Troublesome Worm and/or Virus [Closed]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

Troublesome Worm and/or Virus [Closed], Issue keeps reappearing after cleaning

Options

beev13 View Member Profile	Jul 13 2009, 11:10 AM Post #1
New Member Posts: 3 OS: Windows XP	Hello, I am running Microsoft Windows XP for my desktop and I recently got a really bad worm and/or virus. I've been able to remove some issues, however the core of the problems still exist. I currently am unable to even get on the internet because of it, so I am using my laptop right now. I have tried running every type of virus, malware software applications I had access to, but after cleaning the issues up, they always reappear. That's why I thought this may be a worm. One of the early scans I did mentioned the mydoom worm, however that no longer shows up in scans. I have tried running malware bytes, but it won't open to run a scan. I have a log saved for OTL and Rooter already, however I am unsure of the best way to post it without the risk of infecting my laptop. What is the best way to ensure I can transfer those logs without infection? Thanks so much!

Replies (1 - 4)

Extremeboy View Member Profile	Jul 21 2009, 02:54 PM Post #2
Malware Removal Staff Posts: 635 OS: Windows XP	Hello. I suggest you use a CD and CD burner software to transfer the logs as that will be the safest way. If you don't then the only option left is a flash-drive. If you are using a flash-drive or removable disk, make sure you run the tool below on your infected machine first. Download and Run FlashDisinfector Please download Flash_Disinfector.exe by sUBs and save it to your desktop. Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear. The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well. Wait until it has finished scanning and then exit the program. Reboot your computer when done. Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection. ~Extremeboy

beev13 View Member Profile	Jul 21 2009, 04:00 PM Post #3
New Member Posts: 3 OS: Windows XP	Here is the OTL log file as well as the rooter log file. I was able to successfully download and install Malwarebytes, however when you click on the icon to run the software, it doesn't open. OTL logfile created on: 7/21/2009 4:46:44 PM - Run 2 OTL by OldTimer - Version 3.0.7.1 Folder = C:\Documents and Settings\Derek\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 1022.98 Mb Total Physical Memory \| 652.89 Mb Available Physical Memory \| 63.82% Memory free 2.40 Gb Paging File \| 2.00 Gb Available in Paging File \| 83.02% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 232.82 Gb Total Space \| 145.54 Gb Free Space \| 62.51% Space Free \| Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DEREK-0CE2D843C Current User Name: Derek Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation) PRC - C:\WINDOWS\System32\drivers\smss.exe (PROMO Software) PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation) PRC - C:\WINDOWS\System32\wbem\unsecapp.exe (Microsoft Corporation) PRC - C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) PRC - C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation) PRC - C:\WINDOWS\TEMP\tor6.tmp File not found PRC - C:\WINDOWS\System32\wscsvc32.exe (Microsoft Corporation) PRC - C:\Program Files\Sonic\RecordNow!\RecordNow.exe () PRC - C:\Documents and Settings\Derek\Desktop\OTL.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (ALG [On_Demand \| Stopped]) -- File not found SRV - (Apple Mobile Device [Auto \| Stopped]) -- File not found SRV - (AppMgmt [On_Demand \| Stopped]) -- File not found SRV - (aspnet_state [On_Demand \| Stopped]) -- File not found SRV - (Ati HotKey Poller [Auto \| Stopped]) -- File not found SRV - (Bonjour Service [Auto \| Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (CiSvc [On_Demand \| Stopped]) -- File not found SRV - (ClipSrv [Disabled \| Stopped]) -- C:\WINDOWS\System32\clipsrv.exe () SRV - (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) -- File not found SRV - (COMSysApp [On_Demand \| Stopped]) -- File not found SRV - (Creative Service for CDROM Access [Auto \| Stopped]) -- File not found SRV - (drv [Auto \| Start_Pending]) -- C:\Program Files\drv\drv.dll () SRV - (FontCache3.0.0.0 [On_Demand \| Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe () SRV - (helpsvc [Auto \| Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SRV - (idsvc [Unknown \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (ImapiService [On_Demand \| Stopped]) -- File not found SRV - (iPod Service [On_Demand \| Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (JavaQuickStarterService [Auto \| Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (Lavasoft Ad-Aware Service [Auto \| Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (LexBceS [Auto \| Stopped]) -- File not found SRV - (mnmsrvc [On_Demand \| Stopped]) -- File not found SRV - (MSDTC [On_Demand \| Stopped]) -- C:\WINDOWS\System32\msdtc.exe () SRV - (NetDDE [Disabled \| Stopped]) -- C:\WINDOWS\System32\netdde.exe () SRV - (NetDDEdsdm [Disabled \| Stopped]) -- C:\WINDOWS\System32\netdde.exe () SRV - (NetTcpPortSharing [Disabled \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (nmservice [Auto \| Stopped]) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.) SRV - (ose [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (RDSessMgr [On_Demand \| Stopped]) -- File not found SRV - (RpcLocator [On_Demand \| Stopped]) -- C:\WINDOWS\System32\locator.exe () SRV - (RSVP [On_Demand \| Stopped]) -- C:\WINDOWS\System32\rsvp.ini () SRV - (SCardSvr [On_Demand \| Stopped]) -- File not found SRV - (sdAuxService [Auto \| Stopped]) -- File not found SRV - (sdCoreService [On_Demand \| Stopped]) -- File not found SRV - (Spooler [Auto \| Stopped]) -- File not found SRV - (SysmonLog [On_Demand \| Stopped]) -- C:\WINDOWS\System32\smlogsvc.exe () SRV - (UPS [On_Demand \| Stopped]) -- C:\WINDOWS\System32\ups.exe () SRV - (VSS [On_Demand \| Stopped]) -- File not found SRV - (WMDM PMSP Service [Auto \| Running]) -- C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation) SRV - (WMPNetworkSvc [On_Demand \| Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (ASPI32 [System \| Running]) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec) DRV - (ati2mtag [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.) DRV - (bvrp_pci [On_Demand \| Stopped]) -- C:\WINDOWS\System32\drivers\bvrp_pci.sys () DRV - (COMMONFX.DLL [On_Demand \| Stopped]) -- C:\WINDOWS\System32\COMMONFX.DLL (Creative Technology Ltd) DRV - (CT20XUT.DLL [On_Demand \| Stopped]) -- C:\WINDOWS\System32\CT20XUT.DLL (Creative Technology Ltd.) DRV - (ctac32k [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\ctac32k.sys (Creative Technology Ltd) DRV - (ctaud2k [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\ctaud2k.sys (Creative Technology Ltd) DRV - (CTAUDFX.DLL [On_Demand \| Stopped]) -- C:\WINDOWS\System32\CTAUDFX.DLL (Creative Technology Ltd) DRV - (ctdvda2k [On_Demand \| Stopped]) -- C:\WINDOWS\System32\drivers\ctdvda2k.sys (Creative Technology Ltd) DRV - (CTEAPSFX.DLL [On_Demand \| Stopped]) -- C:\WINDOWS\System32\CTEAPSFX.DLL (Creative Technology Ltd) DRV - (CTEDSPFX.DLL [On_Demand \| Stopped]) -- C:\WINDOWS\System32\CTEDSPFX.DLL (Creative Technology Ltd) DRV - (CTEDSPIO.DLL [On_Demand \| Stopped]) -- C:\WINDOWS\System32\CTEDSPIO.DLL (Creative Technology Ltd) DRV - (CTEDSPSY.DLL [On_Demand \| Stopped]) -- C:\WINDOWS\System32\CTEDSPSY.DLL (Creative Technology Ltd) DRV - (CTERFXFX.DLL [On_Demand \| Stopped]) -- C:\WINDOWS\System32\CTERFXFX.DLL (Creative Technology Ltd) DRV - (CTEXFIFX.DLL [On_Demand \| Stopped]) -- C:\WINDOWS\System32\CTEXFIFX.DLL (Creative Technology Ltd.) DRV - (CTHWIUT.DLL [On_Demand \| Stopped]) -- C:\WINDOWS\System32\CTHWIUT.DLL (Creative Technology Ltd.) DRV - (ctprxy2k [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV - (CTSBLFX.DLL [On_Demand \| Stopped]) -- C:\WINDOWS\System32\CTSBLFX.DLL (Creative Technology Ltd) DRV - (ctsfm2k [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (DCamUSBEMPIA [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\emDevice.sys (eMPIA Technology, Inc.) DRV - (drvdrv [System \| Running]) -- C:\Program Files\drv\drv.sys (drv) DRV - (E100B [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation) DRV - (emAudio [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\emAudio.sys (eMPIA Technology Corp.) DRV - (emupia [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\emupia2k.sys (Creative Technology Ltd) DRV - (FilterService [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys (Logitech Inc.) DRV - (FiltUSBEMPIA [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\emFilter.sys (eMPIA Technology, Inc.) DRV - (GEARAspiWDM [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (ha10kx2k [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\ha10kx2k.sys (Creative Technology Ltd) DRV - (hap16v2k [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\hap16v2k.sys (Creative Technology Ltd) DRV - (hap17v2k [On_Demand \| Stopped]) -- C:\WINDOWS\System32\drivers\hap17v2k.sys (Creative Technology Ltd) DRV - (IntelC51 [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\IntelC51.sys (Intel Corporation) DRV - (IntelC52 [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\IntelC52.sys (Intel Corporation) DRV - (IntelC53 [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\IntelC53.sys (Intel Corporation) DRV - (Lbd [Boot \| Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (lvpopflt [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\lvpopflt.sys (Logitech Inc.) DRV - (LVRS [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\lvrs.sys (Logitech Inc.) DRV - (LVUSBSta [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (LVUVC [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\lvuvc.sys (Logitech Inc.) DRV - (MODEMCSA [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation) DRV - (mohfilt [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\mohfilt.sys (Intel Corporation) DRV - (MxlW2k [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.) DRV - (OMCI [System \| Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation) DRV - (ossrv [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (PCTCore [Boot \| Running]) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools) DRV - (PfModNT [Auto \| Running]) -- C:\WINDOWS\System32\drivers\PfModNT.sys (Creative Technology Ltd.) DRV - (PLUsbbc2 [On_Demand \| Stopped]) -- C:\WINDOWS\System32\Drivers\usbbc2.sys (Prolific Technology Inc.) DRV - (pnarp [Auto \| Running]) -- C:\WINDOWS\System32\DRIVERS\pnarp.sys (Cisco Systems, Inc.) DRV - (Ptilink [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.) DRV - (purendis [Auto \| Running]) -- C:\WINDOWS\System32\DRIVERS\purendis.sys (Cisco Systems, Inc.) DRV - (PxHelp20 [Boot \| Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (ScanUSBEMPIA [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\emScan.sys (eMPIA Technology, Inc.) DRV - (Secdrv [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (usbaudio [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = .local FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/04/18 18:33:24 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/04/18 16:40:42 \| 00,000,000 \| ---D \| M] O1 HOSTS File: (124 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 jL.chura.pl O1 - Hosts: 92.241.176.188 advanced-virus-remover2009.com O1 - Hosts: 92.241.176.188 www.advanced-virus-remover2009.com O2 - BHO: (CPV) - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\WWShow\WWShow.dll () O2 - BHO: (MJCore class) - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Program Files\Jcore\Jcore2.dll () O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0 O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab (Windows Live Safety Center Base Module) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1240092225968 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shock...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.41.192.10 216.41.192.74 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\drivers\smss.exe) - C:\WINDOWS\System32\drivers\smss.exe (PROMO Software) O24 - Desktop Components:0 (My Current Home Page) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/04/18 14:43:16 \| 00,000,000 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: () - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () ========== Files/Folders - Created Within 30 Days ========== [2009/07/21 16:43:37 \| 00,000,000 \| ---D \| C] -- C:\Program Files\WWShow [2009/07/21 16:38:44 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Jcore [2009/07/21 16:38:25 \| 00,785,408 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\wscsvc32.exe [2009/07/21 16:38:25 \| 00,257,536 \| ---- \| C] () -- C:\WINDOWS\System32\resdll.dll [2009/07/21 16:38:20 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Derek\Application Data\pridl [2009/07/13 11:35:33 \| 00,000,000 \| ---D \| C] -- C:\Rooter$ [2009/07/13 11:28:58 \| 00,000,696 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/07/13 11:28:56 \| 00,038,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/07/13 11:28:54 \| 00,019,096 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/07/13 11:28:54 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/07/13 11:28:54 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/07/13 11:27:57 \| 00,173,119 \| ---- \| C] (Eric_71) -- C:\Documents and Settings\Derek\Desktop\Rooter.exe [2009/07/13 11:27:54 \| 00,534,016 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\Derek\Desktop\OTL.exe [2009/07/13 11:27:51 \| 03,561,752 \| ---- \| C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Derek\Desktop\try me out.exe [2009/07/13 10:35:14 \| 00,015,000 \| ---- \| C] () -- C:\WINDOWS\System32\grffr83hn.dll [2009/07/10 19:48:45 \| 00,076,800 \| ---- \| C] (PROMO Software) -- C:\WINDOWS\System32\drivers\smss.exe [2009/07/10 19:46:04 \| 10,727,46496 \| -HS- \| C] () -- C:\hiberfil.sys [2009/07/10 19:16:04 \| 00,000,000 \| ---D \| C] -- C:\Qoobox [2009/07/10 09:28:32 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Protection System [2009/07/07 16:35:39 \| 00,000,000 \| ---D \| C] -- C:\566e2036489fd9de8866db471458a8 [2009/07/07 16:18:49 \| 00,000,000 \| ---D \| C] -- C:\169946d7222fd088efb44d29067904 [2009/07/07 13:34:06 \| 00,000,000 \| ---D \| C] -- C:\11e42e9b797146ec8c65 [2009/07/07 13:25:20 \| 00,000,000 \| ---D \| C] -- C:\1c15856849ca3a48dd9b491cb6 [2009/07/05 13:27:46 \| 00,159,600 \| ---- \| C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys [2009/07/05 13:27:30 \| 00,130,936 \| ---- \| C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys [2009/07/05 13:27:30 \| 00,073,840 \| ---- \| C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys [2009/07/05 13:27:21 \| 00,001,637 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk [2009/07/05 13:27:18 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\PC Tools [2009/07/05 13:27:17 \| 00,064,392 \| ---- \| C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys [2009/07/05 13:27:07 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Spyware Doctor [2009/07/05 13:27:07 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Derek\Application Data\PC Tools [2009/07/05 13:27:07 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\PC Tools [2009/07/05 12:18:06 \| 00,031,232 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\wingenocx.dll [2009/07/05 12:13:29 \| 00,000,000 \| ---D \| C] -- C:\Program Files\drv [2009/07/05 12:13:24 \| 00,038,400 \| -H-- \| C] () -- C:\WINDOWS\pp10.exe [2009/07/05 12:13:24 \| 00,000,002 \| ---- \| C] () -- C:\WINDOWS\0101120101464849.dat [2009/07/05 12:13:24 \| 00,000,001 \| ---- \| C] () -- C:\WINDOWS\934fdfg34fgjf23 [2009/07/05 12:13:23 \| 00,000,002 \| ---- \| C] () -- C:\WINDOWS\010112010146118114.dat [2009/07/05 12:13:17 \| 00,038,400 \| ---- \| C] () -- C:\WINDOWS\ld12.exe [2009/07/03 17:42:24 \| 00,015,688 \| ---- \| C] () -- C:\WINDOWS\System32\lsdelete.exe [2009/07/03 16:47:13 \| 00,182,656 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndis.sys [2009/07/03 16:45:31 \| 00,361,600 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\TCPIP.SYS.ORIGINAL [2009/07/01 20:53:34 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\Adobe AIR [2009/07/01 20:52:26 \| 00,000,000 \| ---D \| C] -- C:\Program Files\NOS [2009/07/01 20:52:26 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\NOS [2009/07/01 20:46:08 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Adobe [2009/06/27 23:25:46 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Yahoo! Games [2009/06/27 20:59:50 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009/06/27 20:59:29 \| 00,000,000 \| ---D \| C] -- C:\Program Files\iWin.com [2009/06/27 20:58:14 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\iWin Games [2009/06/24 01:37:20 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Derek\Application Data\iWin [2009/06/06 05:16:57 \| 00,338,944 \| ---- \| C] () -- C:\WINDOWS\System32\LFFPX7.DLL [2009/06/06 05:16:57 \| 00,118,784 \| ---- \| C] () -- C:\WINDOWS\System32\LFKODAK.DLL [2009/05/16 19:00:42 \| 00,000,099 \| ---- \| C] () -- C:\WINDOWS\MovieEdit.INI [2009/05/16 18:40:25 \| 00,019,968 \| ---- \| C] () -- C:\WINDOWS\System32\cpuinf32.dll [2009/05/16 18:38:00 \| 00,000,128 \| ---- \| C] () -- C:\WINDOWS\magix.ini [2009/05/16 18:37:59 \| 00,000,730 \| ---- \| C] () -- C:\WINDOWS\mgxoschk.ini [2009/04/23 18:37:47 \| 00,040,960 \| ---- \| C] () -- C:\WINDOWS\System32\dlbcvs.dll [2009/04/23 18:37:46 \| 00,000,373 \| ---- \| C] () -- C:\WINDOWS\System32\dlbccoin.ini [2009/04/19 16:38:14 \| 00,000,231 \| ---- \| C] () -- C:\WINDOWS\AC3API.INI [2009/04/19 16:37:31 \| 00,066,807 \| ---- \| C] () -- C:\WINDOWS\System32\Aud2_Del.ini [2009/04/19 16:37:31 \| 00,000,030 \| ---- \| C] () -- C:\WINDOWS\System32\ctzapxx.ini [2009/04/19 16:37:20 \| 00,005,515 \| ---- \| C] () -- C:\WINDOWS\System32\ENSDEF.INI [2009/04/19 16:37:20 \| 00,000,180 \| ---- \| C] () -- C:\WINDOWS\System32\KILL.INI [2009/04/18 16:09:40 \| 00,000,917 \| ---- \| C] () -- C:\WINDOWS\dellstat.ini [2009/04/18 15:58:36 \| 00,000,376 \| ---- \| C] () -- C:\WINDOWS\ODBC.INI [2009/04/18 15:47:40 \| 00,065,536 \| ---- \| C] ( ) -- C:\WINDOWS\System32\a3d.dll [2009/04/18 15:45:00 \| 00,000,136 \| ---- \| C] () -- C:\WINDOWS\SBWIN.INI [2009/04/18 15:31:02 \| 00,004,272 \| R--- \| C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys [2009/04/18 15:04:54 \| 00,086,016 \| ---- \| C] () -- C:\WINDOWS\System32\ati2evxx.dll [2008/07/26 14:42:52 \| 00,066,482 \| ---- \| C] () -- C:\WINDOWS\System32\lvcoinst.ini [2007/04/12 08:10:28 \| 00,105,728 \| ---- \| C] () -- C:\WINDOWS\System32\APOMgrH.dll [2007/04/09 12:55:14 \| 00,097,785 \| ---- \| C] () -- C:\WINDOWS\System32\instwdm.ini [2007/04/09 12:33:50 \| 00,043,520 \| ---- \| C] () -- C:\WINDOWS\System32\CTBurst.dll [2005/06/16 10:17:16 \| 00,071,680 \| ---- \| C] () -- C:\WINDOWS\System32\ctmmactl.dll [2004/08/25 11:22:08 \| 00,151,552 \| ---- \| C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll [2004/08/12 09:09:17 \| 00,000,632 \| ---- \| C] () -- C:\WINDOWS\win.ini [2004/08/12 09:07:01 \| 00,000,227 \| ---- \| C] () -- C:\WINDOWS\system.ini [2004/03/26 17:59:00 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\System32\px.ini [2003/09/21 10:40:48 \| 00,069,632 \| ---- \| C] ( ) -- C:\WINDOWS\System32\DLBFCU.DLL [2003/09/21 10:22:52 \| 00,352,256 \| ---- \| C] ( ) -- C:\WINDOWS\System32\DLBFUTIL.DLL [2003/09/21 10:20:50 \| 00,086,016 \| ---- \| C] ( ) -- C:\WINDOWS\System32\DLBFCUR.DLL [2003/09/21 10:18:58 \| 00,479,232 \| ---- \| C] ( ) -- C:\WINDOWS\System32\DLBFJSWR.DLL [2003/09/20 02:32:40 \| 00,057,344 \| ---- \| C] () -- C:\WINDOWS\System32\dlbfcinf.dll [2003/09/20 02:32:34 \| 00,069,632 \| ---- \| C] () -- C:\WINDOWS\System32\dlbfscin.dll [2003/09/20 02:32:26 \| 00,049,152 \| ---- \| C] () -- C:\WINDOWS\System32\dlbfcoin.dll [2003/08/29 13:00:46 \| 00,077,824 \| ---- \| C] () -- C:\WINDOWS\System32\DLBFLCNP.DLL [2003/07/09 12:34:56 \| 00,000,177 \| ---- \| C] () -- C:\WINDOWS\System32\dlbfcoin.ini [2003/01/07 15:05:08 \| 00,002,695 \| ---- \| C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002/11/13 14:40:22 \| 00,040,960 \| ---- \| C] () -- C:\WINDOWS\System32\dlbfvs.dll ========== Files - Modified Within 30 Days ========== [12 C:\WINDOWS\System32\*.tmp files] [2009/07/21 16:41:25 \| 00,000,448 \| ---- \| M] () -- C:\WINDOWS\tasks\XoftSpySE 2.job [2009/07/21 16:38:48 \| 00,000,378 \| ---- \| M] () -- C:\WINDOWS\tasks\RegCure Startup.job [2009/07/21 16:38:26 \| 00,785,408 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscsvc32.exe [2009/07/21 16:38:25 \| 00,257,536 \| ---- \| M] () -- C:\WINDOWS\System32\resdll.dll [2009/07/21 16:38:23 \| 00,361,600 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\TCPIP.SYS [2009/07/21 16:38:23 \| 00,361,600 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\TCPIP.SYS [2009/07/21 16:38:14 \| 00,000,124 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009/07/21 16:38:10 \| 00,000,438 \| ---- \| M] () -- C:\WINDOWS\tasks\RegCure Program Check.job [2009/07/21 16:35:48 \| 00,002,206 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2009/07/21 16:35:48 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2009/07/21 16:35:45 \| 00,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2009/07/21 16:35:44 \| 10,727,46496 \| -HS- \| M] () -- C:\hiberfil.sys [2009/07/21 16:35:40 \| 00,000,000 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs [2009/07/13 12:12:57 \| 00,031,560 \| ---- \| M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000000-00001102-00000004-10031102}.rfx [2009/07/13 12:12:57 \| 00,031,560 \| ---- \| M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000000-00001102-00000004-10031102}.rfx [2009/07/13 12:12:57 \| 00,031,440 \| ---- \| M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000000-00001102-00000004-10031102}.rfx [2009/07/13 12:12:57 \| 00,031,440 \| ---- \| M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000000-00001102-00000004-10031102}.rfx [2009/07/13 12:12:57 \| 00,001,080 \| ---- \| M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2009/07/13 12:12:57 \| 00,001,080 \| ---- \| M] () -- C:\WINDOWS\System32\settings.sfm [2009/07/13 12:12:57 \| 00,000,288 \| ---- \| M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000000-00001102-00000004-10031102}.dat [2009/07/13 12:12:57 \| 00,000,288 \| ---- \| M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000000-00001102-00000004-10031102}.dat [2009/07/13 11:28:58 \| 00,000,696 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/07/13 11:23:08 \| 00,534,016 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Derek\Desktop\OTL.exe [2009/07/13 11:22:53 \| 00,173,119 \| ---- \| M] (Eric_71) -- C:\Documents and Settings\Derek\Desktop\Rooter.exe [2009/07/13 11:22:28 \| 03,561,752 \| ---- \| M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Derek\Desktop\try me out.exe [2009/07/13 11:20:00 \| 00,000,472 \| ---- \| M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009/07/13 10:35:14 \| 00,015,000 \| ---- \| M] () -- C:\WINDOWS\System32\grffr83hn.dll [2009/07/13 10:35:08 \| 00,038,400 \| ---- \| M] () -- C:\WINDOWS\ld12.exe [2009/07/11 00:34:48 \| 00,032,768 \| ---- \| M] () -- C:\WINDOWS\System32\locator.exe [2009/07/11 00:25:37 \| 00,032,768 \| ---- \| M] () -- C:\WINDOWS\System32\netdde.exe [2009/07/11 00:24:06 \| 00,032,768 \| ---- \| M] () -- C:\WINDOWS\System32\msdtc.exe [2009/07/11 00:09:35 \| 00,032,768 \| ---- \| M] () -- C:\WINDOWS\System32\clipsrv.exe [2009/07/10 20:05:00 \| 00,000,362 \| ---- \| M] () -- C:\WINDOWS\tasks\XoftSpySE.job [2009/07/10 19:48:37 \| 00,076,800 \| ---- \| M] (PROMO Software) -- C:\WINDOWS\System32\drivers\smss.exe [2009/07/10 09:36:21 \| 00,032,768 \| ---- \| M] () -- C:\WINDOWS\System32\ups.exe [2009/07/10 09:30:15 \| 00,032,768 \| ---- \| M] () -- C:\WINDOWS\System32\smlogsvc.exe [2009/07/09 12:33:22 \| 00,031,232 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\wingenocx.dll [2009/07/05 18:01:20 \| 00,000,632 \| ---- \| M] () -- C:\WINDOWS\win.ini [2009/07/05 14:29:44 \| 00,130,936 \| ---- \| M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys [2009/07/05 13:27:21 \| 00,001,637 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk [2009/07/05 12:13:24 \| 00,038,400 \| -H-- \| M] () -- C:\WINDOWS\pp10.exe [2009/07/05 12:13:24 \| 00,000,002 \| ---- \| M] () -- C:\WINDOWS\0101120101464849.dat [2009/07/05 12:13:24 \| 00,000,001 \| ---- \| M] () -- C:\WINDOWS\934fdfg34fgjf23 [2009/07/05 12:13:23 \| 00,000,002 \| ---- \| M] () -- C:\WINDOWS\010112010146118114.dat [2009/07/03 16:47:13 \| 00,182,656 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndis.sys [2009/07/03 16:47:13 \| 00,182,656 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndis.sys [2009/07/03 16:45:31 \| 00,361,600 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\TCPIP.SYS.ORIGINAL [2009/06/27 21:17:02 \| 00,000,284 \| ---- \| M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/06/24 11:06:18 \| 00,000,917 \| ---- \| M] () -- C:\WINDOWS\dellstat.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6540C35 < End of report > Rooter.exe (v1.0.2) by Eric_71 . SeDebugPrivilege granted successfully ... . Windows XP Home Edition (5.1.2600) Service Pack 3 [32_bits] - x86 Family 15 Model 3 Stepping 4, GenuineIntel . [wscsvc] STOPPED (state:1) : Security Center -> Disabled ! [SharedAccess] RUNNING (state:4) Windows Firewall -> Disabled ! . Internet Explorer 8.0.6001.18702 . A:\ [Removable] C:\ [Fixed-NTFS] .. ( Total:232 Go - Free:145 Go ) D:\ [CD_Rom] E:\ [CD_Rom] . Scan : 16:51.52 Path : C:\Documents and Settings\Derek\Desktop\Rooter.exe User : Derek ( Administrator -> YES ) . ----------------------\\ Processes . Locked [System Process] (0) ______ System (4) ______ \??\C:\WINDOWS\system32\csrss.exe (716) ______ \??\C:\WINDOWS\system32\winlogon.exe (740) ______ C:\WINDOWS\system32\services.exe (788) ______ C:\WINDOWS\system32\lsass.exe (804) ______ C:\WINDOWS\system32\svchost.exe (972) ______ C:\WINDOWS\system32\svchost.exe (1076) ______ C:\WINDOWS\System32\svchost.exe (1176) ______ C:\WINDOWS\system32\svchost.exe (1344) ______ C:\WINDOWS\system32\svchost.exe (1404) ______ C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (1444) ______ C:\WINDOWS\system32\svchost.exe (1788) ______ C:\Program Files\Bonjour\mDNSResponder.exe (1820) ______ C:\WINDOWS\system32\svchost.exe (1844) ______ C:\Program Files\Java\jre6\bin\jqs.exe (1980) ______ C:\WINDOWS\System32\svchost.exe (1996) ______ C:\WINDOWS\System32\svchost.exe (2004) ______ C:\WINDOWS\System32\svchost.exe (2012) ______ C:\WINDOWS\system32\svchost.exe (1032) ______ C:\WINDOWS\System32\svchost.exe (2052) ______ C:\WINDOWS\system32\MsPMSPSv.exe (2104) ______ C:\WINDOWS\system32\drivers\smss.exe (2416) ______ C:\WINDOWS\Explorer.EXE (2488) ______ C:\WINDOWS\system32\ctfmon.exe (2956) ______ C:\WINDOWS\system32\wbem\unsecapp.exe (2124) ______ C:\Program Files\Internet Explorer\IEXPLORE.EXE (4540) ______ C:\Program Files\Internet Explorer\IEXPLORE.EXE (4912) ______ C:\WINDOWS\system32\wbem\wmiprvse.exe (5084) ______ C:\WINDOWS\TEMP\tor6.tmp (5404) ______ C:\WINDOWS\system32\svchost.exe (6136) ______ C:\WINDOWS\system32\wscsvc32.exe (5604) ______ C:\WINDOWS\System32\svchost.exe (6104) ______ C:\Program Files\Sonic\RecordNow!\RecordNow.exe (5872) ______ C:\Documents and Settings\Derek\Desktop\Rooter.exe (3140) . ----------------------\\ Device\Harddisk0\ . \Device\Harddisk0 [Sectors : 63 x 512 Bytes] . \Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 \| Length:249990902784) . ----------------------\\ Scheduled Tasks . C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\Tasks\AppleSoftwareUpdate.job C:\WINDOWS\Tasks\desktop.ini C:\WINDOWS\Tasks\RegCure Program Check.job C:\WINDOWS\Tasks\RegCure Startup.job C:\WINDOWS\Tasks\RegCure.job C:\WINDOWS\Tasks\SA.DAT C:\WINDOWS\Tasks\XoftSpySE 2.job C:\WINDOWS\Tasks\XoftSpySE.job . ----------------------\\ Registry . . ----------------------\\ Files & Folders . ----------------------\\ Scan completed at 16:52.21 . C:\Rooter$\Rooter_2.txt - (21/07/2009 \| 16:52.21) Thank you for your help with this matter!

Extremeboy View Member Profile	Jul 23 2009, 09:13 AM Post #4
Malware Removal Staff Posts: 635 OS: Windows XP	Hello. I want to see a GMER log first. Then we'll proceed from there. Download and Run Scan with GMER We will use GMER to scan for rootkits. Please download GMER from one of the following locations, and save it to your desktop: Main Mirror This version will download a randomly named file (Recommended) Zip Mirror Alternate Zip Mirror 1 Alternate Zip Mirror 2 This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here. Close any and all open programs, as this process may crash your computer. Double click or on your desktop. When you have done this, close all running programs. There is a small chance this application may crash your computer so save any work you have open. Double-click on Gmer.exe to start the program. Right-click and select Run As Administrator... if you are using Vista Allow the gmer.sys driver to load if asked. If it detects rootkit activity, you will receive a prompt (refer below) to run a full scan. Click NO.. In the right panel, you will see several boxes that have been checked. Please UNCHECK the following: Sections IAT/EAT Registry Drives/Partition other than Systemdrive (typically C:\) Show all (Don't miss this one!) Click on and wait for the scan to finish. If you see a rootkit warning window, click OK. Push and save the logfile to your desktop. Copy and Paste the contents of that file in your next post. If GMER doesn't work in Normal Mode try running it in Safe Mode Note: Do Not run any program while GMER is running Note: Rootkit scans often produce false positives. Do NOT take any actions on "<--- ROOKIT" entries Post back with the GMER log once it's done. With Regards, Extremeboy

Extremeboy View Member Profile	Aug 6 2009, 12:00 PM Post #5
Malware Removal Staff Posts: 635 OS: Windows XP	Due to lack of feedback, this topic has been closed. If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Persistent Virus and/or Malware [CLOSED] 12	29 / 973	26th November 2008 - 12:41 AM plasmus started - last by Jimmy2012
Virus, Spyware and Trojan Removal UAC.sys and Windowsclick virus [Closed]	8 / 271	4th August 2009 - 11:02 PM Tidenova started - last by fenzodahl512
Virus, Spyware and Trojan Removal help remove trojan and/or virus [Solved]	10 / 246	5th August 2009 - 11:38 PM Caelst started - last by handhfan
Virus, Spyware and Trojan Removal Possible rootkit, vundo and multiple virus [Closed]	6 / 194	9th October 2009 - 01:50 PM markdala started - last by Essexboy