Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: Spybot doesn't remove win32.fraudload.edt. Please help!

  1. #1
    Junior Member
    Join Date
    Nov 2009
    Posts
    9

    Default Spybot doesn't remove win32.fraudload.edt. Please help!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:06:13 PM, on 11/29/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Kodak\printer\center\KodakSvc.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\WINDOWS\SYSTEM32\WISPTIS.EXE
    C:\WINDOWS\System32\tabbtnu.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\JProcter\Desktop\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
    O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
    O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [Snippet] "C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" /i
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'Default user')
    O4 - S-1-5-18 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'SYSTEM')
    O4 - .DEFAULT Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'Default user')
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedIn...derControl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1189394558921
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1189394541046
    O16 - DPF: {8E66A776-A350-4D69-8783-906DB0E6DF14} (Jaunt Class) - http://download.jaunt.com/public/jaunt.cab
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
    O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O20 - AppInit_DLLs: cru629.dat
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Kodak AiO Device Service (KodakSvc) - SDSD - C:\Program Files\Kodak\printer\center\KodakSvc.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

    --
    End of file - 11099 bytes

  2. #2
    Security Expert
    Join Date
    Aug 2007
    Posts
    1,877

    Default

    Hello and welcome to Safer Networking.

    My name is km2357 and I will be helping you to remove any infection(s) that you may have.

    I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

    If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

    Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

    Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.


    Step # 1 Download and run DDS

    Download DDS and save it to your desktop from here or here.
    Disable any script blocker, and then double click dds.scr to run the tool.
    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt
    • Save both reports to your desktop. Post them back to your topic.




    Step # 2: Download and Run Gmer

    Please download gmer.zip from Gmer and save it to your desktop.

    ***Please close any open programs ***

    Double-click gmer.exe. The program will begin to run.

    **Caution**
    These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst


    If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
    • Click No.
    • Once the scan is complete, you may receive another notice about rootkit activity.
    • Click OK.
    • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

    If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.
    • Click the Scan button and let the program do its work. GMER will produce a log.
    • Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.


    DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

    Please post the results from the GMER scan in your reply.


    In your next post/reply, I need to see the following:

    1. The two DDS Logs (DDS and Attach.txt)
    2. The GMER Log

    Use multiple posts if you can't fit everything into one post.
    Malware Removal University Master
    Member of ASAP & UNITE

  3. #3
    Junior Member
    Join Date
    Nov 2009
    Posts
    9

    Default

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:06:13 PM, on 11/29/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Kodak\printer\center\KodakSvc.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\WINDOWS\SYSTEM32\WISPTIS.EXE
    C:\WINDOWS\System32\tabbtnu.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\JProcter\Desktop\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
    O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
    O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [Snippet] "C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" /i
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'Default user')
    O4 - S-1-5-18 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'SYSTEM')
    O4 - .DEFAULT Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'Default user')
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedIn...derControl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1189394558921
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1189394541046
    O16 - DPF: {8E66A776-A350-4D69-8783-906DB0E6DF14} (Jaunt Class) - http://download.jaunt.com/public/jaunt.cab
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
    O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O20 - AppInit_DLLs: cru629.dat
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Kodak AiO Device Service (KodakSvc) - SDSD - C:\Program Files\Kodak\printer\center\KodakSvc.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

    --
    End of file - 11099 bytes
    *******************************
    DDS (Ver_09-12-01.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/30/2006 8:13:18 PM
    System Uptime: 12/1/2009 7:46:29 AM (15 hours ago)

    Motherboard: Gateway | |
    Processor: Intel(R) Pentium(R) M processor 1.73GHz | uFCPGA2 | 1729/533mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 68 GiB total, 51.039 GiB free.
    D: is FIXED (FAT32) - 7 GiB total, 4.568 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: 1394 Net Adapter
    Device ID: V1394\NIC1394\1000D201E0B806
    Manufacturer: Microsoft
    Name: 1394 Net Adapter
    PNP Device ID: V1394\NIC1394\1000D201E0B806
    Service: NIC1394

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    7200
    7200_Help
    7200Trb
    Adobe Acrobat 7.0 Standard - English, Franšais, Deutsch
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Agilix GoBinder Lite
    AiO_Scan
    aiofw
    aioocr
    aioprnt
    aioscnnr
    AiOSoftware
    Apple Mobile Device Support
    Apple Software Update
    AviSynth 2.5
    Bonjour
    BufferChm
    center
    Cisco Systems VPN Client 4.6.02.0011
    Compatibility Pack for the 2007 Office system
    Conexant AC-Link Audio
    Copy
    CP_AtenaShokunin1Config
    cp_dwShrek2Albums1
    cp_dwShrek2Cards1
    CreativeProjects
    CreativeProjectsTemplates
    CueTour
    Data Fax SoftModem with SmartCP
    Destinations
    Director
    DocProc
    DocumentViewer
    DVD Decrypter (Remove Only)
    ERUNT 1.1j
    ESSBrwr
    ESSCDBK
    ESScore
    ESSgui
    ESSini
    ESSPCD
    ESSSONIC
    ESSTOOLS
    essvatgt
    Fax
    HDD TWAIN Driver Ver2
    Help_CTR
    helptut
    helpug
    HijackThis 2.0.2
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB893357)
    Hotfix for Windows XP (KB895953)
    Hotfix for Windows XP (KB896344)
    Hotfix for Windows XP (KB906569)
    Hotfix for Windows XP (KB909394)
    Hotfix for Windows XP (KB914440)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB926239)
    Hotfix for Windows XP (KB927891)
    Hotfix for Windows XP (KB935448)
    Hotfix for Windows XP (KB935843)
    HP Image Zone 4.7
    HP Product Assistant
    HP PSC & OfficeJet 4.7
    HP Software Update
    HPSystemDiagnostics
    InstantShare
    Intel(R) Graphics Media Accelerator Driver for Mobile
    Intel(R) PROSet/Wireless Software
    kgcbase
    kgchday
    kgcinvt
    kgcvday
    ksdip
    LEGO« MINDSTORMS« NXT - English Language Pack
    LEGO« MINDSTORMS« NXT Software v1.0
    Logitech QuickCam
    Logitech QuickCam Driver Package
    Logitech« Camera Driver
    mCore
    mDriver
    mDrWiFi
    mHelp
    Microsoft .NET Framework 1.0 Hotfix (KB887998)
    Microsoft .NET Framework 1.0 Hotfix (KB930494)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0
    Microsoft ActiveSync 4.0
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Digital Image Library 9 - Blocker
    Microsoft Digital Image Starter Edition 2006
    Microsoft Digital Image Starter Edition 2006 Editor
    Microsoft Digital Image Starter Edition 2006 Library
    Microsoft Education Pack for Windows XP Tablet PC Edition
    Microsoft Energy Blue Theme Pack
    Microsoft Experience Pack for Tablet PC
    Microsoft Ink Desktop
    Microsoft IntelliPoint 5.3
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Media Transfer
    Microsoft National Language Support Downlevel APIs
    Microsoft Office OneNote 2003
    Microsoft Office Professional Edition 2003
    Microsoft Silverlight
    Microsoft Snipping Tool 2.0
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    mIWA
    mIWCA
    mLogView
    mMHouse
    Move Media Player
    mPfMgr
    mPfWiz
    mProSafe
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    mWlsSafe
    mXML
    mZConfig
    Napster Burn Engine
    Nero BurnRights
    Nero OEM
    netbrdg
    Notifier
    OfotoXMI
    PanoStandAlone
    PDFCreator
    PhotoGallery
    PL-2303 USB-to-Serial
    PowerDVD
    ProductContext
    QFolder
    Readme
    Recovery Software Suite Gateway
    Scan
    ScannerCopy
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB896688)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899588)
    Security Update for Windows XP (KB899589)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB903235)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB905915)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB908531)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913446)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921503)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922760)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB938829)
    Security Update for Windows XP (KB941202)
    SFR
    SHASTA
    SKIN0001
    SkinsHP1
    SKINXSDK
    Spybot - Search & Destroy
    staticcr
    Synaptics Pointing Device Driver
    Tablet PC Tutorials for Microsoft Windows XP SP2
    Texas Instruments PCIxx21/x515 drivers.
    TIxx21
    tooltips
    TrayApp
    Unload
    Update for Windows XP (KB894391)
    Update for Windows XP (KB896727)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB904942)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920342)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB925876)
    Update for Windows XP (KB929338)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Update for Windows XP (KB933360)
    Update for Windows XP (KB936357)
    Update for Windows XP (KB938828)
    VPRINTOL
    WebFldrs XP
    WebReg
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Live Sign-in Assistant
    Windows Media Format 11 runtime
    Windows Media Player 10 Hotfix - KB894476
    Windows Media Player 11
    Windows XP Hotfix - KB834707
    Windows XP Hotfix - KB867282
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB884020
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888239
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890047
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB890923
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB893066
    Windows XP Hotfix - KB893086
    WIRELESS

    ==== Event Viewer Messages From Past Week ========

    12/1/2009 9:10:48 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0013CECA369B. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    11/28/2009 3:04:34 PM, error: NetBT [4321] - The name "MSHOME :1d" could not be registered on the Interface with IP address 192.168.0.2. The machine with the IP address 192.168.0.12 did not allow the name to be claimed by this machine.
    11/28/2009 10:51:56 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{2FC616AF-3054-43F6-96DF-3D895E28177B} because another computer on the network has the same name. The server could not start.
    11/27/2009 9:03:06 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
    11/27/2009 11:44:07 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    11/27/2009 11:40:39 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    11/27/2009 11:31:34 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    11/27/2009 11:29:19 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    11/27/2009 11:24:57 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 Beep Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
    11/27/2009 11:24:57 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    11/27/2009 11:24:57 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/27/2009 11:24:57 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/27/2009 11:24:57 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    11/27/2009 11:24:57 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/27/2009 11:24:57 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/27/2009 1:28:25 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Beep Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
    11/27/2009 1:13:02 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep Cdr4_xp Cdrom Imapi redbook
    11/26/2009 2:05:33 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    11/26/2009 11:01:02 AM, error: Service Control Manager [7031] - The AVG8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

    ==== End Of File ===========================

    DDS (Ver_09-12-01.01) - NTFSx86
    Run by JProcter at 22:23:03.28 on Tue 12/01/2009
    Internet Explorer: 7.0.5730.11
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.532 [GMT -6:00]

    FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Kodak\printer\center\KodakSvc.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\WINDOWS\SYSTEM32\WISPTIS.EXE
    C:\WINDOWS\System32\tabbtnu.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\JProcter\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://www.google.com
    mDefault_Search_URL = hxxp://www.google.com/ie
    mSearch Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    mRun: [TabletWizard] c:\windows\help\SplshWrp.exe
    mRun: [TabletTip] "c:\program files\common files\microsoft shared\ink\tabtip.exe" /resume
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
    mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
    mRun: [Snippet] "c:\program files\microsoft experience pack\snipping tool\SnippingTool.exe" /i
    mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
    mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
    mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
    mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
    mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
    mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
    mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
    dRun: [TabletWizard] %windir%\help\wizard.hta
    dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
    StartupFolder: c:\docume~1\jprocter\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    uPolicies-system: EnableProfileQuota = 1 (0x1)
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189394558921
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189394541046
    DPF: {8E66A776-A350-4D69-8783-906DB0E6DF14} - hxxp://download.jaunt.com/public/jaunt.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
    DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://ak.imgag.com/imgag/cp/install/Crusher.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Notify: igfxcui - igfxsrvc.dll
    Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
    Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll
    Notify: TabBtnWL - TabBtnWL.dll
    Notify: tpgwlnotify - tpgwlnot.dll
    AppInit_DLLs: cru629.dat
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ============= SERVICES / DRIVERS ===============

    R2 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\printer\center\KodakSvc.exe [2007-3-22 9728]
    R3 FinePnt;FinePoint Innovations HID Driver;c:\windows\system32\drivers\FpHidDrv.sys [2006-1-20 17280]
    R3 MSTabBtn;Tablet PC Buttons HID Driver;c:\windows\system32\drivers\MSTabBtn.sys [2006-1-20 9600]
    S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2005-6-21 69692]
    S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [2006-3-10 39424]
    S3 RDID1070;Roland SonicCell;c:\windows\system32\drivers\RDWM1070.sys [2009-1-2 135424]
    S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2004-10-27 278384]

    =============== Created Last 30 ================

    2009-11-27 19:00:22 0 d-----w- c:\docume~1\alluse~1\applic~1\Avg8
    2009-11-23 02:57:43 0 d-----w- c:\program files\Spybot - Search & Destroy
    2009-11-23 02:57:43 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

    ==================== Find3M ====================

    2007-07-18 02:10:36 5154304 ----a-w- c:\program files\WindowsDefender.msi

    ============= FINISH: 22:23:26.53 ===============
    GMER 1.0.15.15252 - http://www.gmer.net
    Rootkit quick scan 2009-12-01 22:34:12
    Windows 5.1.2600 Service Pack 2
    Running: gmer.exe; Driver: C:\DOCUME~1\JProcter\LOCALS~1\Temp\fwlirpob.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    ---- EOF - GMER 1.0.15 ----

  4. #4
    Security Expert
    Join Date
    Aug 2007
    Posts
    1,877

    Default

    According to your logs, you don't have System Restore turned on. Did you turn it off? If you did, please turn it back on, if you can.

    Looking over your log, it seems you don't have any evidence of an anti-virus software.

    Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these vendors NOW:

    1)Antivir PersonalEdition Classic
    2)avast! 4 Home Edition

    Download and install only one!

    Let me know when you've turned on your System Restore (if you can) and when you've installed an Anti-Virus and we'll continue.
    Malware Removal University Master
    Member of ASAP & UNITE

  5. #5
    Junior Member
    Join Date
    Nov 2009
    Posts
    9

    Default

    Turned System Restore back on.
    Installed and ran scan...
    Avira AntiVir Personal
    Report file date: Tuesday, December 01, 2009 23:49

    Scanning for 1409805 virus strains and unwanted programs.

    Licensee : Avira AntiVir Personal - FREE Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows XP
    Windows version : (Service Pack 2) [5.1.2600]
    Boot mode : Normally booted
    Username : SYSTEM
    Computer name : JOHNTABLET

    Version information:
    BUILD.DAT : 9.0.0.415 21609 Bytes 11/8/2009 10:00:00
    AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/13/2009 17:26:33
    AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 16:58:24
    LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 17:35:49
    LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 16:58:52
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 13:35:52
    VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 05:47:23
    VBASE002.VDF : 7.10.1.1 2048 Bytes 11/19/2009 05:47:23
    VBASE003.VDF : 7.10.1.2 2048 Bytes 11/19/2009 05:47:23
    VBASE004.VDF : 7.10.1.3 2048 Bytes 11/19/2009 05:47:23
    VBASE005.VDF : 7.10.1.4 2048 Bytes 11/19/2009 05:47:23
    VBASE006.VDF : 7.10.1.5 2048 Bytes 11/19/2009 05:47:23
    VBASE007.VDF : 7.10.1.6 2048 Bytes 11/19/2009 05:47:23
    VBASE008.VDF : 7.10.1.7 2048 Bytes 11/19/2009 05:47:23
    VBASE009.VDF : 7.10.1.8 2048 Bytes 11/19/2009 05:47:23
    VBASE010.VDF : 7.10.1.9 2048 Bytes 11/19/2009 05:47:23
    VBASE011.VDF : 7.10.1.10 2048 Bytes 11/19/2009 05:47:23
    VBASE012.VDF : 7.10.1.11 2048 Bytes 11/19/2009 05:47:23
    VBASE013.VDF : 7.10.1.79 209920 Bytes 11/25/2009 05:47:24
    VBASE014.VDF : 7.10.1.128 197632 Bytes 11/30/2009 05:47:25
    VBASE015.VDF : 7.10.1.129 2048 Bytes 11/30/2009 05:47:25
    VBASE016.VDF : 7.10.1.130 2048 Bytes 11/30/2009 05:47:25
    VBASE017.VDF : 7.10.1.131 2048 Bytes 11/30/2009 05:47:25
    VBASE018.VDF : 7.10.1.132 2048 Bytes 11/30/2009 05:47:25
    VBASE019.VDF : 7.10.1.133 2048 Bytes 11/30/2009 05:47:25
    VBASE020.VDF : 7.10.1.134 2048 Bytes 11/30/2009 05:47:25
    VBASE021.VDF : 7.10.1.135 2048 Bytes 11/30/2009 05:47:25
    VBASE022.VDF : 7.10.1.136 2048 Bytes 11/30/2009 05:47:25
    VBASE023.VDF : 7.10.1.137 2048 Bytes 11/30/2009 05:47:25
    VBASE024.VDF : 7.10.1.138 2048 Bytes 11/30/2009 05:47:25
    VBASE025.VDF : 7.10.1.139 2048 Bytes 11/30/2009 05:47:25
    VBASE026.VDF : 7.10.1.140 2048 Bytes 11/30/2009 05:47:25
    VBASE027.VDF : 7.10.1.141 2048 Bytes 11/30/2009 05:47:25
    VBASE028.VDF : 7.10.1.142 2048 Bytes 11/30/2009 05:47:25
    VBASE029.VDF : 7.10.1.143 2048 Bytes 11/30/2009 05:47:25
    VBASE030.VDF : 7.10.1.144 2048 Bytes 11/30/2009 05:47:25
    VBASE031.VDF : 7.10.1.152 39936 Bytes 12/1/2009 05:47:26
    Engineversion : 8.2.1.92
    AEVDF.DLL : 8.1.1.2 106867 Bytes 11/8/2009 13:38:52
    AESCRIPT.DLL : 8.1.2.45 586108 Bytes 12/2/2009 05:47:32
    AESCN.DLL : 8.1.2.5 127346 Bytes 11/8/2009 13:38:46
    AESBX.DLL : 8.1.1.1 246132 Bytes 11/8/2009 13:38:44
    AERDL.DLL : 8.1.3.4 479605 Bytes 12/2/2009 05:47:32
    AEPACK.DLL : 8.2.0.3 422261 Bytes 11/8/2009 13:38:40
    AEOFFICE.DLL : 8.1.0.38 196987 Bytes 11/8/2009 13:38:38
    AEHEUR.DLL : 8.1.0.184 2146681 Bytes 12/2/2009 05:47:31
    AEHELP.DLL : 8.1.7.5 237942 Bytes 12/2/2009 05:47:27
    AEGEN.DLL : 8.1.1.78 364917 Bytes 12/2/2009 05:47:27
    AEEMU.DLL : 8.1.1.0 393587 Bytes 11/8/2009 13:38:26
    AECORE.DLL : 8.1.8.5 180598 Bytes 12/2/2009 05:47:26
    AEBB.DLL : 8.1.0.3 53618 Bytes 11/8/2009 13:38:20
    AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 14:47:59
    AVPREF.DLL : 9.0.3.0 44289 Bytes 8/26/2009 21:14:02
    AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 20:34:28
    AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 16:32:09
    AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 21:05:41
    AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 16:37:08
    SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 21:03:49
    SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 14:21:33
    NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 16:32:10
    RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 21:39:58
    RCTEXT.DLL : 9.0.73.0 86785 Bytes 10/13/2009 18:25:47

    Configuration settings for the scan:
    Jobname.............................: Complete system scan
    Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
    Logging.............................: low
    Primary action......................: interactive
    Secondary action....................: ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Boot sectors........................: C:, D:,
    Process scan........................: on
    Scan registry.......................: on
    Search for rootkits.................: on
    Integrity checking of system files..: off
    Scan all files......................: All files
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: medium
    Deviating risk categories...........: +PCK,

    Start of the scan: Tuesday, December 01, 2009 23:49

    Starting search for hidden objects.
    '43583' objects were checked, '0' hidden objects were found.

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'avira_antivir_personal_en.exe' - '1' Module(s) have been scanned
    Scan process 'iexplore.exe' - '1' Module(s) have been scanned
    Scan process 'COCIManager.exe' - '1' Module(s) have been scanned
    Scan process 'rapimgr.exe' - '1' Module(s) have been scanned
    Scan process 'wcescomm.exe' - '1' Module(s) have been scanned
    Scan process 'Quickcam.exe' - '1' Module(s) have been scanned
    Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned
    Scan process 'EKIJ5000MUI.exe' - '1' Module(s) have been scanned
    Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
    Scan process 'acrotray.exe' - '1' Module(s) have been scanned
    Scan process 'point32.exe' - '1' Module(s) have been scanned
    Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
    Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned
    Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
    Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
    Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
    Scan process 'tabtip.exe' - '1' Module(s) have been scanned
    Scan process 'tcserver.exe' - '1' Module(s) have been scanned
    Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process '1XConfig.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'tabbtnu.exe' - '1' Module(s) have been scanned
    Scan process 'wisptis.exe' - '1' Module(s) have been scanned
    Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
    Scan process 'WinVNC4.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
    Scan process 'PRISMXL.SYS' - '1' Module(s) have been scanned
    Scan process 'MDM.EXE' - '1' Module(s) have been scanned
    Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
    Scan process 'KodakSvc.exe' - '1' Module(s) have been scanned
    Scan process 'cvpnd.exe' - '1' Module(s) have been scanned
    Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
    Scan process 'KeyboardSurrogate.exe' - '1' Module(s) have been scanned
    Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    59 processes with 59 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!

    Starting to scan executable files (registry).
    The registry was scanned ( '67' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    [NOTE] This file is a Windows system file.
    [NOTE] This file cannot be opened for scanning.
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    [NOTE] This file is a Windows system file.
    [NOTE] This file cannot be opened for scanning.
    Begin scan in 'D:\' <RECOVERY>


    End of the scan: Wednesday, December 02, 2009 00:34
    Used time: 44:32 Minute(s)

    The scan has been done completely.

    7386 Scanned directories
    409563 Files were scanned
    0 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 files were deleted
    0 Viruses and unwanted programs were repaired
    0 Files were moved to quarantine
    0 Files were renamed
    2 Files cannot be scanned
    409561 Files not concerned
    8782 Archives were scanned
    2 Warnings
    2 Notes
    43583 Objects were scanned with rootkit scan
    0 Hidden objects were found
    ********************************
    I have always used AVG Free antiv on this machine and have been satisfied. However, AS I started trying to clean this machine manually by following some other posts on Spybot, I both turned off System Restore and uninstalled AVG Free. AVG was identifying a Trojan but could not remove it with latest update. So I planned to do a fresh install of latest version to see if that helped but posted here first. Anyhow, if you advise that Avira is better, I will stay with it when we're done. Thanks.

    I noticed Antivir ran a rootkit check - does this mean we need to start over?
    Do you need to see the Spybot log identifying win32.fraudload.edt ?

  6. #6
    Security Expert
    Join Date
    Aug 2007
    Posts
    1,877

    Default

    I noticed Antivir ran a rootkit check - does this mean we need to start over?
    No need to start over.


    Do you need to see the Spybot log identifying win32.fraudload.edt ?
    If you still have it, I'd like to see it.
    Malware Removal University Master
    Member of ASAP & UNITE

  7. #7
    Junior Member
    Join Date
    Nov 2009
    Posts
    9

    Default

    I just ran it again. Yes I have the historical log file too (fraudload is there as well). Here is the log from the run just now....
    --- Search result list ---
    Win32.FraudLoad.edt: [SBI $7312D32F] Type library (Registry key, nothing done)
    HKEY_CLASSES_ROOT\TypeLib\{E24211B3-A78A-C6A9-D317-70979ACE5058}

    DoubleClick: Tracking cookie (Internet Explorer: JProcter) (Cookie, nothing done)


    Statcounter: Tracking cookie (Internet Explorer: JProcter) (Cookie, nothing done)



    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2009-11-22 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-11-04 advcheck.dll (1.6.5.20)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2009-10-08 Includes\Adware.sbi (*)
    2009-11-24 Includes\AdwareC.sbi (*)
    2009-01-22 Includes\Cookies.sbi (*)
    2009-11-03 Includes\Dialer.sbi (*)
    2009-11-24 Includes\DialerC.sbi (*)
    2009-01-22 Includes\HeavyDuty.sbi (*)
    2009-05-26 Includes\Hijackers.sbi (*)
    2009-11-24 Includes\HijackersC.sbi (*)
    2009-10-20 Includes\Keyloggers.sbi (*)
    2009-11-24 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2009-11-24 Includes\Malware.sbi (*)
    2009-11-25 Includes\MalwareC.sbi (*)
    2009-03-25 Includes\PUPS.sbi (*)
    2009-11-24 Includes\PUPSC.sbi (*)
    2009-01-22 Includes\Revision.sbi (*)
    2009-01-13 Includes\Security.sbi (*)
    2009-11-24 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2009-11-03 Includes\Spyware.sbi (*)
    2009-11-24 Includes\SpywareC.sbi (*)
    2009-06-08 Includes\Tracks.uti
    2009-11-17 Includes\Trojans.sbi (*)
    2009-11-24 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll



    --- System information ---
    Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
    / .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB887998)
    / .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB930494)
    / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
    / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
    / MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
    / MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
    / MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
    / Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
    / Windows / SP1: Microsoft National Language Support Downlevel APIs
    / Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
    / Windows Media Player 10: Security Update for Windows Media Player 10 (KB911565)
    / Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
    / Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)
    / Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
    / Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
    / Windows XP: Security Update for Windows XP (KB923689)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB928090)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB929969)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB931768)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB933566)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB937143)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB939653)
    / Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
    / Windows XP / SP3: Windows XP Hotfix - KB834707
    / Windows XP / SP3: Windows XP Hotfix - KB867282
    / Windows XP / SP3: Windows XP Hotfix - KB873333
    / Windows XP / SP3: Windows XP Hotfix - KB873339
    / Windows XP / SP3: Windows XP Hotfix - KB884020
    / Windows XP / SP3: Windows XP Hotfix - KB885250
    / Windows XP / SP3: Windows XP Hotfix - KB885835
    / Windows XP / SP3: Windows XP Hotfix - KB885836
    / Windows XP / SP3: Windows XP Hotfix - KB886185
    / Windows XP / SP3: Windows XP Hotfix - KB887472
    / Windows XP / SP3: Windows XP Hotfix - KB887742
    / Windows XP / SP3: Microsoft .NET Framework 1.0 Hotfix (KB887998)
    / Windows XP / SP3: Windows XP Hotfix - KB888113
    / Windows XP / SP3: Windows XP Hotfix - KB888239
    / Windows XP / SP3: Windows XP Hotfix - KB888302
    / Windows XP / SP3: Security Update for Windows XP (KB890046)
    / Windows XP / SP3: Windows XP Hotfix - KB890047
    / Windows XP / SP3: Windows XP Hotfix - KB890175
    / Windows XP / SP3: Windows XP Hotfix - KB890859
    / Windows XP / SP3: Windows XP Hotfix - KB890923
    / Windows XP / SP3: Windows XP Hotfix - KB891781
    / Windows XP / SP3: Windows XP Hotfix - KB893066
    / Windows XP / SP3: Windows XP Hotfix - KB893086
    / Windows XP / SP3: Hotfix for Windows XP (KB893357)
    / Windows XP / SP3: Security Update for Windows XP (KB893756)
    / Windows XP / SP3: Windows Installer 3.1 (KB893803)
    / Windows XP / SP3: Windows Installer 3.1 (KB893803)
    / Windows XP / SP3: Update for Windows XP (KB894391)
    / Windows XP / SP3: Hotfix for Windows XP (KB895953)
    / Windows XP / SP3: Hotfix for Windows XP (KB896344)
    / Windows XP / SP3: Security Update for Windows XP (KB896358)
    / Windows XP / SP3: Security Update for Windows XP (KB896422)
    / Windows XP / SP3: Security Update for Windows XP (KB896423)
    / Windows XP / SP3: Security Update for Windows XP (KB896424)
    / Windows XP / SP3: Security Update for Windows XP (KB896428)
    / Windows XP / SP3: Security Update for Windows XP (KB896688)
    / Windows XP / SP3: Update for Windows XP (KB896727)
    / Windows XP / SP3: Update for Windows XP (KB898461)
    / Windows XP / SP3: Security Update for Windows XP (KB899587)
    / Windows XP / SP3: Security Update for Windows XP (KB899588)
    / Windows XP / SP3: Security Update for Windows XP (KB899589)
    / Windows XP / SP3: Security Update for Windows XP (KB899591)
    / Windows XP / SP3: Update for Windows XP (KB900485)
    / Windows XP / SP3: Security Update for Windows XP (KB900725)
    / Windows XP / SP3: Security Update for Windows XP (KB901017)
    / Windows XP / SP3: Security Update for Windows XP (KB901214)
    / Windows XP / SP3: Security Update for Windows XP (KB902400)
    / Windows XP / SP3: Security Update for Windows XP (KB903235)
    / Windows XP / SP3: Security Update for Windows XP (KB904706)
    / Windows XP / SP3: Update for Windows XP (KB904942)
    / Windows XP / SP3: Security Update for Windows XP (KB905414)
    / Windows XP / SP3: Security Update for Windows XP (KB905749)
    / Windows XP / SP3: Security Update for Windows XP (KB905915)
    / Windows XP / SP3: Hotfix for Windows XP (KB906569)
    / Windows XP / SP3: Security Update for Windows XP (KB908519)
    / Windows XP / SP3: Security Update for Windows XP (KB908531)
    / Windows XP / SP3: Hotfix for Windows XP (KB909394)
    / Windows XP / SP3: Update for Windows XP (KB910437)
    / Windows XP / SP3: Update for Windows XP (KB911280)
    / Windows XP / SP3: Security Update for Windows XP (KB911562)
    / Windows XP / SP3: Security Update for Windows XP (KB911567)
    / Windows XP / SP3: Security Update for Windows XP (KB911927)
    / Windows XP / SP3: Security Update for Windows XP (KB912812)
    / Windows XP / SP3: Security Update for Windows XP (KB912919)
    / Windows XP / SP3: Security Update for Windows XP (KB913446)
    / Windows XP / SP3: Security Update for Windows XP (KB913580)
    / Windows XP / SP3: Security Update for Windows XP (KB914388)
    / Windows XP / SP3: Security Update for Windows XP (KB914389)
    / Windows XP / SP3: Hotfix for Windows XP (KB914440)
    / Windows XP / SP3: Hotfix for Windows XP (KB915865)
    / Windows XP / SP3: Security Update for Windows XP (KB916281)
    / Windows XP / SP3: Update for Windows XP (KB916595)
    / Windows XP / SP3: Security Update for Windows XP (KB917159)
    / Windows XP / SP3: Security Update for Windows XP (KB917344)
    / Windows XP / SP3: Security Update for Windows XP (KB917422)
    / Windows XP / SP3: Security Update for Windows XP (KB917953)
    / Windows XP / SP3: Security Update for Windows XP (KB918118)
    / Windows XP / SP3: Security Update for Windows XP (KB918439)
    / Windows XP / SP3: Security Update for Windows XP (KB918899)
    / Windows XP / SP3: Security Update for Windows XP (KB919007)
    / Windows XP / SP3: Security Update for Windows XP (KB920213)
    / Windows XP / SP3: Security Update for Windows XP (KB920214)
    / Windows XP / SP3: Update for Windows XP (KB920342)
    / Windows XP / SP3: Security Update for Windows XP (KB920670)
    / Windows XP / SP3: Security Update for Windows XP (KB920683)
    / Windows XP / SP3: Security Update for Windows XP (KB920685)
    / Windows XP / SP3: Update for Windows XP (KB920872)
    / Windows XP / SP3: Security Update for Windows XP (KB921398)
    / Windows XP / SP3: Security Update for Windows XP (KB921503)
    / Windows XP / SP3: Security Update for Windows XP (KB921883)
    / Windows XP / SP3: Update for Windows XP (KB922582)
    / Windows XP / SP3: Security Update for Windows XP (KB922616)
    / Windows XP / SP3: Security Update for Windows XP (KB922760)
    / Windows XP / SP3: Security Update for Windows XP (KB922819)
    / Windows XP / SP3: Security Update for Windows XP (KB923191)
    / Windows XP / SP3: Security Update for Windows XP (KB923414)
    / Windows XP / SP3: Security Update for Windows XP (KB923694)
    / Windows XP / SP3: Security Update for Windows XP (KB923980)
    / Windows XP / SP3: Security Update for Windows XP (KB924191)
    / Windows XP / SP3: Security Update for Windows XP (KB924270)
    / Windows XP / SP3: Security Update for Windows XP (KB924496)
    / Windows XP / SP3: Security Update for Windows XP (KB924667)
    / Windows XP / SP3: Security Update for Windows XP (KB925486)
    / Windows XP / SP3: Update for Windows XP (KB925876)
    / Windows XP / SP3: Security Update for Windows XP (KB925902)
    / Windows XP / SP3: Hotfix for Windows XP (KB926239)
    / Windows XP / SP3: Security Update for Windows XP (KB926255)
    / Windows XP / SP3: Security Update for Windows XP (KB926436)
    / Windows XP / SP3: Security Update for Windows XP (KB927779)
    / Windows XP / SP3: Security Update for Windows XP (KB927802)
    / Windows XP / SP3: Update for Windows XP (KB927891)
    / Windows XP / SP3: Security Update for Windows XP (KB928255)
    / Windows XP / SP3: Security Update for Windows XP (KB928843)
    / Windows XP / SP3: Security Update for Windows XP (KB929123)
    / Windows XP / SP3: Update for Windows XP (KB929338)
    / Windows XP / SP3: Security Update for Windows XP (KB930178)
    / Windows XP / SP3: Microsoft .NET Framework 1.0 Hotfix (KB930494)
    / Windows XP / SP3: Update for Windows XP (KB930916)
    / Windows XP / SP3: Security Update for Windows XP (KB931261)
    / Windows XP / SP3: Security Update for Windows XP (KB931784)
    / Windows XP / SP3: Update for Windows XP (KB931836)
    / Windows XP / SP3: Security Update for Windows XP (KB932168)
    / Windows XP / SP3: Update for Windows XP (KB933360)
    / Windows XP / SP3: Security Update for Windows XP (KB933729)
    / Windows XP / SP3: Hotfix for Windows XP (KB935448)
    / Windows XP / SP3: Security Update for Windows XP (KB935839)
    / Windows XP / SP3: Security Update for Windows XP (KB935840)
    / Windows XP / SP3: Hotfix for Windows XP (KB935843)
    / Windows XP / SP3: Security Update for Windows XP (KB936021)
    / Windows XP / SP3: Update for Windows XP (KB936357)
    / Windows XP / SP3: Update for Windows XP (KB938828)
    / Windows XP / SP3: Security Update for Windows XP (KB938829)
    / Windows XP / SP3: Security Update for Windows XP (KB941202)


    --- Startup entries list ---
    Located: HK_LM:Run, Acrobat Assistant 7.0
    command: "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    file: C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    size: 483328
    MD5: FBD06A45DB2D543EFD932768029EC5F2

    Located: HK_LM:Run, avgnt
    command: "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    file: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    size: 209153
    MD5: 29680A793F690EEF4AAA68479D2A6DF8

    Located: HK_LM:Run, EKIJ5000StatusMonitor
    command: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
    file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
    size: 753664
    MD5: B8F22BA750341D6BF7991508CDE1DF7D

    Located: HK_LM:Run, HotKeysCmds
    command: C:\WINDOWS\system32\hkcmd.exe
    file: C:\WINDOWS\system32\hkcmd.exe
    size: 126976
    MD5: 8A265BBCF604292ED59FF823BB99E49B

    Located: HK_LM:Run, HP Software Update
    command: "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    file: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    size: 49152
    MD5: E558CDE2913DAA077D4E25732D1AA176

    Located: HK_LM:Run, IgfxTray
    command: C:\WINDOWS\system32\igfxtray.exe
    file: C:\WINDOWS\system32\igfxtray.exe
    size: 155648
    MD5: 7FDE1B477BBDD4DD905C0612954042F0

    Located: HK_LM:Run, IntelliPoint
    command: "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    file: C:\Program Files\Microsoft IntelliPoint\point32.exe
    size: 217088
    MD5: 5D11CA6AF7A30878C58AA1DB12BCA082

    Located: HK_LM:Run, IntelWireless
    command: C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    file: C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    size: 385024
    MD5: 0E237B85A4FF082CAECFBF4804A29F3C

    Located: HK_LM:Run, LogitechCommunicationsManager
    command: "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    file: C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    size: 563984
    MD5: 53A47A21F341FF30B75F14BF03E01643

    Located: HK_LM:Run, LogitechQuickCamRibbon
    command: "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    file: C:\Program Files\Logitech\QuickCam\Quickcam.exe
    size: 2178832
    MD5: A6E24596BB08D7C10A36FF18B39AD738

    Located: HK_LM:Run, LVCOMSX
    command: C:\WINDOWS\system32\LVCOMSX.EXE
    file: C:\WINDOWS\system32\LVCOMSX.EXE
    size: 221184
    MD5: F0431C490F124A8CC874163E6A38DD28

    Located: HK_LM:Run, MSKDetectorExe
    command: C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    file: C:\Program Files\McAfee\SpamKiller\MSKDetct.exe
    size: 1121792
    MD5: A5F0EF1A69F6707F27E53EE54B8F8AC4

    Located: HK_LM:Run, NeroFilterCheck
    command: C:\WINDOWS\system32\NeroCheck.exe
    file: C:\WINDOWS\system32\NeroCheck.exe
    size: 155648
    MD5: 3E4C03CEFAD8DE135263236B61A49C90

    Located: HK_LM:Run, Recguard
    command: %WINDIR%\SMINST\RECGUARD.EXE
    file: C:\WINDOWS\SMINST\RECGUARD.EXE
    size: 212992
    MD5: D3CC7A3813123E955B3A497C04B404E2

    Located: HK_LM:Run, Reminder
    command: %WINDIR%\Creator\Remind_XP.exe
    file: C:\WINDOWS\Creator\Remind_XP.exe
    size: 966656
    MD5: BACC877DB547BD8F421891EBFB6282ED

    Located: HK_LM:Run, RemoteControl
    command: "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    file: C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    size: 32768
    MD5: 8FB740D758B14B1BC950CC347C21E461

    Located: HK_LM:Run, Snippet
    command: "C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" /i
    file: C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe
    size: 68296
    MD5: 03B21D60AFE32E3DB7AB439E2E636BC3

    Located: HK_LM:Run, Synchronization Manager
    command: %SystemRoot%\system32\mobsync.exe /logon
    file: C:\WINDOWS\system32\mobsync.exe
    size: 143360
    MD5: 5531C63F05C7D041F7DA9F8B7D88F00E

    Located: HK_LM:Run, SynTPEnh
    command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    size: 688218
    MD5: 55582F239914C8EFCCF89BD632639542

    Located: HK_LM:Run, SynTPLpr
    command: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    file: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    size: 98394
    MD5: 3665BA88B993554DB062FF96542D85FF

    Located: HK_LM:Run, TabletTip
    command: "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
    file: C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe
    size: 271872
    MD5: 1B3FE414B47A3F520087227497DAF023

    Located: HK_LM:Run, TabletWizard
    command: C:\WINDOWS\help\SplshWrp.exe
    file: C:\WINDOWS\help\SplshWrp.exe
    size: 16384
    MD5: 29033EAE606944DB4C802D61FC45394F

    Located: HK_LM:RunOnceEx,
    command:
    file:
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:Run, swg
    where: .DEFAULT...
    command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:Run, TabletWizard
    where: .DEFAULT...
    command: %windir%\help\wizard.hta
    file: C:\WINDOWS\help\wizard.hta
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:Run, ctfmon.exe
    where: PE_C_KBOSS...
    command: C:\WINDOWS\system32\ctfmon.exe
    file: C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 24232996A38C0B0CF151C2140AE29FC8

    Located: HK_CU:Run, ctfmon.exe
    where: PE_C_KBOSS.JOHNTABLET...
    command: C:\WINDOWS\system32\ctfmon.exe
    file: C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 24232996A38C0B0CF151C2140AE29FC8

    Located: HK_CU:Run, ctfmon.exe
    where: PE_C_KBOSS.JOHNTABLET.000...
    command: C:\WINDOWS\system32\ctfmon.exe
    file: C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 24232996A38C0B0CF151C2140AE29FC8

    Located: HK_CU:Run, ctfmon.exe
    where: PE_C_KBOSS.JOHNTABLET.001...
    command: C:\WINDOWS\system32\ctfmon.exe
    file: C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 24232996A38C0B0CF151C2140AE29FC8

    Located: HK_CU:Run, TabletWizard
    where: S-1-5-19...
    command: %windir%\help\wizard.hta
    file: C:\WINDOWS\help\wizard.hta
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:Run, TabletWizard
    where: S-1-5-20...
    command: %windir%\help\wizard.hta
    file: C:\WINDOWS\help\wizard.hta
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:Run, ctfmon.exe
    where: S-1-5-21-332822422-2094985488-532278619-1006...
    command: C:\WINDOWS\system32\ctfmon.exe
    file: C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 24232996A38C0B0CF151C2140AE29FC8

    Located: HK_CU:Run, H/PC Connection Agent
    where: S-1-5-21-332822422-2094985488-532278619-1006...
    command: "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    file: C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    size: 1207080
    MD5: 5DD84DF95D1177846B312F12CAC4ADDF

    Located: HK_CU:Run, QuickTime Task
    where: S-1-5-21-332822422-2094985488-532278619-1006...
    command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
    file: C:\Program Files\QuickTime\qttask.exe
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:Run, swg
    where: S-1-5-21-332822422-2094985488-532278619-1006...
    command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:Run, ctfmon.exe
    where: S-1-5-21-332822422-2094985488-532278619-1007...
    command: C:\WINDOWS\system32\ctfmon.exe
    file: C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 24232996A38C0B0CF151C2140AE29FC8

    Located: HK_CU:Run, H/PC Connection Agent
    where: S-1-5-21-332822422-2094985488-532278619-1007...
    command: "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    file: C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    size: 1207080
    MD5: 5DD84DF95D1177846B312F12CAC4ADDF

    Located: HK_CU:Run, updateMgr
    where: S-1-5-21-332822422-2094985488-532278619-1007...
    command: "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    file: C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:Run, ctfmon.exe
    where: S-1-5-21-332822422-2094985488-532278619-1009...
    command: C:\WINDOWS\system32\ctfmon.exe
    file: C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 24232996A38C0B0CF151C2140AE29FC8

    Located: HK_CU:Run, QuickTime Task
    where: S-1-5-21-332822422-2094985488-532278619-1009...
    command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
    file: C:\Program Files\QuickTime\qttask.exe
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:Run, swg
    where: S-1-5-21-332822422-2094985488-532278619-1009...
    command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:Run, ctfmon.exe
    where: S-1-5-21-332822422-2094985488-532278619-500...
    command: C:\WINDOWS\system32\ctfmon.exe
    file: C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 24232996A38C0B0CF151C2140AE29FC8

    Located: HK_CU:Run, swg
    where: S-1-5-18...
    command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:Run, TabletWizard
    where: S-1-5-18...
    command: %windir%\help\wizard.hta
    file: C:\WINDOWS\help\wizard.hta
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: Startup (user), ERUNT AutoBackup.lnk
    where: C:\Documents and Settings\JProcter\Start Menu\Programs\Startup...
    command: C:\Program Files\ERUNT\AUTOBACK.EXE
    file: C:\Program Files\ERUNT\AUTOBACK.EXE
    size: 38912
    MD5: E00DE20F0F6BED5CD2160247DDC9443B

    Located: WinLogon, crypt32chain
    command: crypt32.dll
    file: crypt32.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, cryptnet
    command: cryptnet.dll
    file: cryptnet.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, cscdll
    command: cscdll.dll
    file: cscdll.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, igfxcui
    command: igfxsrvc.dll
    file: igfxsrvc.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, IntelWireless
    command: C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
    file: C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
    size: 110592
    MD5: 55603FF4362CD416C21AE95EC39B5AA5

    Located: WinLogon, loginkey
    command: C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll
    file: C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll
    size: 47104
    MD5: A88A8EC8B0B8371E26B217A9C010D4AA

    Located: WinLogon, ScCertProp
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, Schedule
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, sclgntfy
    command: sclgntfy.dll
    file: sclgntfy.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, SensLogn
    command: WlNotify.dll
    file: WlNotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, TabBtnWL
    command: TabBtnWL.dll
    file: TabBtnWL.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, termsrv
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, tpgwlnotify
    command: tpgwlnot.dll
    file: tpgwlnot.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, WgaLogon
    command: WgaLogon.dll
    file: WgaLogon.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, wlballoon
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!



    --- Browser helper object list ---
    {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Spybot-S&D IE Protection
    description: Spybot-S&D IE Browser plugin
    classification: Legitimate
    known filename: SDhelper.dll
    info link: http://spybot.eon.net.au/
    info source: Patrick M. Kolla
    Path: C:\PROGRA~1\SPYBOT~1\
    Long name: SDHelper.dll
    Short name:
    Date (created): 11/22/2009 8:57:46 PM
    Date (last access): 12/3/2009 5:36:38 PM
    Date (last write): 1/26/2009 3:31:02 PM
    Filesize: 1879896
    Attributes: archive
    MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
    CRC32: 5BA24007
    Version: 1.6.2.14



    --- ActiveX list ---
    Microsoft XML Parser for Java (Microsoft XML Parser for Java)
    DPF name: Microsoft XML Parser for Java
    CLSID name:
    Installer:
    Codebase: file:///C:/WINDOWS/Java/classes/xmldso.cab
    description:
    classification: Legitimate
    known filename: %WINDIR%\Java\classes\xmldso.cab
    info link:
    info source: Patrick M. Kolla

    {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl)
    DPF name:
    CLSID name: LinkedIn ContactFinderControl
    Installer: C:\WINDOWS\Downloaded Program Files\ContactFinderControl.inf
    Codebase: http://www.linkedin.com/cab/LinkedIn...derControl.cab
    Path: C:\WINDOWS\DOWNLO~1\
    Long name: LinkedInContactFinderControl.dll
    Short name: LINKED~1.DLL
    Date (created): 6/12/2007 12:01:56 AM
    Date (last access): 12/2/2009 12:15:38 AM
    Date (last write): 6/12/2007 12:01:56 AM
    Filesize: 926744
    Attributes: archive
    MD5: 72599C9253C8DC6495BC69793DD42800
    CRC32: FBFDC719
    Version: 2.2.0.1478

    {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
    DPF name:
    CLSID name: WUWebControl Class
    Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
    Codebase: http://update.microsoft.com/microsof...?1189394558921
    description:
    classification: Legitimate
    known filename: wuweb.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\system32\
    Long name: wuweb.dll
    Short name:
    Date (created): 6/22/2005 4:29:18 AM
    Date (last access): 12/3/2009 5:25:12 PM
    Date (last write): 7/30/2007 6:19:46 PM
    Filesize: 203096
    Attributes: archive
    MD5: FD984F9BFC9C62BD6546BD183CE5ADE7
    CRC32: 8092F837
    Version: 7.0.6000.381

    {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
    DPF name:
    CLSID name: MUWebControl Class
    Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
    Codebase: http://update.microsoft.com/microsof...?1189394541046
    description:
    classification: Legitimate
    known filename: muweb.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\system32\
    Long name: muweb.dll
    Short name:
    Date (created): 5/26/2005 4:19:32 AM
    Date (last access): 12/3/2009 5:25:10 PM
    Date (last write): 7/30/2007 6:18:34 PM
    Filesize: 207736
    Attributes: archive
    MD5: 8038B166CE79E58E193566150CE26465
    CRC32: 9137D395
    Version: 7.0.6000.381

    {8E66A776-A350-4D69-8783-906DB0E6DF14} (Jaunt Class)
    DPF name:
    CLSID name: Jaunt Class
    Installer: C:\WINDOWS\Downloaded Program Files\Jaunt.inf
    Codebase: http://download.jaunt.com/public/jaunt.cab
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: JauntLaunch.dll
    Short name: JAUNTL~1.DLL
    Date (created): 6/16/2003 1:14:56 PM
    Date (last access): 12/2/2009 12:15:38 AM
    Date (last write): 6/16/2003 1:14:56 PM
    Filesize: 44544
    Attributes: archive
    MD5: 7E3C7F4282AECA41A31BC45A4082F741
    CRC32: 5AEABE01
    Version: 1.1.0.7

    {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
    DPF name:
    CLSID name:
    Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
    Codebase: http://fpdownload.macromedia.com/get.../ultrashim.cab
    description:
    classification: Open for discussion
    known filename:
    info link:
    info source: Safer Networking Ltd.

    {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin)
    DPF name:
    CLSID name: Shutterfly Picture Upload Plugin
    Installer: C:\WINDOWS\Downloaded Program Files\sfuploadplugin.inf
    Codebase: http://web1.shutterfly.com/downloads/Uploader.cab
    description:
    classification: Legitimate
    known filename: SFUPLO~1.OCX
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: sfuploadplugin.ocx
    Short name: SFUPLO~1.OCX
    Date (created): 1/4/2007 10:43:24 AM
    Date (last access): 12/2/2009 12:15:38 AM
    Date (last write): 1/4/2007 10:43:24 AM
    Filesize: 1898216
    Attributes: archive
    MD5: 080FA21337AE2364B39A263E5AF7D326
    CRC32: E423146B
    Version: 2.0.4.0

    {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in)
    DPF name:
    CLSID name: Creative Toolbox Plug-in
    Installer: C:\WINDOWS\Downloaded Program Files\Crusher.inf
    Codebase: http://ak.imgag.com/imgag/cp/install/Crusher.cab
    description:
    classification: Open for discussion
    known filename: Crusher.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\system32\
    Long name: Crusher.dll
    Short name:
    Date (created): 1/13/2005 4:00:24 PM
    Date (last access): 12/3/2009 5:22:34 PM
    Date (last write): 1/13/2005 4:00:24 PM
    Filesize: 778240
    Attributes: archive
    MD5: DFB157AB5F916EEEC5778944D9A285F6
    CRC32: FEC372EB
    Version: 1.1.5012.0

    {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
    DPF name:
    CLSID name: Shockwave Flash Object
    Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
    Codebase: http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    description: Macromedia Shockwave Flash Player
    classification: Legitimate
    known filename:
    info link:
    info source: Patrick M. Kolla
    Path: C:\WINDOWS\system32\Macromed\Flash\
    Long name: Flash10c.ocx
    Short name:
    Date (created): 7/17/2009 9:12:12 PM
    Date (last access): 12/2/2009 11:06:38 PM
    Date (last write): 7/17/2009 9:12:12 PM
    Filesize: 3979680
    Attributes: readonly archive
    MD5: 43C6ACDFB92A18C3E516E6BD5F1ACD51
    CRC32: D6F40D46
    Version: 10.0.32.18

    {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ()
    DPF name:
    CLSID name:
    Installer: C:\WINDOWS\Downloaded Program Files\gp.inf
    Codebase: http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab



    --- Process list ---
    PID: 0 ( 0) [System]
    PID: 1352 ( 4) \SystemRoot\System32\smss.exe
    size: 50688
    PID: 1400 (1352) \??\C:\WINDOWS\system32\csrss.exe
    size: 6144
    PID: 1424 (1352) \??\C:\WINDOWS\system32\winlogon.exe
    size: 502272
    PID: 1468 (1424) C:\WINDOWS\system32\services.exe
    size: 108032
    MD5: C6CE6EEC82F187615D1002BB3BB50ED4
    PID: 1480 (1424) C:\WINDOWS\system32\lsass.exe
    size: 13312
    MD5: 84885F9B82F4D55C6146EBF6065D75D2
    PID: 1664 (1468) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 1788 (1468) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 1848 (1468) C:\WINDOWS\System32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 1916 (1468) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    size: 86016
    MD5: 5AE75738B957C2064566007487D973B6
    PID: 1936 (1424) C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
    size: 29696
    MD5: A21FE56B8CA8E24596C108C918D7C44F
    PID: 2040 (1468) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    size: 360521
    MD5: 215DEEE103618F102263C8ECF4B8413E
    PID: 324 (1468) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 368 (1468) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 868 (1468) C:\WINDOWS\system32\spoolsv.exe
    size: 57856
    MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
    PID: 924 (1468) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    size: 141848
    MD5: 85C2E84BC1224C75A20B5560D5A15DB9
    PID: 936 (1468) C:\Program Files\Avira\AntiVir Desktop\sched.exe
    size: 108289
    MD5: 9015BC03F62940527EC92D45EE89E46F
    PID: 1184 (1468) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    size: 185089
    MD5: B8720A787C1223492E6F319465E996CE
    PID: 1196 (1468) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    size: 132424
    MD5: A8AA9D47F971570A5162B862B80F87E8
    PID: 1244 (1468) C:\Program Files\Bonjour\mDNSResponder.exe
    size: 238888
    MD5: 9EFE4236F8670846B6E7C5B0EFF6E715
    PID: 1272 (1468) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    size: 1409048
    MD5: 865148FB7C6BC7C083CF642D3959BF69
    PID: 1336 (1468) C:\Program Files\Kodak\printer\center\KodakSvc.exe
    size: 9728
    MD5: 372DF3081424F493D47A1A4C067642C9
    PID: 1684 (1468) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    size: 186904
    MD5: 9E41266C68C11D7101A2D18CD1F7553E
    PID: 1884 (1468) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    size: 322120
    MD5: 11F714F85530A2BD134074DC30E99FCA
    PID: 272 (1468) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    size: 196608
    MD5: F3C8D6E59A36D4DD5729782015E685A8
    PID: 332 (1468) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    size: 139264
    MD5: A7EEBA958CFCCADBD4F47C3CDB51C714
    PID: 404 (1468) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 456 (1468) C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    size: 438272
    MD5: 9AA00D6092C46E59376153A3A4104D18
    PID: 684 (1424) C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    size: 389120
    MD5: 2F73148CFD930B641D860710931FE8C7
    PID: 760 (1424) C:\WINDOWS\SYSTEM32\WISPTIS.EXE
    size: 293376
    MD5: 9C492FEC0D62844ADFA1FD910F0AF3B8
    PID: 1028 (1424) C:\WINDOWS\System32\tabbtnu.exe
    size: 35328
    MD5: B1EFF44C35FB2DC975AABAF2051C6ECD
    PID: 1092 (1052) C:\WINDOWS\Explorer.EXE
    size: 1033216
    MD5: 97BD6515465659FF8F3B7BE375B2EA87
    PID: 2112 (1092) C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 24232996A38C0B0CF151C2140AE29FC8
    PID: 2144 (1664) C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    size: 245760
    MD5: DB7952B68A5547D27DA844F3806850BC
    PID: 2516 (1664) C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
    size: 43520
    MD5: ABD9B3B141B5419FA1417A2E41610B0C
    PID: 2820 (1468) C:\WINDOWS\System32\alg.exe
    size: 44544
    MD5: F1958FBF86D5C004CF19A5951A9514B7
    PID: 3088 (1684) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    size: 186904
    MD5: 9E41266C68C11D7101A2D18CD1F7553E
    PID: 576 (1664) C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
    size: 271872
    MD5: 1B3FE414B47A3F520087227497DAF023
    PID: 3504 (1092) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    size: 98394
    MD5: 3665BA88B993554DB062FF96542D85FF
    PID: 3752 (1092) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    size: 688218
    MD5: 55582F239914C8EFCCF89BD632639542
    PID: 3912 (1092) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    size: 32768
    MD5: 8FB740D758B14B1BC950CC347C21E461
    PID: 3948 (1092) C:\WINDOWS\system32\igfxtray.exe
    size: 155648
    MD5: 7FDE1B477BBDD4DD905C0612954042F0
    PID: 3964 (1092) C:\WINDOWS\system32\hkcmd.exe
    size: 126976
    MD5: 8A265BBCF604292ED59FF823BB99E49B
    PID: 952 (1092) C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    size: 385024
    MD5: 0E237B85A4FF082CAECFBF4804A29F3C
    PID: 1076 (1092) C:\WINDOWS\system32\LVCOMSX.EXE
    size: 221184
    MD5: F0431C490F124A8CC874163E6A38DD28
    PID: 1380 (1092) C:\Program Files\Microsoft IntelliPoint\point32.exe
    size: 217088
    MD5: 5D11CA6AF7A30878C58AA1DB12BCA082
    PID: 2688 (1092) C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    size: 483328
    MD5: FBD06A45DB2D543EFD932768029EC5F2
    PID: 2788 (1092) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    size: 49152
    MD5: E558CDE2913DAA077D4E25732D1AA176
    PID: 3276 (1092) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
    size: 753664
    MD5: B8F22BA750341D6BF7991508CDE1DF7D
    PID: 3300 (1092) C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    size: 563984
    MD5: 53A47A21F341FF30B75F14BF03E01643
    PID: 180 (1092) C:\Program Files\Logitech\QuickCam\Quickcam.exe
    size: 2178832
    MD5: A6E24596BB08D7C10A36FF18B39AD738
    PID: 3400 (1092) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    size: 209153
    MD5: 29680A793F690EEF4AAA68479D2A6DF8
    PID: 3224 (1092) C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    size: 1207080
    MD5: 5DD84DF95D1177846B312F12CAC4ADDF
    PID: 3164 (1664) C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    size: 187176
    MD5: 8DF981C3CE92765D8DEC78B85777B50B
    PID: 3596 (1664) C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    size: 407824
    MD5: 71187B7B35CC86A324742A58BFC66743
    PID: 3124 (1092) C:\Program Files\Internet Explorer\iexplore.exe
    size: 625152
    MD5: 3AC2BC667DA0AF2C968E96E1630F5AB5
    PID: 4044 (1092) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    size: 5365592
    MD5: 0477C2F9171599CA5BC3307FDFBA8D89
    PID: 4 ( 0) System


    --- Browser start & search pages list ---
    Spybot - Search & Destroy browser pages report, 12/3/2009 6:04:55 PM

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\WINDOWS\system32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.google.com
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
    http://www.google.com/ie
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.google.com
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    %SystemRoot%\system32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.google.com
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.google.com
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://go.microsoft.com/fwlink/?LinkId=69157
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://www.google.com/ie


    --- Winsock Layered Service Provider list ---
    Protocol 0: MSAFD Tcpip [TCP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 1: MSAFD Tcpip [UDP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 2: MSAFD Tcpip [RAW/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 3: RSVP UDP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\rsvpsp.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 4: RSVP TCP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\rsvpsp.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{83A5C7C8-6B95-4D61-B501-482DCE9C9F8A}] SEQPACKET 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{83A5C7C8-6B95-4D61-B501-482DCE9C9F8A}] DATAGRAM 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4731EA9A-79F4-41CC-ADEA-AA8B4B73C104}] SEQPACKET 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4731EA9A-79F4-41CC-ADEA-AA8B4B73C104}] DATAGRAM 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2FC616AF-3054-43F6-96DF-3D895E28177B}] SEQPACKET 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2FC616AF-3054-43F6-96DF-3D895E28177B}] DATAGRAM 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6DA7C63C-4EBC-40DA-AFF8-D6225572554E}] SEQPACKET 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6DA7C63C-4EBC-40DA-AFF8-D6225572554E}] DATAGRAM 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{26F9A6AB-920C-44A3-B68D-0EAAF2E9C052}] SEQPACKET 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{26F9A6AB-920C-44A3-B68D-0EAAF2E9C052}] DATAGRAM 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4A8323F9-52D4-45BC-BFA5-00AB0F5BA03A}] SEQPACKET 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4A8323F9-52D4-45BC-BFA5-00AB0F5BA03A}] DATAGRAM 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Namespace Provider 0: Tcpip
    GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
    Filename: %SystemRoot%\System32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: TCP/IP

    Namespace Provider 1: NTDS
    GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
    Filename: %SystemRoot%\System32\winrnr.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\winrnr.dll
    DB protocol: NTDS

    Namespace Provider 2: Network Location Awareness (NLA) Namespace
    GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
    Filename: %SystemRoot%\System32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: NLA-Namespace

    Namespace Provider 3: mdnsNSP
    GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
    Filename: C:\Program Files\Bonjour\mdnsNSP.dll
    Description: Apple Rendezvous protocol
    DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
    DB protocol: mdnsNSP

  8. #8
    Security Expert
    Join Date
    Aug 2007
    Posts
    1,877

    Default

    Step # 1: Download and Run ComboFix

    We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/comb...o-use-combofix

    *Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    When finished, it shall produce a log for you. Please include C:\ComboFix.txt in your next reply.
    Malware Removal University Master
    Member of ASAP & UNITE

  9. #9
    Junior Member
    Join Date
    Nov 2009
    Posts
    9

    Default

    ComboFix 09-12-04.02 - JProcter 12/04/2009 21:01.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.601 [GMT -6:00]
    Running from: c:\documents and settings\JProcter\Desktop\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\recycler\S-1-5-21-3531931967-3224956595-2480779767-500
    D:\Autorun.inf

    c:\windows\system32\proquota.exe . . . is missing!!

    .
    ((((((((((((((((((((((((( Files Created from 2009-11-05 to 2009-12-05 )))))))))))))))))))))))))))))))
    .

    2009-12-02 05:43 . 2009-07-28 21:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-12-02 05:43 . 2009-03-30 15:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2009-12-02 05:43 . 2009-02-13 17:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2009-12-02 05:43 . 2009-02-13 17:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2009-12-02 05:43 . 2009-12-02 05:43 -------- d-----w- c:\program files\Avira
    2009-12-02 05:43 . 2009-12-02 05:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2009-11-30 02:57 . 2009-11-30 02:58 -------- d-----w- c:\program files\ERUNT
    2009-11-27 19:00 . 2009-11-27 19:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg8
    2009-11-23 02:57 . 2009-11-23 03:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-11-23 02:57 . 2009-11-23 03:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-11-23 00:06 . 2009-11-23 00:06 -------- d-----w- c:\documents and settings\JProcter\Local Settings\Application Data\Threat Expert
    2009-11-22 23:59 . 2009-11-23 02:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-11-11 02:20 . 2009-11-11 02:21 1408800 ----a-w- c:\documents and settings\JProcter\Application Data\Move Networks\MoveMediaPlayerWin_071505000011.exe
    2009-11-05 04:53 . 2009-11-11 02:21 127325 ----a-w- c:\documents and settings\JProcter\Application Data\Move Networks\uninstall.exe
    2009-11-05 04:52 . 2009-11-05 04:53 1407680 ----a-w- c:\documents and settings\JProcter\Application Data\Move Networks\MoveMediaPlayerWin_071505000010.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-11-29 05:18 . 2006-03-31 08:04 70256 ----a-w- c:\documents and settings\JProcter\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-11-27 19:12 . 2006-01-20 13:31 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-11-27 19:06 . 2006-01-20 13:28 -------- d-----w- c:\program files\Google
    2009-11-27 19:04 . 2006-01-20 13:40 -------- d-----w- c:\program files\Microsoft Experience Pack
    2009-11-27 19:04 . 2009-01-01 02:13 -------- d-----w- c:\program files\Cakewalk
    2009-11-27 19:03 . 2006-07-19 19:57 -------- d-----w- c:\program files\Citrix
    2009-11-27 19:00 . 2008-05-22 15:08 -------- d-----w- c:\program files\AVG
    2009-11-27 18:58 . 2006-01-20 13:38 -------- d-----w- c:\program files\Common Files\Real
    2009-11-27 18:50 . 2008-04-09 18:05 -------- d-----w- c:\program files\Common Files\Apple
    2009-11-27 18:47 . 2007-09-10 20:18 -------- d-----w- c:\program files\Alibre Design
    2009-11-26 17:06 . 2008-12-06 02:36 -------- d-----w- c:\program files\Bonjour
    2009-11-24 02:17 . 2008-01-08 00:24 -------- d-----w- c:\program files\M1
    2009-11-11 02:21 . 2007-11-09 02:27 -------- d-----w- c:\documents and settings\JProcter\Application Data\Move Networks
    2009-11-11 02:21 . 2009-08-13 19:21 4187512 ----a-w- c:\documents and settings\JProcter\Application Data\Move Networks\plugins\npqmp071505000011.dll
    2009-11-05 04:53 . 2009-08-03 21:48 4187512 ----a-w- c:\documents and settings\JProcter\Application Data\Move Networks\plugins\npqmp071505000010.dll
    2009-10-07 03:27 . 2009-06-01 02:17 -------- d-----w- c:\program files\Microsoft Silverlight
    2007-07-18 02:10 . 2007-09-05 01:23 5154304 ----a-w- c:\program files\WindowsDefender.msi
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_8 -reboot 1" [X]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1207080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TabletWizard"="c:\windows\help\SplshWrp.exe" [2004-08-04 16384]
    "TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2005-04-26 271872]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-05-13 155648]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-05-13 126976]
    "Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-25 966656]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
    "Snippet"="c:\program files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" [2005-02-25 68296]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
    "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-13 1121792]
    "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
    "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-04 143360]
    "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
    "EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2007-04-03 753664]
    "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

    c:\documents and settings\JProcter\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

    [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
    "NoAutoUpdate"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
    2004-10-15 19:27 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
    2004-08-04 12:00 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\LoginKey.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
    2002-08-29 10:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
    2004-08-04 12:00 30208 ----a-w- c:\windows\system32\tpgwlnot.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "1711:UDP"= 1711:UDP:Windows Media Format SDK (IEXPLORE.EXE)
    "1710:UDP"= 1710:UDP:Windows Media Format SDK (IEXPLORE.EXE)

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/1/2009 11:43 PM 108289]
    R2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\Printer\Center\KodakSvc.exe [3/22/2007 6:04 PM 9728]
    R3 FinePnt;FinePoint Innovations HID Driver;c:\windows\system32\drivers\FpHidDrv.sys [1/20/2006 7:23 AM 17280]
    R3 MSTabBtn;Tablet PC Buttons HID Driver;c:\windows\system32\drivers\MSTabBtn.sys [1/20/2006 7:23 AM 9600]
    S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [6/21/2005 9:25 PM 69692]
    S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [3/10/2006 3:55 PM 39424]
    S3 RDID1070;Roland SonicCell;c:\windows\system32\drivers\RDWM1070.sys [1/2/2009 12:02 AM 135424]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder

    2009-11-21 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 22:57]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    .
    - - - - ORPHANS REMOVED - - - -

    HKU-Default-Run-TabletWizard - c:\windows\help\wizard.hta
    HKU-Default-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    AddRemove-PictureItSuiteTrial_v11 - c:\program files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe ADDREMOVE=1 SKU=TRIAL VERSION=11
    AddRemove-QcDrv - c:\program files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE UNINSTALL REMOVEPROMPT



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-12-04 21:07
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    c:\docume~1\JProcter\LOCALS~1\Temp\Perflib_Perfdata_fbc.dat

    scan completed successfully
    hidden files: 1

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1424)
    c:\program files\Intel\Wireless\Bin\LgNotify.dll
    c:\windows\system32\igfxsrvc.dll
    c:\windows\system32\hccutils.DLL
    .
    Completion time: 2009-12-04 21:10
    ComboFix-quarantined-files.txt 2009-12-05 03:09

    Pre-Run: 54,463,639,552 bytes free
    Post-Run: 54,729,474,048 bytes free

    - - End Of File - - B76B2F8BABBC35E36D8B6014598EC75E

  10. #10
    Junior Member
    Join Date
    Nov 2009
    Posts
    9

    Default

    I chose not to install the Windows Recovery Console.
    Is this needed?

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •