Spybot doesn't remove win32.fraudload.edt. Please help!

**procter67** · 2009-11-30, 04:11

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:06:13 PM, on 11/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\JProcter\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Snippet] "C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" /i
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'Default user')
O4 - S-1-5-18 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedIn...derControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1189394558921
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1189394541046
O16 - DPF: {8E66A776-A350-4D69-8783-906DB0E6DF14} (Jaunt Class) - http://download.jaunt.com/public/jaunt.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: cru629.dat
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak AiO Device Service (KodakSvc) - SDSD - C:\Program Files\Kodak\printer\center\KodakSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 11099 bytes

**km2357** · 2009-12-01, 20:19

Hello and welcome to Safer Networking.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Step # 1 Download and run DDS

Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt
Save both reports to your desktop. Post them back to your topic.

Step # 2: Download and Run Gmer

Please download gmer.zip from Gmer and save it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

Click No.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.

Click the Scan button and let the program do its work. GMER will produce a log.
Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.

In your next post/reply, I need to see the following:

1. The two DDS Logs (DDS and Attach.txt)
2. The GMER Log

Use multiple posts if you can't fit everything into one post.

**procter67** · 2009-12-02, 05:40

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:06:13 PM, on 11/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\JProcter\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Snippet] "C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" /i
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'Default user')
O4 - S-1-5-18 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedIn...derControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1189394558921
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1189394541046
O16 - DPF: {8E66A776-A350-4D69-8783-906DB0E6DF14} (Jaunt Class) - http://download.jaunt.com/public/jaunt.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: cru629.dat
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak AiO Device Service (KodakSvc) - SDSD - C:\Program Files\Kodak\printer\center\KodakSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 11099 bytes
*******************************
DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/30/2006 8:13:18 PM
System Uptime: 12/1/2009 7:46:29 AM (15 hours ago)

Motherboard: Gateway | |
Processor: Intel(R) Pentium(R) M processor 1.73GHz | uFCPGA2 | 1729/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 68 GiB total, 51.039 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 4.568 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\1000D201E0B806
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\1000D201E0B806
Service: NIC1394

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

7200
7200_Help
7200Trb
Adobe Acrobat 7.0 Standard - English, Français, Deutsch
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Agilix GoBinder Lite
AiO_Scan
aiofw
aioocr
aioprnt
aioscnnr
AiOSoftware
Apple Mobile Device Support
Apple Software Update
AviSynth 2.5
Bonjour
BufferChm
center
Cisco Systems VPN Client 4.6.02.0011
Compatibility Pack for the 2007 Office system
Conexant AC-Link Audio
Copy
CP_AtenaShokunin1Config
cp_dwShrek2Albums1
cp_dwShrek2Cards1
CreativeProjects
CreativeProjectsTemplates
CueTour
Data Fax SoftModem with SmartCP
Destinations
Director
DocProc
DocumentViewer
DVD Decrypter (Remove Only)
ERUNT 1.1j
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSSONIC
ESSTOOLS
essvatgt
Fax
HDD TWAIN Driver Ver2
Help_CTR
helptut
helpug
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895953)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB927891)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB935843)
HP Image Zone 4.7
HP Product Assistant
HP PSC & OfficeJet 4.7
HP Software Update
HPSystemDiagnostics
InstantShare
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PROSet/Wireless Software
kgcbase
kgchday
kgcinvt
kgcvday
ksdip
LEGO® MINDSTORMS® NXT - English Language Pack
LEGO® MINDSTORMS® NXT Software v1.0
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech® Camera Driver
mCore
mDriver
mDrWiFi
mHelp
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft ActiveSync 4.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Education Pack for Windows XP Tablet PC Edition
Microsoft Energy Blue Theme Pack
Microsoft Experience Pack for Tablet PC
Microsoft Ink Desktop
Microsoft IntelliPoint 5.3
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Media Transfer
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Snipping Tool 2.0
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
mIWA
mIWCA
mLogView
mMHouse
Move Media Player
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
mWlsSafe
mXML
mZConfig
Napster Burn Engine
Nero BurnRights
Nero OEM
netbrdg
Notifier
OfotoXMI
PanoStandAlone
PDFCreator
PhotoGallery
PL-2303 USB-to-Serial
PowerDVD
ProductContext
QFolder
Readme
Recovery Software Suite Gateway
Scan
ScannerCopy
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
SFR
SHASTA
SKIN0001
SkinsHP1
SKINXSDK
Spybot - Search & Destroy
staticcr
Synaptics Pointing Device Driver
Tablet PC Tutorials for Microsoft Windows XP SP2
Texas Instruments PCIxx21/x515 drivers.
TIxx21
tooltips
TrayApp
Unload
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925876)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
VPRINTOL
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB894476
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884020
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WIRELESS

==== Event Viewer Messages From Past Week ========

12/1/2009 9:10:48 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0013CECA369B. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
11/28/2009 3:04:34 PM, error: NetBT [4321] - The name "MSHOME :1d" could not be registered on the Interface with IP address 192.168.0.2. The machine with the IP address 192.168.0.12 did not allow the name to be claimed by this machine.
11/28/2009 10:51:56 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{2FC616AF-3054-43F6-96DF-3D895E28177B} because another computer on the network has the same name. The server could not start.
11/27/2009 9:03:06 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
11/27/2009 11:44:07 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
11/27/2009 11:40:39 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/27/2009 11:31:34 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/27/2009 11:29:19 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/27/2009 11:24:57 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 Beep Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
11/27/2009 11:24:57 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
11/27/2009 11:24:57 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/27/2009 11:24:57 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/27/2009 11:24:57 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
11/27/2009 11:24:57 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/27/2009 11:24:57 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/27/2009 1:28:25 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Beep Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
11/27/2009 1:13:02 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep Cdr4_xp Cdrom Imapi redbook
11/26/2009 2:05:33 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/26/2009 11:01:02 AM, error: Service Control Manager [7031] - The AVG8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

==== End Of File ===========================

DDS (Ver_09-12-01.01) - NTFSx86
Run by JProcter at 22:23:03.28 on Tue 12/01/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.532 [GMT -6:00]

FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\JProcter\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
mRun: [TabletWizard] c:\windows\help\SplshWrp.exe
mRun: [TabletTip] "c:\program files\common files\microsoft shared\ink\tabtip.exe" /resume
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [Snippet] "c:\program files\microsoft experience pack\snipping tool\SnippingTool.exe" /i
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
dRun: [TabletWizard] %windir%\help\wizard.hta
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
StartupFolder: c:\docume~1\jprocter\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189394558921
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189394541046
DPF: {8E66A776-A350-4D69-8783-906DB0E6DF14} - hxxp://download.jaunt.com/public/jaunt.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://ak.imgag.com/imgag/cp/install/Crusher.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxsrvc.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll
Notify: TabBtnWL - TabBtnWL.dll
Notify: tpgwlnotify - tpgwlnot.dll
AppInit_DLLs: cru629.dat
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R2 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\printer\center\KodakSvc.exe [2007-3-22 9728]
R3 FinePnt;FinePoint Innovations HID Driver;c:\windows\system32\drivers\FpHidDrv.sys [2006-1-20 17280]
R3 MSTabBtn;Tablet PC Buttons HID Driver;c:\windows\system32\drivers\MSTabBtn.sys [2006-1-20 9600]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2005-6-21 69692]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [2006-3-10 39424]
S3 RDID1070;Roland SonicCell;c:\windows\system32\drivers\RDWM1070.sys [2009-1-2 135424]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2004-10-27 278384]

=============== Created Last 30 ================

2009-11-27 19:00:22 0 d-----w- c:\docume~1\alluse~1\applic~1\Avg8
2009-11-23 02:57:43 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-23 02:57:43 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

==================== Find3M ====================

2007-07-18 02:10:36 5154304 ----a-w- c:\program files\WindowsDefender.msi

============= FINISH: 22:23:26.53 ===============
GMER 1.0.15.15252 - http://www.gmer.net
Rootkit quick scan 2009-12-01 22:34:12
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\JProcter\LOCALS~1\Temp\fwlirpob.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----

**km2357** · 2009-12-02, 06:20

According to your logs, you don't have System Restore turned on. Did you turn it off? If you did, please turn it back on, if you can.

Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these vendors NOW:

1)Antivir PersonalEdition Classic
2)avast! 4 Home Edition

Download and install only one!

Let me know when you've turned on your System Restore (if you can) and when you've installed an Anti-Virus and we'll continue.

**procter67** · 2009-12-02, 13:02

Turned System Restore back on.
Installed and ran scan...
Avira AntiVir Personal
Report file date: Tuesday, December 01, 2009 23:49

Scanning for 1409805 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : JOHNTABLET

Version information:
BUILD.DAT : 9.0.0.415 21609 Bytes 11/8/2009 10:00:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/13/2009 17:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 16:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 17:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 16:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 13:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 05:47:23
VBASE002.VDF : 7.10.1.1 2048 Bytes 11/19/2009 05:47:23
VBASE003.VDF : 7.10.1.2 2048 Bytes 11/19/2009 05:47:23
VBASE004.VDF : 7.10.1.3 2048 Bytes 11/19/2009 05:47:23
VBASE005.VDF : 7.10.1.4 2048 Bytes 11/19/2009 05:47:23
VBASE006.VDF : 7.10.1.5 2048 Bytes 11/19/2009 05:47:23
VBASE007.VDF : 7.10.1.6 2048 Bytes 11/19/2009 05:47:23
VBASE008.VDF : 7.10.1.7 2048 Bytes 11/19/2009 05:47:23
VBASE009.VDF : 7.10.1.8 2048 Bytes 11/19/2009 05:47:23
VBASE010.VDF : 7.10.1.9 2048 Bytes 11/19/2009 05:47:23
VBASE011.VDF : 7.10.1.10 2048 Bytes 11/19/2009 05:47:23
VBASE012.VDF : 7.10.1.11 2048 Bytes 11/19/2009 05:47:23
VBASE013.VDF : 7.10.1.79 209920 Bytes 11/25/2009 05:47:24
VBASE014.VDF : 7.10.1.128 197632 Bytes 11/30/2009 05:47:25
VBASE015.VDF : 7.10.1.129 2048 Bytes 11/30/2009 05:47:25
VBASE016.VDF : 7.10.1.130 2048 Bytes 11/30/2009 05:47:25
VBASE017.VDF : 7.10.1.131 2048 Bytes 11/30/2009 05:47:25
VBASE018.VDF : 7.10.1.132 2048 Bytes 11/30/2009 05:47:25
VBASE019.VDF : 7.10.1.133 2048 Bytes 11/30/2009 05:47:25
VBASE020.VDF : 7.10.1.134 2048 Bytes 11/30/2009 05:47:25
VBASE021.VDF : 7.10.1.135 2048 Bytes 11/30/2009 05:47:25
VBASE022.VDF : 7.10.1.136 2048 Bytes 11/30/2009 05:47:25
VBASE023.VDF : 7.10.1.137 2048 Bytes 11/30/2009 05:47:25
VBASE024.VDF : 7.10.1.138 2048 Bytes 11/30/2009 05:47:25
VBASE025.VDF : 7.10.1.139 2048 Bytes 11/30/2009 05:47:25
VBASE026.VDF : 7.10.1.140 2048 Bytes 11/30/2009 05:47:25
VBASE027.VDF : 7.10.1.141 2048 Bytes 11/30/2009 05:47:25
VBASE028.VDF : 7.10.1.142 2048 Bytes 11/30/2009 05:47:25
VBASE029.VDF : 7.10.1.143 2048 Bytes 11/30/2009 05:47:25
VBASE030.VDF : 7.10.1.144 2048 Bytes 11/30/2009 05:47:25
VBASE031.VDF : 7.10.1.152 39936 Bytes 12/1/2009 05:47:26
Engineversion : 8.2.1.92
AEVDF.DLL : 8.1.1.2 106867 Bytes 11/8/2009 13:38:52
AESCRIPT.DLL : 8.1.2.45 586108 Bytes 12/2/2009 05:47:32
AESCN.DLL : 8.1.2.5 127346 Bytes 11/8/2009 13:38:46
AESBX.DLL : 8.1.1.1 246132 Bytes 11/8/2009 13:38:44
AERDL.DLL : 8.1.3.4 479605 Bytes 12/2/2009 05:47:32
AEPACK.DLL : 8.2.0.3 422261 Bytes 11/8/2009 13:38:40
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 11/8/2009 13:38:38
AEHEUR.DLL : 8.1.0.184 2146681 Bytes 12/2/2009 05:47:31
AEHELP.DLL : 8.1.7.5 237942 Bytes 12/2/2009 05:47:27
AEGEN.DLL : 8.1.1.78 364917 Bytes 12/2/2009 05:47:27
AEEMU.DLL : 8.1.1.0 393587 Bytes 11/8/2009 13:38:26
AECORE.DLL : 8.1.8.5 180598 Bytes 12/2/2009 05:47:26
AEBB.DLL : 8.1.0.3 53618 Bytes 11/8/2009 13:38:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 14:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 8/26/2009 21:14:02
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 20:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 16:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 21:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 16:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 21:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 14:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 16:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 21:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 10/13/2009 18:25:47

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +PCK,

Start of the scan: Tuesday, December 01, 2009 23:49

Starting search for hidden objects.
'43583' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'avira_antivir_personal_en.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'COCIManager.exe' - '1' Module(s) have been scanned
Scan process 'rapimgr.exe' - '1' Module(s) have been scanned
Scan process 'wcescomm.exe' - '1' Module(s) have been scanned
Scan process 'Quickcam.exe' - '1' Module(s) have been scanned
Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned
Scan process 'EKIJ5000MUI.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'acrotray.exe' - '1' Module(s) have been scanned
Scan process 'point32.exe' - '1' Module(s) have been scanned
Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
Scan process 'tabtip.exe' - '1' Module(s) have been scanned
Scan process 'tcserver.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process '1XConfig.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'tabbtnu.exe' - '1' Module(s) have been scanned
Scan process 'wisptis.exe' - '1' Module(s) have been scanned
Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
Scan process 'WinVNC4.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'PRISMXL.SYS' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'KodakSvc.exe' - '1' Module(s) have been scanned
Scan process 'cvpnd.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'KeyboardSurrogate.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
59 processes with 59 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '67' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
Begin scan in 'D:\' <RECOVERY>

End of the scan: Wednesday, December 02, 2009 00:34
Used time: 44:32 Minute(s)

The scan has been done completely.

7386 Scanned directories
409563 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
409561 Files not concerned
8782 Archives were scanned
2 Warnings
2 Notes
43583 Objects were scanned with rootkit scan
0 Hidden objects were found
********************************
I have always used AVG Free antiv on this machine and have been satisfied. However, AS I started trying to clean this machine manually by following some other posts on Spybot, I both turned off System Restore and uninstalled AVG Free. AVG was identifying a Trojan but could not remove it with latest update. So I planned to do a fresh install of latest version to see if that helped but posted here first. Anyhow, if you advise that Avira is better, I will stay with it when we're done. Thanks.

I noticed Antivir ran a rootkit check - does this mean we need to start over?
Do you need to see the Spybot log identifying win32.fraudload.edt ?

**km2357** · 2009-12-02, 20:05

I noticed Antivir ran a rootkit check - does this mean we need to start over?

No need to start over.

Do you need to see the Spybot log identifying win32.fraudload.edt ?

If you still have it, I'd like to see it.

**procter67** · 2009-12-05, 04:14

ComboFix 09-12-04.02 - JProcter 12/04/2009 21:01.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.601 [GMT -6:00]
Running from: c:\documents and settings\JProcter\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-3531931967-3224956595-2480779767-500
D:\Autorun.inf

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((( Files Created from 2009-11-05 to 2009-12-05 )))))))))))))))))))))))))))))))
.

2009-12-02 05:43 . 2009-07-28 21:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-02 05:43 . 2009-03-30 15:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-02 05:43 . 2009-02-13 17:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-02 05:43 . 2009-02-13 17:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-02 05:43 . 2009-12-02 05:43 -------- d-----w- c:\program files\Avira
2009-12-02 05:43 . 2009-12-02 05:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-11-30 02:57 . 2009-11-30 02:58 -------- d-----w- c:\program files\ERUNT
2009-11-27 19:00 . 2009-11-27 19:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg8
2009-11-23 02:57 . 2009-11-23 03:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-23 02:57 . 2009-11-23 03:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-23 00:06 . 2009-11-23 00:06 -------- d-----w- c:\documents and settings\JProcter\Local Settings\Application Data\Threat Expert
2009-11-22 23:59 . 2009-11-23 02:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-11 02:20 . 2009-11-11 02:21 1408800 ----a-w- c:\documents and settings\JProcter\Application Data\Move Networks\MoveMediaPlayerWin_071505000011.exe
2009-11-05 04:53 . 2009-11-11 02:21 127325 ----a-w- c:\documents and settings\JProcter\Application Data\Move Networks\uninstall.exe
2009-11-05 04:52 . 2009-11-05 04:53 1407680 ----a-w- c:\documents and settings\JProcter\Application Data\Move Networks\MoveMediaPlayerWin_071505000010.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-29 05:18 . 2006-03-31 08:04 70256 ----a-w- c:\documents and settings\JProcter\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-27 19:12 . 2006-01-20 13:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-27 19:06 . 2006-01-20 13:28 -------- d-----w- c:\program files\Google
2009-11-27 19:04 . 2006-01-20 13:40 -------- d-----w- c:\program files\Microsoft Experience Pack
2009-11-27 19:04 . 2009-01-01 02:13 -------- d-----w- c:\program files\Cakewalk
2009-11-27 19:03 . 2006-07-19 19:57 -------- d-----w- c:\program files\Citrix
2009-11-27 19:00 . 2008-05-22 15:08 -------- d-----w- c:\program files\AVG
2009-11-27 18:58 . 2006-01-20 13:38 -------- d-----w- c:\program files\Common Files\Real
2009-11-27 18:50 . 2008-04-09 18:05 -------- d-----w- c:\program files\Common Files\Apple
2009-11-27 18:47 . 2007-09-10 20:18 -------- d-----w- c:\program files\Alibre Design
2009-11-26 17:06 . 2008-12-06 02:36 -------- d-----w- c:\program files\Bonjour
2009-11-24 02:17 . 2008-01-08 00:24 -------- d-----w- c:\program files\M1
2009-11-11 02:21 . 2007-11-09 02:27 -------- d-----w- c:\documents and settings\JProcter\Application Data\Move Networks
2009-11-11 02:21 . 2009-08-13 19:21 4187512 ----a-w- c:\documents and settings\JProcter\Application Data\Move Networks\plugins\npqmp071505000011.dll
2009-11-05 04:53 . 2009-08-03 21:48 4187512 ----a-w- c:\documents and settings\JProcter\Application Data\Move Networks\plugins\npqmp071505000010.dll
2009-10-07 03:27 . 2009-06-01 02:17 -------- d-----w- c:\program files\Microsoft Silverlight
2007-07-18 02:10 . 2007-09-05 01:23 5154304 ----a-w- c:\program files\WindowsDefender.msi
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_8 -reboot 1" [X]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1207080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"="c:\windows\help\SplshWrp.exe" [2004-08-04 16384]
"TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2005-04-26 271872]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-05-13 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-05-13 126976]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-25 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"Snippet"="c:\program files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" [2005-02-25 68296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-13 1121792]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-04 143360]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2007-04-03 753664]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\documents and settings\JProcter\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 19:27 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2004-08-04 12:00 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\LoginKey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 10:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2004-08-04 12:00 30208 ----a-w- c:\windows\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1711:UDP"= 1711:UDP:Windows Media Format SDK (IEXPLORE.EXE)
"1710:UDP"= 1710:UDP:Windows Media Format SDK (IEXPLORE.EXE)

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/1/2009 11:43 PM 108289]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\Printer\Center\KodakSvc.exe [3/22/2007 6:04 PM 9728]
R3 FinePnt;FinePoint Innovations HID Driver;c:\windows\system32\drivers\FpHidDrv.sys [1/20/2006 7:23 AM 17280]
R3 MSTabBtn;Tablet PC Buttons HID Driver;c:\windows\system32\drivers\MSTabBtn.sys [1/20/2006 7:23 AM 9600]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [6/21/2005 9:25 PM 69692]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [3/10/2006 3:55 PM 39424]
S3 RDID1070;Roland SonicCell;c:\windows\system32\drivers\RDWM1070.sys [1/2/2009 12:02 AM 135424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-11-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 22:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-TabletWizard - c:\windows\help\wizard.hta
HKU-Default-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-PictureItSuiteTrial_v11 - c:\program files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe ADDREMOVE=1 SKU=TRIAL VERSION=11
AddRemove-QcDrv - c:\program files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE UNINSTALL REMOVEPROMPT

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-04 21:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\docume~1\JProcter\LOCALS~1\Temp\Perflib_Perfdata_fbc.dat

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1424)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL
.
Completion time: 2009-12-04 21:10
ComboFix-quarantined-files.txt 2009-12-05 03:09

Pre-Run: 54,463,639,552 bytes free
Post-Run: 54,729,474,048 bytes free

- - End Of File - - B76B2F8BABBC35E36D8B6014598EC75E

**procter67** · 2009-12-05, 04:16

I chose not to install the Windows Recovery Console.
Is this needed?

**km2357** · 2009-12-05, 19:05

I chose not to install the Windows Recovery Console.
Is this needed?

Yes, it is needed in case of something happening to your computer and we can't get in it normally, we may have to use Recovery Console to help fix the problem(s). I'll be having you run ComboFix again in this post. Please have ComboFix download and install Recovery Console when it prompts you to. Thanks.

Step # 1: Run CFScript

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
Code:
```
KILLALL::

MIA::

c:\windows\system32\proquota.exe
```
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

Note: This CFScript is for use on proctor67's computer only! Do not use it on your computer.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

In your next post/reply, I need to see the following:

1. The ComboFix Log that appears after Step 1 has been completed.
2. A fresh DDS Log taken after Step 1 has been completed.

**procter67** · 2009-12-05, 21:51

ComboFix 09-12-04.05 - JProcter 12/05/2009 13:17.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.551 [GMT -6:00]
Running from: c:\documents and settings\JProcter\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\JProcter\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\proquota.exe . . . is missing!!

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((( Files Created from 2009-11-05 to 2009-12-05 )))))))))))))))))))))))))))))))
.

2009-12-02 05:43 . 2009-07-28 21:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-02 05:43 . 2009-03-30 15:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-02 05:43 . 2009-02-13 17:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-02 05:43 . 2009-02-13 17:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-02 05:43 . 2009-12-02 05:43 -------- d-----w- c:\program files\Avira
2009-12-02 05:43 . 2009-12-02 05:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-11-30 02:57 . 2009-11-30 02:58 -------- d-----w- c:\program files\ERUNT
2009-11-27 19:00 . 2009-11-27 19:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg8
2009-11-23 02:57 . 2009-11-23 03:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-23 02:57 . 2009-11-23 03:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-23 00:06 . 2009-11-23 00:06 -------- d-----w- c:\documents and settings\JProcter\Local Settings\Application Data\Threat Expert
2009-11-22 23:59 . 2009-11-23 02:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-11 02:20 . 2009-11-11 02:21 1408800 ----a-w- c:\documents and settings\JProcter\Application Data\Move Networks\MoveMediaPlayerWin_071505000011.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-29 05:18 . 2006-03-31 08:04 70256 ----a-w- c:\documents and settings\JProcter\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-27 19:12 . 2006-01-20 13:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-27 19:06 . 2006-01-20 13:28 -------- d-----w- c:\program files\Google
2009-11-27 19:04 . 2006-01-20 13:40 -------- d-----w- c:\program files\Microsoft Experience Pack
2009-11-27 19:04 . 2009-01-01 02:13 -------- d-----w- c:\program files\Cakewalk
2009-11-27 19:03 . 2006-07-19 19:57 -------- d-----w- c:\program files\Citrix
2009-11-27 19:00 . 2008-05-22 15:08 -------- d-----w- c:\program files\AVG
2009-11-27 18:58 . 2006-01-20 13:38 -------- d-----w- c:\program files\Common Files\Real
2009-11-27 18:50 . 2008-04-09 18:05 -------- d-----w- c:\program files\Common Files\Apple
2009-11-27 18:47 . 2007-09-10 20:18 -------- d-----w- c:\program files\Alibre Design
2009-11-26 17:06 . 2008-12-06 02:36 -------- d-----w- c:\program files\Bonjour
2009-11-24 02:17 . 2008-01-08 00:24 -------- d-----w- c:\program files\M1
2009-11-11 02:21 . 2009-11-05 04:53 127325 ----a-w- c:\documents and settings\JProcter\Application Data\Move Networks\uninstall.exe
2009-11-11 02:21 . 2007-11-09 02:27 -------- d-----w- c:\documents and settings\JProcter\Application Data\Move Networks
2009-11-11 02:21 . 2009-08-13 19:21 4187512 ----a-w- c:\documents and settings\JProcter\Application Data\Move Networks\plugins\npqmp071505000011.dll
2009-11-05 04:53 . 2009-08-03 21:48 4187512 ----a-w- c:\documents and settings\JProcter\Application Data\Move Networks\plugins\npqmp071505000010.dll
2009-11-05 04:53 . 2009-11-05 04:52 1407680 ----a-w- c:\documents and settings\JProcter\Application Data\Move Networks\MoveMediaPlayerWin_071505000010.exe
2009-10-07 03:27 . 2009-06-01 02:17 -------- d-----w- c:\program files\Microsoft Silverlight
2007-07-18 02:10 . 2007-09-05 01:23 5154304 ----a-w- c:\program files\WindowsDefender.msi
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_8 -reboot 1" [X]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1207080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"="c:\windows\help\SplshWrp.exe" [2004-08-04 16384]
"TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2005-04-26 271872]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-05-13 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-05-13 126976]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-25 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"Snippet"="c:\program files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" [2005-02-25 68296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-13 1121792]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-04 143360]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2007-04-03 753664]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\documents and settings\JProcter\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 19:27 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2004-08-04 12:00 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\LoginKey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 10:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2004-08-04 12:00 30208 ----a-w- c:\windows\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1711:UDP"= 1711:UDP:Windows Media Format SDK (IEXPLORE.EXE)
"1710:UDP"= 1710:UDP:Windows Media Format SDK (IEXPLORE.EXE)

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/1/2009 11:43 PM 108289]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\Printer\Center\KodakSvc.exe [3/22/2007 6:04 PM 9728]
R3 FinePnt;FinePoint Innovations HID Driver;c:\windows\system32\drivers\FpHidDrv.sys [1/20/2006 7:23 AM 17280]
R3 MSTabBtn;Tablet PC Buttons HID Driver;c:\windows\system32\drivers\MSTabBtn.sys [1/20/2006 7:23 AM 9600]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [6/21/2005 9:25 PM 69692]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [3/10/2006 3:55 PM 39424]
S3 RDID1070;Roland SonicCell;c:\windows\system32\drivers\RDWM1070.sys [1/2/2009 12:02 AM 135424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 22:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-05 14:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1424)
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(2664)
c:\progra~1\WINDOW~3\wmpband.dll
c:\program files\windows journal\nbmaptip.dll
c:\windows\IME\SPGRMR.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\System32\tabbtnu.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\Common Files\Microsoft Shared\Ink\TCServer.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2009-12-05 14:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-05 20:29
ComboFix2.txt 2009-12-05 03:10

Pre-Run: 54,722,932,736 bytes free
Post-Run: 54,620,426,240 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 620782001C85B777F7054CFB4EF2A8D0

*************************************************
Second DDS.txt:

DDS (Ver_09-12-01.01) - NTFSx86
Run by JProcter at 14:40:28.82 on Sat 12/05/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.551 [GMT -6:00]

AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\JProcter\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
mRun: [TabletWizard] c:\windows\help\SplshWrp.exe
mRun: [TabletTip] "c:\program files\common files\microsoft shared\ink\tabtip.exe" /resume
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [Snippet] "c:\program files\microsoft experience pack\snipping tool\SnippingTool.exe" /i
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\docume~1\jprocter\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189394558921
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189394541046
DPF: {8E66A776-A350-4D69-8783-906DB0E6DF14} - hxxp://download.jaunt.com/public/jaunt.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://ak.imgag.com/imgag/cp/install/Crusher.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxsrvc.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll
Notify: TabBtnWL - TabBtnWL.dll
Notify: tpgwlnotify - tpgwlnot.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-12-1 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-12-1 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-12-1 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-1 55656]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\printer\center\KodakSvc.exe [2007-3-22 9728]
R3 FinePnt;FinePoint Innovations HID Driver;c:\windows\system32\drivers\FpHidDrv.sys [2006-1-20 17280]
R3 MSTabBtn;Tablet PC Buttons HID Driver;c:\windows\system32\drivers\MSTabBtn.sys [2006-1-20 9600]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2005-6-21 69692]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [2006-3-10 39424]
S3 RDID1070;Roland SonicCell;c:\windows\system32\drivers\RDWM1070.sys [2009-1-2 135424]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2004-10-27 278384]

=============== Created Last 30 ================

2009-12-05 19:16:11 0 d-sha-r- C:\cmdcons
2009-12-05 02:54:03 98816 ----a-w- c:\windows\sed.exe
2009-12-05 02:54:03 77312 ----a-w- c:\windows\MBR.exe
2009-12-05 02:54:03 260608 ----a-w- c:\windows\PEV.exe
2009-12-05 02:54:03 161792 ----a-w- c:\windows\SWREG.exe
2009-12-02 05:43:52 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-02 05:43:49 0 d-----w- c:\program files\Avira
2009-12-02 05:43:49 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2009-11-27 19:00:22 0 d-----w- c:\docume~1\alluse~1\applic~1\Avg8
2009-11-23 02:57:43 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-23 02:57:43 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

==================== Find3M ====================

2007-07-18 02:10:36 5154304 ----a-w- c:\program files\WindowsDefender.msi

============= FINISH: 14:40:43.00 ===============

Interesting - Combox opened and seemed to run Avira AntiVir after reboot and logon to wondows. Normal?
What about the files combofix says it stored?
ComboFix-quarantined-files.txt 2009-12-05 20:29
ComboFix2.txt 2009-12-05 03:10

Also - a window popped up beore Combofox completed saying Combofixlog.txt would be found on C:\
I do not see it there. ??

Thread: Spybot doesn't remove win32.fraudload.edt. Please help!

Thread Tools

Display

Hybrid View

Spybot doesn't remove win32.fraudload.edt. Please help!

Tags for this Thread

Posting Permissions