PDA

View Full Version : Serious Malware Problems. Please help!


ashleyb1430
2009-08-18, 22:38
Okay...I read all the directions so hopefully I did this right...here's the Hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:31:51 PM, on 8/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ASTSRV.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Ezurio\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\WolSerNT.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\Program Files\SMART Technologies Inc\Senteo\SenteoSoftwareService.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Novell\ZENworks\wm.exe
C:\Program Files\SMART Technologies Inc\Senteo\SenteoHardwareService.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\GTCO CalComp InterWrite\IWStarter.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Novell\ZENworks\NALWIN32.EXE
C:\Program Files\Novell\ZENworks\naldesk.exe
C:\Program Files\DataStudio\PASPortal.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe
C:\Program Files\Ezurio\Bluetooth Software\BTTray.exe
C:\Program Files\SMART Technologies Inc\Senteo\SenteoTray.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\Aware.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\Marker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://desktop.google.com/uninstall-feedback.html?hl=en
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.scsnc.org:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = db.scsnc.org;www.scsnc.org
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies Inc\Notebook Software\NotebookPlugin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [InterWrite Device Manager] "C:\Program Files\GTCO CalComp InterWrite\IWStarter.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Advanced Virus Remover] C:\Program Files\AdvancedVirusRemover\PAVRM.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Application Window.lnk = C:\Program Files\Novell\ZENworks\NALWIN32.EXE
O4 - Global Startup: PASPortal.lnk = ?
O4 - Global Startup: SMART Board Tools.lnk = C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Senteo Menu.lnk = C:\Program Files\SMART Technologies Inc\Senteo\SenteoTray.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Ezurio\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Ezurio\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {4fc7782c-41bb-4520-af4a-9ce15aebe0e3} - C:\WINDOWS\system32\xwreg32.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\kbdnec32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\ASTSRV.EXE
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Ezurio\Bluetooth Software\bin\btwdins.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c9d82f47b696ce) (gupdate1c9d82f47b696ce) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\nalntsrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Novell ZfD Wake on LAN Status Agent (Prometheus Wake-On-LAN Status Agent) - Novell Inc. - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\WolSerNT.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Novell ZfD Remote Management (Remote Management Agent) - Novell Inc. - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Senteo™ Hardware - SMART Technologies Inc. - C:\Program Files\SMART Technologies Inc\Senteo\SenteoHardwareService.exe
O23 - Service: Senteo™ Software - SMART Technologies Inc. - C:\Program Files\SMART Technologies Inc\Senteo\SenteoSoftwareService.exe
O23 - Service: SMART Board Service - SMART Technologies - C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
O23 - Service: SMART SNMP Agent Service - SMART Technologies ULC - C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe
O23 - Service: SMART Web Server - Unknown owner - C:\Program Files\SMART Technologies\SMART Board Drivers\WebServer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, INC. - C:\Program Files\Novell\ZENworks\wm.exe

--
End of file - 12948 bytes
Blade81
2009-08-21, 06:58
Hi,

Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.


Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab and then scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log in your reply.
ashleyb1430
2009-08-25, 00:56
DDS.txt


DDS (Ver_09-07-30.01) - FAT32x86
Run by admin at 19:02:36.93 on Mon 08/24/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.400 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C:\WINDOWS\system32\ASTSRV.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
SVCHOST.EXE
C:\Program Files\Ezurio\Bluetooth Software\bin\btwdins.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\WolSerNT.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\Program Files\SMART Technologies\SMART Response\ResponseHardwareService.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Novell\ZENworks\wm.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\GTCO CalComp InterWrite\IWStarter.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Novell\ZENworks\NALWIN32.EXE
C:\Program Files\Novell\ZENworks\naldesk.exe
C:\Program Files\DataStudio\PASPortal.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe
C:\Program Files\SMART Technologies\SMART Response\DesktopMenu.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\Aware.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\Marker.exe
C:\Program Files\SMART Technologies\SMART Response\ResponseSoftwareService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\dds.scr

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = hxxp://desktop.google.com/uninstall-feedback.html?hl=en
uInternet Settings,ProxyServer = proxy.scsnc.org:80
uInternet Settings,ProxyOverride = db.scsnc.org;www.scsnc.org
mWinlogon: System=ziswin.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Advanced Virus Remover] c:\program files\advancedvirusremover\PAVRM.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [NWTRAY] NWTRAY.EXE
mRun: [ZENRC Tray Icon] c:\windows\system32\zentray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [<NO NAME>]
mRun: [InterWrite Device Manager] "c:\program files\gtco calcomp interwrite\IWStarter.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\applic~1.lnk - c:\program files\novell\zenworks\NALWIN32.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\paspor~1.lnk - c:\windows\installer\{4c746a51-b2c1-4efc-95dc-82b7cfbd6b36}\NewShortcut1.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\ezurio\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\smartb~1.lnk - c:\program files\smart technologies\smart board drivers\SMARTBoardTools.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\deskto~1.lnk - c:\program files\smart technologies\smart response\DesktopMenu.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
mPolicies-system: CompatibleRUPSecurity = 1 (0x1)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\ezurio\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {C1994287-422F-47aa-8E5E-6323E210A125} - {4B5F7606-8666-4D5A-9780-DB92A9D8812B} - c:\program files\novell\zenworks\AxNalServer.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Filter: text/html - {4fc7782c-41bb-4520-af4a-9ce15aebe0e3} -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\kbdnec32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {b4870b70-f390-11d2-9fb9-f4ed725ea20d} - c:\program files\novell\zenworks\NalExpEx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 nwv1_0

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\t3vy93nd.default\
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R?2 Remote Management Agent;Novell ZfD Remote Management;c:\program files\novell\zenworks\remotemanagement\rmagent\ZenRem32.exe [2003-10-22 135168]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-14 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-8-14 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-14 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-8-14 297752]
R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [2003-3-18 4768]
R2 Kblock;Kblock;c:\windows\system32\drivers\kblock.sys [2003-3-18 4043]
R2 Mouslock;Mouslock;c:\windows\system32\drivers\mouslock.sys [2003-3-18 4080]
R2 Prometheus Wake-On-LAN Status Agent;Novell ZfD Wake on LAN Status Agent;c:\program files\novell\zenworks\remotemanagement\rmagent\WolSerNT.exe [2003-3-18 49152]
R2 Response Hardware;Response Hardware;c:\program files\smart technologies\smart response\ResponseHardwareService.exe [2009-4-22 30504]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-7-28 24652]
R3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [2003-3-18 2773]
R3 nscmnt;Novell Local Security Context Manager;c:\windows\system32\drivers\novell\nscmnt.sys [2004-3-3 25616]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]
S2 gupdate1c9d82f47b696ce;Google Update Service (gupdate1c9d82f47b696ce);c:\program files\google\update\GoogleUpdate.exe [2009-5-18 133104]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\smart technologies\smart board drivers\SMARTSNMPAgent.exe [2009-4-15 1048576]
S3 SMART Web Server;SMART Web Server;c:\program files\smart technologies\smart board drivers\WebServer.exe [2009-4-15 1236992]
S3 WinDriver;WinDriver Kernel Module;c:\windows\system32\drivers\windrvr.sys [2008-2-13 215640]
S3 xauthnt;Novell XTier Authentication Service;c:\windows\system32\drivers\novell\xauthnt.sys [2004-3-24 11640]

=============== Created Last 30 ================

2009-08-24 18:58 359,932 a------- c:\program files\dds.scr
2009-08-24 18:55 359,932 a------- c:\program files\dds.pif
2009-08-21 13:46 <DIR> --d----- C:\ADOBEPATH
2009-08-20 06:33 <DIR> --d----- C:\5d110ae56e06794d95f6efa423ee
2009-08-18 22:32 0 a------- C:\settings.dat
2009-08-18 16:31 <DIR> --d----- c:\program files\Trend Micro
2009-08-17 00:28 8,050,536 a------- c:\program files\Firefox Setup 3.5.2.exe
2009-08-16 21:49 3,209 a------- c:\windows\wininit.ini
2009-08-16 21:25 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-08-16 21:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-08-16 21:23 16,409,960 a------- c:\program files\spybotsd162.exe
2009-08-14 18:11 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-08-14 18:00 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-14 18:00 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-08-14 18:00 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-14 17:59 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-08-14 17:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-08-14 17:59 <DIR> --d----- c:\program files\AVG
2009-08-14 17:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-08-14 17:56 <DIR> --d----- c:\docume~1\admin\applic~1\AVG8
2009-08-14 17:55 848,712 a------- c:\program files\avg_free_stb_all_8_32_cnet.exe
2009-08-13 17:23 6,881,824 a------- c:\program files\SUPERAntiSpyware.exe
2009-08-13 03:01 <DIR> --d----- c:\windows\ServicePackFiles
2009-08-13 02:38 1,871,872 -------- c:\windows\system32\dllcache\mstscax.dll
2009-08-13 02:38 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx
2009-08-12 14:43 7,552 a------- c:\windows\system32\drivers\SONYPVU1.SYS
2009-08-12 14:43 7,552 a------- c:\windows\system32\dllcache\sonypvu1.sys
2009-08-08 12:08 1,089,601 -------- c:\windows\system32\dllcache\ntprint.cat
2009-08-07 12:01 <DIR> --d----- C:\fc2ed0cabf4c498f2a9031cc72
2009-08-05 05:11 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll

==================== Find3M ====================

2009-08-16 13:26 3,942,048 a------- c:\program files\mbam-setup.exe
2009-08-05 05:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 09:19 5,937,152 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-18 19:42 714,136 a------- c:\program files\JavaSetup6u14.exe
2009-07-17 14:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 14:55 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 10,841,088 -------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208 -------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-10 09:42 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-07-03 13:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-03 13:09 1,208,832 -------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 13:09 915,456 -------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 13:09 206,848 -------- c:\windows\system32\dllcache\occache.dll
2009-07-03 13:09 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 13:09 594,432 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 13:09 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 13:09 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 13:09 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 13:09 184,320 -------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 13:09 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 13:09 386,048 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 07:01 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-25 04:17 729,600 a------- c:\windows\system32\lsasrv.dll
2009-06-25 04:17 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 04:17 168,448 a------- c:\windows\system32\schannel.dll
2009-06-25 04:17 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 04:17 59,392 a------- c:\windows\system32\wdigest.dll
2009-06-25 04:17 56,320 a------- c:\windows\system32\secur32.dll
2009-06-25 04:17 729,600 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 04:17 301,568 -------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 04:17 168,448 -------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 04:17 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 04:17 59,392 -------- c:\windows\system32\dllcache\wdigest.dll
2009-06-25 04:17 56,320 -------- c:\windows\system32\dllcache\secur32.dll
2009-06-23 15:10 527,360 a------- c:\program files\IE_Alert.msi
2009-06-23 14:10 1,606,064 a------- c:\program files\googletalk-setup.exe
2009-06-22 07:49 117,248 a------- c:\windows\system32\mqtgsvc.exe
2009-06-22 07:49 19,968 a------- c:\windows\system32\mqbkup.exe
2009-06-22 07:49 117,248 -------- c:\windows\system32\dllcache\mqtgsvc.exe
2009-06-22 07:49 19,968 -------- c:\windows\system32\dllcache\mqbkup.exe
2009-06-22 07:49 4,608 a------- c:\windows\system32\mqsvc.exe
2009-06-22 07:49 4,608 -------- c:\windows\system32\dllcache\mqsvc.exe
2009-06-22 07:48 91,776 -------- c:\windows\system32\dllcache\mqac.sys
2009-06-22 07:35 92,544 -------- c:\windows\system32\dllcache\ksecdd.sys
2009-06-16 10:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-16 10:55 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 10:55 82,432 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-12 07:50 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 07:50 76,288 a------- c:\windows\system32\telnet.exe
2009-06-12 07:50 80,896 -------- c:\windows\system32\dllcache\tlntsess.exe
2009-06-12 07:50 76,288 -------- c:\windows\system32\dllcache\telnet.exe
2009-06-10 10:21 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 10:21 84,992 -------- c:\windows\system32\dllcache\avifil32.dll
2009-06-10 02:32 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-10 02:32 132,096 -------- c:\windows\system32\dllcache\wkssvc.dll
2009-06-09 11:06 1,871,872 a------- c:\windows\system32\mstscax.dll
2009-06-03 15:27 1,290,752 a------- c:\windows\system32\quartz.dll
2009-06-03 15:27 1,290,752 -------- c:\windows\system32\dllcache\quartz.dll
2008-10-24 12:47 19,153,264 a------- c:\program files\aaw2008.exe
2008-09-29 20:59 7,508,608 a------- c:\program files\Firefox Setup 3.0.3.exe
2008-08-08 16:52 1,018,584 a------- c:\program files\Google_Updater.exe
2008-08-05 09:20 63,530,280 a------- c:\program files\iTunesSetup.exe
2008-07-29 14:21 34,130,184 a------- c:\program files\GoogleSketchUpWEN.exe
2008-07-28 10:46 14,287,528 a------- c:\program files\Install_AIM.exe
2008-06-15 22:02 2,400,784 a------- c:\program files\WLinstaller.exe
2007-09-18 15:41 32,600,454 a------- c:\program files\IM3_HDDcam.exe
2007-08-11 21:56 1,488,011 a------- c:\program files\FLVPlayer.exe
2007-05-21 20:52 20,006,472 a------- c:\program files\QuickTimeInstaller.exe

============= FINISH: 19:04:03.21 ===============

[B]Attach.txt

]\'
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 9/7/2006 11:09:22 AM
System Uptime: 8/24/2009 6:14:57 PM (1 hours ago)

Motherboard: Dell Inc. | | 0NF743
Processor: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz | Microprocessor | 1662/166mhz
Processor: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz | Microprocessor | 1662/166mhz

==== Disk Partitions =========================

C: is FIXED (FAT32) - 37 GiB total, 19.854 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Microsoft Kernel Acoustic Echo Canceller
Device ID: SW\{4245FF73-1DB4-11D2-86E4-98AE20524153}\{9B365890-165F-11D0-A195-0020AFD156E4}
Manufacturer: Microsoft
Name: Microsoft Kernel Acoustic Echo Canceller
PNP Device ID: SW\{4245FF73-1DB4-11D2-86E4-98AE20524153}\{9B365890-165F-11D0-A195-0020AFD156E4}
Service: aec

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: WinDriver Virtual device
Device ID: ROOT\WINDRIVER\0000
Manufacturer: Jungo Ltd
Name: WinDriver Virtual device
PNP Device ID: ROOT\WINDRIVER\0000
Service: WinDriver

==== System Restore Points ===================

RP369: 8/8/2009 7:12:53 PM - System Checkpoint
RP370: 8/8/2009 7:12:53 PM - Software Distribution Service 3.0
RP371: 8/8/2009 7:12:54 PM - System Checkpoint
RP372: 8/8/2009 7:12:54 PM - Software Distribution Service 3.0
RP373: 8/8/2009 7:12:55 PM - System Checkpoint
RP374: 8/8/2009 7:12:55 PM - System Checkpoint
RP375: 8/8/2009 7:12:55 PM - Installed Windows XP WgaNotify.
RP376: 8/8/2009 7:12:56 PM - System Checkpoint
RP377: 8/8/2009 7:12:56 PM - System Checkpoint
RP378: 8/8/2009 7:12:56 PM - System Checkpoint
RP379: 8/8/2009 7:12:56 PM - System Checkpoint
RP380: 8/8/2009 7:12:56 PM - System Checkpoint
RP381: 8/8/2009 7:12:56 PM - System Checkpoint
RP382: 8/8/2009 7:12:56 PM - System Checkpoint
RP383: 8/8/2009 7:12:57 PM - System Checkpoint
RP384: 8/8/2009 7:12:57 PM - System Checkpoint
RP385: 8/8/2009 7:12:57 PM - System Checkpoint
RP386: 8/8/2009 7:12:57 PM - System Checkpoint
RP387: 8/8/2009 7:12:57 PM - Software Distribution Service 3.0
RP388: 8/8/2009 7:12:57 PM - Installed Steepandcheap IE Alert
RP389: 8/8/2009 7:12:57 PM - Software Distribution Service 3.0
RP390: 8/8/2009 7:12:58 PM - Installed EXP Viewer 6.0.
RP391: 8/8/2009 7:12:58 PM - Installed Java(TM) 6 Update 12
RP392: 8/8/2009 7:12:58 PM - System Checkpoint
RP393: 8/8/2009 7:12:58 PM - System Checkpoint
RP394: 8/8/2009 7:12:58 PM - System Checkpoint
RP395: 8/8/2009 7:13:01 PM - System Checkpoint
RP396: 8/8/2009 7:13:01 PM - System Checkpoint
RP397: 8/8/2009 7:13:03 PM - System Checkpoint
RP398: 8/8/2009 7:13:04 PM - Software Distribution Service 3.0
RP399: 8/8/2009 7:13:48 PM - System Checkpoint
RP400: 8/8/2009 7:13:49 PM - Installed Java(TM) 6 Update 14
RP401: 8/8/2009 7:13:49 PM - System Checkpoint
RP402: 8/8/2009 7:13:49 PM - System Checkpoint
RP403: 8/8/2009 7:13:49 PM - System Checkpoint
RP404: 8/8/2009 7:13:50 PM - Software Distribution Service 3.0
RP405: 8/8/2009 7:13:50 PM - System Checkpoint
RP406: 8/8/2009 7:13:52 PM - Removed Steepandcheap IE Alert
RP407: 8/8/2009 7:13:53 PM - System Checkpoint
RP408: 8/8/2009 7:13:53 PM - System Checkpoint
RP409: 8/8/2009 7:13:54 PM - Software Distribution Service 3.0
RP410: 8/8/2009 7:13:54 PM - Printer Driver Microsoft XPS Document Writer Installed
RP411: 8/8/2009 7:13:54 PM - System Checkpoint
RP412: 8/11/2009 6:25:06 PM - Software Distribution Service 3.0
RP413: 8/24/2009 3:35:03 PM - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8
Adobe Shockwave Player
ALPS Touch Pad Driver
Apple Software Update
ArcSoft PhotoStudio 5.5
AVG Free 8.5
Broadcom Management Programs
Brother HL-5250DN
Canon CanoScan 4400F User Registration
Canon CanoScan Toolbox 5.0
CanoScan 4400F
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
DataStudio
Digital Line Detect
ERUNT 1.1j
EXP Viewer 6.0
Ezurio Bluetooth Software (GTCO CalComp)
Glencoe PuzzleMaker 2.0
Google Earth
Google Update Helper
Google Updater
Google Video Player
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HyperStudio® 4.5
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
Interactive Chalkboard (Mathematics Applications and Concepts, Course 2)
InterWrite
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 14
LessonView
Macromedia Fireworks 8
Malwarebytes' Anti-Malware
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Converter Pack
Microsoft Office Professional Edition 2003
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
mIWA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (3.5.2)
mPfMgr
mPfWiz
mProSafe
MSN
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
mWlsSafe
mWMI
mXML
mZConfig
NetWaiting
NICI (Shared) U.S./Worldwide (128 bit) (2.6.4-7)
Notebook Software
Novell Client for Windows
PH Teaching MG with TI Technology
PowerDVD 5.7
Presto! PageManager 7.15.14
QuickSet
QuickTime
ScanSoft OmniPage SE 4.0
Search Assist
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
See II
SMART Board Drivers
SMART Essentials for Educators
SMART Product Update
SMART Response
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
TeacherEXPRESS: Grade 7 Connected Mathematics 2
TeacherEXPRESS: Grade 8 Connected Mathematics 2
TI-SmartView™
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
URL Assistant
Viewpoint Media Player
WebFldrs XP
Windows Driver Package - PASCO Scientific (PASCO) USB 01/17/2004 1.9.0.0
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
XML Paper Specification Shared Components Pack 1.0
ZENworks for Desktops Management Agent

==== Event Viewer Messages From Past Week ========

8/24/2009 3:21:00 PM, error: NetBT [4321] - The name "EC-86VWPB1 :20" could not be registered on the Interface with IP address 10.1.100.115. The machine with the IP address 10.1.100.115 did not allow the name to be claimed by this machine.
8/24/2009 3:21:00 PM, error: NetBT [4321] - The name "EC-86VWPB1 :0" could not be registered on the Interface with IP address 10.1.100.115. The machine with the IP address 10.1.100.115 did not allow the name to be claimed by this machine.
8/24/2009 3:20:04 PM, error: NetBT [4321] - The name "EC-86VWPB1 :20" could not be registered on the Interface with IP address 10.4.1.86. The machine with the IP address 10.4.1.10 did not allow the name to be claimed by this machine.
8/24/2009 3:20:04 PM, error: NetBT [4321] - The name "EC-86VWPB1 :0" could not be registered on the Interface with IP address 10.4.1.86. The machine with the IP address 10.4.1.10 did not allow the name to be claimed by this machine.
8/24/2009 3:19:56 PM, error: Server [2505] - The server could not bind to the transport \Device\NwlnkNb because another computer on the network has the same name. The server could not start.
8/24/2009 3:19:56 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{07983620-69A0-4D75-9FF7-E487514B0B9E} because another computer on the network has the same name. The server could not start.
8/21/2009 1:36:44 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{0FC11D06-CA2E-4D26-8776-9910AEBA827C} because another computer on the network has the same name. The server could not start.
8/18/2009 4:28:29 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
8/18/2009 4:23:30 PM, error: Service Control Manager [7000] - The Bluetooth Device (RFCOMM Protocol TDI) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/18/2009 10:30:34 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Windows XP Service Pack 3 (KB936929).
8/18/2009 10:21:45 PM, error: Service Control Manager [7034] - The Workstation Manager service terminated unexpectedly. It has done this 1 time(s).
8/18/2009 10:21:45 PM, error: Service Control Manager [7034] - The Viewpoint Manager Service service terminated unexpectedly. It has done this 1 time(s).
8/18/2009 10:21:45 PM, error: Service Control Manager [7034] - The SMART Board Service service terminated unexpectedly. It has done this 1 time(s).
8/18/2009 10:21:45 PM, error: Service Control Manager [7034] - The Senteo™ Hardware service terminated unexpectedly. It has done this 1 time(s).
8/18/2009 10:21:44 PM, error: Service Control Manager [7034] - The Senteo™ Software service terminated unexpectedly. It has done this 1 time(s).
8/18/2009 10:21:44 PM, error: Service Control Manager [7034] - The Novell ZfD Wake on LAN Status Agent service terminated unexpectedly. It has done this 1 time(s).
8/18/2009 10:21:44 PM, error: Service Control Manager [7034] - The Novell ZfD Remote Management service terminated unexpectedly. It has done this 1 time(s).
8/18/2009 10:21:44 PM, error: Service Control Manager [7034] - The Novell Application Launcher service terminated unexpectedly. It has done this 1 time(s).
8/18/2009 10:21:44 PM, error: Service Control Manager [7034] - The NICCONFIGSVC service terminated unexpectedly. It has done this 1 time(s).
8/18/2009 10:21:44 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
8/18/2009 10:21:44 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
8/18/2009 10:21:44 PM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless SSO Service service terminated unexpectedly. It has done this 1 time(s).
8/18/2009 10:21:44 PM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s).
8/18/2009 10:21:44 PM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
8/18/2009 10:21:44 PM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
8/18/2009 10:21:44 PM, error: Service Control Manager [7034] - The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s).
8/18/2009 10:21:44 PM, error: Service Control Manager [7034] - The AST Service service terminated unexpectedly. It has done this 1 time(s).
8/18/2009 10:21:44 PM, error: Service Control Manager [7031] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
8/17/2009 7:35:06 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.

==== End Of File ===========================

GMER

GMER 1.0.15.15077 [ylpj08me.exe] - http://www.gmer.net
Rootkit scan 2009-08-24 19:11:07
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

Code 871B9260 ZwEnumerateKey
Code 871B87F0 ZwFlushInstructionCache
Code 871BC1B6 IofCallDriver
Code 871BE3BE IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EF1A0 5 Bytes JMP 871BC1BB
.text ntkrnlpa.exe!IofCompleteRequest 804EF230 5 Bytes JMP 871BE3C3
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B5642 5 Bytes JMP 871B87F4
PAGE ntkrnlpa.exe!ZwEnumerateKey 80622DE0 5 Bytes JMP 871B9264
? nwfilter.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Dell\QuickSet\quickset.exe[328] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00D2000A
.text C:\WINDOWS\system32\notepad.exe[360] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 008D000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[436] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0097000A
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[444] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 08A4000A
.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe[572] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 007C000A
.text ...
.text C:\Program Files\Internet Explorer\iexplore.exe[4728] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 3E2543F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4728] USER32.dll!CallNextHookEx 7E41F85B 5 Bytes JMP 3E2DCB69 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4728] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2ED3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4728] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E2151FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4728] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 3E2E9521 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4728] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E3E3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4728] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E3E3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4728] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E3E3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4728] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E3E3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4728] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E3E3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4728] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E3E3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4728] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E3E3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4728] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 3E2ED408 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4728] ole32.dll!OleLoadFromStream 7752A257 5 Bytes JMP 3E3E3F78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6024] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2ED3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6024] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E2151FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6024] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E3E3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6024] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E3E3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6024] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E3E3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6024] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E3E3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6024] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E3E3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6024] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E3E3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6024] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E3E3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[4728] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Kblock.SYS (Keyboard Locking driver/Novell Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 Kblock.SYS (Keyboard Locking driver/Novell Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\SKYNETejskdlwf.sys
File C:\WINDOWS\system32\SKYNETkjgfygmj.dat
File C:\WINDOWS\system32\SKYNETvkftkywn.dll
File C:\WINDOWS\system32\SKYNETlmhxehyi.dat
File C:\WINDOWS\system32\SKYNETdqgrrpai.dll

---- EOF - GMER 1.0.15 ----
Blade81
2009-08-25, 06:56
Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
ashleyb1430
2009-08-27, 04:00
ComboFix 09-08-26.05 - admin 08/26/2009 22:01.1.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.613 [GMT -4:00]
Running from: c:\program files\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\admin\Application Data\0200000043566b3e499C.manifest
c:\documents and settings\admin\Application Data\0200000043566b3e499O.manifest
c:\documents and settings\admin\Application Data\0200000043566b3e499P.manifest
c:\documents and settings\admin\Application Data\0200000043566b3e499S.manifest
c:\documents and settings\admin\Application Data\0200000043566b3e502C.manifest
c:\documents and settings\admin\Application Data\0200000043566b3e502O.manifest
c:\documents and settings\admin\Application Data\0200000043566b3e502P.manifest
c:\documents and settings\admin\Application Data\0200000043566b3e502S.manifest
c:\documents and settings\admin\Application Data\0200000043566b3eC.manifest
c:\documents and settings\admin\Application Data\0200000043566b3eO.manifest
c:\documents and settings\admin\Application Data\0200000043566b3eP.manifest
c:\documents and settings\admin\Application Data\0200000043566b3eS.manifest
c:\program files\dds.pif
c:\windows\system32\drivers\SKYNETejskdlwf.sys
c:\windows\system32\SKYNETdqgrrpai.dll
c:\windows\system32\SKYNETkjgfygmj.dat
c:\windows\system32\SKYNETlmhxehyi.dat
c:\windows\system32\SKYNETvkftkywn.dll
C:\xcrashdump.dat

Infected copy of c:\windows\system32\drivers\aec.sys was found and disinfected
Restored copy from - c:\windows\system32\dllcache\aec.sys

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\i386\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETnbebwuyd
-------\Legacy_SKYNETnbebwuyd
-------\Service_WinDriver


((((((((((((((((((((((((( Files Created from 2009-07-27 to 2009-08-27 )))))))))))))))))))))))))))))))
.

2009-08-27 02:06 . 2004-08-04 09:00 50176 ----a-w- c:\windows\system32\proquota.exe
2009-08-27 02:00 . 2009-08-27 02:00 -------- d-sh--w- C:\FOUND.014
2009-08-27 01:48 . 2009-08-27 01:48 3185678 ----a-r- c:\program files\ComboFix.exe
2009-08-24 23:03 . 2009-08-24 23:03 288768 ----a-w- c:\program files\ylpj08me.exe
2009-08-24 22:58 . 2009-08-24 22:58 359932 ----a-w- c:\program files\dds.scr
2009-08-21 17:46 . 2009-08-21 17:46 -------- d-----w- C:\ADOBEPATH
2009-08-20 10:33 . 2009-08-20 10:33 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-08-20 10:33 . 2009-08-20 10:33 -------- d-----w- C:\5d110ae56e06794d95f6efa423ee
2009-08-19 02:32 . 2009-08-19 02:32 0 ----a-w- C:\settings.dat
2009-08-18 20:31 . 2009-08-18 20:31 -------- d-----w- c:\program files\Trend Micro
2009-08-18 20:27 . 2009-08-18 20:27 -------- d-----w- c:\program files\ERUNT
2009-08-17 04:28 . 2009-08-17 04:28 8050536 ----a-w- c:\program files\Firefox Setup 3.5.2.exe
2009-08-17 01:25 . 2009-08-17 01:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-17 01:25 . 2009-08-17 01:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-17 01:23 . 2009-08-17 01:23 16409960 ----a-w- c:\program files\spybotsd162.exe
2009-08-16 01:33 . 2009-08-16 01:34 3942047 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-15 15:37 . 2009-07-24 13:55 1090816 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-08-14 22:11 . 2009-08-14 22:11 -------- d--h--w- C:\$AVG8.VAULT$
2009-08-14 22:00 . 2009-08-14 22:00 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-14 22:00 . 2009-08-14 22:00 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-08-14 22:00 . 2009-08-14 22:00 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-14 22:00 . 2009-08-14 22:00 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-14 21:59 . 2009-08-14 21:59 -------- d-----w- c:\windows\system32\drivers\Avg
2009-08-14 21:59 . 2009-08-14 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-08-14 21:59 . 2009-08-14 21:59 -------- d-----w- c:\program files\AVG
2009-08-14 21:59 . 2009-08-14 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-14 21:56 . 2009-08-14 21:56 -------- d-----w- c:\documents and settings\admin\Application Data\AVG8
2009-08-14 21:55 . 2009-08-14 21:55 848712 ----a-w- c:\program files\avg_free_stb_all_8_32_cnet.exe
2009-08-13 21:25 . 2009-08-27 02:09 117760 ----a-w- c:\documents and settings\admin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-13 21:23 . 2009-08-13 21:23 6881824 ----a-w- c:\program files\SUPERAntiSpyware.exe
2009-08-13 07:01 . 2009-08-13 07:01 -------- d-----w- c:\windows\ServicePackFiles
2009-08-13 06:38 . 2009-06-09 15:06 1871872 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-08-12 18:43 . 2001-08-17 17:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2009-08-12 18:43 . 2001-08-17 17:56 7552 ----a-w- c:\windows\system32\dllcache\sonypvu1.sys
2009-08-12 03:20 . 2009-08-12 03:20 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-07 16:01 . 2009-08-07 16:01 -------- d-----w- C:\fc2ed0cabf4c498f2a9031cc72
2009-08-05 09:11 . 2009-08-05 09:11 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-27 01:57 . 2009-01-28 15:54 12 ----a-w- c:\windows\bthservsdp.dat
2009-08-16 17:26 . 2008-12-11 14:54 3942048 ----a-w- c:\program files\mbam-setup.exe
2009-08-13 19:10 . 2006-09-07 15:42 82688 ----a-w- c:\documents and settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-05 09:11 . 2004-08-11 21:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 17:36 . 2008-12-11 14:55 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 17:36 . 2008-12-11 14:55 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-21 21:27 . 2009-07-21 21:27 -------- d-----w- c:\program files\Shared
2009-07-18 23:42 . 2009-07-18 23:42 152576 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-18 23:42 . 2009-07-18 23:42 714136 ----a-w- c:\program files\JavaSetup6u14.exe
2009-07-17 18:55 . 2004-08-11 21:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-15 16:01 . 2009-07-15 16:01 -------- d-----r- c:\documents and settings\admin\Application Data\Brother
2009-07-15 16:00 . 2009-07-15 16:00 -------- d-----w- c:\program files\Brownie
2009-07-15 16:00 . 2009-07-15 16:00 34 ----a-w- c:\windows\system32\BD5250DN.DAT
2009-07-15 15:59 . 2009-07-15 15:59 -------- d-----w- c:\program files\Brother
2009-07-14 03:43 . 2004-08-11 21:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-11 21:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 18:36 . 2004-08-11 21:00 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2004-08-11 21:00 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2004-08-11 21:00 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2004-08-11 21:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2004-08-11 21:00 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2004-08-11 21:00 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2004-08-11 21:00 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2004-08-11 21:00 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2004-08-11 21:00 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2004-08-11 21:00 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36 . 2004-08-11 21:00 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 18:36 . 2004-08-11 21:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 13:13 . 2009-06-25 13:13 152576 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
2009-06-25 08:17 . 2004-08-11 21:00 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:17 . 2004-08-11 21:00 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:17 . 2004-08-11 21:00 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:17 . 2004-08-11 21:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:17 . 2004-08-11 21:00 729600 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:17 . 2004-08-11 21:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 13:34 . 2009-06-24 13:34 49152 ----a-r- c:\documents and settings\admin\Application Data\Microsoft\Installer\{80B6EB72-3C0C-47BF-B337-2D46988A58C5}\NewShortcut1_6ED1FDED297C486F967A54C235330ACD.exe
2009-06-24 13:34 . 2009-06-24 13:34 49152 ----a-r- c:\documents and settings\admin\Application Data\Microsoft\Installer\{80B6EB72-3C0C-47BF-B337-2D46988A58C5}\ARPPRODUCTICON.exe
2009-06-23 19:10 . 2009-06-23 19:10 527360 ----a-w- c:\program files\IE_Alert.msi
2009-06-23 18:10 . 2008-07-29 17:58 1606064 ----a-w- c:\program files\googletalk-setup.exe
2009-06-22 11:49 . 2004-08-11 21:00 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2004-08-11 21:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2004-08-11 21:00 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2004-08-11 21:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-22 11:35 . 2004-08-11 21:00 92544 ------w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:55 . 2004-08-11 21:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2004-08-11 21:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 11:50 . 2004-08-11 21:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 11:50 . 2004-08-11 21:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:21 . 2004-08-11 21:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:32 . 2004-08-11 21:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-09 15:06 . 2004-08-11 22:11 1871872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 19:27 . 2004-08-11 21:00 1290752 ----a-w- c:\windows\system32\quartz.dll
2008-10-24 16:47 . 2008-10-24 16:47 19153264 ----a-w- c:\program files\aaw2008.exe
2008-09-30 00:59 . 2008-09-30 00:59 7508608 ----a-w- c:\program files\Firefox Setup 3.0.3.exe
2008-08-08 20:52 . 2008-08-08 20:51 1018584 ----a-w- c:\program files\Google_Updater.exe
2008-08-05 13:20 . 2008-08-05 13:20 63530280 ----a-w- c:\program files\iTunesSetup.exe
2008-07-29 18:21 . 2008-07-29 18:21 34130184 ----a-w- c:\program files\GoogleSketchUpWEN.exe
2008-07-28 14:46 . 2008-07-28 14:46 14287528 ----a-w- c:\program files\Install_AIM.exe
2008-06-16 02:02 . 2008-06-16 02:02 2400784 ----a-w- c:\program files\WLinstaller.exe
2007-09-18 19:41 . 2007-09-18 19:41 32600454 ----a-w- c:\program files\IM3_HDDcam.exe
2007-08-12 01:56 . 2007-08-12 01:56 1488011 ----a-w- c:\program files\FLVPlayer.exe
2007-05-22 00:52 . 2007-05-22 00:52 20006472 ----a-w- c:\program files\QuickTimeInstaller.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 13:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-05 1830128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"ZENRC Tray Icon"="c:\windows\system32\zentray.exe" [2003-03-18 40960]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-05-22 282624]
"InterWrite Device Manager"="c:\program files\GTCO CalComp InterWrite\IWStarter.exe" [2006-11-01 1028096]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-14 2007832]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]
"NWTRAY"="NWTRAY.EXE" - c:\windows\system32\nwtray.exe [2002-03-12 28672]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592]

c:\documents and settings\admin\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-31 24576]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Application Window.lnk - c:\program files\Novell\ZENworks\NALWIN32.EXE [2004-8-13 73728]
PASPortal.lnk - c:\windows\Installer\{4C746A51-B2C1-4EFC-95DC-82B7CFBD6B36}\NewShortcut1.exe [2008-3-31 40960]
BTTray.lnk - c:\program files\Ezurio\Bluetooth Software\BTTray.exe [2003-11-17 503869]
SMART Board Tools.lnk - c:\program files\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe [2009-4-8 9723904]
Desktop Menu.lnk - c:\program files\SMART Technologies\SMART Response\DesktopMenu.exe [2009-4-22 922920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{B4870B70-F390-11d2-9FB9-F4ED725EA20D}"= "c:\program files\Novell\ZENworks\NalExpEx.dll" [2003-05-06 131072]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-14 22:00 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/14/2009 6:00 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/14/2009 6:00 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/14/2009 5:59 PM 297752]
R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [3/18/2003 6:26 PM 4768]
R2 Kblock;Kblock;c:\windows\system32\drivers\kblock.sys [3/18/2003 3:16 PM 4043]
R2 Mouslock;Mouslock;c:\windows\system32\drivers\mouslock.sys [3/18/2003 3:16 PM 4080]
R2 Prometheus Wake-On-LAN Status Agent;Novell ZfD Wake on LAN Status Agent;c:\program files\Novell\ZENworks\RemoteManagement\RMAgent\WolSerNT.exe [3/18/2003 2:40 PM 49152]
R2 Remote Management Agent;Novell ZfD Remote Management;c:\program files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [10/22/2003 3:55 PM 135168]
R2 Response Hardware;Response Hardware;c:\program files\SMART Technologies\SMART Response\ResponseHardwareService.exe [4/22/2009 4:26 PM 30504]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/28/2008 10:47 AM 24652]
R3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [3/18/2003 3:14 PM 2773]
R3 nscmnt;Novell Local Security Context Manager;c:\windows\system32\drivers\Novell\nscmnt.sys [3/3/2004 12:51 PM 25616]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]
S2 gupdate1c9d82f47b696ce;Google Update Service (gupdate1c9d82f47b696ce);c:\program files\Google\Update\GoogleUpdate.exe [5/18/2009 11:09 PM 133104]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe [4/15/2009 4:30 PM 1048576]
S3 SMART Web Server;SMART Web Server;c:\program files\SMART Technologies\SMART Board Drivers\WebServer.exe [4/15/2009 4:27 PM 1236992]
S3 xauthnt;Novell XTier Authentication Service;c:\windows\system32\drivers\Novell\xauthnt.sys [3/24/2004 11:01 AM 11640]
.
Contents of the 'Scheduled Tasks' folder

2009-08-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 19:42]

2009-08-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-08 12:23]

2009-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-19 03:09]

2009-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-19 03:09]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
SafeBoot-aawservice


.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://desktop.google.com/uninstall-feedback.html?hl=en
uInternet Settings,ProxyServer = proxy.scsnc.org:80
uInternet Settings,ProxyOverride = db.scsnc.org;www.scsnc.org
FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\t3vy93nd.default\
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-26 22:08
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(852)
c:\program files\Novell\ZENworks\ZENPOL32.DLL
c:\program files\Novell\ZENworks\ZenLite.dll
c:\windows\system32\xmlparse.dll
c:\program files\Novell\ZENworks\ZENNW32.DLL
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'Explorer.exe'(1960)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\INTEL\WIRELESS\BIN\EVTENG.EXE
c:\program files\INTEL\WIRELESS\BIN\S24EVMON.EXE
c:\program files\INTEL\WIRELESS\BIN\WLKEEPER.EXE
c:\windows\SYSTEM32\ASTSRV.EXE
c:\program files\AVG\AVG8\AVGWDSVC.EXE
c:\program files\EZURIO\BLUETOOTH SOFTWARE\BIN\BTWDINS.EXE
c:\program files\JAVA\JRE6\BIN\JQS.EXE
c:\program files\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
c:\program files\NOVELL\ZENWORKS\NALNTSRV.EXE
c:\program files\DELL\QUICKSET\NICCONFIGSVC.EXE
c:\program files\INTEL\WIRELESS\BIN\REGSRVC.EXE
c:\program files\AVG\AVG8\AVGRSX.EXE
c:\program files\AVG\AVG8\AVGNSX.EXE
c:\program files\SMART TECHNOLOGIES\SMART BOARD DRIVERS\SMARTBOARDSERVICE.EXE
c:\program files\NOVELL\ZENWORKS\WM.EXE
c:\windows\system32\wscntfy.exe
c:\windows\SYSTEM32\IGFXSRVC.EXE
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
c:\program files\Novell\ZENworks\naldesk.exe
c:\program files\DataStudio\PASPortal.exe
c:\program files\SMART Technologies\SMART Board Drivers\Aware.exe
c:\program files\SMART Technologies\SMART Board Drivers\Marker.exe
c:\program files\SMART Technologies\SMART Response\ResponseSoftwareService.exe
c:\program files\NOVELL\ZENWORKS\WMRUNDLL.EXE
c:\windows\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2009-08-27 22:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-27 02:13

Pre-Run: 20,998,488,064 bytes free
Post-Run: 21,022,932,992 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
374 --- E O F --- 2009-08-26 20:51
Blade81
2009-08-27, 06:31
Hi,

To avoid problems, please move both ComboFix and DDS to your desktop.

Please post a fresh dds.txt log too.
tashi
2009-09-01, 23:00
ashleyb1430, this topic has been closed due to inactivity.

If it has been four days or more since your last post, and the helper assisting you posted a response to which you did not reply, your topic will not be re-opened. At that point, if you still require help, please start a new topic and include a new HijackThis log with a link to your previous thread.

Please do not add any logs that might have been requested previously, you would be starting fresh.

Applies only to the original poster, anyone else with similar problems please start your own topic.

Thank you Blade81.