Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with trojans


  • This topic is locked This topic is locked
5 replies to this topic

#1 fallenkitsune

fallenkitsune

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 20 April 2009 - 01:02 AM

I'm running windows xp with SP3 and Norton Antivirus (which i'm going to replace ASAP).

I stupidly opened a bad file and found myself with a bunch of trojans in my system. I've cleaned what i could find out with Spybot Search and Destroy.
What it found was:
Win32.Delf.oc
Microsoft.WindowsSecurityCenter.FirewallBypass
Virtumonde
Virtumonde.sdn

Spyware Terminator keeps alerting me to a file which tries to access the internet ' opunofowaceh.dll ' and i've blocked access to it for now. I'm also having problems getting into safe mode and i'm not an admin on my computer (i'm going to yell at my tech guy in the morning about that).

I've been getting a popup every time i start firefox, task manager identifies it as iexplore.exe. I keep getting a popup every 15 or 20 minutes from IE which i never use. Adaware, SUPERAntiSpyware and Safari will not start up when double clicked. I also have a hard time getting to certain web pages that are for downloading antivirus and antispyware software.

Can someone help me figure this out please? Thanks.

Included is the DDS Tool log.


EDIT: I'm unable to attach the second file for some reason, firefox wont bring up the box so i can select a file.


--------------------


DDS (Ver_09-03-16.01) - NTFSx86
Run by Tasha at 1:39:25.81 on Mon 04/20/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.124 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Tasha\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Creative Detector] c:\program files\creative\mediasource\detector\CTDetect.exe /R
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [SpywareTerminator] "c:\program files\spyware terminator\SpywareTerminatorShield.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - hxxp://support.gateway.com/support/serialharvest/gwCID.CAB
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: a0844ab8579 - c:\windows\system32\cliconfg32.dll
Notify: igfxcui - igfxsrvc.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: __c00A9F49 - c:\windows\system32\__c00A9F49.dat
AppInit_DLLs: c:\windows\system32\cliconfg32.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli uapioyms.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tasha\applic~1\mozilla\firefox\profiles\nhoeesoi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.awesomestart.com/transformers/
FF - plugin: c:\documents and settings\tasha\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - HiddenExtension: XUL Cache: {45DEF9CF-6127-4B1D-BDCC-955AE4C7CB88} - c:\documents and settings\tasha\local settings\application data\{45def9cf-6127-4b1d-bdcc-955ae4c7cb88}\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: content.max.tokenizing.time - 1500000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 100

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-5 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-4-19 28544]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-4-19 142592]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-11-21 192104]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-11-21 169576]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-3-14 1816768]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-4-17 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090417.007\naveng.sys [2009-4-17 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090417.007\navex15.sys [2009-4-17 876144]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 921936]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-3-14 116416]

=============== Created Last 30 ================

2009-04-20 01:23 27,648 a------- c:\windows\system32\__c00A9F49.dat
2009-04-20 00:40 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-04-20 00:40 <DIR> --d----- c:\docume~1\tasha\applic~1\SUPERAntiSpyware.com
2009-04-19 23:35 <DIR> --d----- C:\hijackthis logs
2009-04-19 23:22 210 a------- c:\windows\system32\BIN_STRSBW.SPT
2009-04-19 23:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spyware Terminator
2009-04-19 03:54 360 a------- c:\windows\wininit.ini
2009-04-19 02:50 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-04-19 02:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Hitman Pro
2009-04-19 02:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Hitman Pro 3
2009-04-19 02:17 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-19 02:17 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-19 02:17 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-19 02:17 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-19 02:17 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-19 02:17 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-19 02:17 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-19 02:17 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-19 02:17 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-19 02:16 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-19 02:16 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-19 02:16 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-19 01:44 142,592 a------- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-04-19 01:44 <DIR> --d----- c:\docume~1\tasha\applic~1\Spyware Terminator
2009-04-19 01:43 <DIR> --d----- c:\program files\Spyware Terminator
2009-04-19 01:41 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-04-19 01:25 <DIR> --d----- c:\program files\Panda Security
2009-04-19 01:14 139,264 a------- c:\windows\system32\cliconfg32.dll
2009-04-19 01:14 615 a------- c:\windows\system32\dqQlj.vbs
2009-04-18 23:57 <DIR> --d----- C:\Zip files
2009-04-14 15:46 29,704 a------- c:\windows\system32\uxtuneup.dll
2009-04-14 15:46 <DIR> --d----- c:\program files\TuneUp Utilities 2007
2009-04-14 15:46 <DIR> --d----- c:\docume~1\tasha\applic~1\TuneUp Software
2009-04-14 15:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TuneUp Software
2009-04-14 15:45 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-04-14 03:03 <DIR> --d----- c:\program files\UltimateZip 2.7
2009-04-14 02:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Estsoft
2009-04-14 02:49 <DIR> --d----- c:\program files\ESTsoft
2009-04-14 02:49 <DIR> --d----- c:\docume~1\tasha\applic~1\ESTsoft
2009-04-04 23:32 17,208 a---h--- c:\windows\system32\mlfcache.dat
2009-03-28 02:02 221,184 a------- c:\windows\system32\wmpns.dll
2009-03-26 01:46 <DIR> --d----- C:\Incomplete
2009-03-26 01:40 <DIR> --d----- c:\docume~1\tasha\applic~1\LimeWire
2009-03-26 01:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Azureus
2009-03-26 01:23 <DIR> --d----- c:\docume~1\tasha\applic~1\Azureus
2009-03-26 00:18 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-26 00:18 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-23 02:46 <DIR> --d----- c:\program files\PeerGuardian2
2009-03-23 02:45 <DIR> --d----- C:\downloaded files
2009-03-21 10:06 989,696 -c------ c:\windows\system32\dllcache\kernel32.dll

==================== Find3M ====================

2009-04-19 02:35 170,772 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1033.dat
2009-04-18 10:50 15,336,764 a------- c:\program files\PROCESSLIST.DB
2009-04-18 10:50 1,145,582 a------- c:\program files\PROCESSLISTRELATED.DB
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-02-20 04:10 666,112 a------- c:\windows\system32\wininet.dll
2009-02-20 04:10 81,920 a------- c:\windows\system32\ieencode.dll
2009-02-09 08:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 08:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 08:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 08:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-07 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 07:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 07:08 2,189,056 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 06:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 00:15 48,768 a------- c:\windows\system32\S32EVNT1.DLL
2009-02-05 13:42 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-02-05 04:06 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-02-03 15:59 56,832 a------- c:\windows\system32\secur32.dll

============= FINISH: 1:41:13.01 ===============

BC AdBot (Login to Remove)

 


#2 fallenkitsune

fallenkitsune
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 20 April 2009 - 10:11 AM

I was finally able to attach the file from DDS.

I have more odd behavior starting though. The IE pages that pop up say i've been infected with spyware and trojans and before it was a blank page. I also had a popup about some weird virus protection program in my temp files. I'm also getting alot more suspicious hits on my Spyware Terminator Real Time Shield/Firewall.

Attached Files



#3 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:27 AM

Posted 21 April 2009 - 05:22 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.



=============


The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#4 fallenkitsune

fallenkitsune
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 23 April 2009 - 10:18 AM

Thank you for answering. Um something funny happened which i hope i'm not going to get yelled at for since i know my machine isn't supposed to be messed with till you answered. I went to work and came back and a friend of mine had figured out how to delete most of the trojans from my computer. I didn't give him permission but it cant be helped now i guess. Can we still do the checks to make sure things are really gone?

I have the reports here from the programs.

OTListIt logfile created on: 4/23/2009 11:04:30 AM - Run 2
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Tasha\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.80 Mb Total Physical Memory | 170.18 Mb Available Physical Memory | 33.38% Memory free
1.22 Gb Paging File | 0.78 Gb Available in Paging File | 63.58% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 4.80 Gb Free Space | 25.73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TASHA-0FBD19802
Current User Name: Tasha
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2006/11/21 18:38:40 | 00,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/11/21 18:38:32 | 00,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2007/01/10 17:27:38 | 01,160,792 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [1999/12/12 13:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTsvcCDA.EXE
PRC - [2007/03/14 20:48:40 | 00,031,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2009/03/26 00:18:08 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/04/19 01:44:05 | 00,487,424 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2007/03/14 20:48:50 | 01,816,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2004/08/04 08:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2009/02/06 06:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2002/12/04 02:06:58 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2006/11/21 18:38:28 | 00,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2007/03/14 20:49:02 | 00,125,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2009/04/19 01:44:05 | 02,176,000 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
PRC - [2004/12/02 19:23:34 | 00,102,400 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
PRC - [2008/04/13 20:12:37 | 00,135,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\taskmgr.exe
PRC - [2004/08/10 11:37:28 | 00,061,440 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2009/04/14 01:57:41 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Tasha\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
PRC - [2009/04/23 10:47:04 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/22 01:46:03 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tasha\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Stopped])
SRV - [2006/11/21 18:38:32 | 00,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
SRV - [2006/11/21 18:38:40 | 00,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
SRV - [1999/12/12 13:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTsvcCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2007/03/14 20:48:40 | 00,031,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009/03/26 00:18:08 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/04/21 01:04:45 | 00,951,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Stopped])
SRV - [2006/09/02 17:36:33 | 02,528,960 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2007/03/14 20:48:56 | 00,116,416 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [On_Demand | Stopped])
SRV - [2007/02/12 18:23:10 | 00,214,672 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Stopped])
SRV - [2007/01/10 17:27:38 | 01,160,792 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [Auto | Running])
SRV - [2009/04/19 01:44:05 | 00,487,424 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv [Auto | Running])
SRV - [2007/03/14 20:48:50 | 01,816,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
SRV - [2004/10/11 12:20:30 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Stopped])
SRV - [2007/03/28 19:42:42 | 00,029,704 | ---- | M] (TuneUp Software GmbH) -- C:\WINDOWS\System32\uxtuneup.dll -- (UxTuneUp [Auto | Running])
SRV - [2007/05/07 20:28:58 | 00,589,824 | ---- | M] (TightVNC Group) -- C:\Program Files\TightVNC\WinVNC.exe -- (winvnc [Auto | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2002/02/25 02:54:04 | 00,139,776 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2009/02/27 05:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2009/03/16 04:00:00 | 00,101,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2002/12/04 10:33:22 | 00,080,379 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2002/10/15 01:00:00 | 00,013,891 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\IdeBusDr.sys -- (IdeBusDr [Boot | Running])
DRV - [2002/10/15 01:00:00 | 00,101,431 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\IdeChnDr.sys -- (IdeChnDr [Boot | Running])
DRV - [2009/04/21 01:05:14 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2009/03/16 04:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090417.007\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009/03/16 04:00:00 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090417.007\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2008/06/19 16:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
DRV - [2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/03/07 19:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004/08/03 18:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Running])
DRV - [2009/03/23 14:07:26 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/03/23 14:07:28 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
DRV - [2009/03/23 14:07:26 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2006/09/06 15:41:20 | 00,337,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT [System | Running])
DRV - [2006/09/06 15:41:20 | 00,054,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL [System | Running])
DRV - [2008/04/13 12:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2002/04/04 12:54:30 | 00,459,944 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2007/01/10 17:27:26 | 00,390,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
DRV - [2009/04/19 01:44:05 | 00,142,592 | ---- | M] () -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2 [System | Running])
DRV - [2009/02/06 00:15:21 | 00,110,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2007/02/12 18:22:36 | 00,024,720 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Running])
DRV - [2007/02/12 18:22:40 | 00,196,752 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2002/12/04 10:34:20 | 00,091,774 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [System | Running])
DRV - [2002/12/04 10:34:28 | 00,071,514 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1220945662-682003330-242186599-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1220945662-682003330-242186599-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1220945662-682003330-242186599-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomestart.com/transformers/
IE - HKU\S-1-5-21-1220945662-682003330-242186599-1003\S-1-5-21-1220945662-682003330-242186599-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1220945662-682003330-242186599-1003\S-1-5-21-1220945662-682003330-242186599-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.awesomestart.com/transformers/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {45DEF9CF-6127-4B1D-BDCC-955AE4C7CB88}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.9


FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/26 00:18:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{45DEF9CF-6127-4B1D-BDCC-955AE4C7CB88}: C:\DOCUMENTS AND SETTINGS\TASHA\LOCAL SETTINGS\APPLICATION DATA\{45DEF9CF-6127-4B1D-BDCC-955AE4C7CB88} [2009/04/20 01:34:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/23 10:47:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/23 10:47:10 | 00,000,000 | ---D | M]

[2009/03/26 01:40:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tasha\Application Data\mozilla\Extensions
[2009/02/05 15:44:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tasha\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/26 01:40:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tasha\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/04/22 02:06:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tasha\Application Data\mozilla\Firefox\Profiles\nhoeesoi.default\extensions
[2009/02/06 15:35:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tasha\Application Data\mozilla\Firefox\Profiles\nhoeesoi.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/04/19 23:03:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tasha\Application Data\mozilla\Firefox\Profiles\nhoeesoi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/04/22 02:06:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/23 10:47:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/26 00:18:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/23 10:47:03 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/23 10:47:03 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/01/19 19:28:04 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/01/19 19:28:04 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/01/19 19:28:04 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/01/19 19:28:04 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/01/19 19:28:04 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/01/19 19:28:04 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/01/19 19:28:04 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (305173 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10509 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" (Crawler.com)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-1220945662-682003330-242186599-1003..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R (Creative Technology Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-21-1220945662-682003330-242186599-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1220945662-682003330-242186599-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1220945662-682003330-242186599-1003\..Trusted Domains: 55 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} http://support.gateway.com/support/serialharvest/gwCID.CAB (compid Class)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/05 04:10:15 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{36363e8c-27f6-11de-9d3b-000244321450}\Shell - "" = AutoRun
O33 - MountPoints2\{36363e8c-27f6-11de-9d3b-000244321450}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{36363e8d-27f6-11de-9d3b-000244321450}\Shell - "" = AutoRun
O33 - MountPoints2\{36363e8d-27f6-11de-9d3b-000244321450}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2009/04/23 03:16:44 | 09,915,072 | ---- | C] (Nullsoft, Inc.) -- C:\Documents and Settings\Tasha\Desktop\winamp5552_full_emusic-7plus_en-us.exe
[2009/04/23 02:34:00 | 00,026,675 | ---- | C] () -- C:\Documents and Settings\Tasha\Desktop\fuzzy.jpeg
[2009/04/23 00:20:04 | 00,026,748 | ---- | C] () -- C:\Documents and Settings\Tasha\Desktop\spazball.jpeg
[2009/04/22 01:45:58 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tasha\Desktop\OTListIt2.exe
[2009/04/21 07:40:06 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/04/21 02:09:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/04/21 00:35:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/04/20 23:41:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tasha\Application Data\Malwarebytes
[2009/04/20 23:41:22 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/20 23:41:22 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/20 23:41:19 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/20 23:41:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/20 23:41:16 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/20 23:33:27 | 00,096,978 | ---- | C] (Business Information Solutions) -- C:\Documents and Settings\Tasha\Desktop\VirtumundoBeGone.exe
[2009/04/20 23:22:19 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/04/20 01:34:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tasha\Local Settings\Application Data\{45DEF9CF-6127-4B1D-BDCC-955AE4C7CB88}
[2009/04/20 01:07:11 | 15,336,764 | ---- | C] () -- C:\Program Files\PROCESSLIST.DB
[2009/04/20 01:07:11 | 01,145,582 | ---- | C] () -- C:\Program Files\PROCESSLISTRELATED.DB
[2009/04/20 01:03:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2009/04/20 00:40:16 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/04/20 00:40:07 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/04/20 00:40:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tasha\Application Data\SUPERAntiSpyware.com
[2009/04/19 23:35:51 | 00,000,000 | ---D | C] -- C:\hijackthis logs
[2009/04/19 23:22:58 | 00,009,492 | ---- | C] () -- C:\WINDOWS\System32\BIN_STRSBW.SPT
[2009/04/19 23:22:33 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Tasha\Desktop\Tasha.exe
[2009/04/19 23:22:31 | 00,000,000 | ---D | C] -- C:\rsit
[2009/04/19 23:21:51 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Tasha\Desktop\RSIT.exe
[2009/04/19 23:03:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2009/04/19 23:03:15 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2009/04/19 10:36:08 | 00,446,764 | ---- | C] () -- C:\Documents and Settings\Tasha\Desktop\bookmarks.html
[2009/04/19 03:54:05 | 00,000,418 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/04/19 02:50:14 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009/04/19 02:37:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/04/19 02:37:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro 3
[2009/04/19 02:17:19 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/19 02:17:19 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/19 02:17:18 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/19 02:17:12 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/19 02:17:11 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/19 02:17:10 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/19 02:17:09 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/19 02:17:08 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/19 02:17:08 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/19 02:16:34 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/19 02:16:34 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/19 02:16:34 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/19 01:44:15 | 00,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Terminator.lnk
[2009/04/19 01:44:05 | 00,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2009/04/19 01:44:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tasha\Application Data\Spyware Terminator
[2009/04/19 01:43:55 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2009/04/19 01:41:39 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009/04/19 01:41:38 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/04/19 01:25:50 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/04/19 01:25:34 | 00,175,504 | ---- | C] () -- C:\Documents and Settings\Tasha\Desktop\activescan2_en.exe
[2009/04/19 01:14:06 | 00,005,737 | -HS- | C] () -- C:\Documents and Settings\Tasha\Application Data\02000000070c9466579C.manifest
[2009/04/19 01:14:06 | 00,000,469 | -HS- | C] () -- C:\Documents and Settings\Tasha\Application Data\02000000070c9466579O.manifest
[2009/04/19 01:14:06 | 00,000,011 | -HS- | C] () -- C:\Documents and Settings\Tasha\Application Data\02000000070c9466579S.manifest
[2009/04/19 01:14:05 | 00,002,083 | -HS- | C] () -- C:\Documents and Settings\Tasha\Application Data\02000000070c9466579P.manifest
[2009/04/19 01:14:03 | 00,000,615 | ---- | C] () -- C:\WINDOWS\System32\dqQlj.vbs
[2009/04/18 23:57:02 | 00,000,000 | ---D | C] -- C:\Zip files
[2009/04/16 23:05:48 | 00,025,386 | ---- | C] () -- C:\Documents and Settings\Tasha\Desktop\bd0444c1380864143f2173b1782278bb.jpg
[2009/04/15 03:21:01 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\Tasha\My Documents\oh crap2.doc
[2009/04/15 00:35:10 | 00,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2009/04/15 00:34:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tasha\Local Settings\Application Data\Help
[2009/04/15 00:34:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tasha\Application Data\Help
[2009/04/15 00:34:20 | 00,000,000 | ---D | C] -- C:\Program Files\WinZip
[2009/04/14 15:46:52 | 00,000,390 | ---- | C] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2009/04/14 15:46:42 | 00,029,704 | ---- | C] (TuneUp Software GmbH) -- C:\WINDOWS\System32\uxtuneup.dll
[2009/04/14 15:46:40 | 00,000,954 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\1-Click Maintenance.lnk
[2009/04/14 15:46:40 | 00,000,833 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2007.lnk
[2009/04/14 15:46:25 | 00,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2007
[2009/04/14 15:46:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tasha\Application Data\TuneUp Software
[2009/04/14 15:45:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/04/14 15:45:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/04/14 15:45:35 | 10,549,768 | ---- | C] () -- C:\Documents and Settings\Tasha\Desktop\TU2007TrialEN.exe
[2009/04/14 15:44:42 | 10,088,461 | ---- | C] () -- C:\Documents and Settings\Tasha\Desktop\Tune up utilities 07.zip
[2009/04/14 03:03:05 | 00,000,643 | ---- | C] () -- C:\Documents and Settings\Tasha\Desktop\UltimateZip.lnk
[2009/04/14 03:03:03 | 00,000,000 | ---D | C] -- C:\Program Files\UltimateZip 2.7
[2009/04/14 02:50:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Estsoft
[2009/04/14 02:49:28 | 00,000,000 | ---D | C] -- C:\Program Files\ESTsoft
[2009/04/14 02:49:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tasha\Application Data\ESTsoft
[2009/04/14 01:59:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tasha\My Documents\Downloads
[2009/04/14 01:59:15 | 00,002,244 | ---- | C] () -- C:\Documents and Settings\Tasha\Desktop\Google Chrome.lnk
[2009/04/14 01:57:50 | 00,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-682003330-242186599-1003.job
[2009/04/14 01:57:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tasha\Local Settings\Application Data\Google
[2009/04/12 10:41:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tasha\Local Settings\Application Data\Identities
[2009/04/11 00:04:36 | 00,010,752 | -HS- | C] () -- C:\Documents and Settings\Tasha\Desktop\Thumbs.db
[2009/04/10 23:50:18 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\Tasha\My Documents\oh crap.doc
[2009/04/07 22:36:21 | 00,006,714 | ---- | C] () -- C:\Documents and Settings\Tasha\My Documents\awesome bleep.m3u
[2009/04/04 23:32:39 | 00,017,208 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/03/29 02:46:37 | 00,002,187 | ---- | C] () -- C:\Documents and Settings\Tasha\Desktop\Safari.lnk
[2009/03/28 02:02:07 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Tasha\My Documents\My Videos
[2009/03/28 02:02:02 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll
[2009/03/26 01:46:38 | 00,000,000 | ---D | C] -- C:\Incomplete
[2009/03/26 01:41:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tasha\My Documents\LimeWire
[2009/03/26 01:40:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tasha\Application Data\LimeWire
[2009/03/26 01:23:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/03/26 01:23:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tasha\Application Data\Azureus
[2009/03/26 00:18:02 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/03/26 00:17:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tasha\Application Data\Sun
[2009/02/19 00:02:41 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/02/07 03:15:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2004/08/04 08:00:00 | 00,000,477 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 08:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2000/01/28 01:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/04/23 10:47:19 | 00,009,492 | ---- | M] () -- C:\WINDOWS\System32\BIN_STRSBW.SPT
[2009/04/23 03:49:54 | 00,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-682003330-242186599-1003.job
[2009/04/23 03:26:18 | 00,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2009/04/23 03:17:33 | 09,915,072 | ---- | M] (Nullsoft, Inc.) -- C:\Documents and Settings\Tasha\Desktop\winamp5552_full_emusic-7plus_en-us.exe
[2009/04/23 02:34:01 | 00,026,675 | ---- | M] () -- C:\Documents and Settings\Tasha\Desktop\fuzzy.jpeg
[2009/04/23 00:20:05 | 00,026,748 | ---- | M] () -- C:\Documents and Settings\Tasha\Desktop\spazball.jpeg
[2009/04/22 01:46:03 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tasha\Desktop\OTListIt2.exe
[2009/04/21 10:49:22 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/21 10:49:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/21 10:49:07 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/21 10:47:21 | 04,314,796 | -H-- | M] () -- C:\Documents and Settings\Tasha\Local Settings\Application Data\IconCache.db
[2009/04/21 01:07:29 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\Tasha\Desktop\Safari.lnk
[2009/04/21 01:05:33 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/04/21 01:05:14 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/04/21 00:58:42 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/21 00:19:04 | 00,002,083 | -HS- | M] () -- C:\Documents and Settings\Tasha\Application Data\02000000070c9466579P.manifest
[2009/04/20 23:41:22 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/20 23:33:28 | 00,096,978 | ---- | M] (Business Information Solutions) -- C:\Documents and Settings\Tasha\Desktop\VirtumundoBeGone.exe
[2009/04/20 15:45:30 | 00,005,737 | -HS- | M] () -- C:\Documents and Settings\Tasha\Application Data\02000000070c9466579C.manifest
[2009/04/20 15:45:30 | 00,000,469 | -HS- | M] () -- C:\Documents and Settings\Tasha\Application Data\02000000070c9466579O.manifest
[2009/04/20 15:45:30 | 00,000,011 | -HS- | M] () -- C:\Documents and Settings\Tasha\Application Data\02000000070c9466579S.manifest
[2009/04/20 15:31:01 | 00,000,418 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/04/20 00:40:16 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/04/20 00:14:09 | 00,305,173 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/04/19 23:21:57 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\Tasha\Desktop\RSIT.exe
[2009/04/19 23:10:44 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Tasha\Desktop\Tasha.exe
[2009/04/19 23:07:37 | 00,311,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/19 23:07:37 | 00,040,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/19 23:07:35 | 00,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/19 10:48:37 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/19 10:36:10 | 00,446,764 | ---- | M] () -- C:\Documents and Settings\Tasha\Desktop\bookmarks.html
[2009/04/19 01:44:15 | 00,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Terminator.lnk
[2009/04/19 01:44:05 | 00,142,592 | ---- | M] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2009/04/19 01:41:38 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/04/19 01:31:30 | 00,000,690 | ---- | M] () -- C:\Documents and Settings\Tasha\Desktop\SpywareBlaster.lnk
[2009/04/19 01:25:34 | 00,175,504 | ---- | M] () -- C:\Documents and Settings\Tasha\Desktop\activescan2_en.exe
[2009/04/19 01:14:03 | 00,000,615 | ---- | M] () -- C:\WINDOWS\System32\dqQlj.vbs
[2009/04/17 17:15:55 | 00,000,390 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2009/04/16 23:05:51 | 00,025,386 | ---- | M] () -- C:\Documents and Settings\Tasha\Desktop\bd0444c1380864143f2173b1782278bb.jpg
[2009/04/15 03:21:02 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Tasha\My Documents\oh crap2.doc
[2009/04/15 00:35:10 | 00,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2009/04/14 15:46:40 | 00,000,954 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\1-Click Maintenance.lnk
[2009/04/14 15:46:40 | 00,000,833 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2007.lnk
[2009/04/14 03:03:05 | 00,000,643 | ---- | M] () -- C:\Documents and Settings\Tasha\Desktop\UltimateZip.lnk
[2009/04/14 01:59:15 | 00,002,244 | ---- | M] () -- C:\Documents and Settings\Tasha\Desktop\Google Chrome.lnk
[2009/04/12 00:24:47 | 00,002,483 | ---- | M] () -- C:\Documents and Settings\Tasha\Desktop\Microsoft Word.lnk
[2009/04/11 00:04:44 | 00,010,752 | -HS- | M] () -- C:\Documents and Settings\Tasha\Desktop\Thumbs.db
[2009/04/10 23:50:19 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\Tasha\My Documents\oh crap.doc
[2009/04/07 22:36:21 | 00,006,714 | ---- | M] () -- C:\Documents and Settings\Tasha\My Documents\awesome bleep.m3u
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 10:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/04 23:32:39 | 00,017,208 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/03/27 02:58:38 | 01,203,922 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/03/26 01:23:50 | 00,016,688 | ---- | M] () -- C:\Documents and Settings\Tasha\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >


-------------
GMER file

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-23 11:14:27
Windows 5.1.2600 Service Pack 3


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:27 AM

Posted 23 April 2009 - 05:52 PM

Doesn't look bad, but I do see one file that raises some suspicion.

Please visit the online Jotti Virus Scanner
  • Click on Browse button.
  • Navigate to the following file and upload it.


    C:\WINDOWS\System32\dqQlj.vbs


  • Click on the Posted Image button.
    The scanner will check the file with various AV companies.
  • Copy and paste the results box into a reply to this thread.

If Jotti's too busy, try here:
Go here: http://www.virustotal.com/en/virustotalf.html
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:27 AM

Posted 14 May 2009 - 11:20 AM

Unfortunately there has been no response. :thumbup2:
This thread will now be closed.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users