Solved Google redirect and no folder options
- Thread starter Wormjerry
- Start date
- Status
OTL logfile created on: 9/15/2010 9:11:47 PM - Run
OTLPE by OldTimer - Version 3.1.41.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,014.00 Mb Total Physical Memory | 809.00 Mb Available Physical Memory | 80.00% Memory free
902.00 Mb Paging File | 835.00 Mb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.05 Gb Total Space | 95.37 Gb Free Space | 67.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 959.70 Mb Total Space | 642.89 Mb Free Space | 66.99% Space Free | Partition Type: FAT
Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/06 18:38:18 | 000,030,192 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/06/10 09:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/04/28 10:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/02/24 16:16:08 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/02/17 19:52:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2010/02/17 18:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/27 14:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/07/08 14:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 22:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/02/05 11:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009/01/23 13:46:14 | 000,203,280 | ---- | M] () [Auto] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/01/14 20:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/04/15 20:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\Rts5161ccid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\Rts516xIR.sys -- (Rts516xIR)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand] -- c:\acernb\int15.sys -- (int15.sys)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btwmodem.sys -- (btwmodem)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btwhid.sys -- (btwhid)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btport.sys -- (BTDriver)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\btaudio.sys -- (btaudio)
DRV - [2010/08/08 23:22:40 | 000,033,824 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32)
DRV - [2010/07/15 18:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2010/04/28 10:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/02/17 19:52:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/02/17 19:52:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/02/17 19:52:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2010/02/17 19:52:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/02/17 19:52:10 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/05/21 17:39:54 | 000,090,472 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/03/02 01:03:46 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/02/25 23:17:52 | 001,344,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/02/24 04:49:44 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/02/05 06:33:04 | 000,205,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/02/03 02:42:30 | 000,162,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/01/02 21:33:54 | 000,145,408 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\M3000KNT.sys -- (M3000Srv)
DRV - [2008/08/05 08:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/15 20:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2008/04/14 08:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2008/04/14 08:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 08:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2008/04/14 08:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2008/04/14 08:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2008/04/14 08:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2008/04/14 08:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2008/04/14 08:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2008/04/14 08:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2008/04/14 08:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2008/04/14 08:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2008/04/14 08:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2008/04/14 08:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2008/04/14 08:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2008/04/14 08:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2008/04/14 08:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2008/04/14 03:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 03:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/02/14 19:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/08/27 00:58:18 | 000,074,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/11/02 09:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/01/04 03:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2004/12/08 02:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0809&m=aspire_one
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0809&m=aspire_one
IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Worm_Jerry_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.entru.com/?s=21982
IE - HKU\Worm_Jerry_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/09/05 22:31:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/20 14:57:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/31 02:44:03 | 000,000,000 | ---D | M]
[2010/06/12 19:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Mozilla\Extensions
[2010/08/30 19:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\fxg7daqc.default\extensions
[2010/07/25 23:51:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\fxg7daqc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/12 17:00:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2010/09/11 16:45:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\Guest_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\Worm_Jerry_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [M3000Mnt] File not found
OTLPE by OldTimer - Version 3.1.41.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,014.00 Mb Total Physical Memory | 809.00 Mb Available Physical Memory | 80.00% Memory free
902.00 Mb Paging File | 835.00 Mb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.05 Gb Total Space | 95.37 Gb Free Space | 67.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 959.70 Mb Total Space | 642.89 Mb Free Space | 66.99% Space Free | Partition Type: FAT
Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/06 18:38:18 | 000,030,192 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/06/10 09:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/04/28 10:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/02/24 16:16:08 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/02/17 19:52:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2010/02/17 18:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/27 14:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/07/08 14:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 22:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/02/05 11:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009/01/23 13:46:14 | 000,203,280 | ---- | M] () [Auto] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/01/14 20:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/04/15 20:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\Rts5161ccid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\Rts516xIR.sys -- (Rts516xIR)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand] -- c:\acernb\int15.sys -- (int15.sys)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btwmodem.sys -- (btwmodem)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btwhid.sys -- (btwhid)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btport.sys -- (BTDriver)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\btaudio.sys -- (btaudio)
DRV - [2010/08/08 23:22:40 | 000,033,824 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32)
DRV - [2010/07/15 18:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2010/04/28 10:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/02/17 19:52:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/02/17 19:52:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/02/17 19:52:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2010/02/17 19:52:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/02/17 19:52:10 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/05/21 17:39:54 | 000,090,472 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/03/02 01:03:46 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/02/25 23:17:52 | 001,344,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/02/24 04:49:44 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/02/05 06:33:04 | 000,205,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/02/03 02:42:30 | 000,162,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/01/02 21:33:54 | 000,145,408 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\M3000KNT.sys -- (M3000Srv)
DRV - [2008/08/05 08:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/15 20:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2008/04/14 08:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2008/04/14 08:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 08:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2008/04/14 08:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2008/04/14 08:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2008/04/14 08:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2008/04/14 08:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2008/04/14 08:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2008/04/14 08:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2008/04/14 08:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2008/04/14 08:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2008/04/14 08:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2008/04/14 08:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2008/04/14 08:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2008/04/14 08:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2008/04/14 08:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2008/04/14 03:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 03:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/02/14 19:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/08/27 00:58:18 | 000,074,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/11/02 09:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/01/04 03:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2004/12/08 02:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0809&m=aspire_one
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0809&m=aspire_one
IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Worm_Jerry_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.entru.com/?s=21982
IE - HKU\Worm_Jerry_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/09/05 22:31:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/20 14:57:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/31 02:44:03 | 000,000,000 | ---D | M]
[2010/06/12 19:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Mozilla\Extensions
[2010/08/30 19:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\fxg7daqc.default\extensions
[2010/07/25 23:51:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\fxg7daqc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/12 17:00:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2010/09/11 16:45:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\Guest_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\Worm_Jerry_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [M3000Mnt] File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKU\Guest_ON_C..\Run: [HNUlaIXnd] C:\DOCUME~1\Guest\LOCALS~1\Temp\avp.exe File not found
O4 - HKU\Guest_ON_C..\Run: [HNUlaIXnoc] C:\DOCUME~1\Guest\LOCALS~1\Temp\debug.exe File not found
O4 - HKU\Guest_ON_C..\Run: [HNUlaIXnqe] C:\DOCUME~1\Guest\LOCALS~1\Temp\login.exe File not found
O4 - HKU\Guest_ON_C..\Run: [HNUlaIXnsf] C:\DOCUME~1\Guest\LOCALS~1\Temp\lsass.exe File not found
O4 - HKU\Guest_ON_C..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\Guest_ON_C..\Run: [MKcrc] C:\WINDOWS\login.exe File not found
O4 - HKU\Guest_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
O4 - HKU\Worm_Jerry_ON_C..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\Worm_Jerry_ON_C..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk = C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Worm_Jerry_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Worm_Jerry_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Worm_Jerry_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/12 01:07:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 04:06:42 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/09/14 14:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Worm Jerry\Desktop\OTLPE
[2010/09/14 14:45:13 | 000,000,000 | ---D | C] -- C:\eeepcfr
[2010/09/14 14:43:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Worm Jerry\Desktop\OTLPEStd
[2010/09/14 14:43:29 | 098,166,081 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\Worm Jerry\Desktop\OTLPEStd.exe
[2010/09/14 14:43:02 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/09/13 23:54:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/13 14:26:12 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Worm Jerry\My Documents\OTL.exe
[2010/09/13 14:25:37 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Cookies
[2010/09/12 16:48:58 | 000,000,000 | --SD | C] -- C:\WINDOWS\system32\config\systemprofile\Cookies
[2010/09/11 19:10:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/09/11 16:34:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/11 02:22:07 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/11 02:15:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/11 02:15:05 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/11 02:15:05 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/11 02:14:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/11 02:11:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/08 00:18:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/08 00:18:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/08 00:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/07 23:03:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/03 20:33:07 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/09/03 20:33:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/09/03 19:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/09/03 03:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Worm Jerry\Application Data\Malwarebytes
[2010/09/03 01:07:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/09/02 01:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[2010/09/02 01:19:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\Favorites
[2010/09/01 07:19:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2010/09/01 07:19:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/08/31 23:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Yahoo
[2010/08/31 23:19:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/08/31 23:18:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Yahoo!
[2010/08/31 23:18:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2010/08/31 23:18:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LocalService\Favorites
[2010/08/31 17:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/08/31 17:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/08/25 03:08:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\My Documents\My Music
[2010/08/25 03:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\My Documents
[2010/08/25 02:48:45 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/08/20 14:57:55 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/03/11 08:53:14 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKU\Guest_ON_C..\Run: [HNUlaIXnd] C:\DOCUME~1\Guest\LOCALS~1\Temp\avp.exe File not found
O4 - HKU\Guest_ON_C..\Run: [HNUlaIXnoc] C:\DOCUME~1\Guest\LOCALS~1\Temp\debug.exe File not found
O4 - HKU\Guest_ON_C..\Run: [HNUlaIXnqe] C:\DOCUME~1\Guest\LOCALS~1\Temp\login.exe File not found
O4 - HKU\Guest_ON_C..\Run: [HNUlaIXnsf] C:\DOCUME~1\Guest\LOCALS~1\Temp\lsass.exe File not found
O4 - HKU\Guest_ON_C..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\Guest_ON_C..\Run: [MKcrc] C:\WINDOWS\login.exe File not found
O4 - HKU\Guest_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
O4 - HKU\Worm_Jerry_ON_C..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\Worm_Jerry_ON_C..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk = C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Worm_Jerry_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Worm_Jerry_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Worm_Jerry_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/12 01:07:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 04:06:42 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/09/14 14:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Worm Jerry\Desktop\OTLPE
[2010/09/14 14:45:13 | 000,000,000 | ---D | C] -- C:\eeepcfr
[2010/09/14 14:43:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Worm Jerry\Desktop\OTLPEStd
[2010/09/14 14:43:29 | 098,166,081 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\Worm Jerry\Desktop\OTLPEStd.exe
[2010/09/14 14:43:02 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/09/13 23:54:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/13 14:26:12 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Worm Jerry\My Documents\OTL.exe
[2010/09/13 14:25:37 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Cookies
[2010/09/12 16:48:58 | 000,000,000 | --SD | C] -- C:\WINDOWS\system32\config\systemprofile\Cookies
[2010/09/11 19:10:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/09/11 16:34:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/11 02:22:07 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/11 02:15:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/11 02:15:05 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/11 02:15:05 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/11 02:14:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/11 02:11:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/08 00:18:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/08 00:18:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/08 00:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/07 23:03:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/03 20:33:07 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/09/03 20:33:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/09/03 19:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/09/03 03:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Worm Jerry\Application Data\Malwarebytes
[2010/09/03 01:07:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/09/02 01:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[2010/09/02 01:19:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\Favorites
[2010/09/01 07:19:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2010/09/01 07:19:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/08/31 23:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Yahoo
[2010/08/31 23:19:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/08/31 23:18:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Yahoo!
[2010/08/31 23:18:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2010/08/31 23:18:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LocalService\Favorites
[2010/08/31 17:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/08/31 17:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/08/25 03:08:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\My Documents\My Music
[2010/08/25 03:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\My Documents
[2010/08/25 02:48:45 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/08/20 14:57:55 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/03/11 08:53:14 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll
========== Files - Modified Within 30 Days ==========
[2010/09/15 23:00:25 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/09/15 23:00:25 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/09/15 23:00:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/15 23:00:17 | 000,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata
[2010/09/15 23:00:05 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/15 23:00:04 | 000,018,941 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/09/15 22:59:43 | 1063,198,720 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/15 22:58:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/14 15:49:06 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/14 14:24:28 | 098,166,081 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Worm Jerry\Desktop\OTLPEStd.exe
[2010/09/14 14:23:26 | 000,515,892 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\eeepcfr.zip
[2010/09/14 03:02:28 | 000,072,704 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/14 01:00:48 | 000,511,030 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/14 01:00:48 | 000,434,598 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/14 01:00:48 | 000,068,734 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/14 00:56:08 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/14 00:46:36 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Worm Jerry\NTUSER.DAT
[2010/09/14 00:46:36 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Worm Jerry\ntuser.ini
[2010/09/14 00:46:29 | 001,835,008 | -H-- | M] () -- C:\Documents and Settings\Guest\NTUSER.DAT
[2010/09/14 00:10:49 | 004,308,596 | -H-- | M] () -- C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\IconCache.db
[2010/09/14 00:05:00 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/09/13 23:13:08 | 001,578,762 | -H-- | M] () -- C:\Documents and Settings\Guest\Local Settings\Application Data\IconCache.db
[2010/09/13 14:00:16 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Worm Jerry\My Documents\OTL.exe
[2010/09/11 16:45:28 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/11 16:45:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/11 15:52:16 | 003,842,655 | R--- | M] () -- C:\Documents and Settings\Worm Jerry\My Documents\ComboFix.exe
[2010/09/11 15:45:56 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\SystemLook.exe
[2010/09/11 02:22:12 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/09/07 23:04:36 | 000,002,457 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\HiJackThis.lnk
[2010/09/06 22:56:05 | 001,891,254 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\untitled.bmp
[2010/09/06 05:09:10 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/05 22:31:32 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/04 13:17:27 | 000,000,230 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/09/01 19:48:48 | 000,043,454 | ---- | M] () -- C:\WINDOWS\System32\xkqon
[2010/09/01 13:24:15 | 000,000,004 | -H-- | M] () -- C:\WINDOWS\System32\iexplore.sy_
[2010/09/01 04:44:08 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/08/30 19:11:49 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\rsume(3).doc
[2010/08/26 21:40:43 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Guest\Desktop\Windows Media Player.lnk
[2010/08/25 18:48:46 | 000,000,400 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Application Data\wklnhst.dat
[2010/08/25 02:57:18 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/08/25 02:57:18 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\Windows Media Player.lnk
[2010/08/25 02:56:28 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/08/25 02:56:28 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/08/21 16:51:11 | 000,000,115 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Application Data\default.pls
[2010/08/19 19:09:37 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\My Documents\rsume slojobs.wps
========== Files Created - No Company Name ==========
[2010/09/15 22:59:00 | 000,008,212 | ---- | C] () -- C:\WINDOWS\mfebcdata
[2010/09/14 14:43:27 | 000,515,892 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\eeepcfr.zip
[2010/09/11 16:06:26 | 003,842,655 | R--- | C] () -- C:\Documents and Settings\Worm Jerry\My Documents\ComboFix.exe
[2010/09/11 15:49:47 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\SystemLook.exe
[2010/09/11 02:22:12 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/09/11 02:22:08 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/09/11 02:15:05 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/11 02:15:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/11 02:15:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/11 02:15:05 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/11 02:15:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/08 15:52:46 | 1063,198,720 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/07 23:03:36 | 000,002,457 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\HiJackThis.lnk
[2010/09/06 22:56:04 | 001,891,254 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\untitled.bmp
[2010/09/04 13:17:27 | 000,000,230 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/09/01 19:48:48 | 000,043,454 | ---- | C] () -- C:\WINDOWS\System32\xkqon
[2010/09/01 13:24:15 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\System32\iexplore.sy_
[2010/08/31 01:26:12 | 000,010,210 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\thunder_3.wav
[2010/08/25 18:52:59 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\rsume(3).doc
[2010/08/08 23:22:40 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2010/07/26 00:32:50 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Guest\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/14 05:02:14 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/19 20:12:01 | 000,000,087 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\FASTWiz.log
[2010/05/06 00:52:08 | 001,835,008 | -H-- | C] () -- C:\Documents and Settings\Guest\NTUSER.DAT
[2010/05/06 00:52:08 | 000,077,824 | -H-- | C] () -- C:\Documents and Settings\Guest\ntuser.dat.LOG
[2010/05/06 00:52:08 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Guest\ntuser.ini
[2010/03/24 02:06:38 | 000,000,400 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Application Data\wklnhst.dat
[2009/08/29 05:05:19 | 000,000,115 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Application Data\default.pls
[2009/08/29 05:04:39 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/28 03:07:53 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\.rnd
[2009/08/28 02:52:03 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/08/28 02:52:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/08/28 02:52:03 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/08/28 02:52:02 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/08/28 02:52:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/08/28 02:52:02 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/08/27 17:01:20 | 000,072,704 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/24 17:09:39 | 004,718,592 | -H-- | C] () -- C:\Documents and Settings\Worm Jerry\NTUSER.DAT
[2009/08/24 17:09:39 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Worm Jerry\ntuser.dat.LOG
[2009/08/24 17:09:39 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Worm Jerry\ntuser.ini
[2009/06/22 19:28:46 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\M3000DIF.dll
[2009/06/22 19:28:46 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\M3000KNT.sys
[2009/06/22 19:28:46 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
[2009/06/22 19:26:19 | 000,262,144 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT
[2009/06/22 19:26:19 | 000,008,192 | -H-- | C] () -- C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
[2009/03/12 02:47:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/03/12 01:55:36 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/03/12 01:10:15 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/03/12 01:10:02 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2009/03/12 01:10:02 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2009/03/12 01:10:02 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2009/03/12 01:10:02 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2009/03/12 01:10:01 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2009/03/12 01:10:01 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2009/03/12 01:05:25 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
========== LOP Check ==========
[2009/03/12 02:32:46 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Acer
[2009/03/12 02:06:59 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Acer GameZone Console
[2009/08/24 17:13:41 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\SACore
[2009/03/12 02:27:54 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Super-Cow
[2009/03/12 02:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Acer
[2009/03/12 02:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Acer GameZone Console
[2009/03/12 02:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Super-Cow
[2010/08/08 14:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/03/12 02:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Acer
[2009/03/12 02:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Acer GameZone Console
[2010/05/30 03:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Facebook
[2009/12/05 22:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\GetRightToGo
[2009/10/11 02:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\InterVideo
[2009/12/05 19:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Research In Motion
[2009/03/12 02:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Super-Cow
[2010/03/24 02:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Template
[2010/06/15 04:28:24 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/09/01 04:44:08 | 000,000,328 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
========== Purity Check ==========
========== Custom Scans ==========
< MD5 for: EXPLORER.EXE >
[2004/08/03 17:07:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\Documents and Settings\Worm Jerry\Desktop\OTLPE\I386\EXPLORER.EXE
< MD5 for: WINLOGON.EXE >
[2004/08/03 17:07:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\Documents and Settings\Worm Jerry\Desktop\OTLPE\I386\SYSTEM32\WINLOGON.EXE
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=77F4BE7A778F6330779784D64F0DE94D -- C:\WINDOWS\system32\winlogon.exe
< End of report >
[2010/09/15 23:00:25 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/09/15 23:00:25 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/09/15 23:00:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/15 23:00:17 | 000,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata
[2010/09/15 23:00:05 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/15 23:00:04 | 000,018,941 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/09/15 22:59:43 | 1063,198,720 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/15 22:58:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/14 15:49:06 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/14 14:24:28 | 098,166,081 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Worm Jerry\Desktop\OTLPEStd.exe
[2010/09/14 14:23:26 | 000,515,892 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\eeepcfr.zip
[2010/09/14 03:02:28 | 000,072,704 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/14 01:00:48 | 000,511,030 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/14 01:00:48 | 000,434,598 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/14 01:00:48 | 000,068,734 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/14 00:56:08 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/14 00:46:36 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Worm Jerry\NTUSER.DAT
[2010/09/14 00:46:36 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Worm Jerry\ntuser.ini
[2010/09/14 00:46:29 | 001,835,008 | -H-- | M] () -- C:\Documents and Settings\Guest\NTUSER.DAT
[2010/09/14 00:10:49 | 004,308,596 | -H-- | M] () -- C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\IconCache.db
[2010/09/14 00:05:00 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/09/13 23:13:08 | 001,578,762 | -H-- | M] () -- C:\Documents and Settings\Guest\Local Settings\Application Data\IconCache.db
[2010/09/13 14:00:16 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Worm Jerry\My Documents\OTL.exe
[2010/09/11 16:45:28 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/11 16:45:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/11 15:52:16 | 003,842,655 | R--- | M] () -- C:\Documents and Settings\Worm Jerry\My Documents\ComboFix.exe
[2010/09/11 15:45:56 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\SystemLook.exe
[2010/09/11 02:22:12 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/09/07 23:04:36 | 000,002,457 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\HiJackThis.lnk
[2010/09/06 22:56:05 | 001,891,254 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\untitled.bmp
[2010/09/06 05:09:10 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/05 22:31:32 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/04 13:17:27 | 000,000,230 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/09/01 19:48:48 | 000,043,454 | ---- | M] () -- C:\WINDOWS\System32\xkqon
[2010/09/01 13:24:15 | 000,000,004 | -H-- | M] () -- C:\WINDOWS\System32\iexplore.sy_
[2010/09/01 04:44:08 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/08/30 19:11:49 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\rsume(3).doc
[2010/08/26 21:40:43 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Guest\Desktop\Windows Media Player.lnk
[2010/08/25 18:48:46 | 000,000,400 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Application Data\wklnhst.dat
[2010/08/25 02:57:18 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/08/25 02:57:18 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\Windows Media Player.lnk
[2010/08/25 02:56:28 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/08/25 02:56:28 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/08/21 16:51:11 | 000,000,115 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Application Data\default.pls
[2010/08/19 19:09:37 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\My Documents\rsume slojobs.wps
========== Files Created - No Company Name ==========
[2010/09/15 22:59:00 | 000,008,212 | ---- | C] () -- C:\WINDOWS\mfebcdata
[2010/09/14 14:43:27 | 000,515,892 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\eeepcfr.zip
[2010/09/11 16:06:26 | 003,842,655 | R--- | C] () -- C:\Documents and Settings\Worm Jerry\My Documents\ComboFix.exe
[2010/09/11 15:49:47 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\SystemLook.exe
[2010/09/11 02:22:12 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/09/11 02:22:08 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/09/11 02:15:05 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/11 02:15:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/11 02:15:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/11 02:15:05 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/11 02:15:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/08 15:52:46 | 1063,198,720 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/07 23:03:36 | 000,002,457 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\HiJackThis.lnk
[2010/09/06 22:56:04 | 001,891,254 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\untitled.bmp
[2010/09/04 13:17:27 | 000,000,230 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/09/01 19:48:48 | 000,043,454 | ---- | C] () -- C:\WINDOWS\System32\xkqon
[2010/09/01 13:24:15 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\System32\iexplore.sy_
[2010/08/31 01:26:12 | 000,010,210 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\thunder_3.wav
[2010/08/25 18:52:59 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\rsume(3).doc
[2010/08/08 23:22:40 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2010/07/26 00:32:50 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Guest\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/14 05:02:14 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/19 20:12:01 | 000,000,087 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\FASTWiz.log
[2010/05/06 00:52:08 | 001,835,008 | -H-- | C] () -- C:\Documents and Settings\Guest\NTUSER.DAT
[2010/05/06 00:52:08 | 000,077,824 | -H-- | C] () -- C:\Documents and Settings\Guest\ntuser.dat.LOG
[2010/05/06 00:52:08 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Guest\ntuser.ini
[2010/03/24 02:06:38 | 000,000,400 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Application Data\wklnhst.dat
[2009/08/29 05:05:19 | 000,000,115 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Application Data\default.pls
[2009/08/29 05:04:39 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/28 03:07:53 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\.rnd
[2009/08/28 02:52:03 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/08/28 02:52:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/08/28 02:52:03 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/08/28 02:52:02 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/08/28 02:52:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/08/28 02:52:02 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/08/27 17:01:20 | 000,072,704 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/24 17:09:39 | 004,718,592 | -H-- | C] () -- C:\Documents and Settings\Worm Jerry\NTUSER.DAT
[2009/08/24 17:09:39 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Worm Jerry\ntuser.dat.LOG
[2009/08/24 17:09:39 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Worm Jerry\ntuser.ini
[2009/06/22 19:28:46 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\M3000DIF.dll
[2009/06/22 19:28:46 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\M3000KNT.sys
[2009/06/22 19:28:46 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
[2009/06/22 19:26:19 | 000,262,144 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT
[2009/06/22 19:26:19 | 000,008,192 | -H-- | C] () -- C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
[2009/03/12 02:47:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/03/12 01:55:36 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/03/12 01:10:15 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/03/12 01:10:02 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2009/03/12 01:10:02 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2009/03/12 01:10:02 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2009/03/12 01:10:02 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2009/03/12 01:10:01 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2009/03/12 01:10:01 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2009/03/12 01:05:25 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
========== LOP Check ==========
[2009/03/12 02:32:46 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Acer
[2009/03/12 02:06:59 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Acer GameZone Console
[2009/08/24 17:13:41 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\SACore
[2009/03/12 02:27:54 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Super-Cow
[2009/03/12 02:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Acer
[2009/03/12 02:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Acer GameZone Console
[2009/03/12 02:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Super-Cow
[2010/08/08 14:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/03/12 02:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Acer
[2009/03/12 02:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Acer GameZone Console
[2010/05/30 03:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Facebook
[2009/12/05 22:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\GetRightToGo
[2009/10/11 02:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\InterVideo
[2009/12/05 19:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Research In Motion
[2009/03/12 02:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Super-Cow
[2010/03/24 02:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Template
[2010/06/15 04:28:24 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/09/01 04:44:08 | 000,000,328 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
========== Purity Check ==========
========== Custom Scans ==========
< MD5 for: EXPLORER.EXE >
[2004/08/03 17:07:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\Documents and Settings\Worm Jerry\Desktop\OTLPE\I386\EXPLORER.EXE
< MD5 for: WINLOGON.EXE >
[2004/08/03 17:07:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\Documents and Settings\Worm Jerry\Desktop\OTLPE\I386\SYSTEM32\WINLOGON.EXE
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=77F4BE7A778F6330779784D64F0DE94D -- C:\WINDOWS\system32\winlogon.exe
< End of report >
Broni
Posts: 56,041 +516
Excellent job 
Yeah. This is what I thought. McAfee whacked explorer.exe.
Do this on the computer you are posting from:
Copy the text in the codebox below:
Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive
On the infected computer the following...
Run OTLPE
Yeah. This is what I thought. McAfee whacked explorer.exe.
Do this on the computer you are posting from:
Copy the text in the codebox below:
Code:
:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKLM..\Run: [M3000Mnt] File not found
O4 - HKU\Guest_ON_C..\Run: [HNUlaIXnd] C:\DOCUME~1\Guest\LOCALS~1\Temp\avp.exe File not found
O4 - HKU\Guest_ON_C..\Run: [HNUlaIXnoc] C:\DOCUME~1\Guest\LOCALS~1\Temp\debug.exe File not found
O4 - HKU\Guest_ON_C..\Run: [HNUlaIXnqe] C:\DOCUME~1\Guest\LOCALS~1\Temp\login.exe File not found
O4 - HKU\Guest_ON_C..\Run: [HNUlaIXnsf] C:\DOCUME~1\Guest\LOCALS~1\Temp\lsass.exe File not found
O4 - HKU\Guest_ON_C..\Run: [MKcrc] C:\WINDOWS\login.exe File not found
O4 - HKU\Guest_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...8f/wvc1dmo.cab (Reg Error: Key error.)
[2010/09/01 19:48:48 | 000,043,454 | ---- | M] () -- C:\WINDOWS\System32\xkqon
[2010/09/01 13:24:15 | 000,000,004 | -H-- | M] () -- C:\WINDOWS\System32\iexplore.sy_
:Services
:Reg
:Files
C:\WINDOWS\explorer.exe|C:\Documents and Settings\Worm Jerry\Desktop\OTLPE\I386\EXPLORER.EXE /replace
C:\WINDOWS\system32\winlogon.exe|C:\Documents and Settings\Worm Jerry\Desktop\OTLPE\I386\SYSTEM32\WINLOGON.EXE /replace
:Commands
[purity]
[emptytemp]Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive
On the infected computer the following...
Run OTLPE
- Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
- (The content of Fix.txt should appear in the box)
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Post the log produced (you'll need to transfer it with USB stick)
- Attempt to reboot normally into windows.
OTL logfile created on: 9/17/2010 5:57:37 PM - Run
OTLPE by OldTimer - Version 3.1.41.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,014.00 Mb Total Physical Memory | 809.00 Mb Available Physical Memory | 80.00% Memory free
902.00 Mb Paging File | 834.00 Mb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.05 Gb Total Space | 95.37 Gb Free Space | 67.14% Space Free | Partition Type: NTFS
Drive D: | 1.87 Gb Total Space | 0.31 Gb Free Space | 16.73% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 959.70 Mb Total Space | 643.00 Mb Free Space | 67.00% Space Free | Partition Type: FAT
Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/06 18:38:18 | 000,030,192 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/06/10 09:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/04/28 10:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/02/24 16:16:08 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/02/17 19:52:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2010/02/17 18:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/27 14:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/07/08 14:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 22:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/02/05 11:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009/01/23 13:46:14 | 000,203,280 | ---- | M] () [Auto] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/01/14 20:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/04/15 20:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\Rts5161ccid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\Rts516xIR.sys -- (Rts516xIR)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand] -- c:\acernb\int15.sys -- (int15.sys)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btwmodem.sys -- (btwmodem)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btwhid.sys -- (btwhid)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btport.sys -- (BTDriver)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\btaudio.sys -- (btaudio)
DRV - [2010/08/08 23:22:40 | 000,033,824 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32)
DRV - [2010/07/15 18:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2010/04/28 10:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/02/17 19:52:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/02/17 19:52:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/02/17 19:52:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2010/02/17 19:52:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/02/17 19:52:10 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/05/21 17:39:54 | 000,090,472 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/03/02 01:03:46 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/02/25 23:17:52 | 001,344,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/02/24 04:49:44 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/02/05 06:33:04 | 000,205,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/02/03 02:42:30 | 000,162,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/01/02 21:33:54 | 000,145,408 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\M3000KNT.sys -- (M3000Srv)
DRV - [2008/08/05 08:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/15 20:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2008/04/14 08:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2008/04/14 08:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 08:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2008/04/14 08:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2008/04/14 08:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2008/04/14 08:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2008/04/14 08:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2008/04/14 08:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2008/04/14 08:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2008/04/14 08:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2008/04/14 08:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2008/04/14 08:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2008/04/14 08:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2008/04/14 08:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2008/04/14 08:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2008/04/14 08:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2008/04/14 03:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 03:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/02/14 19:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/08/27 00:58:18 | 000,074,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/11/02 09:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/01/04 03:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2004/12/08 02:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0809&m=aspire_one
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0809&m=aspire_one
IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Worm_Jerry_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.entru.com/?s=21982
IE - HKU\Worm_Jerry_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/09/05 22:31:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/20 14:57:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/31 02:44:03 | 000,000,000 | ---D | M]
[2010/06/12 19:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Mozilla\Extensions
[2010/08/30 19:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\fxg7daqc.default\extensions
[2010/07/25 23:51:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\fxg7daqc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/12 17:00:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2010/09/11 16:45:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\Guest_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\Worm_Jerry_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [M3000Mnt] File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKU\Guest_ON_C..\Run: [HNUlaIXnd] C:\DOCUME~1\Guest\LOCALS~1\Temp\avp.exe File not found
O4 - HKU\Guest_ON_C..\Run: [HNUlaIXnoc] C:\DOCUME~1\Guest\LOCALS~1\Temp\debug.exe File not found
O4 - HKU\Guest_ON_C..\Run: [HNUlaIXnqe] C:\DOCUME~1\Guest\LOCALS~1\Temp\login.exe File not found
O4 - HKU\Guest_ON_C..\Run: [HNUlaIXnsf] C:\DOCUME~1\Guest\LOCALS~1\Temp\lsass.exe File not found
O4 - HKU\Guest_ON_C..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\Guest_ON_C..\Run: [MKcrc] C:\WINDOWS\login.exe File not found
O4 - HKU\Guest_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
O4 - HKU\Worm_Jerry_ON_C..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\Worm_Jerry_ON_C..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk = C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
OTLPE by OldTimer - Version 3.1.41.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,014.00 Mb Total Physical Memory | 809.00 Mb Available Physical Memory | 80.00% Memory free
902.00 Mb Paging File | 834.00 Mb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.05 Gb Total Space | 95.37 Gb Free Space | 67.14% Space Free | Partition Type: NTFS
Drive D: | 1.87 Gb Total Space | 0.31 Gb Free Space | 16.73% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 959.70 Mb Total Space | 643.00 Mb Free Space | 67.00% Space Free | Partition Type: FAT
Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/06 18:38:18 | 000,030,192 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/06/10 09:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/04/28 10:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/02/24 16:16:08 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/02/17 19:52:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2010/02/17 18:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/27 14:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/07/08 14:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 22:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/02/05 11:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009/01/23 13:46:14 | 000,203,280 | ---- | M] () [Auto] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/01/14 20:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/04/15 20:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\Rts5161ccid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\Rts516xIR.sys -- (Rts516xIR)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand] -- c:\acernb\int15.sys -- (int15.sys)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btwmodem.sys -- (btwmodem)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btwhid.sys -- (btwhid)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btport.sys -- (BTDriver)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\btaudio.sys -- (btaudio)
DRV - [2010/08/08 23:22:40 | 000,033,824 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32)
DRV - [2010/07/15 18:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2010/04/28 10:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/02/17 19:52:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/02/17 19:52:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/02/17 19:52:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2010/02/17 19:52:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/02/17 19:52:10 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/05/21 17:39:54 | 000,090,472 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/03/02 01:03:46 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/02/25 23:17:52 | 001,344,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/02/24 04:49:44 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/02/05 06:33:04 | 000,205,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/02/03 02:42:30 | 000,162,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/01/02 21:33:54 | 000,145,408 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\M3000KNT.sys -- (M3000Srv)
DRV - [2008/08/05 08:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/15 20:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2008/04/14 08:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2008/04/14 08:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 08:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2008/04/14 08:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2008/04/14 08:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2008/04/14 08:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2008/04/14 08:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2008/04/14 08:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2008/04/14 08:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2008/04/14 08:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2008/04/14 08:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2008/04/14 08:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2008/04/14 08:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2008/04/14 08:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2008/04/14 08:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2008/04/14 08:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2008/04/14 03:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 03:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/02/14 19:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/08/27 00:58:18 | 000,074,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/11/02 09:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/01/04 03:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2004/12/08 02:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0809&m=aspire_one
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0809&m=aspire_one
IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Worm_Jerry_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.entru.com/?s=21982
IE - HKU\Worm_Jerry_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/09/05 22:31:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/20 14:57:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/31 02:44:03 | 000,000,000 | ---D | M]
[2010/06/12 19:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Mozilla\Extensions
[2010/08/30 19:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\fxg7daqc.default\extensions
[2010/07/25 23:51:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\fxg7daqc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/12 17:00:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2010/09/11 16:45:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\Guest_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\Worm_Jerry_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [M3000Mnt] File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKU\Guest_ON_C..\Run: [HNUlaIXnd] C:\DOCUME~1\Guest\LOCALS~1\Temp\avp.exe File not found
O4 - HKU\Guest_ON_C..\Run: [HNUlaIXnoc] C:\DOCUME~1\Guest\LOCALS~1\Temp\debug.exe File not found
O4 - HKU\Guest_ON_C..\Run: [HNUlaIXnqe] C:\DOCUME~1\Guest\LOCALS~1\Temp\login.exe File not found
O4 - HKU\Guest_ON_C..\Run: [HNUlaIXnsf] C:\DOCUME~1\Guest\LOCALS~1\Temp\lsass.exe File not found
O4 - HKU\Guest_ON_C..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\Guest_ON_C..\Run: [MKcrc] C:\WINDOWS\login.exe File not found
O4 - HKU\Guest_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
O4 - HKU\Worm_Jerry_ON_C..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\Worm_Jerry_ON_C..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk = C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Worm_Jerry_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Worm_Jerry_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Worm_Jerry_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/12 01:07:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 04:06:42 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/09/14 14:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Worm Jerry\Desktop\OTLPE
[2010/09/14 14:45:13 | 000,000,000 | ---D | C] -- C:\eeepcfr
[2010/09/14 14:43:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Worm Jerry\Desktop\OTLPEStd
[2010/09/14 14:43:29 | 098,166,081 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\Worm Jerry\Desktop\OTLPEStd.exe
[2010/09/14 14:43:02 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/09/13 23:54:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/13 14:26:12 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Worm Jerry\My Documents\OTL.exe
[2010/09/13 14:25:37 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Cookies
[2010/09/12 16:48:58 | 000,000,000 | --SD | C] -- C:\WINDOWS\system32\config\systemprofile\Cookies
[2010/09/11 19:10:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/09/11 16:34:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/11 02:22:07 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/11 02:15:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/11 02:15:05 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/11 02:15:05 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/11 02:14:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/11 02:11:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/08 00:18:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/08 00:18:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/08 00:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/07 23:03:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/03 20:33:07 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/09/03 20:33:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/09/03 19:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/09/03 03:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Worm Jerry\Application Data\Malwarebytes
[2010/09/03 01:07:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/09/02 01:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[2010/09/02 01:19:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\Favorites
[2010/09/01 07:19:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2010/09/01 07:19:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/08/31 23:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Yahoo
[2010/08/31 23:19:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/08/31 23:18:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Yahoo!
[2010/08/31 23:18:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2010/08/31 23:18:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LocalService\Favorites
[2010/08/31 17:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/08/31 17:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/08/25 03:08:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\My Documents\My Music
[2010/08/25 03:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\My Documents
[2010/08/25 02:48:45 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/08/20 14:57:55 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/03/11 08:53:14 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll
========== Files - Modified Within 30 Days ==========
[2010/09/15 23:00:25 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/09/15 23:00:25 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/09/15 23:00:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/15 23:00:17 | 000,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata
[2010/09/15 23:00:05 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/15 23:00:04 | 000,018,941 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/09/15 22:59:43 | 1063,198,720 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/15 22:58:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/15 21:38:05 | 001,835,008 | -H-- | M] () -- C:\Documents and Settings\Guest\NTUSER.DAT
[2010/09/14 15:49:06 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/14 14:24:28 | 098,166,081 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Worm Jerry\Desktop\OTLPEStd.exe
[2010/09/14 14:23:26 | 000,515,892 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\eeepcfr.zip
[2010/09/14 03:02:28 | 000,072,704 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/14 01:00:48 | 000,511,030 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/14 01:00:48 | 000,434,598 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/14 01:00:48 | 000,068,734 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/14 00:56:08 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/14 00:46:36 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Worm Jerry\NTUSER.DAT
[2010/09/14 00:46:36 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Worm Jerry\ntuser.ini
[2010/09/14 00:10:49 | 004,308,596 | -H-- | M] () -- C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\IconCache.db
[2010/09/14 00:05:00 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/09/13 23:13:08 | 001,578,762 | -H-- | M] () -- C:\Documents and Settings\Guest\Local Settings\Application Data\IconCache.db
[2010/09/13 14:00:16 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Worm Jerry\My Documents\OTL.exe
[2010/09/11 16:45:28 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/11 16:45:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/11 15:52:16 | 003,842,655 | R--- | M] () -- C:\Documents and Settings\Worm Jerry\My Documents\ComboFix.exe
[2010/09/11 15:45:56 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\SystemLook.exe
[2010/09/11 02:22:12 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/09/07 23:04:36 | 000,002,457 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\HiJackThis.lnk
[2010/09/06 22:56:05 | 001,891,254 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\untitled.bmp
[2010/09/06 05:09:10 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/05 22:31:32 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/04 13:17:27 | 000,000,230 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/09/01 19:48:48 | 000,043,454 | ---- | M] () -- C:\WINDOWS\System32\xkqon
[2010/09/01 13:24:15 | 000,000,004 | -H-- | M] () -- C:\WINDOWS\System32\iexplore.sy_
[2010/09/01 04:44:08 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/08/30 19:11:49 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\rsume(3).doc
[2010/08/26 21:40:43 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Guest\Desktop\Windows Media Player.lnk
[2010/08/25 18:48:46 | 000,000,400 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Application Data\wklnhst.dat
[2010/08/25 02:57:18 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/08/25 02:57:18 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\Windows Media Player.lnk
[2010/08/25 02:56:28 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/08/25 02:56:28 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/08/21 16:51:11 | 000,000,115 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Application Data\default.pls
[2010/08/19 19:09:37 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\My Documents\rsume slojobs.wps
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Worm_Jerry_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Worm_Jerry_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Worm_Jerry_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/12 01:07:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 04:06:42 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/09/14 14:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Worm Jerry\Desktop\OTLPE
[2010/09/14 14:45:13 | 000,000,000 | ---D | C] -- C:\eeepcfr
[2010/09/14 14:43:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Worm Jerry\Desktop\OTLPEStd
[2010/09/14 14:43:29 | 098,166,081 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\Worm Jerry\Desktop\OTLPEStd.exe
[2010/09/14 14:43:02 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/09/13 23:54:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/13 14:26:12 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Worm Jerry\My Documents\OTL.exe
[2010/09/13 14:25:37 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Cookies
[2010/09/12 16:48:58 | 000,000,000 | --SD | C] -- C:\WINDOWS\system32\config\systemprofile\Cookies
[2010/09/11 19:10:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/09/11 16:34:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/11 02:22:07 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/11 02:15:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/11 02:15:05 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/11 02:15:05 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/11 02:14:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/11 02:11:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/08 00:18:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/08 00:18:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/08 00:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/07 23:03:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/03 20:33:07 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/09/03 20:33:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/09/03 19:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/09/03 03:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Worm Jerry\Application Data\Malwarebytes
[2010/09/03 01:07:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/09/02 01:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[2010/09/02 01:19:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\Favorites
[2010/09/01 07:19:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2010/09/01 07:19:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/08/31 23:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Yahoo
[2010/08/31 23:19:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/08/31 23:18:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Yahoo!
[2010/08/31 23:18:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2010/08/31 23:18:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LocalService\Favorites
[2010/08/31 17:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/08/31 17:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/08/25 03:08:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\My Documents\My Music
[2010/08/25 03:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\My Documents
[2010/08/25 02:48:45 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/08/20 14:57:55 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/03/11 08:53:14 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll
========== Files - Modified Within 30 Days ==========
[2010/09/15 23:00:25 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/09/15 23:00:25 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/09/15 23:00:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/15 23:00:17 | 000,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata
[2010/09/15 23:00:05 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/15 23:00:04 | 000,018,941 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/09/15 22:59:43 | 1063,198,720 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/15 22:58:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/15 21:38:05 | 001,835,008 | -H-- | M] () -- C:\Documents and Settings\Guest\NTUSER.DAT
[2010/09/14 15:49:06 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/14 14:24:28 | 098,166,081 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Worm Jerry\Desktop\OTLPEStd.exe
[2010/09/14 14:23:26 | 000,515,892 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\eeepcfr.zip
[2010/09/14 03:02:28 | 000,072,704 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/14 01:00:48 | 000,511,030 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/14 01:00:48 | 000,434,598 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/14 01:00:48 | 000,068,734 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/14 00:56:08 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/14 00:46:36 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Worm Jerry\NTUSER.DAT
[2010/09/14 00:46:36 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Worm Jerry\ntuser.ini
[2010/09/14 00:10:49 | 004,308,596 | -H-- | M] () -- C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\IconCache.db
[2010/09/14 00:05:00 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/09/13 23:13:08 | 001,578,762 | -H-- | M] () -- C:\Documents and Settings\Guest\Local Settings\Application Data\IconCache.db
[2010/09/13 14:00:16 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Worm Jerry\My Documents\OTL.exe
[2010/09/11 16:45:28 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/11 16:45:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/11 15:52:16 | 003,842,655 | R--- | M] () -- C:\Documents and Settings\Worm Jerry\My Documents\ComboFix.exe
[2010/09/11 15:45:56 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\SystemLook.exe
[2010/09/11 02:22:12 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/09/07 23:04:36 | 000,002,457 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\HiJackThis.lnk
[2010/09/06 22:56:05 | 001,891,254 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\untitled.bmp
[2010/09/06 05:09:10 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/05 22:31:32 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/04 13:17:27 | 000,000,230 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/09/01 19:48:48 | 000,043,454 | ---- | M] () -- C:\WINDOWS\System32\xkqon
[2010/09/01 13:24:15 | 000,000,004 | -H-- | M] () -- C:\WINDOWS\System32\iexplore.sy_
[2010/09/01 04:44:08 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/08/30 19:11:49 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\rsume(3).doc
[2010/08/26 21:40:43 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Guest\Desktop\Windows Media Player.lnk
[2010/08/25 18:48:46 | 000,000,400 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Application Data\wklnhst.dat
[2010/08/25 02:57:18 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/08/25 02:57:18 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\Windows Media Player.lnk
[2010/08/25 02:56:28 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/08/25 02:56:28 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/08/21 16:51:11 | 000,000,115 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Application Data\default.pls
[2010/08/19 19:09:37 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\My Documents\rsume slojobs.wps
========== Files Created - No Company Name ==========
[2010/09/15 22:59:00 | 000,008,212 | ---- | C] () -- C:\WINDOWS\mfebcdata
[2010/09/14 14:43:27 | 000,515,892 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\eeepcfr.zip
[2010/09/11 16:06:26 | 003,842,655 | R--- | C] () -- C:\Documents and Settings\Worm Jerry\My Documents\ComboFix.exe
[2010/09/11 15:49:47 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\SystemLook.exe
[2010/09/11 02:22:12 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/09/11 02:22:08 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/09/11 02:15:05 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/11 02:15:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/11 02:15:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/11 02:15:05 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/11 02:15:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/08 15:52:46 | 1063,198,720 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/07 23:03:36 | 000,002,457 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\HiJackThis.lnk
[2010/09/06 22:56:04 | 001,891,254 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\untitled.bmp
[2010/09/04 13:17:27 | 000,000,230 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/09/01 19:48:48 | 000,043,454 | ---- | C] () -- C:\WINDOWS\System32\xkqon
[2010/09/01 13:24:15 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\System32\iexplore.sy_
[2010/08/31 01:26:12 | 000,010,210 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\thunder_3.wav
[2010/08/25 18:52:59 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\rsume(3).doc
[2010/08/08 23:22:40 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2010/07/26 00:32:50 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Guest\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/14 05:02:14 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/19 20:12:01 | 000,000,087 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\FASTWiz.log
[2010/05/06 00:52:08 | 001,835,008 | -H-- | C] () -- C:\Documents and Settings\Guest\NTUSER.DAT
[2010/05/06 00:52:08 | 000,020,480 | -H-- | C] () -- C:\Documents and Settings\Guest\ntuser.dat.LOG
[2010/05/06 00:52:08 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Guest\ntuser.ini
[2010/03/24 02:06:38 | 000,000,400 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Application Data\wklnhst.dat
[2009/08/29 05:05:19 | 000,000,115 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Application Data\default.pls
[2009/08/29 05:04:39 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/28 03:07:53 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\.rnd
[2009/08/28 02:52:03 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/08/28 02:52:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/08/28 02:52:03 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/08/28 02:52:02 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/08/28 02:52:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/08/28 02:52:02 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/08/27 17:01:20 | 000,072,704 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/24 17:09:39 | 004,718,592 | -H-- | C] () -- C:\Documents and Settings\Worm Jerry\NTUSER.DAT
[2009/08/24 17:09:39 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Worm Jerry\ntuser.dat.LOG
[2009/08/24 17:09:39 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Worm Jerry\ntuser.ini
[2009/06/22 19:28:46 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\M3000DIF.dll
[2009/06/22 19:28:46 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\M3000KNT.sys
[2009/06/22 19:28:46 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
[2009/06/22 19:26:19 | 000,262,144 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT
[2009/06/22 19:26:19 | 000,008,192 | -H-- | C] () -- C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
[2009/03/12 02:47:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/03/12 01:55:36 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/03/12 01:10:15 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/03/12 01:10:02 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2009/03/12 01:10:02 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2009/03/12 01:10:02 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2009/03/12 01:10:02 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2009/03/12 01:10:01 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2009/03/12 01:10:01 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2009/03/12 01:05:25 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
========== LOP Check ==========
[2009/03/12 02:32:46 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Acer
[2009/03/12 02:06:59 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Acer GameZone Console
[2009/08/24 17:13:41 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\SACore
[2009/03/12 02:27:54 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Super-Cow
[2009/03/12 02:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Acer
[2009/03/12 02:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Acer GameZone Console
[2009/03/12 02:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Super-Cow
[2010/08/08 14:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/03/12 02:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Acer
[2009/03/12 02:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Acer GameZone Console
[2010/05/30 03:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Facebook
[2009/12/05 22:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\GetRightToGo
[2009/10/11 02:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\InterVideo
[2009/12/05 19:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Research In Motion
[2009/03/12 02:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Super-Cow
[2010/03/24 02:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Template
[2010/06/15 04:28:24 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/09/01 04:44:08 | 000,000,328 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
========== Purity Check ==========
========== Custom Scans ==========
< :OTL >
< O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. >
< O4 - HKLM..\Run: [M3000Mnt] File not found >
< O4 - HKU\Guest_ON_C..\Run: [HNUlaIXnd] C:\DOCUME~1\Guest\LOCALS~1\Temp\avp.exe File not found >
< O4 - HKU\Guest_ON_C..\Run: [HNUlaIXnoc] C:\DOCUME~1\Guest\LOCALS~1\Temp\debug.exe File not found >
< O4 - HKU\Guest_ON_C..\Run: [HNUlaIXnqe] C:\DOCUME~1\Guest\LOCALS~1\Temp\login.exe File not found >
< O4 - HKU\Guest_ON_C..\Run: [HNUlaIXnsf] C:\DOCUME~1\Guest\LOCALS~1\Temp\lsass.exe File not found >
< O4 - HKU\Guest_ON_C..\Run: [MKcrc] C:\WINDOWS\login.exe File not found >
< O4 - HKU\Guest_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found >
< O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present >
< O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...8f/wvc1dmo.cab (Reg Error: Key error.) >
Invalid Switch: wvc1dmo.cab (Reg Error: Key error.)
< [2010/09/01 19:48:48 | 000,043,454 | ---- | M] () -- C:\WINDOWS\System32\xkqon >
Invalid Switch: 01 19:48:48 | 000,043,454 | ---- | M] () -- C:\WINDOWS\System32\xkqon
< [2010/09/01 13:24:15 | 000,000,004 | -H-- | M] () -- C:\WINDOWS\System32\iexplore.sy_ >
Invalid Switch: 01 13:24:15 | 000,000,004 | -H-- | M] () -- C:\WINDOWS\System32\iexplore.sy_
< :Services >
< :Reg >
< :Files >
< C:\WINDOWS\explorer.exe|C:\Documents and Settings\Worm Jerry\Desktop\OTLPE\I386\EXPLORER.EXE /replace >
Invalid Switch: replace
< C:\WINDOWS\system32\winlogon.exe|C:\Documents and Settings\Worm Jerry\Desktop\OTLPE\I386\SYSTEM32\WINLOGON.EXE /replace >
Invalid Switch: replace
< :Commands >
< [purity] >
< [emptytemp] >
< End of report >
[2010/09/15 22:59:00 | 000,008,212 | ---- | C] () -- C:\WINDOWS\mfebcdata
[2010/09/14 14:43:27 | 000,515,892 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\eeepcfr.zip
[2010/09/11 16:06:26 | 003,842,655 | R--- | C] () -- C:\Documents and Settings\Worm Jerry\My Documents\ComboFix.exe
[2010/09/11 15:49:47 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\SystemLook.exe
[2010/09/11 02:22:12 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/09/11 02:22:08 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/09/11 02:15:05 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/11 02:15:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/11 02:15:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/11 02:15:05 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/11 02:15:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/08 15:52:46 | 1063,198,720 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/07 23:03:36 | 000,002,457 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\HiJackThis.lnk
[2010/09/06 22:56:04 | 001,891,254 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\untitled.bmp
[2010/09/04 13:17:27 | 000,000,230 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/09/01 19:48:48 | 000,043,454 | ---- | C] () -- C:\WINDOWS\System32\xkqon
[2010/09/01 13:24:15 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\System32\iexplore.sy_
[2010/08/31 01:26:12 | 000,010,210 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\thunder_3.wav
[2010/08/25 18:52:59 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\rsume(3).doc
[2010/08/08 23:22:40 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2010/07/26 00:32:50 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Guest\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/14 05:02:14 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/19 20:12:01 | 000,000,087 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\FASTWiz.log
[2010/05/06 00:52:08 | 001,835,008 | -H-- | C] () -- C:\Documents and Settings\Guest\NTUSER.DAT
[2010/05/06 00:52:08 | 000,020,480 | -H-- | C] () -- C:\Documents and Settings\Guest\ntuser.dat.LOG
[2010/05/06 00:52:08 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Guest\ntuser.ini
[2010/03/24 02:06:38 | 000,000,400 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Application Data\wklnhst.dat
[2009/08/29 05:05:19 | 000,000,115 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Application Data\default.pls
[2009/08/29 05:04:39 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/28 03:07:53 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\.rnd
[2009/08/28 02:52:03 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/08/28 02:52:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/08/28 02:52:03 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/08/28 02:52:02 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/08/28 02:52:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/08/28 02:52:02 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/08/27 17:01:20 | 000,072,704 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/24 17:09:39 | 004,718,592 | -H-- | C] () -- C:\Documents and Settings\Worm Jerry\NTUSER.DAT
[2009/08/24 17:09:39 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Worm Jerry\ntuser.dat.LOG
[2009/08/24 17:09:39 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Worm Jerry\ntuser.ini
[2009/06/22 19:28:46 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\M3000DIF.dll
[2009/06/22 19:28:46 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\M3000KNT.sys
[2009/06/22 19:28:46 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
[2009/06/22 19:26:19 | 000,262,144 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT
[2009/06/22 19:26:19 | 000,008,192 | -H-- | C] () -- C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
[2009/03/12 02:47:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/03/12 01:55:36 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/03/12 01:10:15 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/03/12 01:10:02 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2009/03/12 01:10:02 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2009/03/12 01:10:02 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2009/03/12 01:10:02 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2009/03/12 01:10:01 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2009/03/12 01:10:01 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2009/03/12 01:05:25 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
========== LOP Check ==========
[2009/03/12 02:32:46 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Acer
[2009/03/12 02:06:59 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Acer GameZone Console
[2009/08/24 17:13:41 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\SACore
[2009/03/12 02:27:54 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Super-Cow
[2009/03/12 02:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Acer
[2009/03/12 02:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Acer GameZone Console
[2009/03/12 02:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Super-Cow
[2010/08/08 14:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/03/12 02:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Acer
[2009/03/12 02:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Acer GameZone Console
[2010/05/30 03:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Facebook
[2009/12/05 22:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\GetRightToGo
[2009/10/11 02:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\InterVideo
[2009/12/05 19:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Research In Motion
[2009/03/12 02:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Super-Cow
[2010/03/24 02:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Template
[2010/06/15 04:28:24 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/09/01 04:44:08 | 000,000,328 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
========== Purity Check ==========
========== Custom Scans ==========
< :OTL >
< O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. >
< O4 - HKLM..\Run: [M3000Mnt] File not found >
< O4 - HKU\Guest_ON_C..\Run: [HNUlaIXnd] C:\DOCUME~1\Guest\LOCALS~1\Temp\avp.exe File not found >
< O4 - HKU\Guest_ON_C..\Run: [HNUlaIXnoc] C:\DOCUME~1\Guest\LOCALS~1\Temp\debug.exe File not found >
< O4 - HKU\Guest_ON_C..\Run: [HNUlaIXnqe] C:\DOCUME~1\Guest\LOCALS~1\Temp\login.exe File not found >
< O4 - HKU\Guest_ON_C..\Run: [HNUlaIXnsf] C:\DOCUME~1\Guest\LOCALS~1\Temp\lsass.exe File not found >
< O4 - HKU\Guest_ON_C..\Run: [MKcrc] C:\WINDOWS\login.exe File not found >
< O4 - HKU\Guest_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found >
< O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present >
< O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...8f/wvc1dmo.cab (Reg Error: Key error.) >
Invalid Switch: wvc1dmo.cab (Reg Error: Key error.)
< [2010/09/01 19:48:48 | 000,043,454 | ---- | M] () -- C:\WINDOWS\System32\xkqon >
Invalid Switch: 01 19:48:48 | 000,043,454 | ---- | M] () -- C:\WINDOWS\System32\xkqon
< [2010/09/01 13:24:15 | 000,000,004 | -H-- | M] () -- C:\WINDOWS\System32\iexplore.sy_ >
Invalid Switch: 01 13:24:15 | 000,000,004 | -H-- | M] () -- C:\WINDOWS\System32\iexplore.sy_
< :Services >
< :Reg >
< :Files >
< C:\WINDOWS\explorer.exe|C:\Documents and Settings\Worm Jerry\Desktop\OTLPE\I386\EXPLORER.EXE /replace >
Invalid Switch: replace
< C:\WINDOWS\system32\winlogon.exe|C:\Documents and Settings\Worm Jerry\Desktop\OTLPE\I386\SYSTEM32\WINLOGON.EXE /replace >
Invalid Switch: replace
< :Commands >
< [purity] >
< [emptytemp] >
< End of report >
my bad did a scan
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\M3000Mnt not found.
Registry value HKEY_USERS\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\HNUlaIXnd not found.
Registry value HKEY_USERS\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\HNUlaIXnoc not found.
Registry value HKEY_USERS\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\HNUlaIXnqe not found.
Registry value HKEY_USERS\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\HNUlaIXnsf not found.
Registry value HKEY_USERS\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrc not found.
Registry value HKEY_USERS\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\swg not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_USERS\Guest_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_USERS\Worm_Jerry_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
File C:\WINDOWS\System32\xkqon not found.
File C:\WINDOWS\System32\iexplore.sy_ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File C:\WINDOWS\explorer.exe successfully replaced with C:\Documents and Settings\Worm Jerry\Desktop\OTLPE\I386\EXPLORER.EXE
File C:\WINDOWS\system32\winlogon.exe successfully replaced with C:\Documents and Settings\Worm Jerry\Desktop\OTLPE\I386\SYSTEM32\WINLOGON.EXE
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Worm Jerry
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
Total Files Cleaned = 0.00 mb
OTLPE by OldTimer - Version 3.1.41.0 log created on 09182010_022809
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\M3000Mnt not found.
Registry value HKEY_USERS\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\HNUlaIXnd not found.
Registry value HKEY_USERS\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\HNUlaIXnoc not found.
Registry value HKEY_USERS\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\HNUlaIXnqe not found.
Registry value HKEY_USERS\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\HNUlaIXnsf not found.
Registry value HKEY_USERS\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrc not found.
Registry value HKEY_USERS\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\swg not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_USERS\Guest_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_USERS\Worm_Jerry_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
File C:\WINDOWS\System32\xkqon not found.
File C:\WINDOWS\System32\iexplore.sy_ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File C:\WINDOWS\explorer.exe successfully replaced with C:\Documents and Settings\Worm Jerry\Desktop\OTLPE\I386\EXPLORER.EXE
File C:\WINDOWS\system32\winlogon.exe successfully replaced with C:\Documents and Settings\Worm Jerry\Desktop\OTLPE\I386\SYSTEM32\WINLOGON.EXE
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Worm Jerry
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
Total Files Cleaned = 0.00 mb
OTLPE by OldTimer - Version 3.1.41.0 log created on 09182010_022809
ComboFix 10-09-19.02 - Worm Jerry 09/21/2010 4:44.4.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.709 [GMT -7:00]
Running from: D:\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((( Files Created from 2010-08-21 to 2010-09-21 )))))))))))))))))))))))))))))))
.
2010-09-18 06:27 . 2004-08-03 21:07 1032192 ----a-w- c:\windows\explorer.exe
2010-09-14 18:45 . 2008-01-24 20:44 -------- d-----w- C:\eeepcfr
2010-09-14 18:43 . 2010-09-14 18:43 -------- d-----w- c:\program files\7-Zip
2010-09-14 03:54 . 2010-09-14 03:54 -------- d-----w- C:\_OTL
2010-09-11 23:12 . 2010-09-11 23:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Arcade Lab
2010-09-08 04:18 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-08 04:18 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-08 04:17 . 2010-09-08 04:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-08 03:03 . 2010-09-08 03:03 388096 ----a-r- c:\documents and settings\Worm Jerry\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-08 03:03 . 2010-09-08 03:03 -------- d-----w- c:\program files\Trend Micro
2010-09-04 00:33 . 2010-09-04 16:58 -------- d-----w- c:\program files\Spyware Doctor
2010-09-04 00:33 . 2010-09-04 16:58 -------- d-----w- c:\program files\Common Files\PC Tools
2010-09-04 00:32 . 2010-09-12 00:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-03 23:36 . 2010-09-03 23:36 -------- d-----w- c:\program files\ESET
2010-09-03 07:31 . 2010-09-03 07:31 -------- d-----w- c:\documents and settings\Worm Jerry\Application Data\Malwarebytes
2010-09-03 07:31 . 2010-09-03 07:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-02 05:19 . 2010-09-02 05:19 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2010-09-01 11:19 . 2010-09-01 11:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2010-09-01 03:19 . 2010-09-01 03:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Yahoo
2010-09-01 03:18 . 2010-09-01 03:18 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2010-08-28 08:47 . 2010-09-04 17:06 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-08-25 06:47 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-08 05:12 . 2010-07-03 00:02 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-04 20:22 . 2010-05-22 01:04 -------- d-----w- c:\program files\McAfee
2010-09-04 17:18 . 2010-03-06 01:23 -------- d-----w- c:\program files\Yahoo!
2010-09-04 17:18 . 2010-03-06 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-09-04 17:14 . 2009-03-12 06:06 -------- d-----w- c:\program files\Google
2010-09-04 17:10 . 2010-07-03 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-09-04 17:10 . 2010-01-22 20:52 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-09-04 17:09 . 2010-01-22 20:52 -------- d-----w- c:\program files\DivX
2010-09-04 16:47 . 2001-08-17 13:57 11648 ----a-w- c:\windows\system32\drivers\acpiec.sys
2010-09-03 08:47 . 2009-03-12 06:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Acer GameZone Console
2010-08-28 09:52 . 2010-08-03 08:17 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-08-25 22:48 . 2010-03-24 06:06 400 ----a-w- c:\documents and settings\Worm Jerry\Application Data\wklnhst.dat
2010-08-25 06:45 . 2009-12-13 08:42 -------- d-----w- c:\program files\Windows Media Connect 2
2010-08-20 18:58 . 2010-08-20 18:57 -------- d-----w- c:\program files\QuickTime
2010-08-20 18:57 . 2010-08-20 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-08-13 22:32 . 2010-05-06 04:52 76112 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-12 18:34 . 2009-03-12 06:01 -------- d-----w- c:\program files\Microsoft Works
2010-08-12 18:13 . 2009-03-12 05:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-09 04:00 . 2010-08-09 03:17 -------- d-----w- c:\program files\Magestorm
2010-08-09 03:22 . 2010-08-09 03:22 33824 ----a-w- c:\windows\system32\drivers\oreans32.sys
2010-08-08 18:43 . 2009-08-24 21:56 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2010-08-03 17:08 . 2010-08-03 01:34 -------- d-----w- c:\program files\AVS4YOU
2010-08-03 17:08 . 2010-08-03 01:34 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-08-03 08:17 . 2010-01-22 20:57 -------- d-----w- c:\documents and settings\Worm Jerry\Application Data\DivX
2010-08-03 01:49 . 2010-08-03 01:49 -------- d-----w- c:\program files\InterLok
2010-08-03 01:36 . 2010-08-03 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-08-03 01:36 . 2010-08-03 01:36 -------- d-----w- c:\documents and settings\Worm Jerry\Application Data\AVS4YOU
2010-08-03 01:36 . 2009-08-24 21:09 76112 ----a-w- c:\documents and settings\Worm Jerry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-31 21:37 . 2010-07-31 21:38 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-07-31 21:37 . 2010-07-31 21:37 -------- d-----w- c:\program files\Java
2010-07-31 21:37 . 2010-07-31 21:37 152576 ----a-w- c:\documents and settings\Worm Jerry\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-07-31 21:36 . 2010-07-31 21:35 79488 ----a-w- c:\documents and settings\Worm Jerry\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-07-22 03:58 . 2010-07-13 23:23 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-15 22:18 . 2010-05-22 01:04 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-06-30 12:31 . 2009-03-11 12:53 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:15 . 2009-03-11 12:53 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2009-03-11 12:52 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-24 12:10 . 2009-03-11 12:53 667136 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2009-03-11 12:53 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-07-06 22:38 . 2010-07-06 22:38 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
------- Sigcheck -------
[-] 2004-08-03 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2004-08-03 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-09-11_06.37.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-11 12:53 . 2010-09-21 11:11 68734 c:\windows\system32\perfc009.dat
- 2009-03-11 12:53 . 2010-09-11 05:53 68734 c:\windows\system32\perfc009.dat
+ 2010-09-18 11:28 . 2010-09-21 11:12 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-08-24 21:03 . 2010-09-21 11:12 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-08-24 21:03 . 2010-09-11 06:13 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-09-12 20:48 . 2010-09-21 11:12 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-11 12:53 . 2010-09-21 11:11 434598 c:\windows\system32\perfh009.dat
- 2009-03-11 12:53 . 2010-09-11 05:53 434598 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-02-17 5244216]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-24 17529856]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-05 1430824]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-30 875016]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-06 30192]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-07 236016]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-3-11 565248]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-8-27 114688]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26666:TCP"= 26666:TCP:spport
"24027:TCP"= 24027:TCP:spport
"15825:TCP"= 15825:TCP:spport
"24262:TCP"= 24262:TCP:spport
"24152:TCP"= 24152:TCP:spport
"11508:TCP"= 11508:TCP:spport
S1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [8/8/2010 8:22 PM 33824]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/23/2010 1:39 AM 135664]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [5/21/2010 6:07 PM 203280]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [3/11/2009 11:32 PM 237568]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/11/2009 10:56 PM 1684736]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [3/11/2009 11:06 PM 30192]
S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/3/2009 8:03 PM 38912]
S3 M3000Srv;WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [6/22/2009 4:28 PM 145408]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [3/11/2009 10:54 PM 162816]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - PXHELP20
.
Contents of the 'Scheduled Tasks' folder
2010-08-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
2010-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-23 08:38]
2010-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-23 08:38]
2010-06-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-05-22 19:22]
2010-09-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-05-22 19:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.entru.com/?s=21982
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\Worm Jerry\Application Data\Mozilla\Firefox\Profiles\bz5lle5a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Worm Jerry\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\TVUAx\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(228)
c:\windows\system32\igfxdev.dll
.
Completion time: 2010-09-21 04:52:07
ComboFix-quarantined-files.txt 2010-09-21 11:52
ComboFix2.txt 2010-09-11 20:49
Pre-Run: 103,922,827,264 bytes free
Post-Run: 103,901,687,808 bytes free
- - End Of File - - 227E8A207D896CC459260478D3454617
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.709 [GMT -7:00]
Running from: D:\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((( Files Created from 2010-08-21 to 2010-09-21 )))))))))))))))))))))))))))))))
.
2010-09-18 06:27 . 2004-08-03 21:07 1032192 ----a-w- c:\windows\explorer.exe
2010-09-14 18:45 . 2008-01-24 20:44 -------- d-----w- C:\eeepcfr
2010-09-14 18:43 . 2010-09-14 18:43 -------- d-----w- c:\program files\7-Zip
2010-09-14 03:54 . 2010-09-14 03:54 -------- d-----w- C:\_OTL
2010-09-11 23:12 . 2010-09-11 23:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Arcade Lab
2010-09-08 04:18 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-08 04:18 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-08 04:17 . 2010-09-08 04:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-08 03:03 . 2010-09-08 03:03 388096 ----a-r- c:\documents and settings\Worm Jerry\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-08 03:03 . 2010-09-08 03:03 -------- d-----w- c:\program files\Trend Micro
2010-09-04 00:33 . 2010-09-04 16:58 -------- d-----w- c:\program files\Spyware Doctor
2010-09-04 00:33 . 2010-09-04 16:58 -------- d-----w- c:\program files\Common Files\PC Tools
2010-09-04 00:32 . 2010-09-12 00:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-03 23:36 . 2010-09-03 23:36 -------- d-----w- c:\program files\ESET
2010-09-03 07:31 . 2010-09-03 07:31 -------- d-----w- c:\documents and settings\Worm Jerry\Application Data\Malwarebytes
2010-09-03 07:31 . 2010-09-03 07:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-02 05:19 . 2010-09-02 05:19 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2010-09-01 11:19 . 2010-09-01 11:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2010-09-01 03:19 . 2010-09-01 03:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Yahoo
2010-09-01 03:18 . 2010-09-01 03:18 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2010-08-28 08:47 . 2010-09-04 17:06 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-08-25 06:47 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-08 05:12 . 2010-07-03 00:02 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-04 20:22 . 2010-05-22 01:04 -------- d-----w- c:\program files\McAfee
2010-09-04 17:18 . 2010-03-06 01:23 -------- d-----w- c:\program files\Yahoo!
2010-09-04 17:18 . 2010-03-06 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-09-04 17:14 . 2009-03-12 06:06 -------- d-----w- c:\program files\Google
2010-09-04 17:10 . 2010-07-03 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-09-04 17:10 . 2010-01-22 20:52 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-09-04 17:09 . 2010-01-22 20:52 -------- d-----w- c:\program files\DivX
2010-09-04 16:47 . 2001-08-17 13:57 11648 ----a-w- c:\windows\system32\drivers\acpiec.sys
2010-09-03 08:47 . 2009-03-12 06:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Acer GameZone Console
2010-08-28 09:52 . 2010-08-03 08:17 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-08-25 22:48 . 2010-03-24 06:06 400 ----a-w- c:\documents and settings\Worm Jerry\Application Data\wklnhst.dat
2010-08-25 06:45 . 2009-12-13 08:42 -------- d-----w- c:\program files\Windows Media Connect 2
2010-08-20 18:58 . 2010-08-20 18:57 -------- d-----w- c:\program files\QuickTime
2010-08-20 18:57 . 2010-08-20 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-08-13 22:32 . 2010-05-06 04:52 76112 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-12 18:34 . 2009-03-12 06:01 -------- d-----w- c:\program files\Microsoft Works
2010-08-12 18:13 . 2009-03-12 05:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-09 04:00 . 2010-08-09 03:17 -------- d-----w- c:\program files\Magestorm
2010-08-09 03:22 . 2010-08-09 03:22 33824 ----a-w- c:\windows\system32\drivers\oreans32.sys
2010-08-08 18:43 . 2009-08-24 21:56 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2010-08-03 17:08 . 2010-08-03 01:34 -------- d-----w- c:\program files\AVS4YOU
2010-08-03 17:08 . 2010-08-03 01:34 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-08-03 08:17 . 2010-01-22 20:57 -------- d-----w- c:\documents and settings\Worm Jerry\Application Data\DivX
2010-08-03 01:49 . 2010-08-03 01:49 -------- d-----w- c:\program files\InterLok
2010-08-03 01:36 . 2010-08-03 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-08-03 01:36 . 2010-08-03 01:36 -------- d-----w- c:\documents and settings\Worm Jerry\Application Data\AVS4YOU
2010-08-03 01:36 . 2009-08-24 21:09 76112 ----a-w- c:\documents and settings\Worm Jerry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-31 21:37 . 2010-07-31 21:38 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-07-31 21:37 . 2010-07-31 21:37 -------- d-----w- c:\program files\Java
2010-07-31 21:37 . 2010-07-31 21:37 152576 ----a-w- c:\documents and settings\Worm Jerry\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-07-31 21:36 . 2010-07-31 21:35 79488 ----a-w- c:\documents and settings\Worm Jerry\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-07-22 03:58 . 2010-07-13 23:23 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-15 22:18 . 2010-05-22 01:04 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-06-30 12:31 . 2009-03-11 12:53 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:15 . 2009-03-11 12:53 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2009-03-11 12:52 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-24 12:10 . 2009-03-11 12:53 667136 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2009-03-11 12:53 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-07-06 22:38 . 2010-07-06 22:38 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
------- Sigcheck -------
[-] 2004-08-03 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2004-08-03 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-09-11_06.37.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-11 12:53 . 2010-09-21 11:11 68734 c:\windows\system32\perfc009.dat
- 2009-03-11 12:53 . 2010-09-11 05:53 68734 c:\windows\system32\perfc009.dat
+ 2010-09-18 11:28 . 2010-09-21 11:12 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-08-24 21:03 . 2010-09-21 11:12 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-08-24 21:03 . 2010-09-11 06:13 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-09-12 20:48 . 2010-09-21 11:12 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-11 12:53 . 2010-09-21 11:11 434598 c:\windows\system32\perfh009.dat
- 2009-03-11 12:53 . 2010-09-11 05:53 434598 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-02-17 5244216]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-24 17529856]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-05 1430824]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-30 875016]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-06 30192]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-07 236016]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-3-11 565248]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-8-27 114688]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26666:TCP"= 26666:TCP:spport
"24027:TCP"= 24027:TCP:spport
"15825:TCP"= 15825:TCP:spport
"24262:TCP"= 24262:TCP:spport
"24152:TCP"= 24152:TCP:spport
"11508:TCP"= 11508:TCP:spport
S1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [8/8/2010 8:22 PM 33824]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/23/2010 1:39 AM 135664]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [5/21/2010 6:07 PM 203280]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [3/11/2009 11:32 PM 237568]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/11/2009 10:56 PM 1684736]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [3/11/2009 11:06 PM 30192]
S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/3/2009 8:03 PM 38912]
S3 M3000Srv;WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [6/22/2009 4:28 PM 145408]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [3/11/2009 10:54 PM 162816]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - PXHELP20
.
Contents of the 'Scheduled Tasks' folder
2010-08-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
2010-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-23 08:38]
2010-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-23 08:38]
2010-06-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-05-22 19:22]
2010-09-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-05-22 19:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.entru.com/?s=21982
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\Worm Jerry\Application Data\Mozilla\Firefox\Profiles\bz5lle5a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Worm Jerry\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\TVUAx\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(228)
c:\windows\system32\igfxdev.dll
.
Completion time: 2010-09-21 04:52:07
ComboFix-quarantined-files.txt 2010-09-21 11:52
ComboFix2.txt 2010-09-11 20:49
Pre-Run: 103,922,827,264 bytes free
Post-Run: 103,901,687,808 bytes free
- - End Of File - - 227E8A207D896CC459260478D3454617
Broni
Posts: 56,041 +516
It looks very good
We need to fix just one minor issue.
How is computer doing?
1. Please open Notepad
2. Now copy/paste the entire content of the codebox below into the Notepad window:
3. Save the above as CFScript.txt
4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.
5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
We need to fix just one minor issue.
How is computer doing?
1. Please open Notepad
- Click Start , then Run
- Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=-3. Save the above as CFScript.txt
4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.
5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
- Combofix.txt
ComboFix 10-09-19.02 - Worm Jerry 09/21/2010 5:45.5.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.748 [GMT -7:00]
Running from: D:\ComboFix.exe
Command switches used :: D:\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((( Files Created from 2010-08-21 to 2010-09-21 )))))))))))))))))))))))))))))))
.
2010-09-18 06:27 . 2004-08-03 21:07 1032192 ----a-w- c:\windows\explorer.exe
2010-09-14 18:45 . 2008-01-24 20:44 -------- d-----w- C:\eeepcfr
2010-09-14 18:43 . 2010-09-14 18:43 -------- d-----w- c:\program files\7-Zip
2010-09-14 03:54 . 2010-09-14 03:54 -------- d-----w- C:\_OTL
2010-09-11 23:12 . 2010-09-11 23:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Arcade Lab
2010-09-08 04:18 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-08 04:18 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-08 04:17 . 2010-09-08 04:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-08 03:03 . 2010-09-08 03:03 388096 ----a-r- c:\documents and settings\Worm Jerry\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-08 03:03 . 2010-09-08 03:03 -------- d-----w- c:\program files\Trend Micro
2010-09-04 00:33 . 2010-09-04 16:58 -------- d-----w- c:\program files\Spyware Doctor
2010-09-04 00:33 . 2010-09-04 16:58 -------- d-----w- c:\program files\Common Files\PC Tools
2010-09-04 00:32 . 2010-09-12 00:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-03 23:36 . 2010-09-03 23:36 -------- d-----w- c:\program files\ESET
2010-09-03 07:31 . 2010-09-03 07:31 -------- d-----w- c:\documents and settings\Worm Jerry\Application Data\Malwarebytes
2010-09-03 07:31 . 2010-09-03 07:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-02 05:19 . 2010-09-02 05:19 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2010-09-01 11:19 . 2010-09-01 11:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2010-09-01 03:19 . 2010-09-01 03:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Yahoo
2010-09-01 03:18 . 2010-09-01 03:18 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2010-08-28 08:47 . 2010-09-04 17:06 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-08-25 06:47 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-08 05:12 . 2010-07-03 00:02 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-04 20:22 . 2010-05-22 01:04 -------- d-----w- c:\program files\McAfee
2010-09-04 17:18 . 2010-03-06 01:23 -------- d-----w- c:\program files\Yahoo!
2010-09-04 17:18 . 2010-03-06 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-09-04 17:14 . 2009-03-12 06:06 -------- d-----w- c:\program files\Google
2010-09-04 17:10 . 2010-07-03 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-09-04 17:10 . 2010-01-22 20:52 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-09-04 17:09 . 2010-01-22 20:52 -------- d-----w- c:\program files\DivX
2010-09-04 16:47 . 2001-08-17 13:57 11648 ----a-w- c:\windows\system32\drivers\acpiec.sys
2010-09-03 08:47 . 2009-03-12 06:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Acer GameZone Console
2010-08-28 09:52 . 2010-08-03 08:17 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-08-25 22:48 . 2010-03-24 06:06 400 ----a-w- c:\documents and settings\Worm Jerry\Application Data\wklnhst.dat
2010-08-25 06:45 . 2009-12-13 08:42 -------- d-----w- c:\program files\Windows Media Connect 2
2010-08-20 18:58 . 2010-08-20 18:57 -------- d-----w- c:\program files\QuickTime
2010-08-20 18:57 . 2010-08-20 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-08-13 22:32 . 2010-05-06 04:52 76112 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-12 18:34 . 2009-03-12 06:01 -------- d-----w- c:\program files\Microsoft Works
2010-08-12 18:13 . 2009-03-12 05:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-09 04:00 . 2010-08-09 03:17 -------- d-----w- c:\program files\Magestorm
2010-08-09 03:22 . 2010-08-09 03:22 33824 ----a-w- c:\windows\system32\drivers\oreans32.sys
2010-08-08 18:43 . 2009-08-24 21:56 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2010-08-03 17:08 . 2010-08-03 01:34 -------- d-----w- c:\program files\AVS4YOU
2010-08-03 17:08 . 2010-08-03 01:34 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-08-03 08:17 . 2010-01-22 20:57 -------- d-----w- c:\documents and settings\Worm Jerry\Application Data\DivX
2010-08-03 01:49 . 2010-08-03 01:49 -------- d-----w- c:\program files\InterLok
2010-08-03 01:36 . 2010-08-03 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-08-03 01:36 . 2010-08-03 01:36 -------- d-----w- c:\documents and settings\Worm Jerry\Application Data\AVS4YOU
2010-08-03 01:36 . 2009-08-24 21:09 76112 ----a-w- c:\documents and settings\Worm Jerry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-31 21:37 . 2010-07-31 21:38 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-07-31 21:37 . 2010-07-31 21:37 -------- d-----w- c:\program files\Java
2010-07-31 21:37 . 2010-07-31 21:37 152576 ----a-w- c:\documents and settings\Worm Jerry\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-07-31 21:36 . 2010-07-31 21:35 79488 ----a-w- c:\documents and settings\Worm Jerry\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-07-22 03:58 . 2010-07-13 23:23 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-15 22:18 . 2010-05-22 01:04 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-06-30 12:31 . 2009-03-11 12:53 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:15 . 2009-03-11 12:53 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2009-03-11 12:52 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-24 12:10 . 2009-03-11 12:53 667136 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2009-03-11 12:53 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-07-06 22:38 . 2010-07-06 22:38 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
------- Sigcheck -------
[-] 2004-08-03 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2004-08-03 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-09-11_06.37.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-11 12:53 . 2010-09-21 11:11 68734 c:\windows\system32\perfc009.dat
- 2009-03-11 12:53 . 2010-09-11 05:53 68734 c:\windows\system32\perfc009.dat
+ 2010-09-18 11:28 . 2010-09-21 11:12 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-08-24 21:03 . 2010-09-21 11:12 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-08-24 21:03 . 2010-09-11 06:13 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-11 12:53 . 2010-09-21 11:11 434598 c:\windows\system32\perfh009.dat
- 2009-03-11 12:53 . 2010-09-11 05:53 434598 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-02-17 5244216]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-24 17529856]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-05 1430824]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-30 875016]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-06 30192]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-07 236016]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-3-11 565248]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-8-27 114688]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26666:TCP"= 26666:TCP:spport
"24027:TCP"= 24027:TCP:spport
"15825:TCP"= 15825:TCP:spport
"24262:TCP"= 24262:TCP:spport
"24152:TCP"= 24152:TCP:spport
"11508:TCP"= 11508:TCP:spport
S1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [8/8/2010 8:22 PM 33824]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/23/2010 1:39 AM 135664]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [5/21/2010 6:07 PM 203280]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [3/11/2009 11:32 PM 237568]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/11/2009 10:56 PM 1684736]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [3/11/2009 11:06 PM 30192]
S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/3/2009 8:03 PM 38912]
S3 M3000Srv;WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [6/22/2009 4:28 PM 145408]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [3/11/2009 10:54 PM 162816]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - PXHELP20
.
Contents of the 'Scheduled Tasks' folder
2010-08-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
2010-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-23 08:38]
2010-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-23 08:38]
2010-06-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-05-22 19:22]
2010-09-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-05-22 19:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.entru.com/?s=21982
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\Worm Jerry\Application Data\Mozilla\Firefox\Profiles\bz5lle5a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Worm Jerry\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\TVUAx\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-21 05:49
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(228)
c:\windows\system32\igfxdev.dll
.
Completion time: 2010-09-21 05:51:54
ComboFix-quarantined-files.txt 2010-09-21 12:51
ComboFix2.txt 2010-09-21 11:52
ComboFix3.txt 2010-09-11 20:49
Pre-Run: 103,919,403,008 bytes free
Post-Run: 103,897,722,880 bytes free
- - End Of File - - A69A794CCF3ADD889C014F15033EA01C
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.748 [GMT -7:00]
Running from: D:\ComboFix.exe
Command switches used :: D:\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((( Files Created from 2010-08-21 to 2010-09-21 )))))))))))))))))))))))))))))))
.
2010-09-18 06:27 . 2004-08-03 21:07 1032192 ----a-w- c:\windows\explorer.exe
2010-09-14 18:45 . 2008-01-24 20:44 -------- d-----w- C:\eeepcfr
2010-09-14 18:43 . 2010-09-14 18:43 -------- d-----w- c:\program files\7-Zip
2010-09-14 03:54 . 2010-09-14 03:54 -------- d-----w- C:\_OTL
2010-09-11 23:12 . 2010-09-11 23:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Arcade Lab
2010-09-08 04:18 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-08 04:18 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-08 04:17 . 2010-09-08 04:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-08 03:03 . 2010-09-08 03:03 388096 ----a-r- c:\documents and settings\Worm Jerry\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-08 03:03 . 2010-09-08 03:03 -------- d-----w- c:\program files\Trend Micro
2010-09-04 00:33 . 2010-09-04 16:58 -------- d-----w- c:\program files\Spyware Doctor
2010-09-04 00:33 . 2010-09-04 16:58 -------- d-----w- c:\program files\Common Files\PC Tools
2010-09-04 00:32 . 2010-09-12 00:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-03 23:36 . 2010-09-03 23:36 -------- d-----w- c:\program files\ESET
2010-09-03 07:31 . 2010-09-03 07:31 -------- d-----w- c:\documents and settings\Worm Jerry\Application Data\Malwarebytes
2010-09-03 07:31 . 2010-09-03 07:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-02 05:19 . 2010-09-02 05:19 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2010-09-01 11:19 . 2010-09-01 11:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2010-09-01 03:19 . 2010-09-01 03:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Yahoo
2010-09-01 03:18 . 2010-09-01 03:18 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2010-08-28 08:47 . 2010-09-04 17:06 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-08-25 06:47 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-08 05:12 . 2010-07-03 00:02 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-04 20:22 . 2010-05-22 01:04 -------- d-----w- c:\program files\McAfee
2010-09-04 17:18 . 2010-03-06 01:23 -------- d-----w- c:\program files\Yahoo!
2010-09-04 17:18 . 2010-03-06 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-09-04 17:14 . 2009-03-12 06:06 -------- d-----w- c:\program files\Google
2010-09-04 17:10 . 2010-07-03 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-09-04 17:10 . 2010-01-22 20:52 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-09-04 17:09 . 2010-01-22 20:52 -------- d-----w- c:\program files\DivX
2010-09-04 16:47 . 2001-08-17 13:57 11648 ----a-w- c:\windows\system32\drivers\acpiec.sys
2010-09-03 08:47 . 2009-03-12 06:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Acer GameZone Console
2010-08-28 09:52 . 2010-08-03 08:17 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-08-25 22:48 . 2010-03-24 06:06 400 ----a-w- c:\documents and settings\Worm Jerry\Application Data\wklnhst.dat
2010-08-25 06:45 . 2009-12-13 08:42 -------- d-----w- c:\program files\Windows Media Connect 2
2010-08-20 18:58 . 2010-08-20 18:57 -------- d-----w- c:\program files\QuickTime
2010-08-20 18:57 . 2010-08-20 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-08-13 22:32 . 2010-05-06 04:52 76112 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-12 18:34 . 2009-03-12 06:01 -------- d-----w- c:\program files\Microsoft Works
2010-08-12 18:13 . 2009-03-12 05:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-09 04:00 . 2010-08-09 03:17 -------- d-----w- c:\program files\Magestorm
2010-08-09 03:22 . 2010-08-09 03:22 33824 ----a-w- c:\windows\system32\drivers\oreans32.sys
2010-08-08 18:43 . 2009-08-24 21:56 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2010-08-03 17:08 . 2010-08-03 01:34 -------- d-----w- c:\program files\AVS4YOU
2010-08-03 17:08 . 2010-08-03 01:34 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-08-03 08:17 . 2010-01-22 20:57 -------- d-----w- c:\documents and settings\Worm Jerry\Application Data\DivX
2010-08-03 01:49 . 2010-08-03 01:49 -------- d-----w- c:\program files\InterLok
2010-08-03 01:36 . 2010-08-03 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-08-03 01:36 . 2010-08-03 01:36 -------- d-----w- c:\documents and settings\Worm Jerry\Application Data\AVS4YOU
2010-08-03 01:36 . 2009-08-24 21:09 76112 ----a-w- c:\documents and settings\Worm Jerry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-31 21:37 . 2010-07-31 21:38 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-07-31 21:37 . 2010-07-31 21:37 -------- d-----w- c:\program files\Java
2010-07-31 21:37 . 2010-07-31 21:37 152576 ----a-w- c:\documents and settings\Worm Jerry\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-07-31 21:36 . 2010-07-31 21:35 79488 ----a-w- c:\documents and settings\Worm Jerry\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-07-22 03:58 . 2010-07-13 23:23 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-15 22:18 . 2010-05-22 01:04 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-06-30 12:31 . 2009-03-11 12:53 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:15 . 2009-03-11 12:53 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2009-03-11 12:52 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-24 12:10 . 2009-03-11 12:53 667136 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2009-03-11 12:53 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-07-06 22:38 . 2010-07-06 22:38 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
------- Sigcheck -------
[-] 2004-08-03 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2004-08-03 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-09-11_06.37.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-11 12:53 . 2010-09-21 11:11 68734 c:\windows\system32\perfc009.dat
- 2009-03-11 12:53 . 2010-09-11 05:53 68734 c:\windows\system32\perfc009.dat
+ 2010-09-18 11:28 . 2010-09-21 11:12 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-08-24 21:03 . 2010-09-21 11:12 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-08-24 21:03 . 2010-09-11 06:13 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-11 12:53 . 2010-09-21 11:11 434598 c:\windows\system32\perfh009.dat
- 2009-03-11 12:53 . 2010-09-11 05:53 434598 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-02-17 5244216]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-24 17529856]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-05 1430824]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-30 875016]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-06 30192]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-07 236016]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-3-11 565248]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-8-27 114688]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26666:TCP"= 26666:TCP:spport
"24027:TCP"= 24027:TCP:spport
"15825:TCP"= 15825:TCP:spport
"24262:TCP"= 24262:TCP:spport
"24152:TCP"= 24152:TCP:spport
"11508:TCP"= 11508:TCP:spport
S1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [8/8/2010 8:22 PM 33824]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/23/2010 1:39 AM 135664]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [5/21/2010 6:07 PM 203280]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [3/11/2009 11:32 PM 237568]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/11/2009 10:56 PM 1684736]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [3/11/2009 11:06 PM 30192]
S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/3/2009 8:03 PM 38912]
S3 M3000Srv;WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [6/22/2009 4:28 PM 145408]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [3/11/2009 10:54 PM 162816]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - PXHELP20
.
Contents of the 'Scheduled Tasks' folder
2010-08-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
2010-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-23 08:38]
2010-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-23 08:38]
2010-06-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-05-22 19:22]
2010-09-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-05-22 19:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.entru.com/?s=21982
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\Worm Jerry\Application Data\Mozilla\Firefox\Profiles\bz5lle5a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Worm Jerry\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\TVUAx\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-21 05:49
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(228)
c:\windows\system32\igfxdev.dll
.
Completion time: 2010-09-21 05:51:54
ComboFix-quarantined-files.txt 2010-09-21 12:51
ComboFix2.txt 2010-09-21 11:52
ComboFix3.txt 2010-09-11 20:49
Pre-Run: 103,919,403,008 bytes free
Post-Run: 103,897,722,880 bytes free
- - End Of File - - A69A794CCF3ADD889C014F15033EA01C
Broni
Posts: 56,041 +516
Good news
Let's try to get your connection back...
I need to see couple of reports from normal mode.
1. Click Start>Run (Start>"Start search" in Vista).
2. Type in (or copy and paste):
cmd /c ping google.com>%temp%\$.$¬epad %temp%\$.$
and press Enter.
3. Notepad will open.
4. Copy all text in Notepad ([Ctrl-A], then [Ctrl-C]), and then post it (paste = [Ctrl-V]) in your next reply.
=========================================================================
1. Click Start>Run (Start>"Start search" in Vista).
2. Type in (or copy and paste):
cmd /c ping 74.125.19.99>%temp%\$.$¬epad %temp%\$.$
and press Enter.
3. Notepad will open.
4. Copy all text in Notepad ([Ctrl-A], then [Ctrl-C]), and then post it (paste = [Ctrl-V]) in your next reply.
=======================================================================
Go Start>Run ("Start search" in Vista), type in:
cmd
Click OK (hit Enter in Vista).
At Command Prompt, paste this:
ipconfig /all>c:\ipconfig_all.txt¬epad c:\ipconfig_all.txt&exit
Hit Enter.
Copy and paste what you see in Notepad into a Reply here.
Let's try to get your connection back...
I need to see couple of reports from normal mode.
1. Click Start>Run (Start>"Start search" in Vista).
2. Type in (or copy and paste):
cmd /c ping google.com>%temp%\$.$¬epad %temp%\$.$
and press Enter.
3. Notepad will open.
4. Copy all text in Notepad ([Ctrl-A], then [Ctrl-C]), and then post it (paste = [Ctrl-V]) in your next reply.
=========================================================================
1. Click Start>Run (Start>"Start search" in Vista).
2. Type in (or copy and paste):
cmd /c ping 74.125.19.99>%temp%\$.$¬epad %temp%\$.$
and press Enter.
3. Notepad will open.
4. Copy all text in Notepad ([Ctrl-A], then [Ctrl-C]), and then post it (paste = [Ctrl-V]) in your next reply.
=======================================================================
Go Start>Run ("Start search" in Vista), type in:
cmd
Click OK (hit Enter in Vista).
At Command Prompt, paste this:
ipconfig /all>c:\ipconfig_all.txt¬epad c:\ipconfig_all.txt&exit
Hit Enter.
Copy and paste what you see in Notepad into a Reply here.
Ping request could not find host google.com. Please check the name and try again.
second one could not find
Windows IP Configuration
Host Name . . . . . . . . . . . . : WormJerry
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Atheros AR8132 PCI-E Fast Ethernet Controller
Physical Address. . . . . . . . . : 00-23-5A-E5-A0-81
Ethernet adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR5007EG Wireless Network Adapter
Physical Address. . . . . . . . . : 00-25-56-19-16-57
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Autoconfiguration IP Address. . . : 169.254.150.204
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
second one could not find
Windows IP Configuration
Host Name . . . . . . . . . . . . : WormJerry
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Atheros AR8132 PCI-E Fast Ethernet Controller
Physical Address. . . . . . . . . : 00-23-5A-E5-A0-81
Ethernet adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR5007EG Wireless Network Adapter
Physical Address. . . . . . . . . : 00-25-56-19-16-57
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Autoconfiguration IP Address. . . : 169.254.150.204
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
Broni
Posts: 56,041 +516
Let's try these basic steps.....
Make sure, your computer is set to obtain IP address automatically.
1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
4. For a wired network connection, right-click Local Area Connection, and then select Properties.
For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol (TCP/IP), make sure it is checked, and then click Properties
6. Click Obtain an IP Address Automatically, and then click OK.
If that doesn't work...
Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.
Reconnect everything.
Restart computer.
If that doesn't work, bypass router, and connect computer straight to the modem.
If that doesn't work...
Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).
In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"
Restart computer.
If that doesn't work...
Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).
At Command Prompt, type in:
netsh int ip reset reset.log
Hit Enter.
Type in:
netsh winsock reset catalog
Hit Enter.
Restart computer.
If that doesn't work...
Download, install, and run WinSockFix: http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml (doesn't work in Vista)
Restart computer, and check again.
If that doesn't work...
Download Dial-A-Fix (DAF) (doesn't work in Vista):
http://wiki.lunarsoft.net/wiki/Dial-a-fix#Mirrors.2Fdownload_locations.2C_and_articles
Have XP CD available in case DAF needs a file. Likely not!
Check all boxes on the screen (clear any restrictions if it shows any)
Then click GO!
When the entire page is finished click the HammerHead at bottom to go to the second DAF page.
Here, one at a time, do the below:
Reinstall BITS
Reinstall Windows Firewall
Repair Permissions
Reset networking
Watch for any File not found or other errors and make note as this may lead to the fix!
Restart computer.
Make sure, your computer is set to obtain IP address automatically.
1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
4. For a wired network connection, right-click Local Area Connection, and then select Properties.
For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol (TCP/IP), make sure it is checked, and then click Properties
6. Click Obtain an IP Address Automatically, and then click OK.
If that doesn't work...
Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.
Reconnect everything.
Restart computer.
If that doesn't work, bypass router, and connect computer straight to the modem.
If that doesn't work...
Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).
In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"
Restart computer.
If that doesn't work...
Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).
At Command Prompt, type in:
netsh int ip reset reset.log
Hit Enter.
Type in:
netsh winsock reset catalog
Hit Enter.
Restart computer.
If that doesn't work...
Download, install, and run WinSockFix: http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml (doesn't work in Vista)
Restart computer, and check again.
If that doesn't work...
Download Dial-A-Fix (DAF) (doesn't work in Vista):
http://wiki.lunarsoft.net/wiki/Dial-a-fix#Mirrors.2Fdownload_locations.2C_and_articles
Have XP CD available in case DAF needs a file. Likely not!
Check all boxes on the screen (clear any restrictions if it shows any)
Then click GO!
When the entire page is finished click the HammerHead at bottom to go to the second DAF page.
Here, one at a time, do the below:
Reinstall BITS
Reinstall Windows Firewall
Repair Permissions
Reset networking
Watch for any File not found or other errors and make note as this may lead to the fix!
Restart computer.
Broni
Posts: 56,041 +516
Very good
We still need run couple more scans....
Download OTL to your Desktop.
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop
We still need run couple more scans....
Download OTL to your Desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Under the Custom Scan box paste this in:
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
- Status
Similar threads
Latest posts
-
SuperAntiSpyware problem- learninmypc replied
