my first post, hi, iv read some of the other post on the site about my problem and figgured id ask for help. iv got the google redirect prob and even when i clicked forums link i was redirected to random sites also when i go to turn my hidden folders to show i dont have the folder options in the tool menu i use firefox and i have mcafee securitycenter. im doin an updated MWAM quick scan that ill post as a reply any others i need to d/l and scan?? thanks for any help in advance
Solved Google redirect and no folder options
- Thread starter Wormjerry
- Start date
- Status
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4567
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
9/7/2010 10:09:52 PM
mbam-log-2010-09-07 (22-09-52).txt
Scan type: Quick scan
Objects scanned: 153371
Time elapsed: 29 minute(s), 25 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{438244d7-80c5-400e-a0f4-04291218bca3} (Password.Stealer) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkeuf (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mketa (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkbuqc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkerb (Trojan.Downloader) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\vyfjwk53.dll (Password.Stealer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\axcrng.sys (Rootkit.Agent) -> Delete on reboot.
www.malwarebytes.org
Database version: 4567
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
9/7/2010 10:09:52 PM
mbam-log-2010-09-07 (22-09-52).txt
Scan type: Quick scan
Objects scanned: 153371
Time elapsed: 29 minute(s), 25 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{438244d7-80c5-400e-a0f4-04291218bca3} (Password.Stealer) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkeuf (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mketa (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkbuqc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkerb (Trojan.Downloader) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\vyfjwk53.dll (Password.Stealer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\axcrng.sys (Rootkit.Agent) -> Delete on reboot.
Broni
Posts: 56,041 +516
Welcome aboard
Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
DDS (Ver_10-03-17.01) - NTFSx86
Run by Worm Jerry at 13:01:29.53 on Wed 09/08/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.463 [GMT -7:00]
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\WebCam\M3000\M3000Mnt.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Worm Jerry\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://search.entru.com/?s=21982
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0809&m=aspire_one
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [HNURPOXRnsc] c:\docume~1\wormje~1\locals~1\temp\drweb.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [mrwcxnseao.tmp] "c:\docume~1\wormje~1\locals~1\temp\mrwcxnseao.tmp"
mRun: [aoemxrnwcs.tmp] "c:\docume~1\wormje~1\locals~1\temp\aoemxrnwcs.tmp"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
uPolicies-explorer: Nofolderoptions = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
LSP: c:\windows\system32\lsp113.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\wormje~1\applic~1\mozilla\firefox\profiles\bz5lle5a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.raiders.com/home/
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\worm jerry\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-5-21 214664]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2010-8-8 33824]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-7-2 54760]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-5-21 203280]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-5-21 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-5-21 144704]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-3-11 237568]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-3-3 38912]
R3 M3000Srv;WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [2009-6-22 145408]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-5-21 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-5-21 35272]
S0 axcrng;axcrng; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-23 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-3-11 1684736]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-3-11 30192]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-5-21 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-5-21 40552]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-3-11 162816]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-5-21 606736]
=============== Created Last 30 ================
2010-09-08 04:18:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-08 04:18:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-08 04:17:59 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-08 03:03:33 0 d-----w- c:\program files\Trend Micro
2010-09-04 17:17:27 230 ----a-w- c:\windows\system32\spupdsvc.inf
2010-09-04 00:33:07 0 d-----w- c:\program files\Spyware Doctor
2010-09-04 00:33:07 0 d-----w- c:\program files\common files\PC Tools
2010-09-03 23:36:43 0 d-----w- c:\program files\ESET
2010-09-03 07:31:57 0 d-----w- c:\docume~1\wormje~1\applic~1\Malwarebytes
2010-09-03 07:31:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-09-01 23:48:48 43454 ----a-w- c:\windows\system32\xkqon
2010-09-01 17:24:15 4 ---ha-w- c:\windows\system32\iexplore.sy_
2010-09-01 17:24:14 53098 ----a-w- c:\windows\system32\lsp113.dll
2010-09-01 08:22:22 79360 --sha-r- c:\windows\system32\atmadmp.dll
2010-09-01 08:21:39 200704 ----a-w- c:\windows\Bsizaa.exe
2010-08-25 06:47:32 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-08-10 12:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 12:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts
==================== Find3M ====================
2010-09-04 16:47:29 11648 ----a-w- c:\windows\system32\drivers\acpiec.sys
2010-08-25 22:48:46 400 ----a-w- c:\docume~1\wormje~1\applic~1\wklnhst.dat
2010-08-09 03:22:40 33824 ----a-w- c:\windows\system32\drivers\oreans32.sys
2010-07-31 21:37:36 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-07-15 22:18:22 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:15:26 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15:26 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-24 12:10:44 667136 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-03-12 05:16:13 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2009-08-24 21:03:39 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009082420090825\index.dat
============= FINISH: 13:01:54.70 ===============
Run by Worm Jerry at 13:01:29.53 on Wed 09/08/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.463 [GMT -7:00]
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\WebCam\M3000\M3000Mnt.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Worm Jerry\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://search.entru.com/?s=21982
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0809&m=aspire_one
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [HNURPOXRnsc] c:\docume~1\wormje~1\locals~1\temp\drweb.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [mrwcxnseao.tmp] "c:\docume~1\wormje~1\locals~1\temp\mrwcxnseao.tmp"
mRun: [aoemxrnwcs.tmp] "c:\docume~1\wormje~1\locals~1\temp\aoemxrnwcs.tmp"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
uPolicies-explorer: Nofolderoptions = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
LSP: c:\windows\system32\lsp113.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\wormje~1\applic~1\mozilla\firefox\profiles\bz5lle5a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.raiders.com/home/
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\worm jerry\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-5-21 214664]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2010-8-8 33824]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-7-2 54760]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-5-21 203280]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-5-21 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-5-21 144704]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-3-11 237568]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-3-3 38912]
R3 M3000Srv;WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [2009-6-22 145408]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-5-21 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-5-21 35272]
S0 axcrng;axcrng; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-23 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-3-11 1684736]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-3-11 30192]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-5-21 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-5-21 40552]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-3-11 162816]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-5-21 606736]
=============== Created Last 30 ================
2010-09-08 04:18:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-08 04:18:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-08 04:17:59 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-08 03:03:33 0 d-----w- c:\program files\Trend Micro
2010-09-04 17:17:27 230 ----a-w- c:\windows\system32\spupdsvc.inf
2010-09-04 00:33:07 0 d-----w- c:\program files\Spyware Doctor
2010-09-04 00:33:07 0 d-----w- c:\program files\common files\PC Tools
2010-09-03 23:36:43 0 d-----w- c:\program files\ESET
2010-09-03 07:31:57 0 d-----w- c:\docume~1\wormje~1\applic~1\Malwarebytes
2010-09-03 07:31:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-09-01 23:48:48 43454 ----a-w- c:\windows\system32\xkqon
2010-09-01 17:24:15 4 ---ha-w- c:\windows\system32\iexplore.sy_
2010-09-01 17:24:14 53098 ----a-w- c:\windows\system32\lsp113.dll
2010-09-01 08:22:22 79360 --sha-r- c:\windows\system32\atmadmp.dll
2010-09-01 08:21:39 200704 ----a-w- c:\windows\Bsizaa.exe
2010-08-25 06:47:32 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-08-10 12:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 12:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts
==================== Find3M ====================
2010-09-04 16:47:29 11648 ----a-w- c:\windows\system32\drivers\acpiec.sys
2010-08-25 22:48:46 400 ----a-w- c:\docume~1\wormje~1\applic~1\wklnhst.dat
2010-08-09 03:22:40 33824 ----a-w- c:\windows\system32\drivers\oreans32.sys
2010-07-31 21:37:36 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-07-15 22:18:22 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:15:26 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15:26 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-24 12:10:44 667136 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-03-12 05:16:13 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2009-08-24 21:03:39 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009082420090825\index.dat
============= FINISH: 13:01:54.70 ===============
Broni
Posts: 56,041 +516
Download MBRCheck to your desktop
Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.
=======================================================================
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
Make sure, you re-enable your security programs, when you're done with Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.
=======================================================================
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE 2. If Combofix asks you to update the program, always do so.- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
Make sure, you re-enable your security programs, when you're done with Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x00000004
Kernel Drivers (total 129):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7CFD000 \WINDOWS\system32\KDCOM.DLL
0xF7C0D000 \WINDOWS\system32\BOOTVID.dll
0xF77AE000 ACPI.sys
0xF7CFF000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF779D000 pci.sys
0xF77FD000 isapnp.sys
0xF7C11000 compbatt.sys
0xF7C15000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7DC5000 pciide.sys
0xF7A7D000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF780D000 MountMgr.sys
0xF777E000 ftdisk.sys
0xF7A85000 PartMgr.sys
0xF7C19000 ACPIEC.sys
0xF7DC6000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF781D000 VolSnap.sys
0xF7766000 atapi.sys
0xF7698000 iaStor.sys
0xF782D000 disk.sys
0xF783D000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7678000 fltMgr.sys
0xF784D000 PxHelp20.sys
0xF765A000 TPkd.sys
0xF7643000 KSecDD.sys
0xF75B6000 Ntfs.sys
0xF7589000 NDIS.sys
0xF756F000 Mup.sys
0xF6A02000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF55E9000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF55D5000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF55AD000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF5464000 \SystemRoot\system32\DRIVERS\athw.sys
0xF791D000 \SystemRoot\system32\DRIVERS\l1c51x86.sys
0xF7B2D000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF5440000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7B35000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF752B000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF792D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7B3D000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0xF7B45000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF540F000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7D31000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF793D000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xF5393000 \SystemRoot\System32\Drivers\wdf01000.sys
0xF7B0D000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF5B83000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF2649000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7D89000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF7B15000 \SystemRoot\System32\Drivers\Modem.SYS
0xF354A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF5B7F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF0AF2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF353A000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF352A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7B1D000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF0A19000 \SystemRoot\system32\DRIVERS\psched.sys
0xF351A000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7B25000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF2A46000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF2A3E000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xF350A000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7D8B000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF09F6000 \SystemRoot\system32\DRIVERS\ks.sys
0xF0998000 \SystemRoot\system32\DRIVERS\update.sys
0xF7CE9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF240D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA7484000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xA5D17000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xA5CF3000 \SystemRoot\system32\drivers\portcls.sys
0xA7474000 \SystemRoot\system32\drivers\drmk.sys
0xA699B000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xA7709000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xA6D1F000 \SystemRoot\System32\Drivers\Null.SYS
0xA7707000 \SystemRoot\System32\Drivers\Beep.SYS
0xA6B21000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA6B19000 \SystemRoot\System32\drivers\vga.sys
0xA7705000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xA7703000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA6B11000 \SystemRoot\System32\Drivers\Msfs.SYS
0xA6B09000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA6993000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA5C58000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA5BFF000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA5BD9000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA5BB2000 \SystemRoot\System32\Drivers\Mpfp.sys
0xA7414000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xA5B8A000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA6767000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xA5B68000 \SystemRoot\System32\drivers\afd.sys
0xA6C98000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA5B3D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA6C78000 \??\C:\WINDOWS\system32\drivers\oreans32.sys
0xA5ACD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA5A9A000 \SystemRoot\system32\drivers\mfehidk.sys
0xA674F000 \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys
0xA6C58000 \SystemRoot\System32\Drivers\Fips.SYS
0xA5A76000 \SystemRoot\System32\Drivers\M3000KNT.sys
0xA6C28000 \SystemRoot\System32\Drivers\STREAM.SYS
0xA684C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xA5CDF000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xA6C18000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xA5CD7000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA5CD3000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA59A8000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7CBD000 \SystemRoot\System32\drivers\Dxapi.sys
0xA683C000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7E99000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xF34FA000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF6A52000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0xF7CED000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA58DB000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA5872000 \SystemRoot\System32\Drivers\HTTP.sys
0xA574B000 \SystemRoot\system32\DRIVERS\srv.sys
0xA52FE000 \SystemRoot\system32\drivers\wdmaud.sys
0xA6C88000 \SystemRoot\system32\drivers\sysaudio.sys
0xF2A26000 \SystemRoot\system32\drivers\mfebopk.sys
0xA43BE000 \SystemRoot\system32\drivers\mfeavfk.sys
0xA5030000 \SystemRoot\system32\drivers\mfesmfk.sys
0xA3301000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 60):
0 System Idle Process
4 System
456 C:\WINDOWS\system32\smss.exe
512 csrss.exe
744 C:\WINDOWS\system32\winlogon.exe
796 C:\WINDOWS\system32\services.exe
808 C:\WINDOWS\system32\lsass.exe
960 C:\WINDOWS\system32\svchost.exe
1044 svchost.exe
1104 C:\WINDOWS\system32\svchost.exe
1212 svchost.exe
1244 svchost.exe
1488 C:\WINDOWS\system32\spoolsv.exe
1508 C:\WINDOWS\system32\rundll32.exe
1596 svchost.exe
1740 C:\WINDOWS\system32\svchost.exe
1784 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
1844 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
1860 C:\Program Files\Java\jre6\bin\jqs.exe
1944 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
2012 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
148 C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
244 C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
268 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
412 C:\Program Files\McAfee\MPF\MpfSrv.exe
556 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
980 C:\WINDOWS\system32\IoctlSvc.exe
2428 C:\WINDOWS\explorer.exe
2676 C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
2800 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2816 C:\WINDOWS\system32\hkcmd.exe
2824 C:\WINDOWS\system32\igfxpers.exe
2840 C:\WINDOWS\RTHDCPL.EXE
2872 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2884 C:\PROGRA~1\LAUNCH~1\LManager.exe
3036 C:\WINDOWS\system32\igfxsrvc.exe
3204 C:\WINDOWS\system32\ctfmon.exe
3224 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
3280 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
3316 C:\WINDOWS\WebCam\M3000\M3000Mnt.exe
3340 C:\Program Files\Windows Media Player\wmpnscfg.exe
3456 C:\WINDOWS\system32\igfxext.exe
3468 C:\Program Files\Acer\Acer VCM\AcerVCM.exe
3548 C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
3836 C:\Program Files\Acer\Acer VCM\RS_Service.exe
4012 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1160 C:\WINDOWS\system32\svchost.exe
2084 wmpnetwk.exe
2308 C:\Program Files\Windows Live\Contacts\wlcomm.exe
1540 C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
3352 alg.exe
4796 C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
4996 C:\PROGRA~1\Yahoo!\Messenger\Ymsgr_tray.exe
2628 C:\WINDOWS\system32\wuauclt.exe
2788 mcupdmgr.exe
5464 C:\Program Files\Acer\Acer VCM\VC.exe
3384 C:\Program Files\Mozilla Firefox\firefox.exe
1372 C:\PROGRA~1\McAfee\MSC\mcupdui.exe
6016 C:\Program Files\McAfee\VirusScan\mcinsupd.exe
6068 C:\Documents and Settings\Worm Jerry\My Documents\Downloads\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`c0200000 (NTFS)
PhysicalDrive0 Model Number: HitachiHTS543216L9SA00, Rev: FB2OC40C
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
Done!
(c) 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x00000004
Kernel Drivers (total 129):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7CFD000 \WINDOWS\system32\KDCOM.DLL
0xF7C0D000 \WINDOWS\system32\BOOTVID.dll
0xF77AE000 ACPI.sys
0xF7CFF000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF779D000 pci.sys
0xF77FD000 isapnp.sys
0xF7C11000 compbatt.sys
0xF7C15000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7DC5000 pciide.sys
0xF7A7D000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF780D000 MountMgr.sys
0xF777E000 ftdisk.sys
0xF7A85000 PartMgr.sys
0xF7C19000 ACPIEC.sys
0xF7DC6000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF781D000 VolSnap.sys
0xF7766000 atapi.sys
0xF7698000 iaStor.sys
0xF782D000 disk.sys
0xF783D000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7678000 fltMgr.sys
0xF784D000 PxHelp20.sys
0xF765A000 TPkd.sys
0xF7643000 KSecDD.sys
0xF75B6000 Ntfs.sys
0xF7589000 NDIS.sys
0xF756F000 Mup.sys
0xF6A02000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF55E9000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF55D5000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF55AD000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF5464000 \SystemRoot\system32\DRIVERS\athw.sys
0xF791D000 \SystemRoot\system32\DRIVERS\l1c51x86.sys
0xF7B2D000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF5440000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7B35000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF752B000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF792D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7B3D000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0xF7B45000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF540F000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7D31000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF793D000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xF5393000 \SystemRoot\System32\Drivers\wdf01000.sys
0xF7B0D000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF5B83000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF2649000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7D89000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF7B15000 \SystemRoot\System32\Drivers\Modem.SYS
0xF354A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF5B7F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF0AF2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF353A000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF352A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7B1D000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF0A19000 \SystemRoot\system32\DRIVERS\psched.sys
0xF351A000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7B25000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF2A46000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF2A3E000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xF350A000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7D8B000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF09F6000 \SystemRoot\system32\DRIVERS\ks.sys
0xF0998000 \SystemRoot\system32\DRIVERS\update.sys
0xF7CE9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF240D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA7484000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xA5D17000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xA5CF3000 \SystemRoot\system32\drivers\portcls.sys
0xA7474000 \SystemRoot\system32\drivers\drmk.sys
0xA699B000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xA7709000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xA6D1F000 \SystemRoot\System32\Drivers\Null.SYS
0xA7707000 \SystemRoot\System32\Drivers\Beep.SYS
0xA6B21000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA6B19000 \SystemRoot\System32\drivers\vga.sys
0xA7705000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xA7703000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA6B11000 \SystemRoot\System32\Drivers\Msfs.SYS
0xA6B09000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA6993000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA5C58000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA5BFF000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA5BD9000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA5BB2000 \SystemRoot\System32\Drivers\Mpfp.sys
0xA7414000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xA5B8A000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA6767000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xA5B68000 \SystemRoot\System32\drivers\afd.sys
0xA6C98000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA5B3D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA6C78000 \??\C:\WINDOWS\system32\drivers\oreans32.sys
0xA5ACD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA5A9A000 \SystemRoot\system32\drivers\mfehidk.sys
0xA674F000 \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys
0xA6C58000 \SystemRoot\System32\Drivers\Fips.SYS
0xA5A76000 \SystemRoot\System32\Drivers\M3000KNT.sys
0xA6C28000 \SystemRoot\System32\Drivers\STREAM.SYS
0xA684C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xA5CDF000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xA6C18000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xA5CD7000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA5CD3000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA59A8000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7CBD000 \SystemRoot\System32\drivers\Dxapi.sys
0xA683C000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7E99000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xF34FA000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF6A52000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0xF7CED000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA58DB000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA5872000 \SystemRoot\System32\Drivers\HTTP.sys
0xA574B000 \SystemRoot\system32\DRIVERS\srv.sys
0xA52FE000 \SystemRoot\system32\drivers\wdmaud.sys
0xA6C88000 \SystemRoot\system32\drivers\sysaudio.sys
0xF2A26000 \SystemRoot\system32\drivers\mfebopk.sys
0xA43BE000 \SystemRoot\system32\drivers\mfeavfk.sys
0xA5030000 \SystemRoot\system32\drivers\mfesmfk.sys
0xA3301000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 60):
0 System Idle Process
4 System
456 C:\WINDOWS\system32\smss.exe
512 csrss.exe
744 C:\WINDOWS\system32\winlogon.exe
796 C:\WINDOWS\system32\services.exe
808 C:\WINDOWS\system32\lsass.exe
960 C:\WINDOWS\system32\svchost.exe
1044 svchost.exe
1104 C:\WINDOWS\system32\svchost.exe
1212 svchost.exe
1244 svchost.exe
1488 C:\WINDOWS\system32\spoolsv.exe
1508 C:\WINDOWS\system32\rundll32.exe
1596 svchost.exe
1740 C:\WINDOWS\system32\svchost.exe
1784 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
1844 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
1860 C:\Program Files\Java\jre6\bin\jqs.exe
1944 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
2012 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
148 C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
244 C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
268 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
412 C:\Program Files\McAfee\MPF\MpfSrv.exe
556 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
980 C:\WINDOWS\system32\IoctlSvc.exe
2428 C:\WINDOWS\explorer.exe
2676 C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
2800 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2816 C:\WINDOWS\system32\hkcmd.exe
2824 C:\WINDOWS\system32\igfxpers.exe
2840 C:\WINDOWS\RTHDCPL.EXE
2872 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2884 C:\PROGRA~1\LAUNCH~1\LManager.exe
3036 C:\WINDOWS\system32\igfxsrvc.exe
3204 C:\WINDOWS\system32\ctfmon.exe
3224 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
3280 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
3316 C:\WINDOWS\WebCam\M3000\M3000Mnt.exe
3340 C:\Program Files\Windows Media Player\wmpnscfg.exe
3456 C:\WINDOWS\system32\igfxext.exe
3468 C:\Program Files\Acer\Acer VCM\AcerVCM.exe
3548 C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
3836 C:\Program Files\Acer\Acer VCM\RS_Service.exe
4012 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1160 C:\WINDOWS\system32\svchost.exe
2084 wmpnetwk.exe
2308 C:\Program Files\Windows Live\Contacts\wlcomm.exe
1540 C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
3352 alg.exe
4796 C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
4996 C:\PROGRA~1\Yahoo!\Messenger\Ymsgr_tray.exe
2628 C:\WINDOWS\system32\wuauclt.exe
2788 mcupdmgr.exe
5464 C:\Program Files\Acer\Acer VCM\VC.exe
3384 C:\Program Files\Mozilla Firefox\firefox.exe
1372 C:\PROGRA~1\McAfee\MSC\mcupdui.exe
6016 C:\Program Files\McAfee\VirusScan\mcinsupd.exe
6068 C:\Documents and Settings\Worm Jerry\My Documents\Downloads\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`c0200000 (NTFS)
PhysicalDrive0 Model Number: HitachiHTS543216L9SA00, Rev: FB2OC40C
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
Done!
ComboFix 10-09-09.04 - Worm Jerry 09/10/2010 23:26:09.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.557 [GMT -7:00]
Running from: c:\documents and settings\Worm Jerry\My Documents\Downloads\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Worm Jerry\Local Settings\Application Data\Windows Server
c:\documents and settings\Worm Jerry\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\Worm Jerry\Local Settings\Application Data\Windows Server\server.dat
c:\documents and settings\Worm Jerry\Local Settings\Application Data\Windows Server\uses32.dat
c:\windows\Bsizaa.exe
c:\windows\system32\lsp113.dll
c:\windows\system32\winlogon.exe . . . is infected!!
c:\windows\explorer.exe . . . is infected!!
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_6TO4
-------\Service_6to4
((((((((((((((((((((((((( Files Created from 2010-08-11 to 2010-09-11 )))))))))))))))))))))))))))))))
.
2010-09-08 04:18 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-08 04:18 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-08 04:17 . 2010-09-08 04:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-08 03:03 . 2010-09-08 03:03 388096 ----a-r- c:\documents and settings\Worm Jerry\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-08 03:03 . 2010-09-08 03:03 -------- d-----w- c:\program files\Trend Micro
2010-09-04 00:33 . 2010-09-04 16:58 -------- d-----w- c:\program files\Spyware Doctor
2010-09-04 00:33 . 2010-09-04 16:58 -------- d-----w- c:\program files\Common Files\PC Tools
2010-09-04 00:32 . 2010-09-04 16:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-03 23:36 . 2010-09-03 23:36 -------- d-----w- c:\program files\ESET
2010-09-03 07:31 . 2010-09-03 07:31 -------- d-----w- c:\documents and settings\Worm Jerry\Application Data\Malwarebytes
2010-09-03 07:31 . 2010-09-03 07:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-02 05:19 . 2010-09-02 05:19 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2010-09-01 11:19 . 2010-09-01 11:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2010-09-01 08:22 . 2010-09-01 08:22 79360 --sha-r- c:\windows\system32\atmadmp.dll
2010-09-01 03:19 . 2010-09-01 03:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Yahoo
2010-09-01 03:18 . 2010-09-01 03:18 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2010-09-01 03:18 . 2010-09-01 03:18 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2010-08-31 21:01 . 2010-08-31 21:01 -------- d-----w- c:\documents and settings\Worm Jerry\Local Settings\Application Data\jlvviflwj
2010-08-31 21:01 . 2010-08-31 21:01 -------- d-----w- c:\documents and settings\Worm Jerry\Local Settings\Application Data\gkswilkdc
2010-08-31 21:01 . 2010-09-01 00:41 -------- d-----w- c:\documents and settings\Worm Jerry\Local Settings\Application Data\atnbhntdr
2010-08-31 21:00 . 2010-08-31 21:00 -------- d-----w- c:\documents and settings\Worm Jerry\Local Settings\Application Data\moxgfsnhf
2010-08-28 08:47 . 2010-09-04 17:06 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-08-25 06:47 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-08-20 18:57 . 2010-08-20 18:58 -------- d-----w- c:\program files\QuickTime
2010-08-20 18:57 . 2010-08-20 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-08 05:12 . 2010-07-03 00:02 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-04 20:22 . 2010-05-22 01:04 -------- d-----w- c:\program files\McAfee
2010-09-04 17:18 . 2010-03-06 01:23 -------- d-----w- c:\program files\Yahoo!
2010-09-04 17:18 . 2010-03-06 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-09-04 17:14 . 2009-03-12 06:06 -------- d-----w- c:\program files\Google
2010-09-04 17:10 . 2010-07-03 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-09-04 17:10 . 2010-01-22 20:52 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-09-04 17:09 . 2010-01-22 20:52 -------- d-----w- c:\program files\DivX
2010-09-04 16:47 . 2001-08-17 13:57 11648 ----a-w- c:\windows\system32\drivers\acpiec.sys
2010-09-03 08:47 . 2009-03-12 06:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Acer GameZone Console
2010-08-28 09:52 . 2010-08-03 08:17 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-08-25 22:48 . 2010-03-24 06:06 400 ----a-w- c:\documents and settings\Worm Jerry\Application Data\wklnhst.dat
2010-08-25 06:45 . 2009-12-13 08:42 -------- d-----w- c:\program files\Windows Media Connect 2
2010-08-13 22:32 . 2010-05-06 04:52 76112 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-12 18:34 . 2009-03-12 06:01 -------- d-----w- c:\program files\Microsoft Works
2010-08-12 18:13 . 2009-03-12 05:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-09 04:00 . 2010-08-09 03:17 -------- d-----w- c:\program files\Magestorm
2010-08-09 03:22 . 2010-08-09 03:22 33824 ----a-w- c:\windows\system32\drivers\oreans32.sys
2010-08-08 18:43 . 2009-08-24 21:56 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2010-08-03 17:08 . 2010-08-03 01:34 -------- d-----w- c:\program files\AVS4YOU
2010-08-03 17:08 . 2010-08-03 01:34 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-08-03 08:17 . 2010-01-22 20:57 -------- d-----w- c:\documents and settings\Worm Jerry\Application Data\DivX
2010-08-03 01:49 . 2010-08-03 01:49 -------- d-----w- c:\program files\InterLok
2010-08-03 01:36 . 2010-08-03 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-08-03 01:36 . 2010-08-03 01:36 -------- d-----w- c:\documents and settings\Worm Jerry\Application Data\AVS4YOU
2010-08-03 01:36 . 2009-08-24 21:09 76112 ----a-w- c:\documents and settings\Worm Jerry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-31 21:37 . 2010-07-31 21:38 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-07-31 21:37 . 2010-07-31 21:37 -------- d-----w- c:\program files\Java
2010-07-31 21:37 . 2010-07-31 21:37 152576 ----a-w- c:\documents and settings\Worm Jerry\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-07-31 21:36 . 2010-07-31 21:35 79488 ----a-w- c:\documents and settings\Worm Jerry\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-07-22 03:58 . 2010-07-13 23:23 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-16 19:34 . 2010-07-16 19:30 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-15 22:18 . 2010-05-22 01:04 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-07-14 09:03 . 2010-07-14 09:03 -------- d-----w- c:\documents and settings\NetworkService\Application Data\DivX
2010-06-30 12:31 . 2009-03-11 12:53 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:15 . 2009-03-11 12:53 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2009-03-11 12:52 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-24 12:10 . 2009-03-11 12:53 667136 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2009-03-11 12:53 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2009-03-11 12:53 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2009-03-11 12:53 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-03-12 05:06 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2009-03-11 12:53 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-07-06 22:38 . 2010-07-06 22:38 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
------- Sigcheck -------
[-] 2008-04-14 . 77F4BE7A778F6330779784D64F0DE94D . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . 08F7661C81DA72EF96B31217C211BC40 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-02-17 5244216]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-31 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"M3000Mnt"="M3000Rmv.dll " [X]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-24 17529856]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-05 1430824]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-30 875016]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-06 30192]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-07 236016]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-3-11 565248]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-8-27 114688]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26666:TCP"= 26666:TCP:spport
"24027:TCP"= 24027:TCP:spport
"15825:TCP"= 15825:TCP:spport
"24262:TCP"= 24262:TCP:spport
"24152:TCP"= 24152:TCP:spport
"11508:TCP"= 11508:TCP:spport
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [8/8/2010 8:22 PM 33824]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [5/21/2010 6:07 PM 203280]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [3/11/2009 11:32 PM 237568]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/3/2009 8:03 PM 38912]
R3 M3000Srv;WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [6/22/2009 4:28 PM 145408]
S0 axcrng;axcrng; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/23/2010 1:39 AM 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/11/2009 10:56 PM 1684736]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [3/11/2009 11:06 PM 30192]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [3/11/2009 10:54 PM 162816]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2010-08-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
2010-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-23 08:38]
2010-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-23 08:38]
2010-06-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-05-22 19:22]
2010-09-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-05-22 19:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.entru.com/?s=21982
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\Worm Jerry\Application Data\Mozilla\Firefox\Profiles\bz5lle5a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Worm Jerry\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\TVUAx\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-klmdb.sys
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-10 23:36
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\l3codeca.acm
- - - - - - - > 'explorer.exe'(1720)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\WebCam\M3000\M3000Mnt.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\windows\system32\igfxext.exe
c:\progra~1\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Completion time: 2010-09-10 23:42:30 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-11 06:42
Pre-Run: 103,295,287,296 bytes free
Post-Run: 103,161,827,328 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 710852E4ABC619D9437FCF8938D2C30B
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.557 [GMT -7:00]
Running from: c:\documents and settings\Worm Jerry\My Documents\Downloads\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Worm Jerry\Local Settings\Application Data\Windows Server
c:\documents and settings\Worm Jerry\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\Worm Jerry\Local Settings\Application Data\Windows Server\server.dat
c:\documents and settings\Worm Jerry\Local Settings\Application Data\Windows Server\uses32.dat
c:\windows\Bsizaa.exe
c:\windows\system32\lsp113.dll
c:\windows\system32\winlogon.exe . . . is infected!!
c:\windows\explorer.exe . . . is infected!!
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_6TO4
-------\Service_6to4
((((((((((((((((((((((((( Files Created from 2010-08-11 to 2010-09-11 )))))))))))))))))))))))))))))))
.
2010-09-08 04:18 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-08 04:18 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-08 04:17 . 2010-09-08 04:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-08 03:03 . 2010-09-08 03:03 388096 ----a-r- c:\documents and settings\Worm Jerry\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-08 03:03 . 2010-09-08 03:03 -------- d-----w- c:\program files\Trend Micro
2010-09-04 00:33 . 2010-09-04 16:58 -------- d-----w- c:\program files\Spyware Doctor
2010-09-04 00:33 . 2010-09-04 16:58 -------- d-----w- c:\program files\Common Files\PC Tools
2010-09-04 00:32 . 2010-09-04 16:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-03 23:36 . 2010-09-03 23:36 -------- d-----w- c:\program files\ESET
2010-09-03 07:31 . 2010-09-03 07:31 -------- d-----w- c:\documents and settings\Worm Jerry\Application Data\Malwarebytes
2010-09-03 07:31 . 2010-09-03 07:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-02 05:19 . 2010-09-02 05:19 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2010-09-01 11:19 . 2010-09-01 11:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2010-09-01 08:22 . 2010-09-01 08:22 79360 --sha-r- c:\windows\system32\atmadmp.dll
2010-09-01 03:19 . 2010-09-01 03:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Yahoo
2010-09-01 03:18 . 2010-09-01 03:18 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2010-09-01 03:18 . 2010-09-01 03:18 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2010-08-31 21:01 . 2010-08-31 21:01 -------- d-----w- c:\documents and settings\Worm Jerry\Local Settings\Application Data\jlvviflwj
2010-08-31 21:01 . 2010-08-31 21:01 -------- d-----w- c:\documents and settings\Worm Jerry\Local Settings\Application Data\gkswilkdc
2010-08-31 21:01 . 2010-09-01 00:41 -------- d-----w- c:\documents and settings\Worm Jerry\Local Settings\Application Data\atnbhntdr
2010-08-31 21:00 . 2010-08-31 21:00 -------- d-----w- c:\documents and settings\Worm Jerry\Local Settings\Application Data\moxgfsnhf
2010-08-28 08:47 . 2010-09-04 17:06 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-08-25 06:47 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-08-20 18:57 . 2010-08-20 18:58 -------- d-----w- c:\program files\QuickTime
2010-08-20 18:57 . 2010-08-20 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-08 05:12 . 2010-07-03 00:02 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-04 20:22 . 2010-05-22 01:04 -------- d-----w- c:\program files\McAfee
2010-09-04 17:18 . 2010-03-06 01:23 -------- d-----w- c:\program files\Yahoo!
2010-09-04 17:18 . 2010-03-06 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-09-04 17:14 . 2009-03-12 06:06 -------- d-----w- c:\program files\Google
2010-09-04 17:10 . 2010-07-03 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-09-04 17:10 . 2010-01-22 20:52 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-09-04 17:09 . 2010-01-22 20:52 -------- d-----w- c:\program files\DivX
2010-09-04 16:47 . 2001-08-17 13:57 11648 ----a-w- c:\windows\system32\drivers\acpiec.sys
2010-09-03 08:47 . 2009-03-12 06:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Acer GameZone Console
2010-08-28 09:52 . 2010-08-03 08:17 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-08-25 22:48 . 2010-03-24 06:06 400 ----a-w- c:\documents and settings\Worm Jerry\Application Data\wklnhst.dat
2010-08-25 06:45 . 2009-12-13 08:42 -------- d-----w- c:\program files\Windows Media Connect 2
2010-08-13 22:32 . 2010-05-06 04:52 76112 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-12 18:34 . 2009-03-12 06:01 -------- d-----w- c:\program files\Microsoft Works
2010-08-12 18:13 . 2009-03-12 05:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-09 04:00 . 2010-08-09 03:17 -------- d-----w- c:\program files\Magestorm
2010-08-09 03:22 . 2010-08-09 03:22 33824 ----a-w- c:\windows\system32\drivers\oreans32.sys
2010-08-08 18:43 . 2009-08-24 21:56 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2010-08-03 17:08 . 2010-08-03 01:34 -------- d-----w- c:\program files\AVS4YOU
2010-08-03 17:08 . 2010-08-03 01:34 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-08-03 08:17 . 2010-01-22 20:57 -------- d-----w- c:\documents and settings\Worm Jerry\Application Data\DivX
2010-08-03 01:49 . 2010-08-03 01:49 -------- d-----w- c:\program files\InterLok
2010-08-03 01:36 . 2010-08-03 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-08-03 01:36 . 2010-08-03 01:36 -------- d-----w- c:\documents and settings\Worm Jerry\Application Data\AVS4YOU
2010-08-03 01:36 . 2009-08-24 21:09 76112 ----a-w- c:\documents and settings\Worm Jerry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-31 21:37 . 2010-07-31 21:38 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-07-31 21:37 . 2010-07-31 21:37 -------- d-----w- c:\program files\Java
2010-07-31 21:37 . 2010-07-31 21:37 152576 ----a-w- c:\documents and settings\Worm Jerry\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-07-31 21:36 . 2010-07-31 21:35 79488 ----a-w- c:\documents and settings\Worm Jerry\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-07-22 03:58 . 2010-07-13 23:23 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-16 19:34 . 2010-07-16 19:30 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-15 22:18 . 2010-05-22 01:04 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-07-14 09:03 . 2010-07-14 09:03 -------- d-----w- c:\documents and settings\NetworkService\Application Data\DivX
2010-06-30 12:31 . 2009-03-11 12:53 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:15 . 2009-03-11 12:53 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2009-03-11 12:52 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-24 12:10 . 2009-03-11 12:53 667136 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2009-03-11 12:53 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2009-03-11 12:53 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2009-03-11 12:53 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-03-12 05:06 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2009-03-11 12:53 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-07-06 22:38 . 2010-07-06 22:38 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
------- Sigcheck -------
[-] 2008-04-14 . 77F4BE7A778F6330779784D64F0DE94D . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . 08F7661C81DA72EF96B31217C211BC40 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-02-17 5244216]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-31 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"M3000Mnt"="M3000Rmv.dll " [X]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-24 17529856]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-05 1430824]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-30 875016]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-06 30192]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-07 236016]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-3-11 565248]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-8-27 114688]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26666:TCP"= 26666:TCP:spport
"24027:TCP"= 24027:TCP:spport
"15825:TCP"= 15825:TCP:spport
"24262:TCP"= 24262:TCP:spport
"24152:TCP"= 24152:TCP:spport
"11508:TCP"= 11508:TCP:spport
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [8/8/2010 8:22 PM 33824]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [5/21/2010 6:07 PM 203280]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [3/11/2009 11:32 PM 237568]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/3/2009 8:03 PM 38912]
R3 M3000Srv;WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [6/22/2009 4:28 PM 145408]
S0 axcrng;axcrng; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/23/2010 1:39 AM 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/11/2009 10:56 PM 1684736]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [3/11/2009 11:06 PM 30192]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [3/11/2009 10:54 PM 162816]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2010-08-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
2010-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-23 08:38]
2010-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-23 08:38]
2010-06-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-05-22 19:22]
2010-09-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-05-22 19:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.entru.com/?s=21982
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\Worm Jerry\Application Data\Mozilla\Firefox\Profiles\bz5lle5a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Worm Jerry\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\TVUAx\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-klmdb.sys
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-10 23:36
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\l3codeca.acm
- - - - - - - > 'explorer.exe'(1720)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\WebCam\M3000\M3000Mnt.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\windows\system32\igfxext.exe
c:\progra~1\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Completion time: 2010-09-10 23:42:30 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-11 06:42
Pre-Run: 103,295,287,296 bytes free
Post-Run: 103,161,827,328 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 710852E4ABC619D9437FCF8938D2C30B
Broni
Posts: 56,041 +516
You're still seriously infected...
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE
======================================================================
1. Please open Notepad
2. Now copy/paste the entire content of the codebox below into the Notepad window:
3. Save the above as CFScript.txt
4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.
5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE
- Double-click SystemLook.exe to run it.
- Vista users:: Right click on SystemLook.exe, click Run As Administrator
- Copy the content of the following box into the main textfield:
Code::filefind explorer.exe winlogon.exe - Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
======================================================================
1. Please open Notepad
- Click Start , then Run
- Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\system32\atmadmp.dll
Folder::
c:\documents and settings\Worm Jerry\Local Settings\Application Data\jlvviflwj
c:\documents and settings\Worm Jerry\Local Settings\Application Data\gkswilkdc
c:\documents and settings\Worm Jerry\Local Settings\Application Data\atnbhntdr
c:\documents and settings\Worm Jerry\Local Settings\Application Data\moxgfsnhf
Driver::
axcrng
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=-3. Save the above as CFScript.txt
4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.
5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
- Combofix.txt
SystemLook 04.09.10 by jpshortstuff
Log created at 12:54 on 11/09/2010 by Worm Jerry
Administrator - Elevation successful
========== filefind ==========
Searching for "explorer.exe"
C:\WINDOWS\explorer.exe --a---- 1033728 bytes [12:53 11/03/2009] [12:00 14/04/2008] 08F7661C81DA72EF96B31217C211BC40
Searching for "winlog.exe"
No files found.
-= EOF =-
Log created at 12:54 on 11/09/2010 by Worm Jerry
Administrator - Elevation successful
========== filefind ==========
Searching for "explorer.exe"
C:\WINDOWS\explorer.exe --a---- 1033728 bytes [12:53 11/03/2009] [12:00 14/04/2008] 08F7661C81DA72EF96B31217C211BC40
Searching for "winlog.exe"
No files found.
-= EOF =-
ComboFix 10-09-11.02 - Worm Jerry 09/11/2010 13:36:00.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.599 [GMT -7:00]
Running from: c:\documents and settings\Worm Jerry\My Documents\ComboFix.exe
Command switches used :: c:\documents and settings\Worm Jerry\My Documents\CFScript.txt.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FILE ::
"c:\windows\system32\atmadmp.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Worm Jerry\Local Settings\Application Data\atnbhntdr
c:\documents and settings\Worm Jerry\Local Settings\Application Data\gkswilkdc
c:\documents and settings\Worm Jerry\Local Settings\Application Data\jlvviflwj
c:\documents and settings\Worm Jerry\Local Settings\Application Data\moxgfsnhf
c:\windows\system32\atmadmp.dll
c:\windows\system32\winlogon.exe . . . is infected!!
c:\windows\explorer.exe . . . is infected!!
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AXCRNG
-------\Service_axcrng
((((((((((((((((((((((((( Files Created from 2010-08-11 to 2010-09-11 )))))))))))))))))))))))))))))))
.
2010-09-08 04:18 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-08 04:18 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-08 04:17 . 2010-09-08 04:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-08 03:03 . 2010-09-08 03:03 388096 ----a-r- c:\documents and settings\Worm Jerry\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-08 03:03 . 2010-09-08 03:03 -------- d-----w- c:\program files\Trend Micro
2010-09-04 00:33 . 2010-09-04 16:58 -------- d-----w- c:\program files\Spyware Doctor
2010-09-04 00:33 . 2010-09-04 16:58 -------- d-----w- c:\program files\Common Files\PC Tools
2010-09-04 00:32 . 2010-09-04 16:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-03 23:36 . 2010-09-03 23:36 -------- d-----w- c:\program files\ESET
2010-09-03 07:31 . 2010-09-03 07:31 -------- d-----w- c:\documents and settings\Worm Jerry\Application Data\Malwarebytes
2010-09-03 07:31 . 2010-09-03 07:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-02 05:19 . 2010-09-02 05:19 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2010-09-01 11:19 . 2010-09-01 11:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2010-09-01 03:19 . 2010-09-01 03:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Yahoo
2010-09-01 03:18 . 2010-09-01 03:18 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2010-08-28 08:47 . 2010-09-04 17:06 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-08-25 06:47 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-08-20 18:57 . 2010-08-20 18:58 -------- d-----w- c:\program files\QuickTime
2010-08-20 18:57 . 2010-08-20 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-08 05:12 . 2010-07-03 00:02 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-04 20:22 . 2010-05-22 01:04 -------- d-----w- c:\program files\McAfee
2010-09-04 17:18 . 2010-03-06 01:23 -------- d-----w- c:\program files\Yahoo!
2010-09-04 17:18 . 2010-03-06 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-09-04 17:14 . 2009-03-12 06:06 -------- d-----w- c:\program files\Google
2010-09-04 17:10 . 2010-07-03 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-09-04 17:10 . 2010-01-22 20:52 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-09-04 17:09 . 2010-01-22 20:52 -------- d-----w- c:\program files\DivX
2010-09-04 16:47 . 2001-08-17 13:57 11648 ----a-w- c:\windows\system32\drivers\acpiec.sys
2010-09-03 08:47 . 2009-03-12 06:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Acer GameZone Console
2010-08-28 09:52 . 2010-08-03 08:17 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-08-25 22:48 . 2010-03-24 06:06 400 ----a-w- c:\documents and settings\Worm Jerry\Application Data\wklnhst.dat
2010-08-25 06:45 . 2009-12-13 08:42 -------- d-----w- c:\program files\Windows Media Connect 2
2010-08-13 22:32 . 2010-05-06 04:52 76112 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-12 18:34 . 2009-03-12 06:01 -------- d-----w- c:\program files\Microsoft Works
2010-08-12 18:13 . 2009-03-12 05:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-09 04:00 . 2010-08-09 03:17 -------- d-----w- c:\program files\Magestorm
2010-08-09 03:22 . 2010-08-09 03:22 33824 ----a-w- c:\windows\system32\drivers\oreans32.sys
2010-08-08 18:43 . 2009-08-24 21:56 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2010-08-03 17:08 . 2010-08-03 01:34 -------- d-----w- c:\program files\AVS4YOU
2010-08-03 17:08 . 2010-08-03 01:34 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-08-03 08:17 . 2010-01-22 20:57 -------- d-----w- c:\documents and settings\Worm Jerry\Application Data\DivX
2010-08-03 01:49 . 2010-08-03 01:49 -------- d-----w- c:\program files\InterLok
2010-08-03 01:36 . 2010-08-03 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-08-03 01:36 . 2010-08-03 01:36 -------- d-----w- c:\documents and settings\Worm Jerry\Application Data\AVS4YOU
2010-08-03 01:36 . 2009-08-24 21:09 76112 ----a-w- c:\documents and settings\Worm Jerry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-31 21:37 . 2010-07-31 21:38 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-07-31 21:37 . 2010-07-31 21:37 -------- d-----w- c:\program files\Java
2010-07-31 21:37 . 2010-07-31 21:37 152576 ----a-w- c:\documents and settings\Worm Jerry\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-07-31 21:36 . 2010-07-31 21:35 79488 ----a-w- c:\documents and settings\Worm Jerry\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-07-22 03:58 . 2010-07-13 23:23 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-16 19:34 . 2010-07-16 19:30 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-15 22:18 . 2010-05-22 01:04 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-07-14 09:03 . 2010-07-14 09:03 -------- d-----w- c:\documents and settings\NetworkService\Application Data\DivX
2010-06-30 12:31 . 2009-03-11 12:53 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:15 . 2009-03-11 12:53 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2009-03-11 12:52 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-24 12:10 . 2009-03-11 12:53 667136 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2009-03-11 12:53 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2009-03-11 12:53 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2009-03-11 12:53 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-03-12 05:06 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2009-03-11 12:53 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-07-06 22:38 . 2010-07-06 22:38 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
------- Sigcheck -------
[-] 2008-04-14 . 77F4BE7A778F6330779784D64F0DE94D . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . 08F7661C81DA72EF96B31217C211BC40 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-09-11_06.37.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-11 20:42 . 2010-09-11 20:42 16384 c:\windows\Temp\Perflib_Perfdata_6d8.dat
+ 2010-09-11 07:09 . 2010-09-11 07:09 16384 c:\windows\Temp\Perflib_Perfdata_644.dat
- 2009-03-11 12:53 . 2010-09-11 05:53 68734 c:\windows\system32\perfc009.dat
+ 2009-03-11 12:53 . 2010-09-11 07:13 68734 c:\windows\system32\perfc009.dat
+ 2010-09-11 19:46 . 2010-09-11 19:46 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-24 21:03 . 2010-09-11 06:13 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-08-24 21:03 . 2010-09-11 19:46 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-09-11 19:46 . 2010-09-11 19:46 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-03-11 12:53 . 2010-09-11 05:53 434598 c:\windows\system32\perfh009.dat
+ 2009-03-11 12:53 . 2010-09-11 07:13 434598 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-02-17 5244216]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-31 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"M3000Mnt"="M3000Rmv.dll " [X]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-24 17529856]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-05 1430824]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-30 875016]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-06 30192]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-07 236016]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-3-11 565248]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-8-27 114688]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26666:TCP"= 26666:TCP:spport
"24027:TCP"= 24027:TCP:spport
"15825:TCP"= 15825:TCP:spport
"24262:TCP"= 24262:TCP:spport
"24152:TCP"= 24152:TCP:spport
"11508:TCP"= 11508:TCP:spport
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [8/8/2010 8:22 PM 33824]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [5/21/2010 6:07 PM 203280]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [3/11/2009 11:32 PM 237568]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/3/2009 8:03 PM 38912]
R3 M3000Srv;WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [6/22/2009 4:28 PM 145408]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/23/2010 1:39 AM 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/11/2009 10:56 PM 1684736]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [3/11/2009 11:06 PM 30192]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [3/11/2009 10:54 PM 162816]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2010-08-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
2010-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-23 08:38]
2010-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-23 08:38]
2010-06-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-05-22 19:22]
2010-09-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-05-22 19:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.entru.com/?s=21982
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\Worm Jerry\Application Data\Mozilla\Firefox\Profiles\bz5lle5a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Worm Jerry\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\TVUAx\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-11 13:45
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\l3codeca.acm
- - - - - - - > 'explorer.exe'(544)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\WebCam\M3000\M3000Mnt.exe
c:\windows\system32\igfxext.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\progra~1\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2010-09-11 13:49:43 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-11 20:49
Pre-Run: 103,144,464,384 bytes free
Post-Run: 103,122,341,888 bytes free
- - End Of File - - AB1423EBA704BFA99B93590798D05BFD
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.599 [GMT -7:00]
Running from: c:\documents and settings\Worm Jerry\My Documents\ComboFix.exe
Command switches used :: c:\documents and settings\Worm Jerry\My Documents\CFScript.txt.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FILE ::
"c:\windows\system32\atmadmp.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Worm Jerry\Local Settings\Application Data\atnbhntdr
c:\documents and settings\Worm Jerry\Local Settings\Application Data\gkswilkdc
c:\documents and settings\Worm Jerry\Local Settings\Application Data\jlvviflwj
c:\documents and settings\Worm Jerry\Local Settings\Application Data\moxgfsnhf
c:\windows\system32\atmadmp.dll
c:\windows\system32\winlogon.exe . . . is infected!!
c:\windows\explorer.exe . . . is infected!!
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AXCRNG
-------\Service_axcrng
((((((((((((((((((((((((( Files Created from 2010-08-11 to 2010-09-11 )))))))))))))))))))))))))))))))
.
2010-09-08 04:18 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-08 04:18 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-08 04:17 . 2010-09-08 04:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-08 03:03 . 2010-09-08 03:03 388096 ----a-r- c:\documents and settings\Worm Jerry\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-08 03:03 . 2010-09-08 03:03 -------- d-----w- c:\program files\Trend Micro
2010-09-04 00:33 . 2010-09-04 16:58 -------- d-----w- c:\program files\Spyware Doctor
2010-09-04 00:33 . 2010-09-04 16:58 -------- d-----w- c:\program files\Common Files\PC Tools
2010-09-04 00:32 . 2010-09-04 16:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-03 23:36 . 2010-09-03 23:36 -------- d-----w- c:\program files\ESET
2010-09-03 07:31 . 2010-09-03 07:31 -------- d-----w- c:\documents and settings\Worm Jerry\Application Data\Malwarebytes
2010-09-03 07:31 . 2010-09-03 07:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-02 05:19 . 2010-09-02 05:19 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2010-09-01 11:19 . 2010-09-01 11:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2010-09-01 03:19 . 2010-09-01 03:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Yahoo
2010-09-01 03:18 . 2010-09-01 03:18 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2010-08-28 08:47 . 2010-09-04 17:06 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-08-25 06:47 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-08-20 18:57 . 2010-08-20 18:58 -------- d-----w- c:\program files\QuickTime
2010-08-20 18:57 . 2010-08-20 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-08 05:12 . 2010-07-03 00:02 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-04 20:22 . 2010-05-22 01:04 -------- d-----w- c:\program files\McAfee
2010-09-04 17:18 . 2010-03-06 01:23 -------- d-----w- c:\program files\Yahoo!
2010-09-04 17:18 . 2010-03-06 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-09-04 17:14 . 2009-03-12 06:06 -------- d-----w- c:\program files\Google
2010-09-04 17:10 . 2010-07-03 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-09-04 17:10 . 2010-01-22 20:52 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-09-04 17:09 . 2010-01-22 20:52 -------- d-----w- c:\program files\DivX
2010-09-04 16:47 . 2001-08-17 13:57 11648 ----a-w- c:\windows\system32\drivers\acpiec.sys
2010-09-03 08:47 . 2009-03-12 06:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Acer GameZone Console
2010-08-28 09:52 . 2010-08-03 08:17 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-08-25 22:48 . 2010-03-24 06:06 400 ----a-w- c:\documents and settings\Worm Jerry\Application Data\wklnhst.dat
2010-08-25 06:45 . 2009-12-13 08:42 -------- d-----w- c:\program files\Windows Media Connect 2
2010-08-13 22:32 . 2010-05-06 04:52 76112 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-12 18:34 . 2009-03-12 06:01 -------- d-----w- c:\program files\Microsoft Works
2010-08-12 18:13 . 2009-03-12 05:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-09 04:00 . 2010-08-09 03:17 -------- d-----w- c:\program files\Magestorm
2010-08-09 03:22 . 2010-08-09 03:22 33824 ----a-w- c:\windows\system32\drivers\oreans32.sys
2010-08-08 18:43 . 2009-08-24 21:56 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2010-08-03 17:08 . 2010-08-03 01:34 -------- d-----w- c:\program files\AVS4YOU
2010-08-03 17:08 . 2010-08-03 01:34 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-08-03 08:17 . 2010-01-22 20:57 -------- d-----w- c:\documents and settings\Worm Jerry\Application Data\DivX
2010-08-03 01:49 . 2010-08-03 01:49 -------- d-----w- c:\program files\InterLok
2010-08-03 01:36 . 2010-08-03 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-08-03 01:36 . 2010-08-03 01:36 -------- d-----w- c:\documents and settings\Worm Jerry\Application Data\AVS4YOU
2010-08-03 01:36 . 2009-08-24 21:09 76112 ----a-w- c:\documents and settings\Worm Jerry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-31 21:37 . 2010-07-31 21:38 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-07-31 21:37 . 2010-07-31 21:37 -------- d-----w- c:\program files\Java
2010-07-31 21:37 . 2010-07-31 21:37 152576 ----a-w- c:\documents and settings\Worm Jerry\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-07-31 21:36 . 2010-07-31 21:35 79488 ----a-w- c:\documents and settings\Worm Jerry\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-07-22 03:58 . 2010-07-13 23:23 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-16 19:34 . 2010-07-16 19:30 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-15 22:18 . 2010-05-22 01:04 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-07-14 09:03 . 2010-07-14 09:03 -------- d-----w- c:\documents and settings\NetworkService\Application Data\DivX
2010-06-30 12:31 . 2009-03-11 12:53 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:15 . 2009-03-11 12:53 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2009-03-11 12:52 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-24 12:10 . 2009-03-11 12:53 667136 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2009-03-11 12:53 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2009-03-11 12:53 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2009-03-11 12:53 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-03-12 05:06 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2009-03-11 12:53 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-07-06 22:38 . 2010-07-06 22:38 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
------- Sigcheck -------
[-] 2008-04-14 . 77F4BE7A778F6330779784D64F0DE94D . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . 08F7661C81DA72EF96B31217C211BC40 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-09-11_06.37.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-11 20:42 . 2010-09-11 20:42 16384 c:\windows\Temp\Perflib_Perfdata_6d8.dat
+ 2010-09-11 07:09 . 2010-09-11 07:09 16384 c:\windows\Temp\Perflib_Perfdata_644.dat
- 2009-03-11 12:53 . 2010-09-11 05:53 68734 c:\windows\system32\perfc009.dat
+ 2009-03-11 12:53 . 2010-09-11 07:13 68734 c:\windows\system32\perfc009.dat
+ 2010-09-11 19:46 . 2010-09-11 19:46 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-24 21:03 . 2010-09-11 06:13 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-08-24 21:03 . 2010-09-11 19:46 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-09-11 19:46 . 2010-09-11 19:46 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-03-11 12:53 . 2010-09-11 05:53 434598 c:\windows\system32\perfh009.dat
+ 2009-03-11 12:53 . 2010-09-11 07:13 434598 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-02-17 5244216]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-31 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"M3000Mnt"="M3000Rmv.dll " [X]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-24 17529856]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-05 1430824]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-30 875016]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-06 30192]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-07 236016]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-3-11 565248]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-8-27 114688]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26666:TCP"= 26666:TCP:spport
"24027:TCP"= 24027:TCP:spport
"15825:TCP"= 15825:TCP:spport
"24262:TCP"= 24262:TCP:spport
"24152:TCP"= 24152:TCP:spport
"11508:TCP"= 11508:TCP:spport
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [8/8/2010 8:22 PM 33824]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [5/21/2010 6:07 PM 203280]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [3/11/2009 11:32 PM 237568]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/3/2009 8:03 PM 38912]
R3 M3000Srv;WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [6/22/2009 4:28 PM 145408]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/23/2010 1:39 AM 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/11/2009 10:56 PM 1684736]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [3/11/2009 11:06 PM 30192]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [3/11/2009 10:54 PM 162816]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2010-08-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
2010-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-23 08:38]
2010-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-23 08:38]
2010-06-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-05-22 19:22]
2010-09-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-05-22 19:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.entru.com/?s=21982
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\Worm Jerry\Application Data\Mozilla\Firefox\Profiles\bz5lle5a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Worm Jerry\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\TVUAx\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-11 13:45
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\l3codeca.acm
- - - - - - - > 'explorer.exe'(544)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\WebCam\M3000\M3000Mnt.exe
c:\windows\system32\igfxext.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\progra~1\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2010-09-11 13:49:43 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-11 20:49
Pre-Run: 103,144,464,384 bytes free
Post-Run: 103,122,341,888 bytes free
- - End Of File - - AB1423EBA704BFA99B93590798D05BFD
Broni
Posts: 56,041 +516
Do you have Windows XP CD?
Download OTL to your Desktop.
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
winlogon.exe
explorer.exe
/md5stop
Download OTL to your Desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Under the Custom Scan box paste this in:
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
winlogon.exe
explorer.exe
/md5stop
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
OTL logfile created on: 9/13/2010 11:27:50 AM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\Worm Jerry\My Documents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,014.00 Mb Total Physical Memory | 481.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.05 Gb Total Space | 96.06 Gb Free Space | 67.63% Space Free | Partition Type: NTFS
Drive D: | 955.73 Mb Total Space | 5.00 Mb Free Space | 0.52% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: WORMJERRY
Current User Name: Worm Jerry
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/09/13 11:00:16 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Worm Jerry\My Documents\OTL.exe
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2010/04/16 18:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2010/02/17 16:52:00 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2010/02/17 15:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2010/02/11 12:36:12 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/02/11 12:36:12 | 000,806,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcupdmgr.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/02/11 15:46:28 | 000,565,248 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2009/01/23 10:46:14 | 000,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/12/30 10:51:08 | 000,438,272 | ---- | M] (Oberon Media Inc.) -- C:\Program Files\Acer GameZone\Fizzball\Launch.exe
PRC - [2008/12/30 00:09:54 | 000,875,016 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008/10/14 11:15:08 | 000,032,768 | ---- | M] () -- C:\WINDOWS\WebCam\M3000\M3000Mnt.exe
PRC - [2008/07/17 16:45:04 | 000,114,688 | ---- | M] (InterVideo Inc.) -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
PRC - [2008/06/24 16:06:06 | 001,840,424 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008/06/08 09:31:04 | 002,221,352 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
PRC - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 17:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/27 18:00:10 | 000,170,520 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\Worm Jerry\My Documents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,014.00 Mb Total Physical Memory | 481.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.05 Gb Total Space | 96.06 Gb Free Space | 67.63% Space Free | Partition Type: NTFS
Drive D: | 955.73 Mb Total Space | 5.00 Mb Free Space | 0.52% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: WORMJERRY
Current User Name: Worm Jerry
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/09/13 11:00:16 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Worm Jerry\My Documents\OTL.exe
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2010/04/16 18:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2010/02/17 16:52:00 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2010/02/17 15:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2010/02/11 12:36:12 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/02/11 12:36:12 | 000,806,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcupdmgr.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/02/11 15:46:28 | 000,565,248 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2009/01/23 10:46:14 | 000,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/12/30 10:51:08 | 000,438,272 | ---- | M] (Oberon Media Inc.) -- C:\Program Files\Acer GameZone\Fizzball\Launch.exe
PRC - [2008/12/30 00:09:54 | 000,875,016 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008/10/14 11:15:08 | 000,032,768 | ---- | M] () -- C:\WINDOWS\WebCam\M3000\M3000Mnt.exe
PRC - [2008/07/17 16:45:04 | 000,114,688 | ---- | M] (InterVideo Inc.) -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
PRC - [2008/06/24 16:06:06 | 001,840,424 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008/06/08 09:31:04 | 002,221,352 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
PRC - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 17:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/27 18:00:10 | 000,170,520 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
========== Modules (SafeList) ==========
MOD - [2010/09/13 11:00:16 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Worm Jerry\My Documents\OTL.exe
MOD - [2009/01/23 10:46:18 | 000,013,840 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2008/04/14 05:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/06 15:38:18 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/04/28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/02/24 13:16:08 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/02/17 16:52:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2010/02/17 15:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009/01/23 10:46:14 | 000,203,280 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\Rts5161ccid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\Rts516xIR.sys -- (Rts516xIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- c:\acernb\int15.sys -- (int15.sys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btwmodem.sys -- (btwmodem)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btwhid.sys -- (btwhid)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btport.sys -- (BTDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\btaudio.sys -- (btaudio)
DRV - [2010/08/08 20:22:40 | 000,033,824 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32)
DRV - [2010/07/15 15:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/02/17 16:52:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/02/17 16:52:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/02/17 16:52:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2010/02/17 16:52:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/02/17 16:52:10 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/05/21 14:39:54 | 000,090,472 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/03/01 22:03:46 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/02/25 20:17:52 | 001,344,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/02/24 01:49:44 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/02/05 03:33:04 | 000,205,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/02/02 23:42:30 | 000,162,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/01/02 18:33:54 | 000,145,408 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\M3000KNT.sys -- (M3000Srv)
DRV - [2008/08/05 05:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/15 17:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2008/04/14 05:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2008/04/14 05:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 05:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2008/04/14 05:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2008/04/14 05:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2008/04/14 05:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2008/04/14 05:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2008/04/14 05:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2008/04/14 05:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2008/04/14 05:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2008/04/14 05:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2008/04/14 05:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2008/04/14 05:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2008/04/14 05:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2008/04/14 05:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2008/04/14 05:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2008/04/14 00:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 00:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/02/14 16:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/08/26 21:58:18 | 000,074,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/11/02 06:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/01/04 00:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2004/12/07 23:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.entru.com/?s=21982
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/09/05 19:31:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/20 11:57:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/30 23:44:03 | 000,000,000 | ---D | M]
[2009/08/24 14:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Mozilla\Extensions
[2010/09/12 14:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Mozilla\Firefox\Profiles\bz5lle5a.default\extensions
[2010/08/30 20:32:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Worm Jerry\Application Data\Mozilla\Firefox\Profiles\bz5lle5a.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/06/12 20:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Mozilla\Firefox\Profiles\bz5lle5a.default\extensions\firefox@tvunetworks.com
[2010/08/12 12:40:44 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Application Data\Mozilla\Firefox\Profiles\bz5lle5a.default\searchplugins\search-the-web.xml
[2010/09/10 23:01:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2010/09/11 13:45:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
MOD - [2010/09/13 11:00:16 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Worm Jerry\My Documents\OTL.exe
MOD - [2009/01/23 10:46:18 | 000,013,840 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2008/04/14 05:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/06 15:38:18 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/04/28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/02/24 13:16:08 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/02/17 16:52:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2010/02/17 15:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009/01/23 10:46:14 | 000,203,280 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\Rts5161ccid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\Rts516xIR.sys -- (Rts516xIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- c:\acernb\int15.sys -- (int15.sys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btwmodem.sys -- (btwmodem)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btwhid.sys -- (btwhid)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btport.sys -- (BTDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\btaudio.sys -- (btaudio)
DRV - [2010/08/08 20:22:40 | 000,033,824 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32)
DRV - [2010/07/15 15:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/02/17 16:52:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/02/17 16:52:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/02/17 16:52:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2010/02/17 16:52:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/02/17 16:52:10 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/05/21 14:39:54 | 000,090,472 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/03/01 22:03:46 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/02/25 20:17:52 | 001,344,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/02/24 01:49:44 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/02/05 03:33:04 | 000,205,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/02/02 23:42:30 | 000,162,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/01/02 18:33:54 | 000,145,408 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\M3000KNT.sys -- (M3000Srv)
DRV - [2008/08/05 05:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/15 17:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2008/04/14 05:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2008/04/14 05:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 05:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2008/04/14 05:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2008/04/14 05:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2008/04/14 05:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2008/04/14 05:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2008/04/14 05:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2008/04/14 05:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2008/04/14 05:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2008/04/14 05:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2008/04/14 05:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2008/04/14 05:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2008/04/14 05:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2008/04/14 05:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2008/04/14 05:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2008/04/14 00:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 00:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/02/14 16:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/08/26 21:58:18 | 000,074,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/11/02 06:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/01/04 00:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2004/12/07 23:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.entru.com/?s=21982
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/09/05 19:31:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/20 11:57:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/30 23:44:03 | 000,000,000 | ---D | M]
[2009/08/24 14:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Mozilla\Extensions
[2010/09/12 14:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Mozilla\Firefox\Profiles\bz5lle5a.default\extensions
[2010/08/30 20:32:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Worm Jerry\Application Data\Mozilla\Firefox\Profiles\bz5lle5a.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/06/12 20:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Mozilla\Firefox\Profiles\bz5lle5a.default\extensions\firefox@tvunetworks.com
[2010/08/12 12:40:44 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Application Data\Mozilla\Firefox\Profiles\bz5lle5a.default\searchplugins\search-the-web.xml
[2010/09/10 23:01:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2010/09/11 13:45:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [M3000Mnt] File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk = C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/11 22:07:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)
========== Files/Folders - Created Within 90 Days ==========
[2010/09/13 11:26:12 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Worm Jerry\My Documents\OTL.exe
[2010/09/11 16:12:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Arcade Lab
[2010/09/11 16:10:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/09/11 13:34:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/10 23:22:07 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/10 23:15:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/10 23:15:05 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/10 23:15:05 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/10 23:14:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/10 23:11:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/07 21:18:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/07 21:18:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/07 21:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/07 20:03:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/03 17:33:07 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/09/03 17:33:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/09/03 17:32:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application
Data\TEMP
[2010/09/03 16:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/09/03 00:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Worm Jerry\Application Data\Malwarebytes
[2010/09/03 00:31:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/02 22:07:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/09/01 22:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[2010/09/01 04:19:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2010/09/01 04:19:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/08/31 20:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Yahoo
[2010/08/31 20:19:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/08/31 20:18:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2010/08/31 14:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/08/31 14:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/08/20 11:57:55 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/20 11:57:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/08/08 20:17:21 | 000,000,000 | ---D | C] -- C:\Program Files\Magestorm
[2010/08/04 09:52:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/08/02 18:49:23 | 000,000,000 | ---D | C] -- C:\Program Files\InterLok
[2010/08/02 18:36:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2010/08/02 18:36:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Worm Jerry\Application Data\AVS4YOU
[2010/08/02 18:34:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2010/08/02 18:34:07 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010/07/31 14:37:29 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/07/31 14:35:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Worm Jerry\Application Data\Sun
[2010/07/21 17:04:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Worm Jerry\Desktop\burningangel
[2010/07/16 12:30:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/07/14 02:03:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\DivX
[2010/07/03 16:18:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/07/02 17:20:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Worm Jerry\Tracing
[2010/07/02 17:02:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/07/02 17:00:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/07/02 16:56:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/07/01 02:38:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Worm Jerry\My Documents\ms_rockstar_sam
[2010/06/16 22:49:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Worm Jerry\My Documents\NP_1198
[2010/06/16 22:10:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Worm Jerry\My Documents\1204
[2009/03/11 05:53:14 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll
========== Files - Modified Within 90 Days ==========
[2010/09/13 11:00:16 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Worm Jerry\My Documents\OTL.exe
[2010/09/12 23:49:07 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/11 13:57:40 | 000,511,030 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/11 13:57:40 | 000,434,598 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/11 13:57:40 | 000,068,734 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/11 13:55:03 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/11 13:52:28 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/11 13:52:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/11 13:52:23 | 1063,198,720 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/11 13:51:29 | 000,018,941 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/09/11 13:51:28 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Worm Jerry\NTUSER.DAT
[2010/09/11 13:51:28 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Worm Jerry\ntuser.ini
[2010/09/11 13:51:21 | 004,306,626 | -H-- | M] () -- C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\IconCache.db
[2010/09/11 13:45:28 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/11 13:45:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/11 12:52:16 | 003,842,655 | R--- | M] () -- C:\Documents and Settings\Worm Jerry\My Documents\ComboFix.exe
[2010/09/11 12:45:56 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\SystemLook.exe
[2010/09/10 23:22:12 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/09/08 07:42:24 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/09/07 21:18:06 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/07 20:04:36 | 000,002,457 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\HiJackThis.lnk
[2010/09/06 19:56:05 | 001,891,254 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\untitled.bmp
[2010/09/06 02:09:10 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/05 21:47:08 | 000,067,584 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/04 10:17:27 | 000,000,230 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/09/01 16:48:48 | 000,043,454 | ---- | M] () -- C:\WINDOWS\System32\xkqon
[2010/09/01 10:24:15 | 000,000,004 | -H-- | M] () -- C:\WINDOWS\System32\iexplore.sy_
[2010/09/01 01:44:08 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/08/30 23:44:04 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/30 16:11:49 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\rsume(3).doc
[2010/08/25 15:48:46 | 000,000,400 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Application Data\wklnhst.dat
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk = C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/11 22:07:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)
========== Files/Folders - Created Within 90 Days ==========
[2010/09/13 11:26:12 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Worm Jerry\My Documents\OTL.exe
[2010/09/11 16:12:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Arcade Lab
[2010/09/11 16:10:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/09/11 13:34:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/10 23:22:07 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/10 23:15:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/10 23:15:05 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/10 23:15:05 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/10 23:14:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/10 23:11:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/07 21:18:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/07 21:18:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/07 21:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/07 20:03:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/03 17:33:07 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/09/03 17:33:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/09/03 17:32:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application
Data\TEMP
[2010/09/03 16:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/09/03 00:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Worm Jerry\Application Data\Malwarebytes
[2010/09/03 00:31:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/02 22:07:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/09/01 22:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[2010/09/01 04:19:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2010/09/01 04:19:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/08/31 20:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Yahoo
[2010/08/31 20:19:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/08/31 20:18:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2010/08/31 14:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/08/31 14:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/08/20 11:57:55 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/20 11:57:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/08/08 20:17:21 | 000,000,000 | ---D | C] -- C:\Program Files\Magestorm
[2010/08/04 09:52:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/08/02 18:49:23 | 000,000,000 | ---D | C] -- C:\Program Files\InterLok
[2010/08/02 18:36:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2010/08/02 18:36:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Worm Jerry\Application Data\AVS4YOU
[2010/08/02 18:34:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2010/08/02 18:34:07 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010/07/31 14:37:29 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/07/31 14:35:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Worm Jerry\Application Data\Sun
[2010/07/21 17:04:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Worm Jerry\Desktop\burningangel
[2010/07/16 12:30:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/07/14 02:03:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\DivX
[2010/07/03 16:18:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/07/02 17:20:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Worm Jerry\Tracing
[2010/07/02 17:02:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/07/02 17:00:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/07/02 16:56:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/07/01 02:38:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Worm Jerry\My Documents\ms_rockstar_sam
[2010/06/16 22:49:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Worm Jerry\My Documents\NP_1198
[2010/06/16 22:10:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Worm Jerry\My Documents\1204
[2009/03/11 05:53:14 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll
========== Files - Modified Within 90 Days ==========
[2010/09/13 11:00:16 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Worm Jerry\My Documents\OTL.exe
[2010/09/12 23:49:07 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/11 13:57:40 | 000,511,030 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/11 13:57:40 | 000,434,598 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/11 13:57:40 | 000,068,734 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/11 13:55:03 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/11 13:52:28 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/11 13:52:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/11 13:52:23 | 1063,198,720 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/11 13:51:29 | 000,018,941 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/09/11 13:51:28 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Worm Jerry\NTUSER.DAT
[2010/09/11 13:51:28 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Worm Jerry\ntuser.ini
[2010/09/11 13:51:21 | 004,306,626 | -H-- | M] () -- C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\IconCache.db
[2010/09/11 13:45:28 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/11 13:45:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/11 12:52:16 | 003,842,655 | R--- | M] () -- C:\Documents and Settings\Worm Jerry\My Documents\ComboFix.exe
[2010/09/11 12:45:56 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\SystemLook.exe
[2010/09/10 23:22:12 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/09/08 07:42:24 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/09/07 21:18:06 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/07 20:04:36 | 000,002,457 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\HiJackThis.lnk
[2010/09/06 19:56:05 | 001,891,254 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\untitled.bmp
[2010/09/06 02:09:10 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/05 21:47:08 | 000,067,584 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/04 10:17:27 | 000,000,230 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/09/01 16:48:48 | 000,043,454 | ---- | M] () -- C:\WINDOWS\System32\xkqon
[2010/09/01 10:24:15 | 000,000,004 | -H-- | M] () -- C:\WINDOWS\System32\iexplore.sy_
[2010/09/01 01:44:08 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/08/30 23:44:04 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/30 16:11:49 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\rsume(3).doc
[2010/08/25 15:48:46 | 000,000,400 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Application Data\wklnhst.dat
[2010/08/24 23:57:18 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/08/24 23:57:18 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\Windows Media Player.lnk
[2010/08/24 23:56:28 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/08/24 23:56:28 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/08/24 23:40:24 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/21 13:51:11 | 000,000,115 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Application Data\default.pls
[2010/08/19 16:09:37 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\My Documents\rsume slojobs.wps
[2010/08/16 17:30:43 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/13 16:50:33 | 000,002,249 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Magestorm.lnk
[2010/08/12 23:02:27 | 000,297,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/08 20:22:40 | 000,033,824 | ---- | M] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2010/08/03 17:59:50 | 000,674,283 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\My Documents\justin app.pdf
[2010/08/02 18:36:14 | 000,076,112 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/28 18:34:37 | 000,314,048 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\My Documents\Doc1.docx
[2010/07/21 20:58:41 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/15 15:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
========== Files Created - No Company Name ==========
[2010/09/11 13:06:26 | 003,842,655 | R--- | C] () -- C:\Documents and Settings\Worm Jerry\My Documents\ComboFix.exe
[2010/09/11 12:49:47 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\SystemLook.exe
[2010/09/10 23:22:12 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/09/10 23:22:08 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/09/10 23:15:05 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/10 23:15:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/10 23:15:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/10 23:15:05 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/10 23:15:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/08 12:52:46 | 1063,198,720 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/07 21:18:06 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/07 20:03:36 | 000,002,457 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\HiJackThis.lnk
[2010/09/06 19:56:04 | 001,891,254 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\untitled.bmp
[2010/09/04 10:17:27 | 000,000,230 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/09/01 16:48:48 | 000,043,454 | ---- | C] () -- C:\WINDOWS\System32\xkqon
[2010/09/01 10:24:15 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\System32\iexplore.sy_
[2010/08/30 22:26:12 | 000,010,210 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\thunder_3.wav
[2010/08/25 15:52:59 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\rsume(3).doc
[2010/08/08 20:22:40 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2010/08/08 20:17:22 | 000,002,249 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Magestorm.lnk
[2010/07/28 18:34:35 | 000,314,048 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\My Documents\Doc1.docx
[2010/07/16 12:32:04 | 000,001,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/14 02:02:14 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/13 16:23:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/19 17:12:01 | 000,000,087 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\FASTWiz.log
[2010/03/23 23:06:38 | 000,000,400 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Application Data\wklnhst.dat
[2009/08/29 02:05:19 | 000,000,115 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Application Data\default.pls
[2009/08/29 02:04:39 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/27 23:52:03 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/08/27 23:52:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/08/27 23:52:03 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/08/27 23:52:02 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/08/27 23:52:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/08/27 23:52:02 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/08/27 14:01:20 | 000,067,584 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/22 16:28:46 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\M3000DIF.dll
[2009/06/22 16:28:46 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\M3000KNT.sys
[2009/06/22 16:28:46 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
[2009/03/11 23:47:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/03/11 22:55:36 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/03/11 22:10:15 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/03/11 22:05:25 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
========== LOP Check ==========
[2010/09/03 01:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acer GameZone Console
[2010/09/11 16:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Arcade Lab
[2009/03/11 23:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2009/12/05 20:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters Inc
[2010/09/11 17:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/05 20:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2009/03/11 23:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Acer
[2009/03/11 23:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Acer GameZone Console
[2010/05/30 00:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Facebook
[2009/12/05 19:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\GetRightToGo
[2009/10/10 23:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\InterVideo
[2009/12/05 16:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Research In Motion
[2009/03/11 23:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Super-Cow
[2010/03/23 23:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Template
[2010/06/15 01:28:24 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/09/01 01:44:08 | 000,000,328 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010/09/10 23:11:14 | 019,001,722 | ---- | M] () -- C:\1.txt
[2009/03/11 22:07:49 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/08/24 14:09:26 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/09/10 23:22:12 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/09/11 13:49:43 | 000,018,967 | ---- | M] () -- C:\ComboFix.txt
[2009/03/11 22:07:49 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/09/11 13:52:23 | 1063,198,720 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/11 22:07:49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/02/18 02:26:30 | 000,002,016 | ---- | M] () -- C:\MOD01SET0J00P2000K.enc
[2008/08/06 18:16:21 | 000,002,488 | ---- | M] () -- C:\MOD01WOS02ENP20001.enc
[2009/03/11 22:07:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 05:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/11 13:52:20 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2009/03/11 22:57:01 | 000,001,883 | ---- | M] () -- C:\RHDSetup.log
[2009/06/22 16:30:20 | 000,000,190 | ---- | M] () -- C:\Setup.log
[2010/09/03 17:29:06 | 000,051,208 | ---- | M] () -- C:\TDSSKiller.2.4.2.0_03.09.2010_17.26.44_log.txt
< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2009/03/11 22:07:26 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2010/04/17 00:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
[2010/05/19 17:32:07 | 000,001,682 | -H-- | M] () -- C:\Documents and Settings\Worm Jerry\Application Data\Microsoft\LastFlashConfig.WFC
< %PROGRAMFILES%\*.* >
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2009/03/11 14:02:31 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/03/11 14:02:31 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/03/11 14:02:31 | 000,901,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/03/11 22:07:50 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/08/24 14:09:52 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Worm Jerry\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009/03/11 22:10:30 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
< %USERPROFILE%\Desktop\*.exe >
[2008/03/10 14:48:26 | 002,939,142 | ---- | M] (Plaino ) -- C:\Documents and Settings\Worm Jerry\Desktop\FLVplayr.exe
[2010/09/11 12:45:56 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\SystemLook.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
[2003/09/22 14:36:46 | 000,013,448 | ---- | M] () -- C:\WINDOWS\M3000Twn.src
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
[2010/09/11 12:52:16 | 003,842,655 | R--- | M] () -- C:\Documents and Settings\Worm Jerry\My Documents\ComboFix.exe
[2010/05/21 17:34:31 | 002,993,776 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Worm Jerry\My Documents\DMSetup-Serial.exe
[2010/09/13 11:00:16 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Worm Jerry\My Documents\OTL.exe
[2010/08/24 23:57:18 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\Windows Media Player.lnk
[2010/08/24 23:56:28 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/08/24 23:56:28 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/08/24 23:40:24 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/21 13:51:11 | 000,000,115 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Application Data\default.pls
[2010/08/19 16:09:37 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\My Documents\rsume slojobs.wps
[2010/08/16 17:30:43 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/13 16:50:33 | 000,002,249 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Magestorm.lnk
[2010/08/12 23:02:27 | 000,297,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/08 20:22:40 | 000,033,824 | ---- | M] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2010/08/03 17:59:50 | 000,674,283 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\My Documents\justin app.pdf
[2010/08/02 18:36:14 | 000,076,112 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/28 18:34:37 | 000,314,048 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\My Documents\Doc1.docx
[2010/07/21 20:58:41 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/15 15:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
========== Files Created - No Company Name ==========
[2010/09/11 13:06:26 | 003,842,655 | R--- | C] () -- C:\Documents and Settings\Worm Jerry\My Documents\ComboFix.exe
[2010/09/11 12:49:47 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\SystemLook.exe
[2010/09/10 23:22:12 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/09/10 23:22:08 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/09/10 23:15:05 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/10 23:15:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/10 23:15:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/10 23:15:05 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/10 23:15:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/08 12:52:46 | 1063,198,720 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/07 21:18:06 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/07 20:03:36 | 000,002,457 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\HiJackThis.lnk
[2010/09/06 19:56:04 | 001,891,254 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\untitled.bmp
[2010/09/04 10:17:27 | 000,000,230 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/09/01 16:48:48 | 000,043,454 | ---- | C] () -- C:\WINDOWS\System32\xkqon
[2010/09/01 10:24:15 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\System32\iexplore.sy_
[2010/08/30 22:26:12 | 000,010,210 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\thunder_3.wav
[2010/08/25 15:52:59 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Desktop\rsume(3).doc
[2010/08/08 20:22:40 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2010/08/08 20:17:22 | 000,002,249 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Magestorm.lnk
[2010/07/28 18:34:35 | 000,314,048 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\My Documents\Doc1.docx
[2010/07/16 12:32:04 | 000,001,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/14 02:02:14 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/13 16:23:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/19 17:12:01 | 000,000,087 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\FASTWiz.log
[2010/03/23 23:06:38 | 000,000,400 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Application Data\wklnhst.dat
[2009/08/29 02:05:19 | 000,000,115 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Application Data\default.pls
[2009/08/29 02:04:39 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/27 23:52:03 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/08/27 23:52:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/08/27 23:52:03 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/08/27 23:52:02 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/08/27 23:52:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/08/27 23:52:02 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/08/27 14:01:20 | 000,067,584 | ---- | C] () -- C:\Documents and Settings\Worm Jerry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/22 16:28:46 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\M3000DIF.dll
[2009/06/22 16:28:46 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\M3000KNT.sys
[2009/06/22 16:28:46 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
[2009/03/11 23:47:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/03/11 22:55:36 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/03/11 22:10:15 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/03/11 22:05:25 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
========== LOP Check ==========
[2010/09/03 01:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acer GameZone Console
[2010/09/11 16:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Arcade Lab
[2009/03/11 23:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2009/12/05 20:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters Inc
[2010/09/11 17:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/05 20:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2009/03/11 23:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Acer
[2009/03/11 23:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Acer GameZone Console
[2010/05/30 00:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Facebook
[2009/12/05 19:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\GetRightToGo
[2009/10/10 23:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\InterVideo
[2009/12/05 16:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Research In Motion
[2009/03/11 23:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Super-Cow
[2010/03/23 23:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Worm Jerry\Application Data\Template
[2010/06/15 01:28:24 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/09/01 01:44:08 | 000,000,328 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010/09/10 23:11:14 | 019,001,722 | ---- | M] () -- C:\1.txt
[2009/03/11 22:07:49 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/08/24 14:09:26 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/09/10 23:22:12 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/09/11 13:49:43 | 000,018,967 | ---- | M] () -- C:\ComboFix.txt
[2009/03/11 22:07:49 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/09/11 13:52:23 | 1063,198,720 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/11 22:07:49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/02/18 02:26:30 | 000,002,016 | ---- | M] () -- C:\MOD01SET0J00P2000K.enc
[2008/08/06 18:16:21 | 000,002,488 | ---- | M] () -- C:\MOD01WOS02ENP20001.enc
[2009/03/11 22:07:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 05:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/11 13:52:20 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2009/03/11 22:57:01 | 000,001,883 | ---- | M] () -- C:\RHDSetup.log
[2009/06/22 16:30:20 | 000,000,190 | ---- | M] () -- C:\Setup.log
[2010/09/03 17:29:06 | 000,051,208 | ---- | M] () -- C:\TDSSKiller.2.4.2.0_03.09.2010_17.26.44_log.txt
< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2009/03/11 22:07:26 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2010/04/17 00:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
[2010/05/19 17:32:07 | 000,001,682 | -H-- | M] () -- C:\Documents and Settings\Worm Jerry\Application Data\Microsoft\LastFlashConfig.WFC
< %PROGRAMFILES%\*.* >
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2009/03/11 14:02:31 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/03/11 14:02:31 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/03/11 14:02:31 | 000,901,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/03/11 22:07:50 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/08/24 14:09:52 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Worm Jerry\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009/03/11 22:10:30 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
< %USERPROFILE%\Desktop\*.exe >
[2008/03/10 14:48:26 | 002,939,142 | ---- | M] (Plaino ) -- C:\Documents and Settings\Worm Jerry\Desktop\FLVplayr.exe
[2010/09/11 12:45:56 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Worm Jerry\Desktop\SystemLook.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
[2003/09/22 14:36:46 | 000,013,448 | ---- | M] () -- C:\WINDOWS\M3000Twn.src
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
[2010/09/11 12:52:16 | 003,842,655 | R--- | M] () -- C:\Documents and Settings\Worm Jerry\My Documents\ComboFix.exe
[2010/05/21 17:34:31 | 002,993,776 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Worm Jerry\My Documents\DMSetup-Serial.exe
[2010/09/13 11:00:16 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Worm Jerry\My Documents\OTL.exe
< %USERPROFILE%\*.exe >
< %systemroot%\ADDINS\*.* >
[2008/04/14 05:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
[2009/08/24 14:09:52 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Worm Jerry\Favorites\Desktop.ini
< %systemroot%\system32\*.bk >
< %systemroot%\*.te >
< %systemroot%\system32\system32\*.* >
< %ALLUSERSPROFILE%\*.dat /x >
< %systemroot%\system32\drivers\*.rmv >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
< dir /b "%systemroot%\*.exe" | find /i " " /c >
< %PROGRAMFILES%\Microsoft\*.* >
< %systemroot%\System32\Wbem\proquota.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< %USERPROFILE%\Cookies\*.txt /x >
[2010/09/02 12:06:52 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Worm Jerry\Cookies\desktop.ini
[2010/09/12 23:58:49 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\Worm Jerry\Cookies\index.dat
< %SystemRoot%\system32\fonts\*.* >
< %systemroot%\system32\winlog\*.* >
< %systemroot%\system32\Language\*.* >
< %systemroot%\system32\Settings\*.* >
< %systemroot%\system32\*.quo >
< %SYSTEMROOT%\AppPatch\*.exe >
< %SYSTEMROOT%\inf\*.exe >
[2009/01/30 17:40:22 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
< %SYSTEMROOT%\Installer\*.exe >
< %systemroot%\system32\config\*.bak2 >
< %systemroot%\system32\Computers\*.* >
< %SystemRoot%\system32\Sound\*.* >
< %SystemRoot%\system32\SpecialImg\*.* >
< %SystemRoot%\system32\code\*.* >
< %SystemRoot%\system32\draft\*.* >
< %SystemRoot%\system32\MSSSys\*.* >
< %ProgramFiles%\Javascript\*.* >
< %systemroot%\pchealth\helpctr\System\*.exe /s >
< %systemroot%\Web\*.exe >
< %systemroot%\system32\msn\*.* >
< %systemroot%\system32\*.tro >
< %AppData%\Microsoft\Installer\msupdates\*.* >
< %ProgramFiles%\Messenger\*.* >
[2008/04/14 05:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2007/04/03 00:37:24 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2007/04/03 00:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 07:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/14 00:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 06:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/03 00:37:24 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/03 00:37:24 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/03 00:37:26 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2007/04/03 00:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2007/04/03 00:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm
< %systemroot%\system32\systhem32\*.* >
< %systemroot%\system\*.exe >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
< MD5 for: EXPLORER.EXE >
[2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=08F7661C81DA72EF96B31217C211BC40 -- C:\WINDOWS\explorer.exe
< MD5 for: WINLOGON.EXE >
[2008/04/14 05:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=77F4BE7A778F6330779784D64F0DE94D -- C:\WINDOWS\system32\winlogon.exe
========== Alternate Data Streams ==========
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF61E54
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C491D31
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP
FC5A2B2
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB689DEA
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94213A87
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE16379
< End of report >
< %systemroot%\ADDINS\*.* >
[2008/04/14 05:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
[2009/08/24 14:09:52 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Worm Jerry\Favorites\Desktop.ini
< %systemroot%\system32\*.bk >
< %systemroot%\*.te >
< %systemroot%\system32\system32\*.* >
< %ALLUSERSPROFILE%\*.dat /x >
< %systemroot%\system32\drivers\*.rmv >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
< dir /b "%systemroot%\*.exe" | find /i " " /c >
< %PROGRAMFILES%\Microsoft\*.* >
< %systemroot%\System32\Wbem\proquota.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< %USERPROFILE%\Cookies\*.txt /x >
[2010/09/02 12:06:52 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Worm Jerry\Cookies\desktop.ini
[2010/09/12 23:58:49 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\Worm Jerry\Cookies\index.dat
< %SystemRoot%\system32\fonts\*.* >
< %systemroot%\system32\winlog\*.* >
< %systemroot%\system32\Language\*.* >
< %systemroot%\system32\Settings\*.* >
< %systemroot%\system32\*.quo >
< %SYSTEMROOT%\AppPatch\*.exe >
< %SYSTEMROOT%\inf\*.exe >
[2009/01/30 17:40:22 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
< %SYSTEMROOT%\Installer\*.exe >
< %systemroot%\system32\config\*.bak2 >
< %systemroot%\system32\Computers\*.* >
< %SystemRoot%\system32\Sound\*.* >
< %SystemRoot%\system32\SpecialImg\*.* >
< %SystemRoot%\system32\code\*.* >
< %SystemRoot%\system32\draft\*.* >
< %SystemRoot%\system32\MSSSys\*.* >
< %ProgramFiles%\Javascript\*.* >
< %systemroot%\pchealth\helpctr\System\*.exe /s >
< %systemroot%\Web\*.exe >
< %systemroot%\system32\msn\*.* >
< %systemroot%\system32\*.tro >
< %AppData%\Microsoft\Installer\msupdates\*.* >
< %ProgramFiles%\Messenger\*.* >
[2008/04/14 05:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2007/04/03 00:37:24 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2007/04/03 00:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 07:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/14 00:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 06:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/03 00:37:24 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/03 00:37:24 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/03 00:37:26 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2007/04/03 00:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2007/04/03 00:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm
< %systemroot%\system32\systhem32\*.* >
< %systemroot%\system\*.exe >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
< MD5 for: EXPLORER.EXE >
[2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=08F7661C81DA72EF96B31217C211BC40 -- C:\WINDOWS\explorer.exe
< MD5 for: WINLOGON.EXE >
[2008/04/14 05:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=77F4BE7A778F6330779784D64F0DE94D -- C:\WINDOWS\system32\winlogon.exe
========== Alternate Data Streams ==========
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF61E54
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C491D31
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP
FC5A2B2@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB689DEA
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94213A87
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE16379
< End of report >
and the "Extra"
OTL Extras logfile created on: 9/13/2010 11:27:50 AM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\Worm Jerry\My Documents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,014.00 Mb Total Physical Memory | 481.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.05 Gb Total Space | 96.06 Gb Free Space | 67.63% Space Free | Partition Type: NTFS
Drive D: | 955.73 Mb Total Space | 5.00 Mb Free Space | 0.52% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: WORMJERRY
Current User Name: Worm Jerry
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNetisabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabledxpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"26666:TCP" = 26666:TCP:*:Enabled:spport
"24027:TCP" = 24027:TCP:*:Enabled:spport
"15825:TCP" = 15825:TCP:*:Enabled:spport
"24262:TCP" = 24262:TCP:*:Enabled:spport
"24152:TCP" = 24152:TCP:*:Enabled:spport
"11508:TCP" = 11508:TCP:*:Enabled:spport
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
OTL Extras logfile created on: 9/13/2010 11:27:50 AM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\Worm Jerry\My Documents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,014.00 Mb Total Physical Memory | 481.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.05 Gb Total Space | 96.06 Gb Free Space | 67.63% Space Free | Partition Type: NTFS
Drive D: | 955.73 Mb Total Space | 5.00 Mb Free Space | 0.52% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: WORMJERRY
Current User Name: Worm Jerry
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled
xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet:Enabled
xpsp2res.dll,-22008"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled
xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet:Enabled
xpsp2res.dll,-22008"139:TCP" = 139:TCP:LocalSubNet
isabledxpsp2res.dll,-22004"445:TCP" = 445:TCP:LocalSubNet
isabledxpsp2res.dll,-22005"137:UDP" = 137:UDP:LocalSubNet
isabledxpsp2res.dll,-22001"138:UDP" = 138:UDP:LocalSubNet
isabledxpsp2res.dll,-22002"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"26666:TCP" = 26666:TCP:*:Enabled:spport
"24027:TCP" = 24027:TCP:*:Enabled:spport
"15825:TCP" = 15825:TCP:*:Enabled:spport
"24262:TCP" = 24262:TCP:*:Enabled:spport
"24152:TCP" = 24152:TCP:*:Enabled:spport
"11508:TCP" = 11508:TCP:*:Enabled:spport
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{56A648C2-D185-46A9-BBFF-78AE7A503000}" = Webcam
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{73C49216-72A6-42F6-BCD4-DAC5842CA744}" = Magestorm
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11109097}" = Luxor - Amun Rising
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111940693}" = Bookworm Adventures
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11198580}" = Fizzball
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113644907}" = Gold Miner Vegas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113938743}" = Supercow
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115329757}" = Jewelleria
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9D2B0720-4787-437E-A949-97D01BF64BAE}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{A13800EC-419B-4127-9AD4-9678F8481033}" = Nero 8 Essentials
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B28759B8-5FC6-4F56-9C6C-6EDAD36455A9}" = Roxio Media Manager
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BlackBerry_{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ESET Online Scanner" = ESET Online Scanner v3
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 9/11/2010 3:09:04 AM | Computer Name = WORMJERRY | Source = JavaQuickStarterService | ID = 1
Description =
Error - 9/11/2010 3:29:51 AM | Computer Name = WORMJERRY | Source = Application Hang | ID = 1002
Description = Hanging application notepad.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 9/11/2010 3:49:19 PM | Computer Name = WORMJERRY | Source = Google Update | ID = 20
Description =
Error - 9/11/2010 4:42:58 PM | Computer Name = WORMJERRY | Source = JavaQuickStarterService | ID = 1
Description =
Error - 9/11/2010 4:49:05 PM | Computer Name = WORMJERRY | Source = Google Update | ID = 20
Description =
Error - 9/11/2010 4:52:29 PM | Computer Name = WORMJERRY | Source = JavaQuickStarterService | ID = 1
Description =
Error - 9/11/2010 7:49:07 PM | Computer Name = WORMJERRY | Source = Google Update | ID = 20
Description =
Error - 9/12/2010 4:49:16 PM | Computer Name = WORMJERRY | Source = Google Update | ID = 20
Description =
Error - 9/13/2010 2:49:07 AM | Computer Name = WORMJERRY | Source = Google Update | ID = 20
Description =
Error - 9/13/2010 2:24:07 PM | Computer Name = WORMJERRY | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 3748 (0xea4) Thread address : 0x7C8024DB Thread message : Build VSCORE.14.0.0.435
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\WINDOWS\explorer.exe
by \??\C:\WINDOWS\system32\winlogon.exe 4(437)(0) 4(437)(0) 7200(437)(0) 7595(437)(0)
7005(437)(0) 7004(437)(0) 5006(375)(0) 5004(375)(0)
[ System Events ]
Error - 9/11/2010 4:55:17 PM | Computer Name = WORMJERRY | Source = WMPNetworkSvc | ID = 866304
Description = Service 'WMPNetworkSvc' did not start correctly because IUPnPDeviceFinder::StartAsyncFind(MediaRenderer)
encountered error '0x80004005'. Verify that the UPnPHost service is running and
that the UPnPHost component of Windows is installed properly.
Error - 9/11/2010 4:55:33 PM | Computer Name = WORMJERRY | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.
Error - 9/11/2010 4:55:33 PM | Computer Name = WORMJERRY | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147952506 (0x8007277A).
Error - 9/11/2010 4:56:03 PM | Computer Name = WORMJERRY | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.
Error - 9/11/2010 4:56:03 PM | Computer Name = WORMJERRY | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147952506 (0x8007277A).
Error - 9/11/2010 4:56:33 PM | Computer Name = WORMJERRY | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.
Error - 9/11/2010 4:56:36 PM | Computer Name = WORMJERRY | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147952506 (0x8007277A).
Error - 9/11/2010 4:57:06 PM | Computer Name = WORMJERRY | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.
Error - 9/11/2010 7:02:22 PM | Computer Name = WORMJERRY | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493}
as /. The error: "%233" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe
-Embedding
Error - 9/13/2010 2:24:10 PM | Computer Name = WORMJERRY | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.
< End of report >
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{56A648C2-D185-46A9-BBFF-78AE7A503000}" = Webcam
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{73C49216-72A6-42F6-BCD4-DAC5842CA744}" = Magestorm
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11109097}" = Luxor - Amun Rising
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111940693}" = Bookworm Adventures
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11198580}" = Fizzball
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113644907}" = Gold Miner Vegas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113938743}" = Supercow
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115329757}" = Jewelleria
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9D2B0720-4787-437E-A949-97D01BF64BAE}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{A13800EC-419B-4127-9AD4-9678F8481033}" = Nero 8 Essentials
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B28759B8-5FC6-4F56-9C6C-6EDAD36455A9}" = Roxio Media Manager
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BlackBerry_{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ESET Online Scanner" = ESET Online Scanner v3
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 9/11/2010 3:09:04 AM | Computer Name = WORMJERRY | Source = JavaQuickStarterService | ID = 1
Description =
Error - 9/11/2010 3:29:51 AM | Computer Name = WORMJERRY | Source = Application Hang | ID = 1002
Description = Hanging application notepad.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 9/11/2010 3:49:19 PM | Computer Name = WORMJERRY | Source = Google Update | ID = 20
Description =
Error - 9/11/2010 4:42:58 PM | Computer Name = WORMJERRY | Source = JavaQuickStarterService | ID = 1
Description =
Error - 9/11/2010 4:49:05 PM | Computer Name = WORMJERRY | Source = Google Update | ID = 20
Description =
Error - 9/11/2010 4:52:29 PM | Computer Name = WORMJERRY | Source = JavaQuickStarterService | ID = 1
Description =
Error - 9/11/2010 7:49:07 PM | Computer Name = WORMJERRY | Source = Google Update | ID = 20
Description =
Error - 9/12/2010 4:49:16 PM | Computer Name = WORMJERRY | Source = Google Update | ID = 20
Description =
Error - 9/13/2010 2:49:07 AM | Computer Name = WORMJERRY | Source = Google Update | ID = 20
Description =
Error - 9/13/2010 2:24:07 PM | Computer Name = WORMJERRY | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 3748 (0xea4) Thread address : 0x7C8024DB Thread message : Build VSCORE.14.0.0.435
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\WINDOWS\explorer.exe
by \??\C:\WINDOWS\system32\winlogon.exe 4(437)(0) 4(437)(0) 7200(437)(0) 7595(437)(0)
7005(437)(0) 7004(437)(0) 5006(375)(0) 5004(375)(0)
[ System Events ]
Error - 9/11/2010 4:55:17 PM | Computer Name = WORMJERRY | Source = WMPNetworkSvc | ID = 866304
Description = Service 'WMPNetworkSvc' did not start correctly because IUPnPDeviceFinder::StartAsyncFind(MediaRenderer)
encountered error '0x80004005'. Verify that the UPnPHost service is running and
that the UPnPHost component of Windows is installed properly.
Error - 9/11/2010 4:55:33 PM | Computer Name = WORMJERRY | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.
Error - 9/11/2010 4:55:33 PM | Computer Name = WORMJERRY | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147952506 (0x8007277A).
Error - 9/11/2010 4:56:03 PM | Computer Name = WORMJERRY | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.
Error - 9/11/2010 4:56:03 PM | Computer Name = WORMJERRY | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147952506 (0x8007277A).
Error - 9/11/2010 4:56:33 PM | Computer Name = WORMJERRY | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.
Error - 9/11/2010 4:56:36 PM | Computer Name = WORMJERRY | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147952506 (0x8007277A).
Error - 9/11/2010 4:57:06 PM | Computer Name = WORMJERRY | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.
Error - 9/11/2010 7:02:22 PM | Computer Name = WORMJERRY | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493}
as /. The error: "%233" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe
-Embedding
Error - 9/13/2010 2:24:10 PM | Computer Name = WORMJERRY | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.
< End of report >
yea im usein a lil flashdrive now cause with the limited to no connectivity on the netbook i cant connect to internet
- Status
Similar threads
Latest posts
-
Logitech thinks the computer mouse needs an AI upgrade- Dimitrios replied
-
Lenovo and Micron are first to announce a laptop using LPCAMM2 memory- Shawn Knight replied
