also @ TechSpot: Asus' new lineup of Z87 Haswell motherboards revealed

Google redirect and no folder options

Discussion in 'Virus and Malware Removal' started by Wormjerry, Sep 8, 2010.

Page 3 of 5

  1. Broni Malware Annihilator Posts: 39,288   +175

    Is chkdsk done?
    Broni, Sep 14, 2010
    #41

  2. Wormjerry Newcomer, in training Posts: 59

    i only have my background and mouse indicator nothing else on screen all restarts and checkdisk were on its own
    Wormjerry, Sep 14, 2010
    #42

  3. Broni Malware Annihilator Posts: 39,288   +175

    There is a chance, that stupid McAfee removed explorer.exe

    Press CTRL+ALT+DEL to bring up Task Manager.
    Click "New task", type in:
    explorer.exe
    Click OK.
    Is your desktop back?
    Broni, Sep 14, 2010
    #43

  4. Wormjerry Newcomer, in training Posts: 59

    windows cannot find :(
    Wormjerry, Sep 14, 2010
    #44

  5. Broni Malware Annihilator Posts: 39,288   +175

    No worries. We'll fix it.

    Let's see, if we can look at your computer booting from an external source.

    Please download OTLPE (filesize 120,9 MB)

    • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
    • Reboot your system using the boot CD you just created.
      • Note : If you do not know how to set your computer to boot from CD follow the steps here
    • Your system should now display a REATOGO-X-PE desktop.
    • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
    • Double-click on the OTLPE icon.
    • When asked Do you wish to load the remote registry, select Yes
    • When asked Do you wish to load remote user profile(s) for scanning, select Yes
    • Ensure the box Automatically Load All Remaining Users" is checked and press OK
    • OTL should now start.
    • Under the Custom Scan box paste this in:

      /md5start
      explorer.exe
      winlogon.exe
      /md5stop

    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\OTL.txt
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.
    Broni, Sep 14, 2010
    #45

  6. Wormjerry Newcomer, in training Posts: 59

    no cd drive is that ganna b ok??
    Wormjerry, Sep 14, 2010
    #46
     

  7. Broni Malware Annihilator Posts: 39,288   +175

    I forgot, you have no CD drive. Hold on....
    Broni, Sep 14, 2010
    #47

  8. Broni Malware Annihilator Posts: 39,288   +175

    Broni, Sep 14, 2010
    #48

  9. Wormjerry Newcomer, in training Posts: 59

    alright ill give it a shot and continue tomarrow thanks
    Wormjerry, Sep 14, 2010
    #49

  10. Broni Malware Annihilator Posts: 39,288   +175

    We'll fix it, but it'll take a while, especially since my bed time is coming and I have to go to work tomorrow.
    Just be patient and do not try anything by yourself.
    That Bamital trojan, you have is a nasty piece.
    Broni, Sep 14, 2010
    #50

  11. Wormjerry Newcomer, in training Posts: 59

    my bootable flashdrive is now ready
    Wormjerry, Sep 14, 2010
    #51

  12. Broni Malware Annihilator Posts: 39,288   +175

    Boot from it and follow instructions from my reply #45.
    If OTLPE will establish internet connection, you can reply from there.
    If not...
    Do you have 2nd USB port, where you can plug in another USB flash drive to transfer data?
    Broni, Sep 14, 2010
    #52

  13. Wormjerry Newcomer, in training Posts: 59

    OTL logfile created on: 9/15/2010 9:11:47 PM - Run
    OTLPE by OldTimer - Version 3.1.41.0 Folder = X:\Programs\OTLPE
    Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,014.00 Mb Total Physical Memory | 809.00 Mb Available Physical Memory | 80.00% Memory free
    902.00 Mb Paging File | 835.00 Mb Available in Paging File | 93.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 142.05 Gb Total Space | 95.37 Gb Free Space | 67.14% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Drive X: | 959.70 Mb Total Space | 642.89 Mb Free Space | 66.99% Space Free | Partition Type: FAT

    Computer Name: REATOGO
    Current User Name: SYSTEM
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: All users
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard
    Using ControlSet: ControlSet001

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2010/07/06 18:38:18 | 000,030,192 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
    SRV - [2010/06/10 09:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
    SRV - [2010/04/28 10:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
    SRV - [2010/02/24 16:16:08 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV - [2010/02/17 19:52:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
    SRV - [2010/02/17 18:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
    SRV - [2009/10/27 14:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
    SRV - [2009/07/08 14:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
    SRV - [2009/07/07 22:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
    SRV - [2009/02/05 11:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
    SRV - [2009/01/23 13:46:14 | 000,203,280 | ---- | M] () [Auto] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
    SRV - [2009/01/14 20:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2008/04/15 20:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\Rts5161ccid.sys -- (USBCCID)
    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\Rts516xIR.sys -- (Rts516xIR)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
    DRV - File not found [Kernel | System] -- -- (PCIDump)
    DRV - File not found [Kernel | System] -- -- (lbrtfdc)
    DRV - File not found [Kernel | On_Demand] -- c:\acernb\int15.sys -- (int15.sys)
    DRV - File not found [Kernel | System] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btwmodem.sys -- (btwmodem)
    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btwhid.sys -- (btwhid)
    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btport.sys -- (BTDriver)
    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\btaudio.sys -- (btaudio)
    DRV - [2010/08/08 23:22:40 | 000,033,824 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32)
    DRV - [2010/07/15 18:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
    DRV - [2010/04/28 10:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
    DRV - [2010/02/17 19:52:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2010/02/17 19:52:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2010/02/17 19:52:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
    DRV - [2010/02/17 19:52:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2010/02/17 19:52:10 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
    DRV - [2009/05/21 17:39:54 | 000,090,472 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
    DRV - [2009/03/02 01:03:46 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
    DRV - [2009/02/25 23:17:52 | 001,344,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
    DRV - [2009/02/24 04:49:44 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2009/02/05 06:33:04 | 000,205,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
    DRV - [2009/02/03 02:42:30 | 000,162,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV - [2009/01/02 21:33:54 | 000,145,408 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\M3000KNT.sys -- (M3000Srv)
    DRV - [2008/08/05 08:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
    DRV - [2008/04/15 20:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
    DRV - [2008/04/14 08:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2008/04/14 08:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2008/04/14 08:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2008/04/14 08:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2008/04/14 08:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2008/04/14 08:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2008/04/14 08:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2008/04/14 08:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2008/04/14 08:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2008/04/14 08:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2008/04/14 08:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2008/04/14 08:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2008/04/14 08:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2008/04/14 08:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2008/04/14 08:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
    DRV - [2008/04/14 08:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2008/04/14 03:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/14 03:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2008/02/14 19:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
    DRV - [2007/08/27 00:58:18 | 000,074,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
    DRV - [2006/11/02 09:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
    DRV - [2006/01/04 03:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
    DRV - [2004/12/08 02:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0809&m=aspire_one
    IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0809&m=aspire_one
    IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\Worm_Jerry_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.entru.com/?s=21982
    IE - HKU\Worm_Jerry_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

    FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/09/05 22:31:12 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/20 14:57:05 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/31 02:44:03 | 000,000,000 | ---D | M]

    [2010/06/12 19:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Mozilla\Extensions
    [2010/08/30 19:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\fxg7daqc.default\extensions
    [2010/07/25 23:51:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\fxg7daqc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/09/12 17:00:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

    O1 HOSTS File: ([2010/09/11 16:45:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKU\Guest_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKU\Worm_Jerry_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [M3000Mnt] File not found
    Wormjerry, Sep 16, 2010
    #53

  14. Wormjerry Newcomer, in training Posts: 59

    O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
    O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
    O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
    O4 - HKU\Guest_ON_C..\Run: [HNUlaIXnd] C:\DOCUME~1\Guest\LOCALS~1\Temp\avp.exe File not found
    O4 - HKU\Guest_ON_C..\Run: [HNUlaIXnoc] C:\DOCUME~1\Guest\LOCALS~1\Temp\debug.exe File not found
    O4 - HKU\Guest_ON_C..\Run: [HNUlaIXnqe] C:\DOCUME~1\Guest\LOCALS~1\Temp\login.exe File not found
    O4 - HKU\Guest_ON_C..\Run: [HNUlaIXnsf] C:\DOCUME~1\Guest\LOCALS~1\Temp\lsass.exe File not found
    O4 - HKU\Guest_ON_C..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
    O4 - HKU\Guest_ON_C..\Run: [MKcrc] C:\WINDOWS\login.exe File not found
    O4 - HKU\Guest_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
    O4 - HKU\Worm_Jerry_ON_C..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
    O4 - HKU\Worm_Jerry_ON_C..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk = C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\Worm_Jerry_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\Worm_Jerry_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\Worm_Jerry_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/03/12 01:07:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2006/03/24 04:06:42 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF -- [ FAT ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/09/14 14:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Worm Jerry\Desktop\OTLPE
    [2010/09/14 14:45:13 | 000,000,000 | ---D | C] -- C:\eeepcfr
    [2010/09/14 14:43:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Worm Jerry\Desktop\OTLPEStd
    [2010/09/14 14:43:29 | 098,166,081 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\Worm Jerry\Desktop\OTLPEStd.exe
    [2010/09/14 14:43:02 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
    [2010/09/13 23:54:45 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/09/13 14:26:12 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Worm Jerry\My Documents\OTL.exe
    [2010/09/13 14:25:37 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Cookies
    [2010/09/12 16:48:58 | 000,000,000 | --SD | C] -- C:\WINDOWS\system32\config\systemprofile\Cookies
    [2010/09/11 19:10:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/09/11 16:34:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/09/11 02:22:07 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/09/11 02:15:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/09/11 02:15:05 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/09/11 02:15:05 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/09/11 02:14:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/09/11 02:11:14 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/09/08 00:18:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/09/08 00:18:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/09/08 00:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/09/07 23:03:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010/09/03 20:33:07 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
    [2010/09/03 20:33:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
    [2010/09/03 19:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2010/09/03 03:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Worm Jerry\Application Data\Malwarebytes
    [2010/09/03 01:07:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
    [2010/09/02 01:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
    [2010/09/02 01:19:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\Favorites
    [2010/09/01 07:19:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
    [2010/09/01 07:19:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
    [2010/08/31 23:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Yahoo
    [2010/08/31 23:19:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2010/08/31 23:18:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Yahoo!
    [2010/08/31 23:18:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
    [2010/08/31 23:18:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LocalService\Favorites
    [2010/08/31 17:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2010/08/31 17:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2010/08/25 03:08:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\My Documents\My Music
    [2010/08/25 03:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\My Documents
    [2010/08/25 02:48:45 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
    [2010/08/20 14:57:55 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2009/03/11 08:53:14 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll
    Wormjerry, Sep 16, 2010
    #54

  15. Wormjerry Newcomer, in training Posts: 59

    ========== Files - Modified Within 30 Days ==========

    [2010/09/15 23:00:25 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
    [2010/09/15 23:00:25 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
    [2010/09/15 23:00:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/09/15 23:00:17 | 000,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata
    [2010/09/15 23:00:05 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/09/15 23:00:04 | 000,018,941 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
    [2010/09/15 22:59:43 | 1063,198,720 | -HS- | M] () -- C:\hiberfil.sys
    [2010/09/15 22:58:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/09/14 15:49:06 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/09/14 14:24:28 | 098,166,081 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Worm Jerry\Desktop\OTLPEStd.exe
    [2010/09/14 14:23:26 | 000,515,892 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\eeepcfr.zip
    [2010/09/14 03:02:28 | 000,072,704 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/09/14 01:00:48 | 000,511,030 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/09/14 01:00:48 | 000,434,598 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/09/14 01:00:48 | 000,068,734 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/09/14 00:56:08 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/09/14 00:46:36 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Worm Jerry\NTUSER.DAT
    [2010/09/14 00:46:36 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Worm Jerry\ntuser.ini
    [2010/09/14 00:46:29 | 001,835,008 | -H-- | M] () -- C:\Documents and Settings\Guest\NTUSER.DAT
    [2010/09/14 00:10:49 | 004,308,596 | -H-- | M] () -- C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\IconCache.db
    [2010/09/14 00:05:00 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2010/09/13 23:13:08 | 001,578,762 | -H-- | M] () -- C:\Documents and Settings\Guest\Local Settings\Application Data\IconCache.db
    [2010/09/13 14:00:16 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Worm Jerry\My Documents\OTL.exe
    [2010/09/11 16:45:28 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/09/11 16:45:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/09/11 15:52:16 | 003,842,655 | R--- | M] () -- C:\Documents and Settings\Worm Jerry\My Documents\ComboFix.exe
    [2010/09/11 15:45:56 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\SystemLook.exe
    [2010/09/11 02:22:12 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2010/09/07 23:04:36 | 000,002,457 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\HiJackThis.lnk
    [2010/09/06 22:56:05 | 001,891,254 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\untitled.bmp
    [2010/09/06 05:09:10 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/09/05 22:31:32 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/09/04 13:17:27 | 000,000,230 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
    [2010/09/01 19:48:48 | 000,043,454 | ---- | M] () -- C:\WINDOWS\System32\xkqon
    [2010/09/01 13:24:15 | 000,000,004 | -H-- | M] () -- C:\WINDOWS\System32\iexplore.sy_
    [2010/09/01 04:44:08 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
    [2010/08/30 19:11:49 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\rsume(3).doc
    [2010/08/26 21:40:43 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Guest\Desktop\Windows Media Player.lnk
    [2010/08/25 18:48:46 | 000,000,400 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Application Data\wklnhst.dat
    [2010/08/25 02:57:18 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2010/08/25 02:57:18 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\Windows Media Player.lnk
    [2010/08/25 02:56:28 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
    [2010/08/25 02:56:28 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
    [2010/08/21 16:51:11 | 000,000,115 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Application Data\default.pls
    [2010/08/19 19:09:37 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\My Documents\rsume slojobs.wps

    ========== Files Created - No Company Name ==========

    [2010/09/15 22:59:00 | 000,008,212 | ---- | C] () -- C:\WINDOWS\mfebcdata
    [2010/09/14 14:43:27 | 000,515,892 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\eeepcfr.zip
    [2010/09/11 16:06:26 | 003,842,655 | R--- | C] () -- C:\Documents and Settings\Worm Jerry\My Documents\ComboFix.exe
    [2010/09/11 15:49:47 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\SystemLook.exe
    [2010/09/11 02:22:12 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/09/11 02:22:08 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/09/11 02:15:05 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/09/11 02:15:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/09/11 02:15:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/09/11 02:15:05 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/09/11 02:15:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/09/08 15:52:46 | 1063,198,720 | -HS- | C] () -- C:\hiberfil.sys
    [2010/09/07 23:03:36 | 000,002,457 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\HiJackThis.lnk
    [2010/09/06 22:56:04 | 001,891,254 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\untitled.bmp
    [2010/09/04 13:17:27 | 000,000,230 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
    [2010/09/01 19:48:48 | 000,043,454 | ---- | C] () -- C:\WINDOWS\System32\xkqon
    [2010/09/01 13:24:15 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\System32\iexplore.sy_
    [2010/08/31 01:26:12 | 000,010,210 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\thunder_3.wav
    [2010/08/25 18:52:59 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\rsume(3).doc
    [2010/08/08 23:22:40 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
    [2010/07/26 00:32:50 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Guest\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/07/14 05:02:14 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/05/19 20:12:01 | 000,000,087 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\FASTWiz.log
    [2010/05/06 00:52:08 | 001,835,008 | -H-- | C] () -- C:\Documents and Settings\Guest\NTUSER.DAT
    [2010/05/06 00:52:08 | 000,077,824 | -H-- | C] () -- C:\Documents and Settings\Guest\ntuser.dat.LOG
    [2010/05/06 00:52:08 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Guest\ntuser.ini
    [2010/03/24 02:06:38 | 000,000,400 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Application Data\wklnhst.dat
    [2009/08/29 05:05:19 | 000,000,115 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Application Data\default.pls
    [2009/08/29 05:04:39 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2009/08/28 03:07:53 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\.rnd
    [2009/08/28 02:52:03 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2009/08/28 02:52:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2009/08/28 02:52:03 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2009/08/28 02:52:02 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2009/08/28 02:52:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2009/08/28 02:52:02 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2009/08/27 17:01:20 | 000,072,704 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/08/24 17:09:39 | 004,718,592 | -H-- | C] () -- C:\Documents and Settings\Worm Jerry\NTUSER.DAT
    [2009/08/24 17:09:39 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Worm Jerry\ntuser.dat.LOG
    [2009/08/24 17:09:39 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Worm Jerry\ntuser.ini
    [2009/06/22 19:28:46 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\M3000DIF.dll
    [2009/06/22 19:28:46 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\M3000KNT.sys
    [2009/06/22 19:28:46 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
    [2009/06/22 19:26:19 | 000,262,144 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT
    [2009/06/22 19:26:19 | 000,008,192 | -H-- | C] () -- C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
    [2009/03/12 02:47:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2009/03/12 01:55:36 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
    [2009/03/12 01:10:15 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2009/03/12 01:10:02 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
    [2009/03/12 01:10:02 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
    [2009/03/12 01:10:02 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
    [2009/03/12 01:10:02 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
    [2009/03/12 01:10:01 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
    [2009/03/12 01:10:01 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
    [2009/03/12 01:05:25 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

    ========== LOP Check ==========

    [2009/03/12 02:32:46 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Acer
    [2009/03/12 02:06:59 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Acer GameZone Console
    [2009/08/24 17:13:41 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\SACore
    [2009/03/12 02:27:54 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Super-Cow
    [2009/03/12 02:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Acer
    [2009/03/12 02:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Acer GameZone Console
    [2009/03/12 02:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Super-Cow
    [2010/08/08 14:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
    [2009/03/12 02:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Acer
    [2009/03/12 02:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Acer GameZone Console
    [2010/05/30 03:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Facebook
    [2009/12/05 22:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\GetRightToGo
    [2009/10/11 02:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\InterVideo
    [2009/12/05 19:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Research In Motion
    [2009/03/12 02:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Super-Cow
    [2010/03/24 02:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Template
    [2010/06/15 04:28:24 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
    [2010/09/01 04:44:08 | 000,000,328 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

    ========== Purity Check ==========



    ========== Custom Scans ==========



    < MD5 for: EXPLORER.EXE >
    [2004/08/03 17:07:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\Documents and Settings\Worm Jerry\Desktop\OTLPE\I386\EXPLORER.EXE

    < MD5 for: WINLOGON.EXE >
    [2004/08/03 17:07:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\Documents and Settings\Worm Jerry\Desktop\OTLPE\I386\SYSTEM32\WINLOGON.EXE
    [2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=77F4BE7A778F6330779784D64F0DE94D -- C:\WINDOWS\system32\winlogon.exe
    < End of report >
    Wormjerry, Sep 16, 2010
    #55

  16. Broni Malware Annihilator Posts: 39,288   +175

    Excellent job :)

    Yeah. This is what I thought. McAfee whacked explorer.exe.


    Do this on the computer you are posting from:
    Copy the text in the codebox below:


    Code:
    :OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKLM..\Run: [M3000Mnt] File not found 
O4 - HKU\Guest_ON_C..\Run: [HNUlaIXnd] C:\DOCUME~1\Guest\LOCALS~1\Temp\avp.exe File not found
O4 - HKU\Guest_ON_C..\Run: [HNUlaIXnoc] C:\DOCUME~1\Guest\LOCALS~1\Temp\debug.exe File not found
O4 - HKU\Guest_ON_C..\Run: [HNUlaIXnqe] C:\DOCUME~1\Guest\LOCALS~1\Temp\login.exe File not found
O4 - HKU\Guest_ON_C..\Run: [HNUlaIXnsf] C:\DOCUME~1\Guest\LOCALS~1\Temp\lsass.exe File not found
O4 - HKU\Guest_ON_C..\Run: [MKcrc] C:\WINDOWS\login.exe File not found
O4 - HKU\Guest_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...8f/wvc1dmo.cab (Reg Error: Key error.)
[2010/09/01 19:48:48 | 000,043,454 | ---- | M] () -- C:\WINDOWS\System32\xkqon
[2010/09/01 13:24:15 | 000,000,004 | -H-- | M] () -- C:\WINDOWS\System32\iexplore.sy_


:Services

:Reg

:Files
C:\WINDOWS\explorer.exe|C:\Documents and Settings\Worm Jerry\Desktop\OTLPE\I386\EXPLORER.EXE /replace
C:\WINDOWS\system32\winlogon.exe|C:\Documents and Settings\Worm Jerry\Desktop\OTLPE\I386\SYSTEM32\WINLOGON.EXE /replace

:Commands
[purity]
[emptytemp]
    Open Notepad and paste it.
    Save the document as Fix.txt on to a USB flash drive


    On the infected computer the following...

    Run OTLPE

    • Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
      • (The content of Fix.txt should appear in the box)
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post the log produced (you'll need to transfer it with USB stick)
    • Attempt to reboot normally into windows.
    Broni, Sep 16, 2010
    #56

  17. Wormjerry Newcomer, in training Posts: 59

    attempted to reboot but still just background
    Wormjerry, Sep 17, 2010
    #57

  18. Wormjerry Newcomer, in training Posts: 59

    OTL logfile created on: 9/17/2010 5:57:37 PM - Run
    OTLPE by OldTimer - Version 3.1.41.0 Folder = X:\Programs\OTLPE
    Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,014.00 Mb Total Physical Memory | 809.00 Mb Available Physical Memory | 80.00% Memory free
    902.00 Mb Paging File | 834.00 Mb Available in Paging File | 93.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 142.05 Gb Total Space | 95.37 Gb Free Space | 67.14% Space Free | Partition Type: NTFS
    Drive D: | 1.87 Gb Total Space | 0.31 Gb Free Space | 16.73% Space Free | Partition Type: FAT
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Drive X: | 959.70 Mb Total Space | 643.00 Mb Free Space | 67.00% Space Free | Partition Type: FAT

    Computer Name: REATOGO
    Current User Name: SYSTEM
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: All users
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard
    Using ControlSet: ControlSet001

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2010/07/06 18:38:18 | 000,030,192 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
    SRV - [2010/06/10 09:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
    SRV - [2010/04/28 10:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
    SRV - [2010/02/24 16:16:08 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV - [2010/02/17 19:52:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
    SRV - [2010/02/17 18:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
    SRV - [2009/10/27 14:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
    SRV - [2009/07/08 14:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
    SRV - [2009/07/07 22:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
    SRV - [2009/02/05 11:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
    SRV - [2009/01/23 13:46:14 | 000,203,280 | ---- | M] () [Auto] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
    SRV - [2009/01/14 20:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2008/04/15 20:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\Rts5161ccid.sys -- (USBCCID)
    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\Rts516xIR.sys -- (Rts516xIR)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
    DRV - File not found [Kernel | System] -- -- (PCIDump)
    DRV - File not found [Kernel | System] -- -- (lbrtfdc)
    DRV - File not found [Kernel | On_Demand] -- c:\acernb\int15.sys -- (int15.sys)
    DRV - File not found [Kernel | System] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btwmodem.sys -- (btwmodem)
    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btwhid.sys -- (btwhid)
    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btport.sys -- (BTDriver)
    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\btaudio.sys -- (btaudio)
    DRV - [2010/08/08 23:22:40 | 000,033,824 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32)
    DRV - [2010/07/15 18:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
    DRV - [2010/04/28 10:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
    DRV - [2010/02/17 19:52:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2010/02/17 19:52:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2010/02/17 19:52:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
    DRV - [2010/02/17 19:52:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2010/02/17 19:52:10 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
    DRV - [2009/05/21 17:39:54 | 000,090,472 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
    DRV - [2009/03/02 01:03:46 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
    DRV - [2009/02/25 23:17:52 | 001,344,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
    DRV - [2009/02/24 04:49:44 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2009/02/05 06:33:04 | 000,205,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
    DRV - [2009/02/03 02:42:30 | 000,162,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV - [2009/01/02 21:33:54 | 000,145,408 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\M3000KNT.sys -- (M3000Srv)
    DRV - [2008/08/05 08:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
    DRV - [2008/04/15 20:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
    DRV - [2008/04/14 08:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2008/04/14 08:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2008/04/14 08:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2008/04/14 08:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2008/04/14 08:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2008/04/14 08:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2008/04/14 08:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2008/04/14 08:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2008/04/14 08:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2008/04/14 08:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2008/04/14 08:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2008/04/14 08:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2008/04/14 08:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2008/04/14 08:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2008/04/14 08:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
    DRV - [2008/04/14 08:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2008/04/14 03:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/14 03:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2008/02/14 19:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
    DRV - [2007/08/27 00:58:18 | 000,074,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
    DRV - [2006/11/02 09:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
    DRV - [2006/01/04 03:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
    DRV - [2004/12/08 02:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0809&m=aspire_one
    IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0809&m=aspire_one
    IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\Worm_Jerry_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.entru.com/?s=21982
    IE - HKU\Worm_Jerry_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

    FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/09/05 22:31:12 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/20 14:57:05 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/31 02:44:03 | 000,000,000 | ---D | M]

    [2010/06/12 19:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Mozilla\Extensions
    [2010/08/30 19:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\fxg7daqc.default\extensions
    [2010/07/25 23:51:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\fxg7daqc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/09/12 17:00:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

    O1 HOSTS File: ([2010/09/11 16:45:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKU\Guest_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKU\Worm_Jerry_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [M3000Mnt] File not found
    O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
    O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
    O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
    O4 - HKU\Guest_ON_C..\Run: [HNUlaIXnd] C:\DOCUME~1\Guest\LOCALS~1\Temp\avp.exe File not found
    O4 - HKU\Guest_ON_C..\Run: [HNUlaIXnoc] C:\DOCUME~1\Guest\LOCALS~1\Temp\debug.exe File not found
    O4 - HKU\Guest_ON_C..\Run: [HNUlaIXnqe] C:\DOCUME~1\Guest\LOCALS~1\Temp\login.exe File not found
    O4 - HKU\Guest_ON_C..\Run: [HNUlaIXnsf] C:\DOCUME~1\Guest\LOCALS~1\Temp\lsass.exe File not found
    O4 - HKU\Guest_ON_C..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
    O4 - HKU\Guest_ON_C..\Run: [MKcrc] C:\WINDOWS\login.exe File not found
    O4 - HKU\Guest_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
    O4 - HKU\Worm_Jerry_ON_C..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
    O4 - HKU\Worm_Jerry_ON_C..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk = C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
    Wormjerry, Sep 17, 2010
    #58

  19. Wormjerry Newcomer, in training Posts: 59

    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\Worm_Jerry_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\Worm_Jerry_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\Worm_Jerry_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/03/12 01:07:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2006/03/24 04:06:42 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF -- [ FAT ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/09/14 14:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Worm Jerry\Desktop\OTLPE
    [2010/09/14 14:45:13 | 000,000,000 | ---D | C] -- C:\eeepcfr
    [2010/09/14 14:43:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Worm Jerry\Desktop\OTLPEStd
    [2010/09/14 14:43:29 | 098,166,081 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\Worm Jerry\Desktop\OTLPEStd.exe
    [2010/09/14 14:43:02 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
    [2010/09/13 23:54:45 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/09/13 14:26:12 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Worm Jerry\My Documents\OTL.exe
    [2010/09/13 14:25:37 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Cookies
    [2010/09/12 16:48:58 | 000,000,000 | --SD | C] -- C:\WINDOWS\system32\config\systemprofile\Cookies
    [2010/09/11 19:10:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/09/11 16:34:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/09/11 02:22:07 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/09/11 02:15:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/09/11 02:15:05 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/09/11 02:15:05 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/09/11 02:14:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/09/11 02:11:14 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/09/08 00:18:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/09/08 00:18:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/09/08 00:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/09/07 23:03:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010/09/03 20:33:07 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
    [2010/09/03 20:33:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
    [2010/09/03 19:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2010/09/03 03:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Worm Jerry\Application Data\Malwarebytes
    [2010/09/03 01:07:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
    [2010/09/02 01:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
    [2010/09/02 01:19:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\Favorites
    [2010/09/01 07:19:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
    [2010/09/01 07:19:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
    [2010/08/31 23:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Yahoo
    [2010/08/31 23:19:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2010/08/31 23:18:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Yahoo!
    [2010/08/31 23:18:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
    [2010/08/31 23:18:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LocalService\Favorites
    [2010/08/31 17:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2010/08/31 17:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2010/08/25 03:08:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\My Documents\My Music
    [2010/08/25 03:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\My Documents
    [2010/08/25 02:48:45 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
    [2010/08/20 14:57:55 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2009/03/11 08:53:14 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll

    ========== Files - Modified Within 30 Days ==========

    [2010/09/15 23:00:25 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
    [2010/09/15 23:00:25 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
    [2010/09/15 23:00:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/09/15 23:00:17 | 000,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata
    [2010/09/15 23:00:05 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/09/15 23:00:04 | 000,018,941 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
    [2010/09/15 22:59:43 | 1063,198,720 | -HS- | M] () -- C:\hiberfil.sys
    [2010/09/15 22:58:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/09/15 21:38:05 | 001,835,008 | -H-- | M] () -- C:\Documents and Settings\Guest\NTUSER.DAT
    [2010/09/14 15:49:06 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/09/14 14:24:28 | 098,166,081 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Worm Jerry\Desktop\OTLPEStd.exe
    [2010/09/14 14:23:26 | 000,515,892 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\eeepcfr.zip
    [2010/09/14 03:02:28 | 000,072,704 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/09/14 01:00:48 | 000,511,030 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/09/14 01:00:48 | 000,434,598 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/09/14 01:00:48 | 000,068,734 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/09/14 00:56:08 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/09/14 00:46:36 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Worm Jerry\NTUSER.DAT
    [2010/09/14 00:46:36 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Worm Jerry\ntuser.ini
    [2010/09/14 00:10:49 | 004,308,596 | -H-- | M] () -- C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\IconCache.db
    [2010/09/14 00:05:00 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2010/09/13 23:13:08 | 001,578,762 | -H-- | M] () -- C:\Documents and Settings\Guest\Local Settings\Application Data\IconCache.db
    [2010/09/13 14:00:16 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Worm Jerry\My Documents\OTL.exe
    [2010/09/11 16:45:28 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/09/11 16:45:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/09/11 15:52:16 | 003,842,655 | R--- | M] () -- C:\Documents and Settings\Worm Jerry\My Documents\ComboFix.exe
    [2010/09/11 15:45:56 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\SystemLook.exe
    [2010/09/11 02:22:12 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2010/09/07 23:04:36 | 000,002,457 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\HiJackThis.lnk
    [2010/09/06 22:56:05 | 001,891,254 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\untitled.bmp
    [2010/09/06 05:09:10 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/09/05 22:31:32 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/09/04 13:17:27 | 000,000,230 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
    [2010/09/01 19:48:48 | 000,043,454 | ---- | M] () -- C:\WINDOWS\System32\xkqon
    [2010/09/01 13:24:15 | 000,000,004 | -H-- | M] () -- C:\WINDOWS\System32\iexplore.sy_
    [2010/09/01 04:44:08 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
    [2010/08/30 19:11:49 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\rsume(3).doc
    [2010/08/26 21:40:43 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Guest\Desktop\Windows Media Player.lnk
    [2010/08/25 18:48:46 | 000,000,400 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Application Data\wklnhst.dat
    [2010/08/25 02:57:18 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2010/08/25 02:57:18 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\Windows Media Player.lnk
    [2010/08/25 02:56:28 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
    [2010/08/25 02:56:28 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
    [2010/08/21 16:51:11 | 000,000,115 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Application Data\default.pls
    [2010/08/19 19:09:37 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\My Documents\rsume slojobs.wps
    Wormjerry, Sep 17, 2010
    #59

  20. Wormjerry Newcomer, in training Posts: 59

    ========== Files Created - No Company Name ==========

    [2010/09/15 22:59:00 | 000,008,212 | ---- | C] () -- C:\WINDOWS\mfebcdata
    [2010/09/14 14:43:27 | 000,515,892 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\eeepcfr.zip
    [2010/09/11 16:06:26 | 003,842,655 | R--- | C] () -- C:\Documents and Settings\Worm Jerry\My Documents\ComboFix.exe
    [2010/09/11 15:49:47 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\SystemLook.exe
    [2010/09/11 02:22:12 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/09/11 02:22:08 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/09/11 02:15:05 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/09/11 02:15:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/09/11 02:15:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/09/11 02:15:05 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/09/11 02:15:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/09/08 15:52:46 | 1063,198,720 | -HS- | C] () -- C:\hiberfil.sys
    [2010/09/07 23:03:36 | 000,002,457 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\HiJackThis.lnk
    [2010/09/06 22:56:04 | 001,891,254 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\untitled.bmp
    [2010/09/04 13:17:27 | 000,000,230 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
    [2010/09/01 19:48:48 | 000,043,454 | ---- | C] () -- C:\WINDOWS\System32\xkqon
    [2010/09/01 13:24:15 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\System32\iexplore.sy_
    [2010/08/31 01:26:12 | 000,010,210 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\thunder_3.wav
    [2010/08/25 18:52:59 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\rsume(3).doc
    [2010/08/08 23:22:40 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
    [2010/07/26 00:32:50 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Guest\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/07/14 05:02:14 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/05/19 20:12:01 | 000,000,087 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\FASTWiz.log
    [2010/05/06 00:52:08 | 001,835,008 | -H-- | C] () -- C:\Documents and Settings\Guest\NTUSER.DAT
    [2010/05/06 00:52:08 | 000,020,480 | -H-- | C] () -- C:\Documents and Settings\Guest\ntuser.dat.LOG
    [2010/05/06 00:52:08 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Guest\ntuser.ini
    [2010/03/24 02:06:38 | 000,000,400 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Application Data\wklnhst.dat
    [2009/08/29 05:05:19 | 000,000,115 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Application Data\default.pls
    [2009/08/29 05:04:39 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2009/08/28 03:07:53 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\.rnd
    [2009/08/28 02:52:03 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2009/08/28 02:52:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2009/08/28 02:52:03 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2009/08/28 02:52:02 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2009/08/28 02:52:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2009/08/28 02:52:02 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2009/08/27 17:01:20 | 000,072,704 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/08/24 17:09:39 | 004,718,592 | -H-- | C] () -- C:\Documents and Settings\Worm Jerry\NTUSER.DAT
    [2009/08/24 17:09:39 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Worm Jerry\ntuser.dat.LOG
    [2009/08/24 17:09:39 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Worm Jerry\ntuser.ini
    [2009/06/22 19:28:46 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\M3000DIF.dll
    [2009/06/22 19:28:46 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\M3000KNT.sys
    [2009/06/22 19:28:46 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
    [2009/06/22 19:26:19 | 000,262,144 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT
    [2009/06/22 19:26:19 | 000,008,192 | -H-- | C] () -- C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
    [2009/03/12 02:47:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2009/03/12 01:55:36 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
    [2009/03/12 01:10:15 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2009/03/12 01:10:02 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
    [2009/03/12 01:10:02 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
    [2009/03/12 01:10:02 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
    [2009/03/12 01:10:02 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
    [2009/03/12 01:10:01 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
    [2009/03/12 01:10:01 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
    [2009/03/12 01:05:25 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

    ========== LOP Check ==========

    [2009/03/12 02:32:46 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Acer
    [2009/03/12 02:06:59 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Acer GameZone Console
    [2009/08/24 17:13:41 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\SACore
    [2009/03/12 02:27:54 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Super-Cow
    [2009/03/12 02:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Acer
    [2009/03/12 02:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Acer GameZone Console
    [2009/03/12 02:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Super-Cow
    [2010/08/08 14:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
    [2009/03/12 02:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Acer
    [2009/03/12 02:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Acer GameZone Console
    [2010/05/30 03:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Facebook
    [2009/12/05 22:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\GetRightToGo
    [2009/10/11 02:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\InterVideo
    [2009/12/05 19:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Research In Motion
    [2009/03/12 02:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Super-Cow
    [2010/03/24 02:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Template
    [2010/06/15 04:28:24 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
    [2010/09/01 04:44:08 | 000,000,328 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < :OTL >

    < O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. >

    < O4 - HKLM..\Run: [M3000Mnt] File not found >

    < O4 - HKU\Guest_ON_C..\Run: [HNUlaIXnd] C:\DOCUME~1\Guest\LOCALS~1\Temp\avp.exe File not found >

    < O4 - HKU\Guest_ON_C..\Run: [HNUlaIXnoc] C:\DOCUME~1\Guest\LOCALS~1\Temp\debug.exe File not found >

    < O4 - HKU\Guest_ON_C..\Run: [HNUlaIXnqe] C:\DOCUME~1\Guest\LOCALS~1\Temp\login.exe File not found >

    < O4 - HKU\Guest_ON_C..\Run: [HNUlaIXnsf] C:\DOCUME~1\Guest\LOCALS~1\Temp\lsass.exe File not found >

    < O4 - HKU\Guest_ON_C..\Run: [MKcrc] C:\WINDOWS\login.exe File not found >

    < O4 - HKU\Guest_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found >

    < O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present >

    < O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...8f/wvc1dmo.cab (Reg Error: Key error.) >
    Invalid Switch: wvc1dmo.cab (Reg Error: Key error.)

    < [2010/09/01 19:48:48 | 000,043,454 | ---- | M] () -- C:\WINDOWS\System32\xkqon >
    Invalid Switch: 01 19:48:48 | 000,043,454 | ---- | M] () -- C:\WINDOWS\System32\xkqon


    < [2010/09/01 13:24:15 | 000,000,004 | -H-- | M] () -- C:\WINDOWS\System32\iexplore.sy_ >
    Invalid Switch: 01 13:24:15 | 000,000,004 | -H-- | M] () -- C:\WINDOWS\System32\iexplore.sy_




    < :Services >


    < :Reg >


    < :Files >

    < C:\WINDOWS\explorer.exe|C:\Documents and Settings\Worm Jerry\Desktop\OTLPE\I386\EXPLORER.EXE /replace >
    Invalid Switch: replace


    < C:\WINDOWS\system32\winlogon.exe|C:\Documents and Settings\Worm Jerry\Desktop\OTLPE\I386\SYSTEM32\WINLOGON.EXE /replace >
    Invalid Switch: replace



    < :Commands >

    < [purity] >

    < [emptytemp] >

    < End of report >
    Wormjerry, Sep 17, 2010
    #60
Page 3 of 5
Topic Status:
Not open for further replies.

Add New Comment

Social Login & Guest Posting

TechSpot Members
Login here or sign up for free,
it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.