Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help removing Trojan.Vundo.H


  • Please log in to reply

#1
TrapperX

TrapperX

    New Member

  • Member
  • Pip
  • 2 posts
I have gone through the guide and gone through the steps outlined and I am still not able to remove.
Here is the Malwarebytes log and the OTList2 log. I was not able to dl the Rooter program, it said
"The bandwidth or page view limit for this site has been exceeded "

Malwarebytes' Anti-Malware 1.35
Database version: 1915
Windows 5.1.2600 Service Pack 3

3/29/2009 2:25:28 PM
mbam-log-2009-03-29 (14-25-21).txt

Scan type: Quick Scan
Objects scanned: 71189
Time elapsed: 6 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{729f8289-3ac2-43ee-a2af-b3f3cff3d06a} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dundopoh (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{729f8289-3ac2-43ee-a2af-b3f3cff3d06a} (Trojan.Vundo.H) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\windows\system32\sqsevhs.dll (Trojan.Vundo.H) -> No action taken.

OTListIt logfile created on: 3/29/2009 3:13:15 PM - Run 4
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Documents and Settings\Sherry\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.17 Mb Total Physical Memory | 98.00 Mb Available Physical Memory | 21.96% Memory free
1.11 Gb Paging File | 0.80 Gb Available in Paging File | 72.08% Paging File free
Paging file location(s): C:\pagefile.sys 756 756;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.65 Gb Total Space | 46.24 Gb Free Space | 83.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 480.01 Mb Total Space | 446.39 Mb Free Space | 92.99% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHIBA-USER
Current User Name: Sherry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (America Online)
PRC - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (America Online, Inc)
PRC - C:\WINDOWS\system32\drivers\CDAC11BA.EXE (C-Dilla Ltd)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe (America Online Inc)
PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
PRC - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Sherry\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (ACS [Auto | Stopped]) -- C:\WINDOWS\system32\acs.exe ()
SRV - (AOL ACS [Auto | Running]) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (America Online)
SRV - (AOL TopSpeedMonitor [Auto | Running]) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (America Online, Inc)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (C-DillaCdaC11BA [Auto | Running]) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE (C-Dilla Ltd)
SRV - (CFSvcs [Auto | Running]) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DVD-RAM_Service [Auto | Running]) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (McAfee SiteAdvisor Service [Auto | Running]) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Running]) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon [Disabled | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Swupdtmr [Auto | Running]) -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
SRV - (TAPPSRV [Auto | Running]) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (AR5211 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ar5211.sys (Atheros Communications, Inc.)
DRV - (AR5416 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\athw.sys (Atheros Communications, Inc.)
DRV - (ASCTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (CdaC15BA [Auto | Running]) -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS ()
DRV - (DLABOIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLACDBHM [System | Running]) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLADResN [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLAIFS_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLAOPIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLARTL_N [System | Running]) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DLAUDFAM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DRVMCDB [Boot | Running]) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DRVNDDM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (KR10N [Boot | Stopped]) -- C:\WINDOWS\system32\drivers\KR10N.sys (TOSHIBA CORPORATION)
DRV - (lcibmaqt [Boot | Running]) -- C:\WINDOWS\system32\drivers\lcibmaqt.sys (Microsoft Corporation)
DRV - (MDC8021X [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (meiudf [System | Running]) -- C:\WINDOWS\System32\Drivers\meiudf.sys (Matsushita Electric Industrial Co.,Ltd.)
DRV - (mfeavfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MPFP [System | Running]) -- C:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (Netdevio [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\netdevio.sys (TOSHIBA Corporation.)
DRV - (npf [Auto | Running]) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (pfc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RTL8023xp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tbiosdrv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys ()
DRV - (TVALD [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NBSMI.sys (Toshiba Corporation)
DRV - (Tvs [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Tvs.sys (TOSHIBA Corporation)
DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys (America Online, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.cnn.com/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\PROGRAM FILES\MCAFEE\SITEADVISOR [2009/03/25 17:22:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/25 17:48:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/25 17:47:58 | 00,000,000 | ---D | M]

[2009/03/25 17:48:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sherry\Application Data\mozilla\Extensions
[2009/03/25 17:48:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sherry\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/25 17:48:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sherry\Application Data\mozilla\Firefox\Profiles\moiotry9.default\extensions
[2009/03/25 17:47:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/25 17:47:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/02/19 21:43:33 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/02/19 21:43:34 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/19 15:33:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/19 15:33:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/02/19 15:33:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/19 15:33:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/19 15:33:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/02/19 15:33:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/02/19 15:33:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: () - {729F8289-3AC2-43EE-A2AF-B3F3CFF3D06A} - c:\windows\system32\sqsevhs.dll File not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (no name) - MRI_DISABLED - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1214258848187 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (huzknj.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\dundopoh: DllName - sqsevhs.dll - File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[2009/03/29 15:06:25 | 00,498,688 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sherry\Desktop\OTListIt2.exe
[2009/03/29 12:48:53 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/03/29 12:13:54 | 00,000,791 | ---- | C] () -- C:\Documents and Settings\Sherry\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/03/29 12:13:24 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/03/29 12:12:33 | 06,237,728 | ---- | C] () -- C:\Documents and Settings\Sherry\Desktop\SUPERAntiSpyware.exe
[2009/03/29 12:11:50 | 00,106,858 | ---- | C] () -- C:\Documents and Settings\Sherry\My Documents\cc_20090329_121146.reg
[2009/03/29 12:08:00 | 00,001,559 | ---- | C] () -- C:\Documents and Settings\Sherry\Desktop\CCleaner.lnk
[2009/03/29 11:55:23 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/03/29 11:55:21 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/03/29 11:55:17 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/03/29 11:53:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/03/29 11:02:47 | 46,791,4752 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/29 08:33:44 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/03/28 22:53:16 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/03/28 21:59:45 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009/03/27 14:04:49 | 00,014,610 | ---- | C] () -- C:\Documents and Settings\Sherry\My Documents\cc_20090327_140446.reg
[2009/03/27 14:02:51 | 00,745,976 | ---- | C] () -- C:\Documents and Settings\Sherry\My Documents\cc_20090327_140249.reg
[2009/03/27 12:42:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/03/27 12:42:12 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/03/27 12:42:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sherry\Application Data\SUPERAntiSpyware.com
[2009/03/27 11:51:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sherry\Application Data\Malwarebytes
[2009/03/27 09:17:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sherry\Local Settings\Application Data\smdknpce
[2009/03/27 09:17:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sherry\Application Data\smdknpce
[2009/03/26 21:08:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Mozilla Shared
[2009/03/26 20:10:50 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/26 20:10:50 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/26 20:10:48 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 20:10:47 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/26 20:10:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/25 17:48:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sherry\Local Settings\Application Data\Mozilla
[2009/03/25 17:48:03 | 00,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/03/25 17:47:57 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/03/25 17:29:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/03/25 17:18:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sherry\Application Data\Mozilla
[2009/03/25 15:49:59 | 00,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2009/03/25 15:12:38 | 00,007,304 | ---- | C] () -- C:\Documents and Settings\Sherry\Desktop\free tv.url
[2009/03/25 15:10:06 | 00,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2009/03/24 16:37:56 | 00,012,626 | ---- | C] () -- C:\Documents and Settings\Sherry\Desktop\yidio free tv.url
[2009/03/24 15:36:54 | 00,004,135 | ---- | C] () -- C:\Documents and Settings\Sherry\Desktop\Streamick.com - Watch TV online free TV broadcast directory.url
[2009/03/24 15:36:36 | 00,000,897 | ---- | C] () -- C:\Documents and Settings\Sherry\Desktop\fancast free tv.url
[2009/03/24 15:35:47 | 00,000,338 | ---- | C] () -- C:\Documents and Settings\Sherry\Desktop\Auction Exchange - Calendar.url
[2009/03/20 22:59:40 | 00,017,408 | ---- | C] () -- C:\Documents and Settings\Sherry\My Documents\books-japan heian.wps
[2009/03/17 20:18:25 | 02,304,000 | ---- | C] () -- C:\Documents and Settings\Sherry\My Documents\crane fukushiki.wps
[2009/03/15 15:45:05 | 00,000,433 | ---- | C] () -- C:\Documents and Settings\Sherry\Desktop\AuctionZip Auctioneer Directory.url
[2009/03/12 17:22:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/03/06 21:10:06 | 00,013,824 | ---- | C] () -- C:\Documents and Settings\Sherry\My Documents\books by women.wps
[2009/03/06 19:44:59 | 00,000,268 | ---- | C] () -- C:\Documents and Settings\Sherry\Desktop\Bombardier′s Lounge Recording.url
[2009/02/28 15:44:47 | 02,102,784 | ---- | C] () -- C:\Documents and Settings\Sherry\My Documents\japanese women authors.wps
[2009/02/28 02:47:35 | 00,000,289 | ---- | C] () -- C:\Documents and Settings\Sherry\Desktop\categoryJapanese women writers - Wikipedia, the free encyclopedia.url

========== Files - Modified Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[2009/03/29 15:06:36 | 00,498,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sherry\Desktop\OTListIt2.exe
[2009/03/29 15:00:00 | 00,000,312 | ---- | M] () -- C:\WINDOWS\tasks\nhlnzafn.job
[2009/03/29 14:27:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/29 14:27:12 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/29 14:27:08 | 46,791,4752 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/29 14:26:05 | 00,006,875 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/03/29 12:46:00 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/03/29 12:13:54 | 00,000,791 | ---- | M] () -- C:\Documents and Settings\Sherry\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/03/29 12:12:45 | 06,237,728 | ---- | M] () -- C:\Documents and Settings\Sherry\Desktop\SUPERAntiSpyware.exe
[2009/03/29 12:11:52 | 00,106,858 | ---- | M] () -- C:\Documents and Settings\Sherry\My Documents\cc_20090329_121146.reg
[2009/03/29 12:08:00 | 00,001,559 | ---- | M] () -- C:\Documents and Settings\Sherry\Desktop\CCleaner.lnk
[2009/03/29 11:59:04 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/03/29 11:55:24 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/03/29 11:18:20 | 00,000,719 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/03/29 11:18:20 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/03/29 09:13:01 | 00,000,012 | ---- | M] () -- C:\WINDOWS\dirsaver.ini
[2009/03/28 22:55:28 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/27 14:04:58 | 00,014,610 | ---- | M] () -- C:\Documents and Settings\Sherry\My Documents\cc_20090327_140446.reg
[2009/03/27 14:03:00 | 00,745,976 | ---- | M] () -- C:\Documents and Settings\Sherry\My Documents\cc_20090327_140249.reg
[2009/03/26 20:10:50 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/25 17:48:03 | 00,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/03/25 17:29:38 | 00,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2009/03/25 15:58:05 | 00,000,262 | ---- | M] () -- C:\Documents and Settings\Sherry\Desktop\mel The Michigan eLibrary.url
[2009/03/25 15:49:48 | 00,000,616 | ---- | M] () -- C:\Documents and Settings\Sherry\Desktop\tv guide.url
[2009/03/25 15:48:33 | 00,000,399 | ---- | M] () -- C:\Documents and Settings\Sherry\Desktop\YouTube - Joni Mitchell Little Green.url
[2009/03/25 15:47:55 | 00,007,304 | ---- | M] () -- C:\Documents and Settings\Sherry\Desktop\free tv.url
[2009/03/25 14:14:27 | 00,009,176 | ---- | M] () -- C:\Documents and Settings\Sherry\Desktop\My eBay.url
[2009/03/25 14:12:01 | 00,000,210 | ---- | M] () -- C:\Documents and Settings\Sherry\Desktop\SRI Threads - [email protected]
[2009/03/25 14:08:12 | 00,011,858 | ---- | M] () -- C:\Documents and Settings\Sherry\Desktop\obituaries.url
[2009/03/24 21:22:34 | 00,012,626 | ---- | M] () -- C:\Documents and Settings\Sherry\Desktop\yidio free tv.url
[2009/03/24 21:02:50 | 00,000,369 | ---- | M] () -- C:\Documents and Settings\Sherry\Desktop\craig's list - Google Search.url
[2009/03/24 20:59:40 | 00,000,176 | ---- | M] () -- C:\Documents and Settings\Sherry\Desktop\Kimono Flea Market Ichiroya.url
[2009/03/24 17:40:35 | 00,000,220 | ---- | M] () -- C:\Documents and Settings\Sherry\Desktop\KRML - 1410 AM Jazz & Blues Radio.url
[2009/03/24 15:59:15 | 00,000,897 | ---- | M] () -- C:\Documents and Settings\Sherry\Desktop\fancast free tv.url
[2009/03/24 15:47:32 | 00,004,135 | ---- | M] () -- C:\Documents and Settings\Sherry\Desktop\Streamick.com - Watch TV online free TV broadcast directory.url
[2009/03/24 15:35:47 | 00,000,338 | ---- | M] () -- C:\Documents and Settings\Sherry\Desktop\Auction Exchange - Calendar.url
[2009/03/24 15:32:38 | 00,000,286 | ---- | M] () -- C:\Documents and Settings\Sherry\Desktop\email.url
[2009/03/23 21:40:19 | 00,000,736 | ---- | M] () -- C:\Documents and Settings\Sherry\Desktop\RHS Bibliography - Brief results display.url
[2009/03/23 14:37:39 | 00,000,148 | ---- | M] () -- C:\Documents and Settings\Sherry\Desktop\KDL - Kent District Library.url
[2009/03/22 14:53:06 | 00,000,590 | ---- | M] () -- C:\Documents and Settings\Sherry\Desktop\WGVU Television.url
[2009/03/20 23:33:36 | 00,000,447 | ---- | M] () -- C:\Documents and Settings\Sherry\Desktop\Spirit Cloth.url
[2009/03/20 23:03:22 | 00,000,433 | ---- | M] () -- C:\Documents and Settings\Sherry\Desktop\AuctionZip Auctioneer Directory.url
[2009/03/20 22:59:41 | 00,025,028 | ---- | M] () -- C:\Documents and Settings\Sherry\Application Data\wklnhst.dat
[2009/03/20 22:59:41 | 00,017,408 | ---- | M] () -- C:\Documents and Settings\Sherry\My Documents\books-japan heian.wps
[2009/03/20 16:31:42 | 00,000,182 | ---- | M] () -- C:\Documents and Settings\Sherry\Desktop\Biorhythm Compatibility Check.url
[2009/03/17 20:18:26 | 02,304,000 | ---- | M] () -- C:\Documents and Settings\Sherry\My Documents\crane fukushiki.wps
[2009/03/16 23:11:01 | 00,000,450 | ---- | M] () -- C:\Documents and Settings\Sherry\Desktop\estate sales auctions.url
[2009/03/16 23:06:34 | 00,000,198 | ---- | M] () -- C:\Documents and Settings\Sherry\Desktop\Japanese Tex-style Home Page.url
[2009/03/15 22:46:38 | 02,528,594 | -H-- | M] () -- C:\Documents and Settings\Sherry\Local Settings\Application Data\IconCache.db
[2009/03/15 21:21:19 | 00,000,158 | ---- | M] () -- C:\Documents and Settings\Sherry\Desktop\free tv online.url
[2009/03/12 20:39:54 | 00,000,180 | ---- | M] () -- C:\Documents and Settings\Sherry\Desktop\kimono quilts.url
[2009/03/11 17:14:14 | 00,012,800 | ---- | M] () -- C:\Documents and Settings\Sherry\My Documents\2009 budget.xlr
[2009/03/11 14:19:02 | 00,003,038 | ---- | M] () -- C:\Documents and Settings\Sherry\Desktop\weather.url
[2009/03/11 13:54:03 | 00,163,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/09 23:35:51 | 00,000,289 | ---- | M] () -- C:\Documents and Settings\Sherry\Desktop\categoryJapanese women writers - Wikipedia, the free encyclopedia.url
[2009/03/08 17:02:05 | 00,000,268 | ---- | M] () -- C:\Documents and Settings\Sherry\Desktop\Bombardier′s Lounge Recording.url
[2009/03/08 15:01:30 | 00,408,238 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/08 15:01:30 | 00,064,602 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/08 15:01:29 | 00,479,920 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/06 21:22:17 | 00,013,824 | ---- | M] () -- C:\Documents and Settings\Sherry\My Documents\books by women.wps
[2009/03/06 20:34:09 | 02,102,784 | ---- | M] () -- C:\Documents and Settings\Sherry\My Documents\japanese women authors.wps
[2009/03/05 16:23:09 | 00,005,419 | ---- | M] () -- C:\Documents and Settings\Sherry\Desktop\radiotime.url
[2009/03/03 23:29:24 | 00,000,222 | ---- | M] () -- C:\Documents and Settings\Sherry\Desktop\kimono and japanese terms.url
[2009/03/03 23:17:45 | 00,000,172 | ---- | M] () -- C:\Documents and Settings\Sherry\Desktop\Home Page MinoKame.url
[2009/03/03 23:13:32 | 00,000,176 | ---- | M] () -- C:\Documents and Settings\Sherry\Desktop\saiyuu2.com.url

========== Alternate Data Streams ==========

@Alternate Data Stream - 992 bytes -> C:\Documents and Settings\Sherry\Desktop\KRML - 1410 AM Jazz & Blues Radio.url:favicon
@Alternate Data Stream - 894 bytes -> C:\Documents and Settings\Sherry\Desktop\yidio free tv.url:favicon
@Alternate Data Stream - 766 bytes -> C:\Documents and Settings\Sherry\Desktop\japanese kimono terms.url:favicon
@Alternate Data Stream - 7070 bytes -> C:\Documents and Settings\Sherry\Desktop\Streamick.com - Watch TV online free TV broadcast directory.url:favicon
@Alternate Data Stream - 6598 bytes -> C:\Documents and Settings\Sherry\Desktop\email.url:favicon
@Alternate Data Stream - 4710 bytes -> C:\Documents and Settings\Sherry\Desktop\P.O.V. - About P.O.V. . Awards PBS.url:favicon
@Alternate Data Stream - 3638 bytes -> C:\Documents and Settings\Sherry\Desktop\mel The Michigan eLibrary.url:favicon
@Alternate Data Stream - 318 bytes -> C:\Documents and Settings\Sherry\Desktop\FLAT FOOT FLOOGIE.url:favicon
@Alternate Data Stream - 318 bytes -> C:\Documents and Settings\Sherry\Desktop\categoryJapanese women writers - Wikipedia, the free encyclopedia.url:favicon
@Alternate Data Stream - 2862 bytes -> C:\Documents and Settings\Sherry\Desktop\Spirit Cloth.url:favicon
@Alternate Data Stream - 2862 bytes -> C:\Documents and Settings\Sherry\Desktop\aol tv.url:favicon
@Alternate Data Stream - 2550 bytes -> C:\Documents and Settings\Sherry\Desktop\WJZL - 92.9 FM Holt, MI - Listen Online.url:favicon
@Alternate Data Stream - 2550 bytes -> C:\Documents and Settings\Sherry\Desktop\radiotime.url:favicon
@Alternate Data Stream - 15086 bytes -> C:\Documents and Settings\Sherry\Desktop\Pandora Radio - Listen to Free Internet Radio, Find New Music.url:favicon
@Alternate Data Stream - 1406 bytes -> C:\Documents and Settings\Sherry\Desktop\WGVU Television.url:favicon
@Alternate Data Stream - 1406 bytes -> C:\Documents and Settings\Sherry\Desktop\weather.url:favicon
@Alternate Data Stream - 1406 bytes -> C:\Documents and Settings\Sherry\Desktop\obituaries.url:favicon
@Alternate Data Stream - 1406 bytes -> C:\Documents and Settings\Sherry\Desktop\My eBay.url:favicon
@Alternate Data Stream - 1406 bytes -> C:\Documents and Settings\Sherry\Desktop\free tv.url:favicon
@Alternate Data Stream - 1155 bytes -> C:\Documents and Settings\Sherry\Desktop\The Theosophical Community - Official Social Network of The Theosophical Society in America.url:favicon
@Alternate Data Stream - 1150 bytes -> C:\Documents and Settings\Sherry\Desktop\YouTube - Joni Mitchell Little Green.url:favicon
@Alternate Data Stream - 1150 bytes -> C:\Documents and Settings\Sherry\Desktop\fancast free tv.url:favicon
@Alternate Data Stream - 1150 bytes -> C:\Documents and Settings\Sherry\Desktop\craig's list - Google Search.url:favicon
< End of report >
  • 0

Advertisements


#2
TrapperX

TrapperX

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
I was able to download the rooter.exe and here is the log from it.

Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:56980 Mo/Free:2193 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Mon 03/30/2009| 9:06

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
---------- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
---------- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
---------- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
---------- C:\WINDOWS\system32\DVDRAMSV.exe
---------- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
---------- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
---------- C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
---------- c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
---------- c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
---------- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
---------- C:\Program Files\McAfee\MPF\MPFSrv.exe
---------- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
---------- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
---------- C:\Program Files\McAfee.com\Agent\mcagent.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\WINDOWS\system32\rundll32.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

Trojan ! .. C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\sqsevhs.dll,DllMain -

----------------------\\ Tasks

C:\WINDOWS\tasks\At1.job

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Mon 03/30/2009| 9:07

----------------------\\ Scan completed at 9:07
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP