Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with trojan-phisher-sabanks.gen, Mal/Behav-284, Troj/PDFJs-B, Troj/SWFLdr-A and trojan-pws-daonol


  • This topic is locked This topic is locked
14 replies to this topic

#1 irish74

irish74

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 06 June 2009 - 04:09 PM

Hi,

I scanned my laptop using spysweeper and removed (to quarantine) the following trojans and viruses:
- trojan-phisher-sabanks.gen
- Mal/Behav-284
- Troj/PDFJs-B
- Troj/SWFLdr-A
- trojan-pws-daonol

I think there may be more, when I restart the laptop the spysweeper internet communications shield pops up and says it is blocking comm's with a bunch of websites... This is from the spysweeper log...

6/6/2009 1:34:09 PM: The Internet Communication shield has blocked access to: WIN-PC-DEFENDER.COM
6/6/2009 1:33:56 PM: The Internet Communication shield has blocked access to: THEPRIVATETUBE.COM
6/6/2009 1:32:05 PM: The Internet Communication shield has blocked access to: GOSYSGD09.COM
6/6/2009 1:31:28 PM: The Internet Communication shield has blocked access to: FIRST-REASON.COM
6/6/2009 1:31:27 PM: The Internet Communication shield has blocked access to: FIRST-REASON.COM
6/6/2009 1:31:20 PM: Common Ad Sites: On
6/6/2009 1:30:36 PM: The Internet Communication shield has blocked access to: BONUSPROMOOFFER.COM
6/6/2009 1:30:29 PM: The Internet Communication shield has blocked access to: BESTPRIVATETUBE.NET
6/6/2009 1:30:25 PM: The Internet Communication shield has blocked access to: BESTPRIVATETUBE.NET
6/6/2009 1:30:23 PM: The Internet Communication shield has blocked access to: BESTPRIVATETUBE.NET
6/6/2009 1:30:22 PM: The Internet Communication shield has blocked access to: BESTPRIVATETUBE.NET
6/6/2009 1:30:21 PM: The Internet Communication shield has blocked access to: BESTPRIVATETUBE.NET
6/6/2009 1:30:13 PM: ApplicationMinimized - EXIT


Here is my dds log, please see attached zip file also! Thanks for your help!


DDS (Ver_09-05-14.01) - NTFSx86
Run by test at 16:51:29.01 on Sat 06/06/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.419 [GMT -4:00]

AV: Webroot AntiVirus with AntiSpyware *On-access scanning enabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
FW: Webroot AntiVirus with AntiSpyware *disabled* {63671000-11A2-46DD-BADD-A084CABCDEAE}
FW: Webroot Desktop Firewall *enabled* {AF0CFAAE-AAB5-450a-8C74-0DEEB429DF50}

============== Running Processes ===============

C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\DrvMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LevelOne\11g Wireless LAN\WLanUtility.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\test\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uInternet Connection Wizard,ShellNext = hxxp://www.webroot.com/php/disp0201.php?pc=64150&rc=1&dcc=Spa-June-6-03&mo=2&oc=5&ps=R
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [SpybotSD TeaTimer] "c:\program files\spybot - search & destroy\TeaTimer.exe"
uRun: [DrvMon.exe] "c:\windows\system32\DrvMon.exe"
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
mRun: [nwiz] "c:\windows\system32\nwiz.exe" /installquiet /nodetect
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [RecGuard] "c:\windows\sminst\RecGuard.exe"
mRun: [Webroot Desktop Firewall] "c:\program files\webroot\webroot desktop firewall\WDF.exe"
mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [<NO NAME>]
mRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\11gwir~1.lnk - c:\program files\levelone\11g wireless lan\WLanUtility.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/install-ie/alttiff.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} - hxxp://www.fultoncourtrecords.com:7778/forms/jinitiator/jinit.exe
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli c:\windows\system32\riwakabe.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\test\applic~1\mozilla\firefox\profiles\ibndx5fk.default\
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - plugin: c:\documents and settings\test\application data\mozilla\firefox\profiles\ibndx5fk.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJinit13122.dll

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-8-9 29808]
R1 pwipf6;pwipf6;c:\windows\system32\drivers\pwipf6.sys [2007-10-18 85848]
R2 CdpPacket;Cisco Discovery Protocol Packet Driver;c:\windows\system32\drivers\CdpPacket.sys [2008-1-24 35692]
R2 WDFNet;Webroot Desktop Firewall network service;c:\program files\webroot\webroot desktop firewall\wdfsvc.exe [2007-10-20 353624]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2009-4-21 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\spy sweeper\WRConsumerService.exe [2009-2-7 1205760]
R3 RTLWUSB;11g Wireless USB Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-8-26 178048]
R3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-4-1 189792]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [2006-6-6 61952]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getplus_helpersvc.exe --> c:\program files\nos\bin\getPlus_HelperSvc.exe [?]
S3 SjyPkt;SjyPkt;\??\c:\windows\system32\drivers\sjypkt.sys --> c:\windows\system32\drivers\SjyPkt.sys [?]

=============== Created Last 30 ================

2009-06-06 13:43 <DIR> --d----- c:\program files\Trend Micro

==================== Find3M ====================

2009-05-13 15:39 1,563,008 a------- c:\windows\WRSetup.dll
2009-04-21 18:27 176,752 a------- c:\windows\system32\drivers\ssidrv.sys
2009-04-21 18:27 23,152 a------- c:\windows\system32\drivers\sshrmd.sys
2009-04-21 18:27 29,808 a------- c:\windows\system32\drivers\ssfs0bbc.sys
2009-03-21 10:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2008-11-26 14:38 60,744 a------- c:\documents and settings\test\g2mdlhlpx.exe
2008-04-18 12:03 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2008-03-30 23:12 0 a------- c:\docume~1\test\applic~1\wklnhst.dat

============= FINISH: 16:52:23.26 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 irish74

irish74
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 06 June 2009 - 04:14 PM

And here's my Hijackthis log.... Thanks!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:12:47 PM, on 6/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\DrvMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LevelOne\11g Wireless LAN\WLanUtility.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.webroot.com/php/disp0201.php?pc...p;oc=5&ps=R
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 208.82.146.211 www.griffinprotectiongroup.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /installquiet /nodetect
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [RecGuard] "C:\Windows\SMINST\RecGuard.exe"
O4 - HKLM\..\Run: [Webroot Desktop Firewall] "C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [DrvMon.exe] "C:\WINDOWS\system32\DrvMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: 11g Wireless LAN Utility.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install-ie/alttiff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} (JInitiator 1.3.1.22) - http://www.fultoncourtrecords.com:7778/for...iator/jinit.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus® Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Desktop Firewall network service (WDFNet) - Webroot Software, Inc. - C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

--
End of file - 8292 bytes

#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:36 AM

Posted 16 June 2009 - 03:15 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 irish74

irish74
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 18 June 2009 - 08:27 PM

Hi, Thanks in advance for your help!!

Since I posted I downloaded AVG and it uncovered Vundo.FW... twice on different days and also "Adware Generic2.ABZP"! Seems I can't get rid of these things for certain. I know I shouldn't but... now I have more than one virus software, but SpySweeper was not catching anything! I also downloaded VundoFix ad ran it, it did not find anything.

Other than that, my laptop is the same since the first post.

Here is the DDS log, the "attach" file is attached!!! Thanks again.



DDS (Ver_09-05-14.01) - NTFSx86
Run by test at 21:09:04.75 on Thu 06/18/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.365 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
FW: Webroot AntiVirus with AntiSpyware *disabled* {63671000-11A2-46DD-BADD-A084CABCDEAE}
FW: Webroot Desktop Firewall *enabled* {AF0CFAAE-AAB5-450a-8C74-0DEEB429DF50}

============== Running Processes ===============

C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\DrvMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LevelOne\11g Wireless LAN\WLanUtility.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Documents and Settings\test\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uInternet Connection Wizard,ShellNext = hxxp://www.webroot.com/php/disp0201.php?pc=64150&rc=1&dcc=Spa-June-6-03&mo=2&oc=5&ps=R
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [SpybotSD TeaTimer] "c:\program files\spybot - search & destroy\TeaTimer.exe"
uRun: [DrvMon.exe] "c:\windows\system32\DrvMon.exe"
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
mRun: [nwiz] "c:\windows\system32\nwiz.exe" /installquiet /nodetect
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [RecGuard] "c:\windows\sminst\RecGuard.exe"
mRun: [Webroot Desktop Firewall] "c:\program files\webroot\webroot desktop firewall\WDF.exe"
mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [<NO NAME>]
mRun: [AVG8_TRAY] "c:\progra~1\avg\avg8\avgtray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\11gwir~1.lnk - c:\program files\levelone\11g wireless lan\WLanUtility.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/install-ie/alttiff.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} - hxxp://www.fultoncourtrecords.com:7778/forms/jinitiator/jinit.exe
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli c:\windows\system32\riwakabe.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\test\applic~1\mozilla\firefox\profiles\ibndx5fk.default\
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\test\application data\mozilla\firefox\profiles\ibndx5fk.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJinit13122.dll

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-8-9 29808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-16 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-16 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-16 108552]
R1 pwipf6;pwipf6;c:\windows\system32\drivers\pwipf6.sys [2007-10-18 85848]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-16 298776]
R2 CdpPacket;Cisco Discovery Protocol Packet Driver;c:\windows\system32\drivers\CdpPacket.sys [2008-1-24 35692]
R2 WDFNet;Webroot Desktop Firewall network service;c:\program files\webroot\webroot desktop firewall\wdfsvc.exe [2007-10-20 353624]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2009-4-21 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\spy sweeper\WRConsumerService.exe [2009-2-7 1205760]
R3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-4-1 189792]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [2006-6-6 61952]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getplus_helpersvc.exe --> c:\program files\nos\bin\getPlus_HelperSvc.exe [?]
S3 RTLWUSB;11g Wireless USB Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-8-26 178048]
S3 SjyPkt;SjyPkt;\??\c:\windows\system32\drivers\sjypkt.sys --> c:\windows\system32\drivers\SjyPkt.sys [?]

=============== Created Last 30 ================

2009-06-17 02:03 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-17 02:03 73,728 a------- c:\windows\system32\javacpl.cpl
2009-06-17 00:25 <DIR> --d----- C:\VundoFix Backups
2009-06-16 22:54 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-06-16 22:32 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-16 22:32 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-06-16 22:32 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-16 22:32 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-06-16 22:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-06-16 22:05 <DIR> --d----- c:\program files\AVG
2009-06-16 21:56 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-06-12 09:13 3,250 a------- c:\windows\system32\wbem\Outlook_01c9eb5fa48cb4b8.mof
2009-06-06 13:43 <DIR> --d----- c:\program files\Trend Micro

==================== Find3M ====================

2009-05-13 15:39 1,563,008 a------- c:\windows\WRSetup.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-29 00:46 3,068,928 -------- c:\windows\system32\dllcache\mshtml.dll
2009-04-29 00:46 666,624 a------- c:\windows\system32\wininet.dll
2009-04-29 00:46 666,624 -------- c:\windows\system32\dllcache\wininet.dll
2009-04-29 00:46 620,032 -------- c:\windows\system32\dllcache\urlmon.dll
2009-04-29 00:46 1,499,136 -------- c:\windows\system32\dllcache\shdocvw.dll
2009-04-29 00:46 81,920 a------- c:\windows\system32\ieencode.dll
2009-04-29 00:46 81,920 -------- c:\windows\system32\dllcache\ieencode.dll
2009-04-21 18:27 176,752 a------- c:\windows\system32\drivers\ssidrv.sys
2009-04-21 18:27 23,152 a------- c:\windows\system32\drivers\sshrmd.sys
2009-04-21 18:27 29,808 a------- c:\windows\system32\drivers\ssfs0bbc.sys
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 08:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 10:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2009-03-21 10:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2008-11-26 14:38 60,744 a------- c:\documents and settings\test\g2mdlhlpx.exe
2008-04-18 12:03 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2008-03-30 23:12 0 a------- c:\docume~1\test\applic~1\wklnhst.dat

============= FINISH: 21:10:08.73 ===============

Attached Files



#5 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:36 PM

Posted 19 June 2009 - 06:54 PM

Hello.

Some more indepth scans will be needed here.

Download and Run OTListIt
Please download OTListIt by OldTimer to your desktop.
Open OTListIt by double clicking its icon. If you are using Windows Vista, right click OTL.exe and select Run As Administrator.
Click Run Scan without changing any settings. When the scan is complete, a logfile will open.
Copy the contents of the log into your next reply. It will be saved as OTL.txt where OTL.exe is located.

Download and Run Scan with GMER
We will use GMER to scan for rootkits.

Please download GMER to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  • Close all other open programs as there is a slight chance your computer will crash.
  • Double click the GMER program ******.exe. Your security programs may detect GMER's driver trying to load. Allow it.
  • You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  • Leaving the settings at default, click Scan.
  • When the scan is complete, click Save and save the log onto your desktop.
Please include the log in your next reply.

With Regards,
The Panda

#6 irish74

irish74
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 20 June 2009 - 01:17 PM

Thanks Panda, I have pasted the OTL log below and attached the GMER log to this reply. I also attached the "extras" log from OTL.


OTL logfile created on: 6/20/2009 10:37:48 AM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\test\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.54 Mb Total Physical Memory | 341.65 Mb Available Physical Memory | 33.41% Memory free
2.40 Gb Paging File | 1.73 Gb Available in Paging File | 72.21% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 101.25 Gb Total Space | 66.73 Gb Free Space | 65.90% Space Free | Partition Type: NTFS
Drive D: | 9.51 Gb Total Space | 1.40 Gb Free Space | 14.69% Space Free | Partition Type: FAT32
Drive E: | 83.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 3.72 Gb Total Space | 3.28 Gb Free Space | 88.20% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CMG-LAPTOP
Current User Name: test
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/06/04 18:51:58 | 01,205,760 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/06/16 22:31:46 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2006/05/12 17:27:16 | 00,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2004/07/22 20:22:28 | 01,433,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/06/17 02:03:36 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2006/03/23 21:48:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2009/06/16 22:31:57 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/06/16 22:31:57 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2006/04/26 15:48:00 | 00,143,427 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2007/10/20 17:20:36 | 00,353,624 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
PRC - [2009/04/21 18:26:52 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
PRC - [2006/04/01 01:01:48 | 00,761,946 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2009/06/16 22:31:52 | 01,948,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/06/17 02:03:36 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2006/06/15 00:11:09 | 00,053,248 | ---- | M] (Alcor Micro, Corp.) -- C:\WINDOWS\system32\DrvMon.exe
PRC - [2008/04/13 20:12:27 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqsvc.exe
PRC - [2006/05/02 18:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2006/10/19 00:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe
PRC - [2008/04/13 20:12:27 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqtgsvc.exe
PRC - [2004/07/22 20:22:34 | 01,470,480 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
PRC - [2007/03/06 13:24:42 | 00,629,248 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.3\J2GTray.exe
PRC - [2009/06/15 10:01:09 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2006/12/14 14:00:40 | 00,712,704 | ---- | M] (LevelOne) -- C:\Program Files\LevelOne\11g Wireless LAN\WLanUtility.exe
PRC - [2009/06/20 10:35:34 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\test\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2006/05/08 13:49:02 | 00,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr [On_Demand | Stopped])
SRV - [2004/07/15 12:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/06/16 22:31:46 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2006/05/12 17:27:16 | 00,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running])
SRV - [2004/07/22 20:22:28 | 01,433,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND [Auto | Running])
SRV - [2009/03/19 16:52:37 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - File not found -- -- (getPlus® Helper [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2006/05/02 18:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [Auto | Running])
SRV - [2005/04/04 03:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/06/17 02:03:36 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006/03/23 21:48:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2008/04/13 20:12:27 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqsvc.exe -- (MSMQ [Auto | Running])
SRV - [2008/04/13 20:12:27 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqtgsvc.exe -- (MSMQTriggers [Auto | Running])
SRV - [2006/04/26 15:48:00 | 00,143,427 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2005/03/14 16:05:02 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Stopped])
SRV - [2007/10/20 17:20:36 | 00,353,624 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe -- (WDFNet [Auto | Running])
SRV - [2009/04/21 18:26:52 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService [Auto | Running])
SRV - [2006/10/19 00:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Running])
SRV - [2009/06/04 18:51:58 | 01,205,760 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe -- (WRConsumerService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2006/06/06 16:39:56 | 00,061,952 | ---- | M] (Ricoh) -- C:\WINDOWS\System32\Drivers\5U870CAP.sys -- (5U870CAP_VID_1262&PID_25FD [On_Demand | Stopped])
DRV - [2008/08/26 18:55:21 | 00,021,035 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2001/08/18 00:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2006/05/10 14:27:00 | 00,036,864 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])
DRV - [2001/08/18 00:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/18 00:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2009/06/16 22:32:16 | 00,327,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/06/16 22:45:35 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/06/16 22:32:21 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2006/04/28 13:12:00 | 00,429,184 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Stopped])
DRV - [2006/05/12 17:19:04 | 01,342,602 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\DRIVERS\btkrnl.sys -- (BTKRNL [On_Demand | Running])
DRV - [2006/05/12 17:16:44 | 00,057,320 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped])
DRV - [2008/01/24 18:47:06 | 00,035,692 | ---- | M] (Cisco Systems) -- C:\WINDOWS\system32\DRIVERS\CdpPacket.sys -- (CdpPacket [Auto | Running])
DRV - [2001/08/18 00:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2003/05/01 16:26:34 | 00,005,220 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\CVirtA.sys -- (CVirtA [On_Demand | Stopped])
DRV - [2004/07/22 20:21:38 | 00,268,874 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\Drivers\CVPNDRVA.sys -- (CVPNDRVA [Auto | Running])
DRV - [2001/08/18 00:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2003/07/24 21:55:50 | 00,139,604 | ---- | M] (Deterministic Networks, Inc.) -- C:\WINDOWS\system32\DRIVERS\dne2000.sys -- (DNE [On_Demand | Running])
DRV - [2005/09/19 17:23:52 | 00,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\DRIVERS\eabfiltr.sys -- (eabfiltr [System | Running])
DRV - [2005/09/19 17:24:20 | 00,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\DRIVERS\eabusb.sys -- (eabusb [On_Demand | Stopped])
DRV - [2005/09/19 17:24:10 | 00,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\DRIVERS\cpqbttn.sys -- (HBtnKey [On_Demand | Running])
DRV - [2006/04/17 16:29:00 | 00,569,856 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService [On_Demand | Running])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/10/27 20:24:28 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Running])
DRV - [2005/10/27 20:24:29 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])
DRV - [2005/10/27 20:24:30 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Running])
DRV - [2006/04/19 21:02:40 | 00,208,000 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
DRV - [2006/04/19 21:03:20 | 00,995,712 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2005/10/13 05:07:12 | 00,874,240 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor [Disabled | Stopped])
DRV - [2006/02/14 16:57:46 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2008/04/13 14:39:44 | 00,092,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC [On_Demand | Running])
DRV - [2001/08/18 00:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2006/04/26 15:48:00 | 03,659,968 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2006/01/26 20:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata [Boot | Running])
DRV - [2006/03/02 20:31:02 | 00,034,176 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2006/03/02 20:31:04 | 00,013,056 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2006/03/05 19:49:36 | 00,011,136 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvsmu.sys -- (nvsmu [On_Demand | Running])
DRV - [2004/08/04 17:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/10/18 17:41:20 | 00,085,848 | ---- | M] (Privacyware/PWI, Inc.) -- C:\WINDOWS\system32\drivers\pwipf6.sys -- (pwipf6 [System | Running])
DRV - [2005/06/20 20:05:58 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/18 00:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/18 00:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/18 00:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2005/11/16 00:28:32 | 00,028,928 | ---- | M] (REDC) -- C:\WINDOWS\system32\DRIVERS\rimmptsk.sys -- (rimmptsk [On_Demand | Running])
DRV - [2005/10/31 21:54:50 | 00,051,584 | ---- | M] (REDC) -- C:\WINDOWS\system32\DRIVERS\rimsptsk.sys -- (rimsptsk [On_Demand | Running])
DRV - [2005/10/31 22:08:00 | 00,308,992 | ---- | M] (REDC) -- C:\WINDOWS\system32\DRIVERS\rixdptsk.sys -- (rismxdp [On_Demand | Running])
DRV - [2008/05/08 10:02:52 | 00,203,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\RMCast.sys -- (RMCAST [On_Demand | Running])
DRV - [2004/08/04 02:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2006/07/04 02:10:28 | 00,178,048 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\DRIVERS\RTL8187.sys -- (RTLWUSB [On_Demand | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2001/08/18 01:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2009/04/21 18:27:02 | 00,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc [Boot | Running])
DRV - [2009/04/21 18:27:04 | 00,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD [Boot | Running])
DRV - [2009/04/21 18:27:04 | 00,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV [Boot | Running])
DRV - [2008/01/05 00:34:36 | 00,023,920 | ---- | M] (Webroot Software Inc (www.webroot.com)) -- C:\WINDOWS\System32\Drivers\sskbfd.sys -- (SSKBFD [On_Demand | Stopped])
DRV - [2001/08/18 01:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/18 01:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2006/09/15 04:27:00 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])
DRV - [2001/08/18 01:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/18 01:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2006/04/01 00:41:40 | 00,193,056 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2008/06/29 13:00:40 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
DRV - [2001/08/18 00:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2008/04/13 14:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2003/08/29 00:40:26 | 00,189,792 | ---- | M] (Zone Labs Inc.) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [On_Demand | Running])
DRV - [2006/04/19 21:02:36 | 00,727,296 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.msn.com"
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.4
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:5.0.20090324W
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.0.2
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/06/16 22:46:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/06/17 02:03:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/06/19 16:02:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/06/19 15:11:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/06/19 16:02:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/06/19 15:11:55 | 00,000,000 | ---D | M]

[2008/12/08 22:59:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\mozilla\Extensions
[2008/12/08 22:59:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/19 10:06:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\mozilla\Firefox\Profiles\ibndx5fk.default\extensions
[2009/04/19 20:59:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\mozilla\Firefox\Profiles\ibndx5fk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/02/08 17:35:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\mozilla\Firefox\Profiles\ibndx5fk.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/04/11 23:59:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\mozilla\Firefox\Profiles\ibndx5fk.default\extensions\foxmarks@kei.com
[2009/03/24 19:44:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\mozilla\Firefox\Profiles\ibndx5fk.default\extensions\moveplayer@movenetworks.com
[2009/06/19 10:06:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/15 10:01:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/04/18 11:59:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/06/17 02:03:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/06/15 10:01:08 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/15 10:01:08 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/12/08 22:59:21 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/08 22:59:21 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/12/08 22:59:21 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/08 22:59:21 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/08 22:59:21 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/08 22:59:21 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (308210 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10609 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe" (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /installquiet /nodetect ()
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RecGuard] "C:\Windows\SMINST\RecGuard.exe" ()
O4 - HKLM..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray (Webroot Software, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" (Synaptics, Inc.)
O4 - HKLM..\Run: [Webroot Desktop Firewall] "C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe" (Webroot Software, Inc.)
O4 - HKCU..\Run: [DrvMon.exe] "C:\WINDOWS\system32\DrvMon.exe" (Alcor Micro, Corp.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\11g Wireless LAN Utility.lnk = C:\Program Files\LevelOne\11g Wireless LAN\WLanUtility.exe (LevelOne)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternatiff.com/install-ie/alttiff.cab (AlternaTIFF ActiveX)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} http://www.fultoncourtrecords.com:7778/for...iator/jinit.exe (JInitiator 1.3.1.22)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O30 - LSA: Authentication Packages - (OWS\s) - File not found
O30 - LSA: Security Packages - (ecurity) - File not found
O30 - LSA: Security Packages - (Packages) - File not found
O30 - LSA: Security Packages - (settings...) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 14:01:14 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2007/07/31 22:28:02 | 00,000,048 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{09b4f03a-6479-11dd-9a17-001b24eb0fba}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{09b4f03a-6479-11dd-9a17-001b24eb0fba}\Shell\Shell00\Command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{09b4f03a-6479-11dd-9a17-001b24eb0fba}\Shell\Shell01\Command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{09b4f03a-6479-11dd-9a17-001b24eb0fba}\Shell\Shell02\Command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{35b7a944-12df-11dd-99e9-001b24eb0fba}\Shell - "" = AutoRun
O33 - MountPoints2\{35b7a944-12df-11dd-99e9-001b24eb0fba}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{35b7a944-12df-11dd-99e9-001b24eb0fba}\Shell\AutoRun\command - "" = F:\Loaderw.exe -- File not found
O33 - MountPoints2\{7e88d6ea-7bff-11da-99b9-001b24eb0fba}\Shell - "" = AutoRun
O33 - MountPoints2\{7e88d6ea-7bff-11da-99b9-001b24eb0fba}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/20 10:36:20 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[2009/06/20 10:39:26 | 00,000,081 | ---- | C] () -- C:\Documents and Settings\test\Desktop\Infected with trojan-phisher-sabanks.gen, MalBehav-284, TrojPDFJs-B, TrojSWFLdr-A and trojan-pws-daonol.URL
[2009/06/20 10:36:20 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\test\Desktop\noeq5c6c.exe
[2009/06/20 10:35:33 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\test\Desktop\OTL.exe
[2009/06/19 15:14:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\test\Application Data\Apple Computer
[2009/06/19 15:11:04 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/06/19 15:10:14 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/06/19 15:09:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/06/19 15:08:37 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/06/19 15:08:11 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/06/19 15:08:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/06/19 12:46:27 | 00,062,976 | ---- | C] () -- C:\Documents and Settings\test\My Documents\AIG Personal ID Coverage.doc
[2009/06/19 09:21:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\test\Desktop\6-19-09
[2009/06/18 13:53:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\test\Desktop\Centene Audit
[2009/06/18 12:12:09 | 00,032,768 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Amy Gramlich credit.doc
[2009/06/18 12:10:54 | 00,053,248 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Stephen Lewis credit.doc
[2009/06/18 11:07:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\test\Desktop\6-18-09
[2009/06/17 15:49:25 | 00,091,334 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Definitions of 08-09 customer insurance.pdf
[2009/06/17 15:10:54 | 00,100,286 | ---- | C] () -- C:\Documents and Settings\test\Desktop\emp ver.tif
[2009/06/17 09:30:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\test\Desktop\6-17-09
[2009/06/17 00:25:11 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/06/16 22:54:47 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/06/16 22:32:22 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/06/16 22:32:22 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/06/16 22:32:21 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/06/16 22:32:16 | 00,327,688 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/06/16 22:32:15 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/06/16 22:32:12 | 37,240,916 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/06/16 22:32:12 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/06/16 22:32:12 | 00,434,673 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/06/16 22:32:12 | 00,083,454 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/06/16 22:32:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/06/16 22:31:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/06/16 22:08:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\test\Desktop\63 Linden photos
[2009/06/16 22:05:47 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/06/16 21:56:23 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/06/16 09:31:47 | 00,047,616 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Centene start up costs.xls
[2009/06/16 08:34:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\test\Desktop\6-16-09
[2009/06/12 16:33:49 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Criminals Completed 6-12pm.xls
[2009/06/12 11:28:21 | 00,355,432 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Amanda Miller.pdf
[2009/06/12 10:51:56 | 00,379,096 | ---- | C] () -- C:\Documents and Settings\test\My Documents\KY candidates.pdf
[2009/06/11 16:15:35 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Criminals Completed 6-11pm.xls
[2009/06/10 16:28:29 | 00,067,258 | ---- | C] () -- C:\Documents and Settings\test\Desktop\Debbie Evitts release.TIF
[2009/06/10 10:24:30 | 00,039,936 | ---- | C] () -- C:\Documents and Settings\test\My Documents\NAIC Cover Letter.doc
[2009/06/10 10:08:02 | 00,039,339 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Lynch, Richard.pdf
[2009/06/10 10:05:53 | 00,165,888 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Lynch, Richard.xls
[2009/06/09 17:49:41 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\test\Desktop\INS Affidavit.doc
[2009/06/09 16:06:45 | 00,134,908 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Michael Vido release.TIF
[2009/06/09 14:14:26 | 00,185,429 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Ajay Konda - SD.pdf
[2009/06/09 13:00:07 | 00,034,394 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Centene MOU.TIF
[2009/06/09 12:17:23 | 00,020,662 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Centene MOU - signed by DHS.TIF
[2009/06/09 12:15:34 | 00,097,280 | ---- | C] () -- C:\Documents and Settings\test\Desktop\daclientmou.doc
[2009/06/09 11:20:24 | 00,044,378 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Ryan, Debra.pdf
[2009/06/09 11:18:51 | 00,029,895 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Shaw, Marilee.pdf
[2009/06/09 11:15:20 | 00,348,672 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Shaw, Marilee.xls
[2009/06/09 11:10:45 | 00,334,336 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Ryan, Debra.xls
[2009/06/09 11:08:10 | 00,037,376 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Marilee Shaw credit.doc
[2009/06/09 11:07:34 | 00,058,880 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Debra Ryan credit.doc
[2009/06/08 15:24:01 | 00,037,200 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Duplicate Match Result for ...tif
[2009/06/08 14:13:30 | 00,356,144 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Melissa Mullen.pdf
[2009/06/06 13:43:50 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\test\Desktop\HijackThis.lnk
[2009/06/06 13:43:50 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/06/06 13:21:14 | 00,223,368 | ---- | C] () -- C:\Documents and Settings\test\Desktop\CrucialScan.exe
[2009/06/05 17:35:45 | 00,045,537 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Desotel, Jason.pdf
[2009/06/05 17:25:08 | 00,352,768 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Desotel, Jason.xls
[2009/06/04 18:51:57 | 00,001,641 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spy Sweeper.lnk
[2009/06/04 13:52:35 | 00,012,868 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Jason Desotel credit.pdf
[2009/06/04 13:51:42 | 00,063,488 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Jason Desotel credit.doc
[2009/06/04 12:52:19 | 00,393,374 | ---- | C] () -- C:\Documents and Settings\test\Desktop\Newt invite.tif
[2009/06/04 12:50:51 | 00,091,558 | ---- | C] () -- C:\Documents and Settings\test\Desktop\GPG_Rental_Signature_Release_-_Fill_In-J.D..pdf
[2009/06/04 10:04:27 | 00,029,929 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Jacobs-Desotel, Nancy.pdf
[2009/06/04 10:02:15 | 00,348,672 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Jacobs-Desotel, Nancy.xls
[2009/06/04 09:07:01 | 03,894,336 | ---- | C] (Webroot Software, Inc. ) -- C:\Documents and Settings\test\Desktop\DesktopFirewallRegSetup(3).exe
[2009/06/04 08:57:39 | 00,088,354 | ---- | C] () -- C:\Documents and Settings\test\Desktop\GPG_Rental_Signature_Release_-_Fill_In1.pdf
[2009/06/03 17:54:03 | 00,036,700 | ---- | C] () -- C:\Documents and Settings\test\My Documents\CT State Police Fingerprint Check.pdf
[2009/06/03 08:57:42 | 00,678,944 | ---- | C] () -- C:\Documents and Settings\test\Desktop\Centene app.TIF
[2009/06/02 14:28:09 | 00,041,352 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Montanye, Matthew.pdf
[2009/06/02 14:26:39 | 00,349,184 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Montanye, Matthew.xls
[2009/06/02 12:38:43 | 00,029,875 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Smith, Christopher.pdf
[2009/06/02 12:26:59 | 00,348,672 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Smith, Christopher.xls
[2009/06/02 12:16:34 | 00,360,448 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Flick, David.xls
[2009/06/02 10:44:44 | 00,007,698 | ---- | C] () -- C:\Documents and Settings\test\My Documents\David L Flick Fed #3.pdf
[2009/06/02 10:36:31 | 00,011,574 | ---- | C] () -- C:\Documents and Settings\test\My Documents\David L Flick Fed #2.pdf
[2009/06/02 10:28:55 | 00,015,521 | ---- | C] () -- C:\Documents and Settings\test\My Documents\David L Flick Fed #1.pdf
[2009/06/02 00:02:02 | 00,030,720 | ---- | C] () -- C:\Documents and Settings\test\My Documents\006-Phillips.doc
[2009/06/01 16:48:20 | 00,023,040 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Criminals Completed 6-1pm-2.xls
[2009/06/01 16:09:09 | 00,023,552 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Criminals Completed 6-1pm.xls
[2009/05/29 17:02:01 | 00,029,906 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Kent, Aaron.pdf
[2009/05/29 15:58:59 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Maxwell - Wise details.doc
[2009/05/29 09:56:17 | 00,029,755 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Villagrana, Everardo.pdf
[2009/05/29 09:55:07 | 00,347,648 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Villagrana, Everardo.xls
[2009/05/29 07:57:59 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\test\My Documents\010-Mitchell.doc
[2009/05/29 07:25:36 | 00,007,343 | ---- | C] () -- C:\Documents and Settings\test\My Documents\019-Winder.rtf
[2009/05/28 17:58:18 | 00,029,926 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Wilson, Barbara.pdf
[2009/05/28 17:55:08 | 00,349,184 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Wilson, Barbara.xls
[2009/05/28 11:05:21 | 00,014,848 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Criminal Costs-Tracking-5-28-09.xls
[2009/05/26 17:24:16 | 00,227,328 | ---- | C] () -- C:\Documents and Settings\test\Desktop\Doc1.doc
[2009/05/26 15:57:46 | 00,062,000 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Roger Bedoya Adverse Letter.pdf
[2009/05/26 15:28:11 | 00,369,056 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Corey Higgins Adverse letter.pdf
[2009/05/22 13:46:48 | 00,049,664 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Disposition Explanations.doc
[2009/05/22 11:29:38 | 00,353,280 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Oseguera, Gerardo.xls
[2009/05/22 11:26:11 | 00,352,256 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Tillman, Laurie.xls
[2009/05/21 20:04:43 | 00,072,704 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Vi-Jon MOU.doc
[2009/05/21 19:55:12 | 00,092,681 | ---- | C] () -- C:\Documents and Settings\test\My Documents\ViJon EVerify documentation.pdf
[2009/05/21 19:47:44 | 00,030,596 | ---- | C] () -- C:\Documents and Settings\test\My Documents\daclientmou.tif
[2009/05/21 19:10:32 | 00,226,816 | ---- | C] () -- C:\Documents and Settings\test\Desktop\Muniz, Michael.xls
[2009/05/21 18:26:45 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\test\My Documents\credit ref.doc
[2009/05/21 10:57:49 | 00,356,226 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Stacey Bandy.pdf
[2009/04/21 18:26:56 | 00,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/02/02 12:14:26 | 00,036,962 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2008/03/31 13:03:51 | 00,143,384 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008/03/28 20:56:40 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/09/15 04:55:55 | 00,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/09/15 04:51:20 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/09/15 04:39:49 | 00,000,628 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/15 04:34:35 | 00,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/05/12 17:23:22 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006/05/10 17:51:00 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/10 17:01:12 | 00,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/05/10 16:57:30 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/05/10 16:37:16 | 00,000,658 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/05/10 09:28:16 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2006/04/26 15:48:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/04/26 15:48:00 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/04/26 15:48:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/04/26 15:48:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/04/26 15:48:00 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/12/02 14:09:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/05 22:06:32 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2004/09/16 16:24:26 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2003/01/07 18:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/16 03:29:04 | 00,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 22:18:00 | 00,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 17:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/07/06 20:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Files - Modified Within 30 Days ==========

[8 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/06/20 10:39:26 | 00,000,081 | ---- | M] () -- C:\Documents and Settings\test\Desktop\Infected with trojan-phisher-sabanks.gen, MalBehav-284, TrojPDFJs-B, TrojSWFLdr-A and trojan-pws-daonol.URL
[2009/06/20 10:36:20 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\test\Desktop\noeq5c6c.exe
[2009/06/20 10:35:34 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\test\Desktop\OTL.exe
[2009/06/19 17:46:42 | 00,253,952 | ---- | M] () -- C:\Documents and Settings\test\My Documents\GPG Criminal Database 10-07.xls
[2009/06/19 15:11:06 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/06/19 15:08:38 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/06/19 12:46:28 | 00,062,976 | ---- | M] () -- C:\Documents and Settings\test\My Documents\AIG Personal ID Coverage.doc
[2009/06/19 12:00:28 | 00,001,626 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L6ECE1C8AE23946E9A60488D5A03645B0.job
[2009/06/19 09:23:33 | 00,121,338 | ---- | M] () -- C:\Documents and Settings\test\My Documents\CG Query.rtf
[2009/06/19 09:22:41 | 00,196,478 | ---- | M] () -- C:\Documents and Settings\test\My Documents\JH Query.rtf
[2009/06/19 09:01:04 | 00,457,446 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/06/19 09:01:04 | 00,394,542 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/06/19 09:01:04 | 00,056,968 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/06/19 08:56:23 | 00,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/06/19 08:56:16 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/06/19 08:56:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/19 08:56:03 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/19 08:55:58 | 10,722,79552 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/18 18:57:23 | 37,240,916 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/06/18 18:57:07 | 00,083,454 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/06/18 14:02:43 | 13,144,064 | ---- | M] () -- C:\Documents and Settings\test\My Documents\2008-2009 Tracker.mdb
[2009/06/18 12:12:09 | 00,032,768 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Amy Gramlich credit.doc
[2009/06/18 12:10:54 | 00,053,248 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Stephen Lewis credit.doc
[2009/06/17 15:49:25 | 00,091,334 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Definitions of 08-09 customer insurance.pdf
[2009/06/17 15:10:54 | 00,100,286 | ---- | M] () -- C:\Documents and Settings\test\Desktop\emp ver.tif
[2009/06/16 22:45:35 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/06/16 22:32:22 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/06/16 22:32:22 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/06/16 22:32:21 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/06/16 22:32:16 | 00,327,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/06/16 22:32:12 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/06/16 22:32:12 | 00,434,673 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/06/16 18:40:29 | 00,047,616 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Centene start up costs.xls
[2009/06/16 17:31:09 | 24,612,864 | ---- | M] () -- C:\Documents and Settings\test\My Documents\CH Request Database.mdb
[2009/06/16 17:30:49 | 12,886,016 | ---- | M] () -- C:\Documents and Settings\test\My Documents\BGC Tracker Thru 12-2007.mdb
[2009/06/16 14:27:43 | 00,005,567 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Invoice Gen - Narrative #3.rtf
[2009/06/16 12:04:46 | 00,015,360 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Criminal Costs-Tracking.xls
[2009/06/14 14:12:42 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/12 16:33:49 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Criminals Completed 6-12pm.xls
[2009/06/12 16:20:55 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Criminals Completed 6-11pm.xls
[2009/06/12 11:28:21 | 00,355,432 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Amanda Miller.pdf
[2009/06/12 10:51:57 | 00,379,096 | ---- | M] () -- C:\Documents and Settings\test\My Documents\KY candidates.pdf
[2009/06/12 09:10:53 | 00,325,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/12 08:53:01 | 00,000,658 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/06/12 08:51:35 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/06/10 16:28:31 | 00,067,258 | ---- | M] () -- C:\Documents and Settings\test\Desktop\Debbie Evitts release.TIF
[2009/06/10 11:31:23 | 00,002,521 | ---- | M] () -- C:\Documents and Settings\test\Desktop\Microsoft Office Outlook 2003.lnk
[2009/06/10 10:24:30 | 00,039,936 | ---- | M] () -- C:\Documents and Settings\test\My Documents\NAIC Cover Letter.doc
[2009/06/10 10:08:02 | 00,039,339 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Lynch, Richard.pdf
[2009/06/10 10:07:49 | 00,165,888 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Lynch, Richard.xls
[2009/06/09 18:09:35 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\test\Desktop\INS Affidavit.doc
[2009/06/09 16:06:46 | 00,134,908 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Michael Vido release.TIF
[2009/06/09 14:14:26 | 00,185,429 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Ajay Konda - SD.pdf
[2009/06/09 13:00:08 | 00,034,394 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Centene MOU.TIF
[2009/06/09 12:55:52 | 00,065,536 | -HS- | M] () -- C:\Documents and Settings\test\Desktop\Thumbs.db
[2009/06/09 12:17:24 | 00,020,662 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Centene MOU - signed by DHS.TIF
[2009/06/09 12:15:35 | 00,097,280 | ---- | M] () -- C:\Documents and Settings\test\Desktop\daclientmou.doc
[2009/06/09 11:20:24 | 00,044,378 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Ryan, Debra.pdf
[2009/06/09 11:20:01 | 00,334,336 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Ryan, Debra.xls
[2009/06/09 11:18:51 | 00,029,895 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Shaw, Marilee.pdf
[2009/06/09 11:18:28 | 00,348,672 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Shaw, Marilee.xls
[2009/06/09 11:08:53 | 00,037,376 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Marilee Shaw credit.doc
[2009/06/09 11:07:34 | 00,058,880 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Debra Ryan credit.doc
[2009/06/08 15:24:02 | 00,037,200 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Duplicate Match Result for ...tif
[2009/06/08 14:13:30 | 00,356,144 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Melissa Mullen.pdf
[2009/06/08 09:46:18 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\test\My Documents\CMG Contacts While I'm Out.xls
[2009/06/06 13:43:50 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\test\Desktop\HijackThis.lnk
[2009/06/06 13:21:14 | 00,223,368 | ---- | M] () -- C:\Documents and Settings\test\Desktop\CrucialScan.exe
[2009/06/05 17:35:45 | 00,045,537 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Desotel, Jason.pdf
[2009/06/05 17:31:25 | 00,352,768 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Desotel, Jason.xls
[2009/06/04 21:49:14 | 00,308,210 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090617-021128.backup
[2009/06/04 21:49:14 | 00,308,210 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090617-083443.backup
[2009/06/04 21:49:14 | 00,308,210 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090617-021204.backup
[2009/06/04 21:49:14 | 00,308,210 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/06/04 18:51:57 | 00,001,641 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spy Sweeper.lnk
[2009/06/04 18:47:10 | 00,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/06/04 18:45:03 | 00,308,210 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090604-214914.backup
[2009/06/04 18:44:36 | 00,308,210 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090604-184503.backup
[2009/06/04 18:44:24 | 00,308,210 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090604-184436.backup
[2009/06/04 18:26:31 | 00,308,210 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090604-184424.backup
[2009/06/04 17:02:15 | 00,029,755 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Villagrana, Everardo.pdf
[2009/06/04 17:01:58 | 00,347,648 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Villagrana, Everardo.xls
[2009/06/04 13:52:35 | 00,012,868 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Jason Desotel credit.pdf
[2009/06/04 13:51:42 | 00,063,488 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Jason Desotel credit.doc
[2009/06/04 12:52:20 | 00,393,374 | ---- | M] () -- C:\Documents and Settings\test\Desktop\Newt invite.tif
[2009/06/04 12:50:51 | 00,091,558 | ---- | M] () -- C:\Documents and Settings\test\Desktop\GPG_Rental_Signature_Release_-_Fill_In-J.D..pdf
[2009/06/04 11:29:00 | 00,001,516 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Invoice Gen - Narrative #1.rtf
[2009/06/04 10:04:27 | 00,029,929 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Jacobs-Desotel, Nancy.pdf
[2009/06/04 10:04:13 | 00,348,672 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Jacobs-Desotel, Nancy.xls
[2009/06/04 09:07:18 | 03,894,336 | ---- | M] (Webroot Software, Inc. ) -- C:\Documents and Settings\test\Desktop\DesktopFirewallRegSetup(3).exe
[2009/06/04 08:57:39 | 00,088,354 | ---- | M] () -- C:\Documents and Settings\test\Desktop\GPG_Rental_Signature_Release_-_Fill_In1.pdf
[2009/06/03 18:21:33 | 00,002,822 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Invoice Gen - Narrative #2.rtf
[2009/06/03 17:54:03 | 00,036,700 | ---- | M] () -- C:\Documents and Settings\test\My Documents\CT State Police Fingerprint Check.pdf
[2009/06/03 08:57:43 | 00,678,944 | ---- | M] () -- C:\Documents and Settings\test\Desktop\Centene app.TIF
[2009/06/02 14:29:56 | 00,041,352 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Montanye, Matthew.pdf
[2009/06/02 14:27:21 | 00,349,184 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Montanye, Matthew.xls
[2009/06/02 12:38:43 | 00,029,875 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Smith, Christopher.pdf
[2009/06/02 12:37:35 | 00,348,672 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Smith, Christopher.xls
[2009/06/02 12:16:34 | 00,360,448 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Flick, David.xls
[2009/06/02 10:44:44 | 00,007,698 | ---- | M] () -- C:\Documents and Settings\test\My Documents\David L Flick Fed #3.pdf
[2009/06/02 10:36:31 | 00,011,574 | ---- | M] () -- C:\Documents and Settings\test\My Documents\David L Flick Fed #2.pdf
[2009/06/02 10:28:55 | 00,015,521 | ---- | M] () -- C:\Documents and Settings\test\My Documents\David L Flick Fed #1.pdf
[2009/06/02 00:02:02 | 00,030,720 | ---- | M] () -- C:\Documents and Settings\test\My Documents\006-Phillips.doc
[2009/06/01 16:48:20 | 00,023,040 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Criminals Completed 6-1pm-2.xls
[2009/06/01 16:09:09 | 00,023,552 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Criminals Completed 6-1pm.xls
[2009/06/01 12:51:12 | 23,635,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/06/01 10:13:32 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Maxwell - Wise details.doc
[2009/05/29 17:02:01 | 00,029,906 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Kent, Aaron.pdf
[2009/05/29 07:57:59 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\test\My Documents\010-Mitchell.doc
[2009/05/29 07:25:36 | 00,007,343 | ---- | M] () -- C:\Documents and Settings\test\My Documents\019-Winder.rtf
[2009/05/28 17:58:19 | 00,029,926 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Wilson, Barbara.pdf
[2009/05/28 17:57:59 | 00,349,184 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Wilson, Barbara.xls
[2009/05/28 11:05:46 | 00,014,848 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Criminal Costs-Tracking-5-28-09.xls
[2009/05/26 17:24:16 | 00,227,328 | ---- | M] () -- C:\Documents and Settings\test\Desktop\Doc1.doc
[2009/05/26 15:57:46 | 00,062,000 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Roger Bedoya Adverse Letter.pdf
[2009/05/26 15:35:06 | 00,369,056 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Corey Higgins Adverse letter.pdf
[2009/05/22 14:14:38 | 00,049,664 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Disposition Explanations.doc
[2009/05/22 12:51:34 | 00,353,280 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Oseguera, Gerardo.xls
[2009/05/22 12:05:18 | 00,352,256 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Tillman, Laurie.xls
[2009/05/21 20:04:43 | 00,072,704 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Vi-Jon MOU.doc
[2009/05/21 19:55:13 | 00,092,681 | ---- | M] () -- C:\Documents and Settings\test\My Documents\ViJon EVerify documentation.pdf
[2009/05/21 19:47:44 | 00,030,596 | ---- | M] () -- C:\Documents and Settings\test\My Documents\daclientmou.tif
[2009/05/21 19:12:32 | 00,226,816 | ---- | M] () -- C:\Documents and Settings\test\Desktop\Muniz, Michael.xls
[2009/05/21 18:26:45 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\test\My Documents\credit ref.doc
[2009/05/21 10:57:49 | 00,356,226 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Stacey Bandy.pdf
< End of report >

Attached Files



#7 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:36 PM

Posted 21 June 2009 - 08:43 AM

Hello.

Surprisingly, that log looks clean.

Download and run MalwareBytes Anti-Malware
If you already have MBAM installed, simply update and run a quick scan.

Please download Malwarebytes Anti-Malware setup and to your desktop.
alternate download link 1
alternate download link 2

Refer to the steps given here on installing MalwareBytes, running the scan, and saving the log file (not on using File Assasin).
  • If you have trouble updating, try the other mirror download site.
  • Should the computer in question not be able update using the normal method download the update file from here, using another machine if needed. Simply double click the file to install the updates.
  • If MalwareBytes asks to reboot to remove certain items, do so right away.
Please include the scan logfile in your next reply.
With Regards,
The Panda

#8 irish74

irish74
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 21 June 2009 - 02:33 PM

No threats found.... What about those O1 objects found in the previous scan? Thanks for your help...

Malwarebytes' Anti-Malware 1.38
Database version: 2319
Windows 5.1.2600 Service Pack 3

6/21/2009 3:31:25 PM
mbam-log-2009-06-21 (15-31-25).txt

Scan type: Full Scan (C:\|D:\|F:\|)
Objects scanned: 243323
Time elapsed: 1 hour(s), 16 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#9 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:36 PM

Posted 21 June 2009 - 03:18 PM

Hello.

The O1 entries list lines in the hosts file. It looks like you have a custom malicious site blocking hosts file installed.

Download and Run ATFCleaner
Please download ATF Cleaner by Atribune. This program will clear out temporary files and settings. You will likely be logged out of the forum where you are recieving help.
  • Double-click ATF-Cleaner.exe to run the program. If you are using Windows Vista, right click the icon and select Run As Administrator.
  • Under Main Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
F-Secure Online Scan
Please run F-Secure Online Scanner.
This scan is for Internet Explorer only.
  • It is suggested that you disable security programs and close any other windows during the scan. While your security is disabled, please refrain from surfing on other sites. Refer to this page if you are unsure how.
  • Go to F-Secure Online Scanner
  • Follow the instructions here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs, click Full System Scan
  • Once the download completes, the scan will begin automatically. The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy the entire report in your next reply.
  • Be sure to re-enable any security programs.

With Regards,
The Panda

#10 irish74

irish74
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 21 June 2009 - 05:50 PM

Hi Panda, thaks for all your help so far... I ran ATF and removed all files. I then ran F-Secure and it reported no problems, scan log below... Thanks.



Scanning Report
Sunday, June 21, 2009 17:53:09 - 18:44:03

Computer name: CMG-LAPTOP
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\ D:\
No malware found
Statistics
Scanned:

* Files: 65249
* System: 5219
* Not scanned: 8

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* Not cleaned: 0
* Submitted: 0

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\SSIEFR.EXE
* C:\WINDOWS\SYSTEM32\WRLZMA.DLL
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

Options
Scanning engines:

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use advanced heuristics

#11 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:36 PM

Posted 22 June 2009 - 07:07 AM

Hello.

Please keep my updated on the symptoms.

Are you still getting detections? If so, what files are being flagged?

With Regards,
The Panda

#12 irish74

irish74
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 22 June 2009 - 10:48 PM

Hi Panda, scans are coming back clean. I think I may be dealing with just the aftermath now of what the trojans changed in the system: this is what has been messed up, any suggestions as I am thinking of a complete re-install at this stage:

- Firefox pretty slow, sometimes very slow to shut down
- Spysweeper frequently reporting it is blocking traffic to websites, even with browser closed
- Around the first time of infection (couple of weeks ago) a single vertical line one pixel wide appeared on the monitor. stays on all screens, even after re-boot.
- Audio card not working, only sounds are system sounds that have been reduced to a single basic beep.

Any thoughts on these observations? Thanks again for all your help, much appreciated!

#13 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:36 PM

Posted 23 June 2009 - 11:03 AM

Hello.

That may be, though it is not typical of the damage caused by malware.

If a reinstall is an option, I would suggest you go with that.

Otherwise, we can try to trouble shoot those issues.

With Regards,
The Panda

#14 irish74

irish74
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 23 June 2009 - 11:44 PM

Hi Panda, I went for the full reinstall... couldn't take it anymore!!! ;)

Thanks for all your help, I really appreciate it! You're a star!!

#15 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:36 PM

Posted 24 June 2009 - 02:49 PM

Good choice.

Since the member is reinstalling, this topic is now closed.

Everyone else, please begin a new topic.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users