Hey man, sorry for the late reply. I fell asleep last night. So about USB thing, I did it but how do i know it doesn't have any malware? I'm still afraid to insert it in my computer because my anti-virus couldn't see the worm, remember?
Well i did ComboFix, and at that point, I could finally open task maanger again! Thanks alot man!
But there is still a missing icon in control panel though
here's the report:
ComboFix 08-03-10.1 - Aldrich 2008-03-11 9:59:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.191 [GMT -8:00]
Running from: C:\Documents and Settings\Aldrich\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\CMMGR32.EXE
C:\WINDOWS\system32\setting.ini
.
((((((((((((((((((((((((( Files Created from 2008-02-11 to 2008-03-11 )))))))))))))))))))))))))))))))
.
2008-03-11 00:15 . 2008-03-11 00:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-10 23:29 . 2008-03-10 23:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-10 23:27 . 2008-03-10 23:58 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-10 23:27 . 2008-03-10 23:27 <DIR> d-------- C:\Documents and Settings\Aldrich\Application Data\SUPERAntiSpyware.com
2008-03-10 23:23 . 2008-03-10 23:27 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-10 22:59 . 2008-03-10 22:59 <DIR> d-------- C:\Documents and Settings\Aldrich\.housecall6.6
2008-03-10 19:30 . 2008-03-10 19:30 <DIR> d-------- C:\Program Files\ESET
2008-03-10 19:30 . 2008-03-10 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-03-09 21:39 . 2008-03-10 19:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-03-05 11:58 . 2008-03-05 12:18 <DIR> d-------- C:\Documents and Settings\Aldrich\Application Data\PSPDocMaker
2008-03-05 11:48 . 2007-01-03 17:36 1,875,110 --a------ C:\WINDOWS\system\cygwin1.dll
2008-03-05 11:48 . 2007-01-03 17:46 66,048 --a------ C:\WINDOWS\system\cygz.dll
2008-03-02 05:35 . 2008-03-02 05:35 <DIR> d-------- C:\Documents and Settings\Alcantara\Application Data\MEGAUPLOADTOOLBAR
2008-03-01 19:18 . 2008-03-01 19:18 <DIR> d-------- C:\Program Files\MegauploadToolbar
2008-03-01 19:18 . 2008-03-01 19:19 <DIR> d-------- C:\Documents and Settings\Aldrich\Application Data\MegauploadToolbar
2008-02-23 20:36 . 2008-02-23 20:36 <DIR> d-------- C:\Program Files\Microsoft Works
2008-02-23 20:31 . 2008-02-23 20:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-22 17:42 . 2008-02-22 17:42 <DIR> d-------- C:\Sierra
2008-02-11 18:36 . 2008-02-11 18:36 <DIR> d-------- C:\Documents and Settings\Aldrich\Application Data\Yahoo!
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-11 09:23 --------- d-----w C:\Documents and Settings\Aldrich\Application Data\Orbit
2008-03-11 03:48 --------- d-----w C:\Documents and Settings\Aldrich\Application Data\Share-to-Web Upload Folder
2008-03-11 03:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-03-11 03:26 --------- d-----w C:\Documents and Settings\Aldrich\Application Data\AVG7
2008-03-11 03:26 --------- d-----w C:\Documents and Settings\Alcantara\Application Data\AVG7
2008-03-10 00:23 --------- d-----w C:\Documents and Settings\Aldrich\Application Data\BitTorrent
2008-03-08 00:36 --------- d-----w C:\Program Files\Warcraft III
2008-03-07 02:49 --------- d-----w C:\Documents and Settings\Aldrich\Application Data\LimeWire
2008-02-28 04:48 --------- d-----w C:\Program Files\Mystery Case Files - Ravenhearst
2008-02-28 04:48 --------- d-----w C:\Program Files\Mystery Case Files - Madame Fate
2008-02-18 03:29 --------- d-----w C:\Program Files\Magic Video Converter
2008-02-17 19:54 --------- d-----w C:\Program Files\BitTorrent
2008-02-17 16:10 --------- d-----w C:\Program Files\EphPod
2008-02-17 07:02 --------- d-----w C:\Program Files\Polly Pride - Pet Detective
2008-02-12 02:46 --------- d-----w C:\Program Files\EA GAMES
2008-02-11 07:06 --------- d-----w C:\Documents and Settings\Aldrich\Application Data\Atari
2008-02-11 06:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-11 06:46 --------- d-----w C:\Program Files\Common Files\PocketSoft
2008-02-11 06:46 --------- d-----w C:\Documents and Settings\Aldrich\Application Data\Leadertech
2008-02-11 06:43 --------- d-----w C:\Program Files\Atari
2008-02-10 07:12 --------- d-----w C:\Program Files\ImTOO
2008-02-10 02:25 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-02-09 22:14 --------- d-----w C:\Documents and Settings\Aldrich\Application Data\iWin
2008-02-08 02:08 --------- d-----w C:\Program Files\Gabest
2008-02-03 18:09 --------- d-----w C:\Documents and Settings\Alcantara\Application Data\Nokia
2008-02-03 17:51 --------- d-----w C:\Documents and Settings\Alcantara\Application Data\Nero
2008-02-03 04:55 --------- d-----w C:\Documents and Settings\Aldrich\Application Data\Nero
2008-02-03 04:53 --------- d-----w C:\Program Files\Common Files\Nero
2008-02-03 04:51 --------- d-----w C:\Program Files\Nero
2008-02-03 04:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-02-03 04:45 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-03 04:44 --------- d-----w C:\Documents and Settings\Aldrich\Application Data\Ahead
2008-02-01 03:29 --------- d-----w C:\Documents and Settings\Aldrich\Application Data\CyberLink
2008-01-30 03:04 --------- d-----w C:\Program Files\WinAVI MP4 Converter
2008-01-28 04:25 --------- d-----w C:\Documents and Settings\Alcantara\Application Data\LimeWire
2008-01-25 22:22 --------- d-----w C:\Program Files\Maxis
2008-01-24 03:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-01-23 02:15 --------- d-----w C:\Program Files\Zuma Deluxe
2008-01-22 03:03 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-21 04:40 --------- d-----w C:\Program Files\Audacity
2008-01-21 04:09 --------- d-----w C:\Program Files\MagicISO
2008-01-19 20:12 --------- d-----w C:\Program Files\PowerISO
2008-01-19 20:09 --------- d-----w C:\Program Files\Full Speed
2008-01-19 19:59 --------- d-----w C:\Program Files\WinUHA
2008-01-14 05:09 --------- d-----w C:\Program Files\iTunes
2008-01-14 05:09 --------- d-----w C:\Program Files\iPod
2008-01-14 05:08 --------- d-----w C:\Program Files\QuickTime Alternative
2008-01-14 04:09 --------- d-----w C:\Program Files\MP3ToIpodAudioBookConverter
2008-01-14 04:09 --------- d-----w C:\Documents and Settings\Aldrich\Application Data\MP3toiPodAudioBookConverter
2008-01-14 02:27 --------- d-----w C:\Program Files\Media Player Classic
2007-12-14 03:09 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"E07AXLRD_1361109"="C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2007\EDICT.exe" [2006-06-10 02:10 351000]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 08:56 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-03 08:56 53760 C:\WINDOWS\system32\narrator.exe]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Alcantara^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Alcantara\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-08-25 12:52 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E07AXLRD_135156]
--a------ 2006-06-10 02:10 351000 C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2007\EDICT.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E07AXLRD_264796]
--a------ 2006-06-10 02:10 351000 C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2007\EDICT.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E07AXLRD_622312]
--a------ 2006-06-10 02:10 351000 C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2007\EDICT.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-12-13 19:10 1688872 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-26 14:42 267064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-12-05 22:55 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-12-03 14:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-06-18 15:10 271360 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime Alternative\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2006-11-23 15:10 56928 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
--a------ 2002-04-11 04:19 69632 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSRaid]
--------- 2005-05-18 14:44 905216 C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2005-06-20 05:42 77824 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Counter-Strike 1.6 + Half-Life\\hl.exe"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
.
Contents of the 'Scheduled Tasks' folder
"2007-11-22 23:37:43 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-11 03:28:34 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\blastclnnn.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-11 10:03:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-11 10:04:35
ComboFix-quarantined-files.txt 2008-03-11 18:04:15
-------------------------------------------------------------------------------------------------------------------------------------------------------
HJT Report:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:06:23 PM, on 3/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2007\EDICT.EXE
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://sg.yahoo.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [E07AXLRD_1361109] "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2007\EDICT.EXE" -m
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7123 bytes
And oh yeah, don't mind the pm anymore, i've finally found out how to attach stuff. I'm using IE now because there is a BIG difference between the site layout of G2Go between IE and Firefox. Should this worry me?
Let's say I've removed the worm, is there any way I could confirm that indeed my computer is malware free?
Edited by PaperAnchor, 11 March 2008 - 01:17 AM.