ID = 7024
    Description = The Background Intelligent Transfer Service service terminated with
    service-specific error 2147952506 (0x8007277A).

    Error - 9/11/2010 4:57:06 PM | Computer Name = WORMJERRY | Source = DCOM | ID = 10010
    Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
    with DCOM within the required timeout.

    Error - 9/11/2010 7:02:22 PM | Computer Name = WORMJERRY | Source = DCOM | ID = 10001
    Description = Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493}
    as /. The error: "%233" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    -Embedding

    Error - 9/13/2010 2:24:10 PM | Computer Name = WORMJERRY | Source = Service Control Manager | ID = 7031
    Description = The McAfee Real-time Scanner service terminated unexpectedly. It
    has done this 1 time(s). The following corrective action will be taken in 60000
    milliseconds: Restart the service.


    < End of report >
     
  25. Wormjerry

    Wormjerry TS Rookie Topic Starter Posts: 59

    yea im usein a lil flashdrive now cause with the limited to no connectivity on the netbook i cant connect to internet
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.