# Resident Shield Alert and Pop-Ups



## fryguy8585 (Aug 24, 2006)

Hey Guys/Girls. It appears that there are several fake anti-malware programs installed on my computer, as I am getting popups about running scans for programs I never installed. (Anti-malware Doctor and Resident Shield Alert are just a few of them.) I am also getting internet pop-ups as well. Here are the requested scans; you guys have been awesome in the past and I hope you are able to help me again. Thanks for your time:

*HJT:*
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:55:04 PM, on 8/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Student Backup\BackupClient.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Logitech\Logitech Vid\vid.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Ask and Record Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BackupClient.exe] C:\Program Files\Student Backup\BackupClient.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Ask and Record FLV Service] "C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sta] rundll32 "hwiap.dll",,Run
O4 - HKLM\..\Run: [MChk] C:\WINDOWS\system32\uwiap.exe
O4 - HKLM\..\Run: [khcndtnh] C:\Documents and Settings\NetworkService\Local Settings\Application Data\tptcioddl\gitmypvshdw.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ilqruqao] C:\Documents and Settings\David Schuldenfrei\Local Settings\Application Data\qnbmewikc\elecbfdtssd.exe
O4 - HKCU\..\Run: [dfiiyind] C:\Documents and Settings\David Schuldenfrei\Local Settings\Application Data\opulfyknl\ejrxuqgtssd.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [khcndtnh] C:\Documents and Settings\NetworkService\Local Settings\Application Data\tptcioddl\gitmypvshdw.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [khcndtnh] C:\Documents and Settings\NetworkService\Local Settings\Application Data\tptcioddl\gitmypvshdw.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O13 - DefaultPrefix: 
O13 - WWW Prefix: 
O13 - Home Prefix: 
O13 - Mosaic Prefix: 
O13 - FTP Prefix: 
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 10226 bytes
*

DDS.txt file

DDS (Ver_10-03-17.01) - NTFSx86 
Run by David Schuldenfrei at 15:57:03.14 on Tue 08/17/2010
Internet Explorer: 6.0.2900.2096 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1247 [GMT -4:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Student Backup\BackupClient.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Logitech\Logitech Vid\vid.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\David Schuldenfrei\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie_rsearch.html
uDefault_Page_URL = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie_rsearch.html
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Ask and Record Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Ask and Record Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\vid.exe" -bootmode
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [ilqruqao] c:\documents and settings\david schuldenfrei\local settings\application data\qnbmewikc\elecbfdtssd.exe
uRun: [dfiiyind] c:\documents and settings\david schuldenfrei\local settings\application data\opulfyknl\ejrxuqgtssd.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [BackupClient.exe] c:\program files\student backup\BackupClient.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Ask and Record FLV Service] "c:\program files\ask & record toolbar\FLVSrvc.exe" /run
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [sta] rundll32 "hwiap.dll",,Run
mRun: [MChk] c:\windows\system32\uwiap.exe
mRun: [khcndtnh] c:\documents and settings\networkservice\local settings\application data\tptcioddl\gitmypvshdw.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [khcndtnh] c:\documents and settings\networkservice\local settings\application data\tptcioddl\gitmypvshdw.exe
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\davids~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
uPolicies-explorer: NoInternetIcon = 1 (0x1)
uPolicies-explorer: NoSMHelp = 1 (0x1)
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
uPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
mPolicies-explorer: StartMenuFavorites = 0 (0x0)
mPolicies-explorer: Start_ShowMyComputer = 1 (0x1)
mPolicies-explorer: Start_ShowMyDocs = 1 (0x1)
mPolicies-explorer: Start_ShowMyMusic = 0 (0x0)
mPolicies-explorer: Start_ShowRun = 1 (0x1)
mPolicies-explorer: Start_ShowSearch = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
dPolicies-explorer: NoInternetIcon = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
dPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
dPolicies-explorer: NoActiveDesktop = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: schannel.dll, digest.dll
Hosts: 127.0.0.1	www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\davids~1\applic~1\mozilla\firefox\profiles\6yk6a511.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - msn.com
FF - prefs.js: keyword.URL - hxxp://search.search-go.net/?sid=10101049100&s=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-go.net/?sid=10101049100&s=c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-19 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-10-19 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-19 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-15 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R3 ndisrd;WinpkFilter Service;c:\windows\system32\drivers\ndisrd.sys [2010-8-5 20480]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]

=============== Created Last 30 ================

==================== Find3M ====================

2010-07-16 04:18:18	246784	----a-w-	c:\windows\system32\dwiap.dll
2010-07-16 04:18:04	294912	----a-w-	c:\windows\system32\hwiap.dll
2010-07-15 22:02:15	243024	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2010-07-15 22:02:14	12536	----a-w-	c:\windows\system32\avgrsstx.dll
2010-07-15 22:01:15	216400	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2010-07-14 00:43:22	40581	----a-w-	c:\windows\system32\uwiap.exe

============= FINISH: 15:57:56.00 ===============

Ark.text file

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-17 16:01:11
Windows 5.1.2600 Service Pack 3
Running: objvb4rw.exe; Driver: C:\DOCUME~1\DAVIDS~1\LOCALS~1\Temp\pxtdapod.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----*


----------



## fryguy8585 (Aug 24, 2006)

Hey Guys,

Just wanted to see if anyone could take a look at this again for me please; I posted two weeks ago and haven't received a response yet.

Thanks as always for your help.


----------



## eddie5659 (Mar 19, 2001)

Hiya 

Sorry for the lateness in a reply, but these forums are very busy 

Are you still having this problem? If so, can you rescan with DDS, GMER and HijackThis, and post the fresh logs

Regards

eddie


----------



## fryguy8585 (Aug 24, 2006)

Hey thanks for getting back to me. The false virus scans tend to come and go, while the popups are very much still there:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:53:55 PM, on 10/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Student Backup\BackupClient.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Logitech\Logitech Vid\vid.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Ask and Record Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BackupClient.exe] C:\Program Files\Student Backup\BackupClient.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Ask and Record FLV Service] "C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [sta] rundll32 "hwiap.dll",,Run
O4 - HKLM\..\Run: [khcndtnh] C:\Documents and Settings\NetworkService\Local Settings\Application Data\tptcioddl\gitmypvshdw.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ilqruqao] C:\Documents and Settings\David Schuldenfrei\Local Settings\Application Data\qnbmewikc\elecbfdtssd.exe
O4 - HKCU\..\Run: [dfiiyind] C:\Documents and Settings\David Schuldenfrei\Local Settings\Application Data\opulfyknl\ejrxuqgtssd.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [khcndtnh] C:\Documents and Settings\NetworkService\Local Settings\Application Data\tptcioddl\gitmypvshdw.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [khcndtnh] C:\Documents and Settings\NetworkService\Local Settings\Application Data\tptcioddl\gitmypvshdw.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: syscron.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - .DEFAULT Startup: syscron.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: syscron.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O13 - DefaultPrefix: 
O13 - WWW Prefix: 
O13 - Home Prefix: 
O13 - Mosaic Prefix: 
O13 - FTP Prefix: 
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 10497 bytes

DDS (Ver_10-03-17.01) - NTFSx86 
Run by David Schuldenfrei at 16:55:07.51 on Tue 10/05/2010
Internet Explorer: 6.0.2900.2096 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1140 [GMT -4:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Student Backup\BackupClient.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Logitech\Logitech Vid\vid.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\David Schuldenfrei\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie_rsearch.html
uDefault_Page_URL = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie_rsearch.html
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Ask and Record Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Ask and Record Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\vid.exe" -bootmode
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [ilqruqao] c:\documents and settings\david schuldenfrei\local settings\application data\qnbmewikc\elecbfdtssd.exe
uRun: [dfiiyind] c:\documents and settings\david schuldenfrei\local settings\application data\opulfyknl\ejrxuqgtssd.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [BackupClient.exe] c:\program files\student backup\BackupClient.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Ask and Record FLV Service] "c:\program files\ask & record toolbar\FLVSrvc.exe" /run
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [sta] rundll32 "hwiap.dll",,Run
mRun: [khcndtnh] c:\documents and settings\networkservice\local settings\application data\tptcioddl\gitmypvshdw.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [khcndtnh] c:\documents and settings\networkservice\local settings\application data\tptcioddl\gitmypvshdw.exe
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\davids~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\documents and settings\david schuldenfrei\start menu\programs\startup\syscron.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
uPolicies-explorer: NoInternetIcon = 1 (0x1)
uPolicies-explorer: NoSMHelp = 1 (0x1)
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
uPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
mPolicies-explorer: StartMenuFavorites = 0 (0x0)
mPolicies-explorer: Start_ShowMyComputer = 1 (0x1)
mPolicies-explorer: Start_ShowMyDocs = 1 (0x1)
mPolicies-explorer: Start_ShowMyMusic = 0 (0x0)
mPolicies-explorer: Start_ShowRun = 1 (0x1)
mPolicies-explorer: Start_ShowSearch = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
dPolicies-explorer: NoInternetIcon = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
dPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
dPolicies-explorer: NoActiveDesktop = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: schannel.dll, digest.dll
Hosts: 127.0.0.1	www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\davids~1\applic~1\mozilla\firefox\profiles\6yk6a511.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - msn.com
FF - prefs.js: keyword.URL - hxxp://search.search-go.net/?sid=10101049100&s=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-go.net/?sid=10101049100&s=c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-19 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-10-19 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-19 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-15 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]
R3 ndisrd;WinpkFilter Service;c:\windows\system32\drivers\ndisrd.sys [2010-8-5 20480]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]

=============== Created Last 30 ================

==================== Find3M ====================

2010-10-04 14:38:01	0	----a-w-	c:\windows\system32\drivers\lvuvc.hs
2010-10-04 14:37:54	0	----a-w-	c:\windows\system32\drivers\logiflt.iad
2010-09-27 06:37:23	33928	---ha-w-	c:\windows\system32\mlfcache.dat
2010-08-12 04:07:46	9200	------w-	c:\windows\system32\drivers\cdralw2k.sys
2010-08-12 04:07:46	9072	------w-	c:\windows\system32\drivers\cdr4_xp.sys
2010-08-12 04:07:46	45648	------w-	c:\windows\system32\drivers\PxHelp20.sys
2010-08-12 04:07:46	133616	------w-	c:\windows\system32\pxafs.dll
2010-08-12 04:07:46	126448	------w-	c:\windows\system32\pxinsi64.exe
2010-08-12 04:07:46	123888	------w-	c:\windows\system32\pxcpyi64.exe
2010-08-11 16:44:12	507904	----a-r-	c:\windows\system32\btwapi.dll
2010-07-15 22:02:14	12536	----a-w-	c:\windows\system32\avgrsstx.dll

============= FINISH: 16:56:03.71 ===============

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-05 17:55:50
Windows 5.1.2600 Service Pack 3
Running: objvb4rw.exe; Driver: C:\DOCUME~1\DAVIDS~1\LOCALS~1\Temp\pxtdapod.sys

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[1244] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 00A8000A 
.text C:\WINDOWS\Explorer.EXE[1244] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 00A9000A 
.text C:\WINDOWS\Explorer.EXE[1244] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 5 Bytes JMP 00A2000C 
.text C:\WINDOWS\System32\svchost.exe[1612] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 007F000A 
.text C:\WINDOWS\System32\svchost.exe[1612] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 0080000A 
.text C:\WINDOWS\System32\svchost.exe[1612] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 5 Bytes JMP 007E000C 
.text C:\WINDOWS\System32\svchost.exe[1612] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 01C9000A 
.text C:\WINDOWS\System32\svchost.exe[1612] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00CB000A 
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1756] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 103FDDE0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2228] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 00FD000A 
.text C:\Program Files\Mozilla Firefox\firefox.exe[2228] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 00FE000A 
.text C:\Program Files\Mozilla Firefox\firefox.exe[2228] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 5 Bytes JMP 00FC000C 
.text C:\Program Files\Mozilla Firefox\firefox.exe[2228] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs A6391400

---- EOF - GMER 1.0.15 ----


----------



## eddie5659 (Mar 19, 2001)

*P2P Warning!*


*IMPORTANT* I notice there are signs of a *P2P (Person to Person) File Sharing Program* on your computer.

* µTorrent
*

Please note that as long as you are using any form of *Peer-to-Peer networking* and *downloading files* from non-documented sources, you can expect infestations of malware to occur 
Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation

I'd like you to read the *Guidelines for P2P Programs* where we explain why it's not a good idea to have them.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

Cyber Education Letter
File sharing infects 500,000 computers 
USAToday

I would recommend that you uninstall the above, however that choice is up to you. If you choose to remove this program, you can do so via *Control Panel >> Add or Remove Programs*.

*If you decide to keep the program in spite of the risks involved, do not use it until I have finished cleaning your computer and have given you the all clear.*

-----------------

Uninstall these programs because they're not needed or are outdated or are dangerous to use.

If any can't be installed, let me know, but carry on with the rest of the uninstall and the programs below. We can look at any that couldn't be uninstalled later 

*Antimalware Doctor
Ask & Record Toolbar 4.01 
Ask Toolbar
Apple Software Update
Spybot - Search & Destroy
*

-----------------

After doing the above, can you run these for me:

Download *TFC by OldTimer* to your desktop

 Please double-click *TFC.exe* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*).
It *will close all programs* when run, so make sure you have *saved all your work* before you begin.
Click the *Start* button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. *Let it run uninterrupted to completion*. 
Once it's finished it should *reboot your machine*. If it does not, please *manually reboot the machine* yourself to ensure a complete clean.

Please download Malwarebytes' Anti-Malware from *Here* or *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
*If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.*

*Download and scan with* *SUPERAntiSpyware* Free for Home Users
Double-click *SUPERAntiSpyware.exe* and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*". (_If you encounter any problems while downloading the updates, manually download and unzip them from here._)
Under "*Configuration and Preferences*", click the *Preferences* button.
Click the *Scanning Control* tab.
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._
_Scan for tracking cookies._
_Terminate memory threats before quarantining._

Click the "*Close*" button to leave the control center screen.
Back on the main screen, under "*Scan for Harmful Software*" click *Scan your computer*.
On the left, make sure you check *C:\Fixed Drive*.
On the right, under "*Complete Scan*", choose *Perform Complete Scan*.
Click "*Next*" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*OK*".
Make sure everything has a checkmark next to it and click "*Next*".
A notification will appear that "_Quarantine and Removal is Complete_". Click "*OK*" and then click the "*Finish*" button to return to the main menu.
If asked if you want to reboot, click "*Yes*".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *Preferences*, then click the *Statistics/Logs* tab._
_Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*._
_If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor._
_Please copy and paste the Scan Log results in your next reply._

Click *Close* to exit the program.

Please include the *MBAM log and, SUPERAntiSpyware Scan Log and a fresh HijackThis log *in your next reply

eddie


----------



## fryguy8585 (Aug 24, 2006)

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4771

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.2096

10/7/2010 5:34:05 PM
mbam-log-2010-10-07 (17-34-05).txt

Scan type: Quick scan
Objects scanned: 142107
Time elapsed: 7 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 5
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{fe4c2c37-edc8-4c00-b864-3c38cf3ba834} (Adware.Adshot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SolutionAV (Rogue.AntivirSolutionPro) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ilqruqao (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dfiiyind (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\khcndtnh (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sta (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\$NtUninstallMTF1011$\zrpt.xml (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Update\seupd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\David Schuldenfrei\Application Data\usernt.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\David Schuldenfrei\Start Menu\Programs\Startup\syscron.exe (Trojan.Agent) -> Quarantined and deleted successfully.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/07/2010 at 07:19 PM

Application Version : 4.44.1000

Core Rules Database Version : 5650
Trace Rules Database Version: 3462

Scan type : Complete Scan
Total Scan Time : 01:34:38

Memory items scanned : 574
Memory threats detected : 0
Registry items scanned : 5928
Registry threats detected : 1
File items scanned : 34909
File threats detected : 112

System.BrokenFileAssociation
HKCR\.exe

Adware.Tracking Cookie
C:\Documents and Settings\David Schuldenfrei\Cookies\david [email protected][2].txt
C:\Documents and Settings\David Schuldenfrei\Cookies\david [email protected][1].txt
C:\Documents and Settings\David Schuldenfrei\Cookies\david [email protected][1].txt
C:\Documents and Settings\David Schuldenfrei\Cookies\david [email protected][1].txt
C:\Documents and Settings\David Schuldenfrei\Cookies\david [email protected][1].txt
C:\Documents and Settings\David Schuldenfrei\Cookies\david [email protected][1].txt
C:\Documents and Settings\David Schuldenfrei\Cookies\david [email protected][2].txt
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.adinterax.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.adinterax.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.pointroll.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.pointroll.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.112.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.specificmedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.mediabrandsww.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.adecn.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.yieldmanager.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.tribalfusion.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.overture.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.overture.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
adserv.brandaffinity.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
adserv.brandaffinity.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
adserv.brandaffinity.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.videoegg.adbureau.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
cdn1.trafficmp.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
cdn1.trafficmp.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.112.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.www.webxtracking.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.northjersey.112.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\cookies.sqlite ]
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\David Schuldenfrei\Cookies\david [email protected][1].txt

Rogue.AntiMalwareDoctor
C:\Documents and Settings\David Schuldenfrei\Application Data\D20D5B487E3AD0D03FDA0C3ADF1990CE

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:44:49 PM, on 10/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Student Backup\BackupClient.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Logitech\Logitech Vid\vid.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BackupClient.exe] C:\Program Files\Student Backup\BackupClient.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [khcndtnh] C:\Documents and Settings\NetworkService\Local Settings\Application Data\tptcioddl\gitmypvshdw.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [khcndtnh] C:\Documents and Settings\NetworkService\Local Settings\Application Data\tptcioddl\gitmypvshdw.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O13 - DefaultPrefix: 
O13 - WWW Prefix: 
O13 - Home Prefix: 
O13 - Mosaic Prefix: 
O13 - FTP Prefix: 
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 9157 bytes


----------



## eddie5659 (Mar 19, 2001)

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

** IMPORTANT !!! Save ComboFix.exe to your Desktop*


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

eddie


----------



## fryguy8585 (Aug 24, 2006)

Hey Eddie. I downloaded and installed combofix and ran the scan. However after I ran the scan, my computer no longer wirelessly connects to the internet. My internal wireless card is enabled but it I'd not picking up any networks. What do you recommend I do? Thanks for your help.


----------



## eddie5659 (Mar 19, 2001)

Strange, lets see what it removed.

Can you go to C:\Qoobox via Windows Explorer, and in there locate this file:

*ComboFix-quarantined-files.txt*

Copy/paste the contents here.

Also, do the same in here C:\Qoobox\Quarantine\Registry_backups

For the files in this section, if there are any showing, right-click on them and select *Open With | Notepad*

Then, copy/paste the contents here.

If there are lots of them, then zip them up and attach them in as follows:

Click on the *Go Advanced* button for the uploading options at the bottom of this page (in the picture below  ) [/list]











In there, at the bottom, click on the button *Manage Attachments* (in the picture below  .
A window will appear, and then Browse to *Your.zip* on your Desktop.
Click Upload, and when uploaded click *Close this Window*
Then, in the previous window, click on *Add Reply*


----------



## fryguy8585 (Aug 24, 2006)

Hey Eddie,
I still do not have internet access; the last message I wrote to you was from my BlackBerry. I am now on a friend's computer and was able to save what you requested on a flash drive and will copy and paste the information from this computer.

Here is the ComboFix-quarantined-files.txt:

2010-10-12 20:13:06 . 2010-10-12 20:13:07 320 ----a-w- C:\Qoobox\Quarantine\Registry_backups\URLSearchHooks-Rank.reg.dat
2010-10-12 20:13:06 . 2010-10-12 20:13:06 428 ----a-w- C:\Qoobox\Quarantine\Registry_backups\URLSearchHooks-HookURL.reg.dat
2010-10-12 20:07:42 . 2010-10-12 20:07:42 4,012 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ndisrd.reg.dat
2010-10-12 20:07:42 . 2010-10-12 20:07:42 774 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_6TO4.reg.dat
2010-10-12 20:07:37 . 2010-10-12 20:07:37 9,541 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-10-12 19:50:29 . 2010-10-12 20:02:42 102 ----a-w- C:\Qoobox\Quarantine\catchme.log
2010-09-16 03:09:34 . 2010-09-16 03:09:34 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David Schuldenfrei\Application Data\Eqywo\ydodp.xeo.vir
2010-08-05 19:37:48 . 2010-08-05 19:37:48 2,074 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\searchplugins\google_search.xml.vir
2010-08-05 12:06:14 . 2010-08-05 12:06:14 2,357 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David Schuldenfrei\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk.vir
2010-08-05 12:06:14 . 2010-08-05 12:06:14 1,303 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David Schuldenfrei\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk.vir
2009-10-19 21:08:45 . 2008-04-14 03:43:22 40,840 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\termdd.sys.vir
2008-05-06 12:00:00 . 2008-05-06 12:00:00 169,984 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\msconfig.exe.vir
2007-11-07 12:03:18 . 2007-11-07 12:03:18 562,688 ----a-w- C:\Qoobox\Quarantine\C\install.exe.vir

Here are the Registry_backups files. These all originated as .reg files, except for one called "tcpip" which has a file type of "registration entries." This was not one that I was able to copy and paste. The rest are as follows:

Legacy_6TO4.reg
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_6to4]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_6to4\0000]
"Service"="6to4"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="6to4"

Service_ndisrd.reg
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ndisrd]
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,6e,00,64,00,69,00,73,00,72,00,64,\
00,2e,00,73,00,79,00,73,00,00,00
"DisplayName"="WinpkFilter Service"
"Group"="PNP_TDI"
"ErrorControl"=dword:00000001
"Type"=dword:00000001
"Start"=dword:00000003
"Tag"=dword:00000008

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ndisrd\Parameters]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ndisrd\Parameters\Adapters]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ndisrd\Parameters\Adapters\NdisWanIp]
"UpperBindings"="\\Device\\{C637422B-D00E-4AFF-AB6E-06B967D91E79}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ndisrd\Parameters\Adapters\{0D3A0FE6-E3EE-4A1B-BDF5-25F35EB4FA88}]
"UpperBindings"="\\Device\\{AF46A751-98D1-43E9-9228-249FEB8A6CF4}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ndisrd\Parameters\Adapters\{B7B994DF-4389-480F-BC3E-56A37219A773}]
"UpperBindings"="\\Device\\{B34251DD-1492-443B-A138-B843AD03EFC9}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ndisrd\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ndisrd\Enum]
"0"="Root\\NT_NDISRDMP\\0000"
"Count"=dword:00000003
"NextInstance"=dword:00000003
"1"="Root\\NT_NDISRDMP\\0001"
"2"="Root\\NT_NDISRDMP\\0002"

URLSearchHooks-HookURL.reg

[HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooks]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooks\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooks\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}\AIM Search]
"HookURL"="http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query=%s&invocationType=bu10aiminstabie7"

URLSearchHooks-Rank.reg

[HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooks]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooks\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooks\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}\AIM Search]
"Rank"="a"

Additionally, here is the initial scan of combofix that you wanted me to post:

ComboFix 10-10-11.05 - David Schuldenfrei 10/12/2010 16:03:29.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1578 [GMT -4:00]
Running from: c:\documents and settings\David Schuldenfrei\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\David Schuldenfrei\Application Data\Eqywo
c:\documents and settings\David Schuldenfrei\Application Data\Eqywo\ydodp.xeo
c:\documents and settings\David Schuldenfrei\Start Menu\Programs\Antimalware Doctor
c:\documents and settings\David Schuldenfrei\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\documents and settings\David Schuldenfrei\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
C:\Install.exe
c:\program files\Mozilla Firefox\searchplugins\google_search.xml
c:\windows\system32\msconfig.exe

Infected copy of c:\windows\system32\drivers\termdd.sys was found and disinfected 
Restored copy from - Kitty had a snack  
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Service_ndisrd

((((((((((((((((((((((((( Files Created from 2010-09-12 to 2010-10-12 )))))))))))))))))))))))))))))))
.

2010-10-12 20:10 . 2010-10-12 20:10	--------	d-----w-	c:\windows\system32\wbem\snmp
2010-10-12 20:10 . 2010-10-12 20:10	--------	d-----w-	c:\windows\system32\xircom
2010-10-12 20:10 . 2010-10-12 20:10	--------	d-----w-	c:\windows\system32\oobe
2010-10-12 20:10 . 2010-10-12 20:10	--------	d-----w-	c:\windows\srchasst
2010-10-07 21:41 . 2010-10-07 21:41	--------	d-----w-	c:\documents and settings\David Schuldenfrei\Application Data\SUPERAntiSpyware.com
2010-10-07 21:41 . 2010-10-07 21:41	--------	d-----w-	c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-10-07 21:41 . 2010-10-07 21:42	--------	d-----w-	c:\program files\SUPERAntiSpyware
2010-10-07 21:24 . 2010-10-07 21:24	--------	d-----w-	c:\documents and settings\David Schuldenfrei\Application Data\Malwarebytes
2010-10-06 04:14 . 2010-10-06 04:14	--------	d-----w-	c:\program files\iPod
2010-10-06 04:10 . 2010-10-06 04:10	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
2010-10-06 04:10 . 2010-10-06 04:10	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
2010-10-06 04:10 . 2010-10-06 04:10	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2010-10-06 04:10 . 2010-10-06 04:10	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2010-10-06 04:10 . 2010-10-06 04:10	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2010-10-06 04:10 . 2010-10-06 04:10	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2010-10-06 04:10 . 2010-10-06 04:10	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2010-10-06 04:08 . 2010-10-06 04:08	--------	d-----w-	c:\program files\Bonjour
2010-09-20 06:02 . 2010-09-20 06:02	--------	d-----w-	c:\documents and settings\David Schuldenfrei\Application Data\Blackberry Desktop
2010-09-20 05:56 . 2010-09-20 05:57	--------	d-----w-	c:\documents and settings\David Schuldenfrei\Application Data\Research In Motion
2010-09-20 05:48 . 2009-01-09 21:18	27136	----a-r-	c:\windows\system32\drivers\RimSerial.sys
2010-09-20 05:48 . 2010-09-20 05:48	--------	d-----w-	c:\documents and settings\All Users\Application Data\Research In Motion
2010-09-20 05:47 . 2010-09-20 05:48	--------	d-----w-	c:\program files\Common Files\Research In Motion
2010-09-20 05:47 . 2010-09-20 05:47	--------	d-----w-	c:\program files\Research In Motion
2010-09-20 05:44 . 2010-09-20 05:44	--------	d-----w-	c:\windows\system32\XPSViewer
2010-09-20 05:43 . 2010-09-20 05:43	--------	d-----w-	c:\program files\MSBuild
2010-09-20 05:43 . 2010-09-20 05:43	--------	d-----w-	c:\program files\Reference Assemblies
2010-09-20 05:43 . 2008-07-06 12:06	89088	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-09-20 05:42 . 2008-07-06 12:06	89088	------w-	c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-09-20 05:42 . 2008-07-06 12:06	575488	------w-	c:\windows\system32\xpsshhdr.dll
2010-09-20 05:42 . 2008-07-06 12:06	575488	------w-	c:\windows\system32\dllcache\xpsshhdr.dll
2010-09-20 05:42 . 2008-07-06 12:06	117760	------w-	c:\windows\system32\prntvpt.dll
2010-09-20 05:42 . 2008-07-06 10:50	597504	------w-	c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-09-20 05:42 . 2008-07-06 10:50	597504	------w-	c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-09-20 05:42 . 2010-09-20 05:43	--------	d-----w-	C:\b2073029b2282cac4788f4
2010-09-20 05:42 . 2008-07-06 12:06	1676288	------w-	c:\windows\system32\xpssvcs.dll
2010-09-20 05:42 . 2008-07-06 12:06	1676288	------w-	c:\windows\system32\dllcache\xpssvcs.dll
2010-09-17 17:11 . 2010-09-17 17:11	--------	d-----w-	c:\documents and settings\Administrator\Application Data\HpUpdate
2010-09-16 00:52 . 2010-09-22 19:57	--------	d-----w-	c:\documents and settings\David Schuldenfrei\Application Data\Ukeqy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-05 20:14 . 2009-10-19 21:13	34048	----a-w-	c:\program files\opera\program\plugins\upd62i9x.dll
2008-05-05 20:14 . 2009-10-19 21:13	45056	----a-w-	c:\program files\opera\program\plugins\upd62int.dll
.

------- Sigcheck -------

[-] 2008-05-06 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys

c:\windows\System32\wuauclt.exe ... is missing !!
c:\windows\System32\wscntfy.exe ... is missing !!
c:\windows\System32\ctfmon.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]
"Aim"="c:\program files\AIM\aim.exe" [2010-03-08 3972440]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-28 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-04 2067808]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"BackupClient.exe"="c:\program files\Student Backup\BackupClient.exe" [2008-11-19 9201614]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-05-06 99840]

c:\documents and settings\David Schuldenfrei\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Update Notifier.lnk - c:\program files\Update Notifier\updatenotifier.exe [2009-10-19 462848]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"StartMenuFavorites"= 0 (0x0)
"Start_ShowMyComputer"= 1 (0x1)
"Start_ShowMyDocs"= 1 (0x1)
"Start_ShowMyMusic"= 0 (0x0)
"Start_ShowRun"= 1 (0x1)
"Start_ShowSearch"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21	548352	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 22:02	12536	----a-w-	c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders	schannel.dll, digest.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/19/2009 10:45 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/19/2009 10:45 PM 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/15/2010 6:01 PM 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 6:02 PM 308136]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/24/2010 5:38 AM 92008]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [5/25/2009 3:43 PM 32408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12	REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\David Schuldenfrei\Application Data\Mozilla\Firefox\Profiles\6yk6a511.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - msn.com
FF - prefs.js: keyword.URL - hxxp://search.search-go.net/?sid=10101049100&s=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-go.net/?sid=10101049100&s=c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)

.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(456)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(4020)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2010-10-12 16:14:29 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-12 20:14

Pre-Run: 6,334,775,296 bytes free
Post-Run: 6,212,513,792 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 38B5CA0B7392924F5F31E313A90D8D51


----------



## eddie5659 (Mar 19, 2001)

For some reason, its removed a Windows file, so can you do this for me:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)










Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce 2 reports will be generated:

DeQuarantine_log.txt

ComboFix.txt

if you can post those, and let me know if Wireless is restored.

eddie.


----------



## fryguy8585 (Aug 24, 2006)

Hey Eddie, I followed your instructions and only one of the logs was created. I kept getting messages about "protected files" and it kept asking me to insert the Windows Service Pack 3 CD, which I do not have. Is there any way around this? Here is the DeQuarantine log that was produced:

C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\termdd.sys.vir -> C:\WINDOWS\system32\Drivers\termdd.sys ( 40840 bytes )


----------



## eddie5659 (Mar 19, 2001)

Are you able to get online now? Were the messages appearing before you ran ComboFix, as in the protected files ones?


----------



## fryguy8585 (Aug 24, 2006)

Hey Eddie,

I still cannot get on the internet, and the only way I can send these scans to you is by using a USB flash drive to copy and paste them to a computer that has internet access. The error about protected files came about during the running of combofix I believe, and it caused me to have to stop the scan. I am still getting that black screen upon bootup that was mentioned in your initial post about how combofix works; it pops up and quickly disappears. I am not sure if that has anything to do with my problems.

Thanks Eddie.


----------



## eddie5659 (Mar 19, 2001)

Okay, can you firstly do this:

In Internet Explorer go to Tools - Internet Options - Connections Tab - Lan Settings and remove the reference to 127.0.0.1:6522 if found, then uncheck "Use a proxy server" and check "Automatically detect settings".

In Firefox go to Tools - Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and click on "No proxy".

Then, when that's done, if still no internet, then do this:

Go to Control Panel | System. Device Manager.

In there, locate the network cards (both LAN and WAN), rightclick on each and select Uninstall. When you're there, you may see some adapters with *Winpkfilter Miniport* in the description. Leave these as we'll remove them after the reboot.

Reboot the computer, and Windows will re-install them.

Then, go to Network Connections | and right-click on the Internet Connection and choose Properties, then find "*Winpkfilter driver*" in the list and right-click on it to Uninstall (or left-click on it once to highlight, then hit the Uninstall button below). Once this is done, the bogus adaptors will disappear from Device Manager.

Let me know if that works 

eddie


----------



## fryguy8585 (Aug 24, 2006)

YES...I'm back on the internet finally. Thanks so much for taking me through that; sorry we got derailed there for a little...so what is the next step toward getting rid of these pop ups and fake virus scans?


----------



## eddie5659 (Mar 19, 2001)

That's okay, as the malware that we removed was actually the reason why you lost your connection, so we had to remove it afterwards. Tricky things, these malware files sometimes 

Okay, let me just look at where we are, and back in a min or so


----------



## eddie5659 (Mar 19, 2001)

Download *OTL* to your Desktop 

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. 
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic 


eddie


----------



## fryguy8585 (Aug 24, 2006)

OTL logfile created on: 10/18/2010 1:33:01 AM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\David Schuldenfrei\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2096)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 91.75 Gb Total Space | 5.93 Gb Free Space | 6.47% Space Free | Partition Type: NTFS
Drive E: | 488.25 Mb Total Space | 333.58 Mb Free Space | 68.32% Space Free | Partition Type: FAT

Computer Name: DAVID | User Name: David Schuldenfrei | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/18 01:32:20 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Schuldenfrei\Desktop\OTL.exe
PRC - [2010/10/04 14:46:19 | 002,067,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/09/28 10:04:57 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/09/23 15:52:08 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/09/01 02:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/08/24 05:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/08/24 05:38:16 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/07/20 17:49:14 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/15 18:02:14 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/15 18:02:10 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/15 18:01:15 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/15 18:01:13 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/08 17:04:49 | 003,972,440 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/07/16 16:35:42 | 005,458,704 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Logitech Vid\Vid.exe
PRC - [2008/11/21 04:33:32 | 000,431,472 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2008/11/19 12:20:33 | 009,201,614 | ---- | M] () -- C:\Program Files\Student Backup\BackupClient.exe
PRC - [2008/05/06 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/10 05:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe

========== Modules (SafeList) ==========

MOD - [2010/10/18 01:32:20 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Schuldenfrei\Desktop\OTL.exe
MOD - [2008/05/06 08:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\wscsvc.dll -- (wscsvc)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\ersvc.dll -- (ERSvc)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\cisvc.exe -- (CiSvc)
SRV - [2010/08/24 05:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/20 17:49:14 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/15 18:02:10 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/11/21 04:33:32 | 000,431,472 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\DAVIDS~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/15 18:02:15 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/15 18:01:15 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/02 09:31:39 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/07 04:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 04:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam S5500(UVC)
DRV - [2009/10/07 04:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/05/25 15:43:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/11/21 04:15:54 | 000,023,552 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2008/11/11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/05/06 08:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/05/10 05:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/03/30 21:34:14 | 005,704,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/01/30 13:12:06 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/08/27 13:40:54 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "msn.com"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.5331
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.1
FF - prefs.js..keyword.URL: "http://search.search-go.net/?sid=10101049100&s="
FF - prefs.js..network.proxy.type: 0

FF - user.js..browser.search.selectedEngine: "Google"
FF - user.js..browser.search.order.1: "Google"
FF - user.js..keyword.URL: "http://search.search-go.net/?sid=10101049100&s="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/09/23 15:52:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/06 00:10:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/06 00:10:56 | 000,000,000 | ---D | M]

[2009/10/22 11:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Mozilla\Extensions
[2009/10/22 11:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Mozilla\Extensions\[email protected]
[2010/10/12 12:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Mozilla\Firefox\Profiles\6yk6a511.default\extensions
[2010/03/24 17:45:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David Schuldenfrei\Application Data\Mozilla\Firefox\Profiles\6yk6a511.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/03/11 17:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Mozilla\Firefox\Profiles\6yk6a511.default\extensions\[email protected]
[2010/03/24 17:45:34 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Application Data\Mozilla\Firefox\Profiles\6yk6a511.default\searchplugins\aim-search-1.xml
[2009/10/24 20:25:31 | 000,004,554 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Application Data\Mozilla\Firefox\Profiles\6yk6a511.default\searchplugins\aim-search.xml
[2010/10/16 15:27:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/19 23:07:53 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2008/05/05 16:06:41 | 000,365,056 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npupd62.dll

O1 HOSTS File: ([2010/10/12 16:10:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BackupClient.exe] C:\Program Files\Student Backup\BackupClient.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuFavorites = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowMyComputer = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowMyDocs = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowMyMusic = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowRun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowSearch = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/19 17:11:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/18 01:32:21 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David Schuldenfrei\Desktop\OTL.exe
[2010/10/14 16:44:47 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/10/13 00:36:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Application Data\uTorrent
[2010/10/12 21:07:17 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/12 17:24:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/10/12 17:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/10/12 17:24:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010/10/12 17:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\outlook express
[2010/10/12 17:24:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010/10/12 17:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2010/10/12 17:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\movie maker
[2010/10/12 17:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/10/12 17:24:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010/10/12 15:56:25 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/12 15:50:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/12 15:50:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/12 15:50:38 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/12 15:50:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/12 15:48:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/07 17:41:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Application Data\SUPERAntiSpyware.com
[2010/10/07 17:41:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/10/07 17:41:39 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/10/07 17:24:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Malwarebytes
[2010/10/06 00:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/06 00:08:35 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/10/03 15:42:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Desktop\Pictures
[2010/09/25 03:30:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Desktop\Dave Matthews Band- Howard Demo
[2010/09/25 03:21:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Desktop\Dave Matthews Band- Mixtape
[2010/09/25 03:14:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Desktop\Dave Matthews Band- Demo
[2010/09/24 00:27:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Desktop\The Lillywhite Sessions
[2010/09/23 21:45:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Desktop\Granny's Basement
[2010/09/20 02:02:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Blackberry Desktop
[2010/09/20 01:58:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\My Documents\BlackBerry
[2010/09/20 01:56:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Research In Motion
[2010/09/20 01:48:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/09/20 01:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2010/09/20 01:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2010/09/20 01:44:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/09/20 01:43:54 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/09/20 01:43:38 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/09/20 01:42:38 | 000,000,000 | ---D | C] -- C:\b2073029b2282cac4788f4
[2010/09/20 01:40:49 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/09/20 01:39:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/09/15 20:52:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Ukeqy
[2010/09/15 20:41:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\My Documents\HWS 104
[2010/09/04 19:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/09/04 18:15:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/09/04 18:12:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Application Data\DivX
[2010/09/04 18:11:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/09/04 18:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Local Settings\Application Data\Temp
[2010/09/04 18:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/09/04 18:10:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Local Settings\Application Data\Google
[2010/09/04 18:10:14 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/09/04 18:10:09 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/09/04 18:09:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/09/03 16:59:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\My Documents\ACCT 460
[2010/09/03 15:17:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\My Documents\VirtualDJ
[2010/09/03 15:17:52 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2010/08/17 15:51:32 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/08/17 14:17:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/16 12:48:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\My Documents\MGMT 411
[2010/08/13 19:24:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\tptcioddl
[2010/08/09 19:01:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/09 19:01:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/09 19:01:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/09 19:01:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/05 07:37:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Local Settings\Application Data\opulfyknl
[2010/08/05 07:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Local Settings\Application Data\qnbmewikc
[2010/08/05 07:36:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Update
[2010/07/25 13:05:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2010/07/20 23:57:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/07/20 23:57:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2010/07/20 23:56:59 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[1 C:\Documents and Settings\David Schuldenfrei\Application Data\*.tmp files -> C:\Documents and Settings\David Schuldenfrei\Application Data\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/18 01:32:20 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Schuldenfrei\Desktop\OTL.exe
[2010/10/17 23:08:13 | 066,513,607 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/10/17 22:58:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/17 15:39:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/15 16:24:15 | 000,323,584 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\JMS Tech Wizards.accdb
[2010/10/12 20:31:17 | 000,034,711 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\Fall 2010.xlsx
[2010/10/12 16:38:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/10/12 16:38:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/10/12 16:14:41 | 000,433,318 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/12 16:14:41 | 000,067,288 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/12 16:10:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/12 15:56:32 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/10/12 15:47:34 | 003,877,496 | R--- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\ComboFix.exe
[2010/10/11 22:47:36 | 000,008,614 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\Money.xlsx
[2010/10/10 17:56:29 | 000,034,104 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/06 00:36:49 | 000,175,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/06 00:15:06 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/06 00:10:47 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/02 16:03:33 | 000,014,671 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\journal.docx
[2010/09/22 17:55:02 | 000,055,819 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\Wal-mart Exhibit 1.docx
[2010/09/22 17:54:38 | 000,138,771 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\Cover Page.docx
[2010/09/21 22:45:42 | 078,203,977 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\peprally.zip
[2010/09/20 01:57:54 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/07 01:58:52 | 000,011,902 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\scholarship thank you.docx
[2010/09/04 18:22:07 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/02 00:06:42 | 000,011,611 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\Security Deposits.xlsx
[2010/08/13 19:24:04 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
[2010/07/25 12:49:12 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[1 C:\Documents and Settings\David Schuldenfrei\Application Data\*.tmp files -> C:\Documents and Settings\David Schuldenfrei\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/15 16:18:40 | 000,323,584 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\JMS Tech Wizards.accdb
[2010/10/12 15:56:32 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/10/12 15:56:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/12 15:50:38 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/12 15:50:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/12 15:50:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/12 15:50:38 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/12 15:50:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/12 15:47:04 | 003,877,496 | R--- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\ComboFix.exe
[2010/10/11 22:47:35 | 000,008,614 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\Money.xlsx
[2010/10/06 00:15:06 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/06 00:10:47 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/02 15:11:45 | 000,014,671 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\journal.docx
[2010/09/22 17:54:38 | 000,138,771 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\Cover Page.docx
[2010/09/22 17:45:42 | 000,055,819 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\Wal-mart Exhibit 1.docx
[2010/09/21 22:40:16 | 078,203,977 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\peprally.zip
[2010/09/20 01:56:29 | 000,000,231 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Application Data\Rim.Desktop.Exception.log
[2010/09/20 01:48:38 | 000,000,857 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Application Data\Rim.Desktop.HttpServerSetup.log
[2010/09/20 01:44:44 | 000,198,096 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/07 01:58:51 | 000,011,902 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\scholarship thank you.docx
[2010/09/04 18:22:07 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/23 15:55:46 | 000,034,711 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\Fall 2010.xlsx
[2010/08/13 19:24:04 | 000,000,005 | ---- | C] () -- C:\zrpt.xml
[2010/07/20 23:57:00 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/05/25 09:31:06 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/25 19:25:27 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\BladeEnc.dll
[2009/11/25 19:25:27 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ShnDll32.dll
[2009/11/09 01:10:35 | 000,000,127 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/10/29 22:47:55 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/10/25 15:04:23 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/10/25 15:04:23 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/10/21 02:21:58 | 000,003,466 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/10/20 19:49:48 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2009/10/19 18:05:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/10/19 17:13:40 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/10/07 02:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 02:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2008/05/06 08:00:00 | 000,000,287 | ---- | C] () -- C:\WINDOWS\System32\Oeminfo.ini

========== LOP Check ==========

[2009/10/24 20:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/10/24 20:24:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2010/08/09 20:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/02/13 15:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2010/09/20 01:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/04/17 16:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2010/08/17 15:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/22 11:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/10/07 17:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Update
[2010/07/04 02:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2010/05/29 11:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010/05/04 17:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/04 01:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/24 20:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\acccore
[2010/09/20 02:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Blackberry Desktop
[2009/11/27 21:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\CopyTrans
[2010/05/08 16:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\DC++
[2009/11/11 14:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Foxit Software
[2009/11/12 18:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\GetRightToGo
[2010/03/26 13:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Image Zone Express
[2009/11/09 11:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Individual Software
[2010/04/09 10:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Juniper Networks
[2009/10/29 22:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Leadertech
[2009/10/20 22:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\OpenOffice.org
[2010/02/10 23:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Printer Info Cache
[2010/09/20 01:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Research In Motion
[2010/04/17 16:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\TaxCut
[2009/10/22 11:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\TomTom
[2010/09/22 15:57:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Ukeqy
[2010/10/13 00:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\uTorrent
[2010/05/29 11:46:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\WindSolutions
[2010/03/11 14:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Xerox

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

OTL Extras logfile created on: 10/18/2010 1:33:01 AM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\David Schuldenfrei\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2096)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
F
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 91.75 Gb Total Space | 5.93 Gb Free Space | 6.47% Space Free | Partition Type: NTFS
Drive E: | 488.25 Mb Total Space | 333.58 Mb Free Space | 68.32% Space Free | Partition Type: FAT

Computer Name: DAVID | User Name: David Schuldenfrei | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htafile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 File not found
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k cd "%L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Notepad] -- Reg Error: Key error.
Directory [openNew] -- explorer %1 (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 File not found
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Logitech\Logitech Vid\Vid.exe" = C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid -- (Logitech Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{190C7419-C254-408e-81F8-BE11FCD72A1F}" = dj_sf_software
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47499FAF-B116-4b14-B07F-DB2C3087A06C}" = D4200_Help
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_05_F4400_Software_Min
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{58535A90-1788-44f5-80BB-CFF62D9CE6D5}" = HP Deskjet 8.0 Software
"{5AEBB4A3-6878-4CEE-AD34-0F6958A983F0}" = HP Deskjet F4400 Printer Driver 13.0 Rel .5
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{79D78DC9-96A2-426e-B705-A1EE9536D18B}" = D4200
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0015-0000-0000-0000000FF1CE}" = Microsoft Office Access 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{B6058AF2-2321-4715-9AC4-765486E08C9D}" = VZAccess Manager
"{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}" = TaxCut Premium + State + Efile 2008
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C7E154EF-D5EC-4da4-9D00-43B85967B120}" = dj_sf_ProductContext
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype 4.1
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F327A8F7-00C6-4491-9782-1DFFBB0594A2}" = dj_sf_software_req
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1DF1D89C6203C019B5AC0C7E3C22519B23EBA0B4" = Windows Driver Package - SigmaTel (STHDA) MEDIA (07/27/2006 5.10.5143.0)
"22A1B11B3B9268005C1E8B3E02F4F301409DB136" = Windows Driver Package - SigmaTel (STHDA) MEDIA (05/10/2007 5.10.0.5515)
"5CE1BCED67E2CFBFF1959E927036AB3BB746B25B" = Windows Driver Package - IDT (STHDA) MEDIA (12/14/2007 5.10.5762.0)
"73501D040246FD1119FF9BD02EAA9CA1541A9E01" = Windows Driver Package - Intel USB (09/13/2006 8.2.0.1008)
"90CAA9CF0034D0BD57155DFBC99A7DC49D09248E" = Windows Driver Package - SigmaTel (STHDA) MEDIA (05/26/2006 5.10.5067.0)
"Access" = Microsoft Office Access 2007
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AE5E65A993E5F05ACA803967843FFBDFC703323D" = Windows Driver Package - Broadcom (BCM43XX) Net (11/02/2005 4.10.40.0)
"AIM Search" = AIM Search
"AIM Toolbar" = AIM Toolbar
"AIM_7" = AIM 7
"AVG9Uninstall" = AVG Free 9.0
"B6F748FF868CC1F3E56B7DB0FCAA0CB52567778D" = Windows Driver Package - Broadcom (BCM43XX) Net (06/25/2006 4.80.28.7)
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"CCleaner" = CCleaner (remove only)
"D1CF7324E30CBFB05D30E920152F38C91D5F89F0" = Windows Driver Package - Broadcom (bcm4sbxp) Net (11/21/2006 4.60.0.0)
"DC++" = DC++ 0.750
"DivX Setup.divx.com" = DivX Setup
"EE9B95D1C74D16AD94536BB864F358552572A44B" = Windows Driver Package - SigmaTel (STHDA) MEDIA (07/27/2006 5.10.0.5143)
"EXCEL" = Microsoft Office Excel 2007
"FLAC" = FLAC 1.2.1b (remove only)
"FLV Player" = FLV Player 2.0 (build 25)
"Foxit Reader" = Foxit Reader
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007 Trial
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"ImageConverter Plus_is1" = ImageConverter Plus 7.1
"Juniper Network Connect 6.3.0" = Juniper Networks Network Connect 6.3.0
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mkwACT" = mkw Audio Compression Toolkit
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"OUTLOOK" = Microsoft Office Outlook 2007
"POWERPOINT" = Microsoft Office PowerPoint 2007
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"STANDARD" = Microsoft Office Standard 2007
"Student Backup 2008" = Student Backup 2008
"TomTom HOME" = TomTom HOME 2.7.6.2056
"Update Notifier" = Update Notifier
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WORD" = Microsoft Office Word 2007
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/11/2010 11:00:26 PM | Computer Name = DAVID | Source = Bonjour Service | ID = 100
Description = 368: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/12/2010 11:40:23 PM | Computer Name = DAVID | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.4518.1014, stamp 45428028,
faulting module hpz3r4v2.dll, version 61.63.247.0, stamp 45949947, debug? 0, fault
address 0x00045a98.

Error - 10/13/2010 12:26:58 AM | Computer Name = DAVID | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.4518.1014, stamp 45428028,
faulting module hpz3r4v2.dll, version 61.63.247.0, stamp 45949947, debug? 0, fault
address 0x00045a98.

Error - 10/13/2010 12:27:22 AM | Computer Name = DAVID | Source = Bonjour Service | ID = 100
Description = 248: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/13/2010 12:30:52 AM | Computer Name = DAVID | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.4518.1014, stamp 45428028,
faulting module hpz3r4v2.dll, version 61.63.247.0, stamp 45949947, debug? 0, fault
address 0x00045a98.

Error - 10/13/2010 3:16:02 PM | Computer Name = DAVID | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application powerpnt.exe, version 12.0.4518.1014, stamp 45428035,
faulting module ppcore.dll, version 12.0.4518.1014, stamp 454281a3, debug? 0, fault
address 0x001af7b0.

Error - 10/15/2010 2:00:40 PM | Computer Name = DAVID | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.4518.1014, stamp 45428028,
faulting module hpz3r4v2.dll, version 61.63.247.0, stamp 45949947, debug? 0, fault
address 0x00045a98.

Error - 10/15/2010 2:12:37 PM | Computer Name = DAVID | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.4518.1014, stamp 45428028,
faulting module hpz3r4v2.dll, version 61.63.247.0, stamp 45949947, debug? 0, fault
address 0x00045a98.

Error - 10/16/2010 3:11:15 PM | Computer Name = DAVID | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.4518.1014, stamp 45428028,
faulting module hpz3r4v2.dll, version 61.63.247.0, stamp 45949947, debug? 0, fault
address 0x00045a98.

Error - 10/16/2010 3:11:15 PM | Computer Name = DAVID | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application powerpnt.exe, version 12.0.4518.1014, stamp 45428035,
faulting module ppcore.dll, version 12.0.4518.1014, stamp 454281a3, debug? 0, fault
address 0x001af7b0.

[ OSession Events ]
Error - 12/8/2009 8:06:09 PM | Computer Name = DAVID | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session 
lasted 1063 seconds with 780 seconds of active time. This session ended with a 
crash.

Error - 12/15/2009 2:19:20 AM | Computer Name = DAVID | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session 
lasted 28972 seconds with 720 seconds of active time. This session ended with a
crash.

Error - 12/16/2009 6:07:07 PM | Computer Name = DAVID | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session 
lasted 9335 seconds with 1140 seconds of active time. This session ended with a
crash.

Error - 2/23/2010 2:24:09 AM | Computer Name = DAVID | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session 
lasted 8180 seconds with 600 seconds of active time. This session ended with a 
crash.

Error - 3/20/2010 7:55:41 PM | Computer Name = DAVID | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session 
lasted 14727 seconds with 540 seconds of active time. This session ended with a
crash.

Error - 4/1/2010 12:50:42 AM | Computer Name = DAVID | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session 
lasted 25130 seconds with 1680 seconds of active time. This session ended with 
a crash.

Error - 4/6/2010 6:58:17 PM | Computer Name = DAVID | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8957
seconds with 3240 seconds of active time. This session ended with a crash.

Error - 4/8/2010 4:57:24 PM | Computer Name = DAVID | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3433
seconds with 840 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/16/2010 3:35:40 PM | Computer Name = DAVID | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.

Error - 10/17/2010 3:40:25 PM | Computer Name = DAVID | Source = Service Control Manager | ID = 7000
Description = The helpsvc service failed to start due to the following error: %%2

Error - 10/17/2010 3:40:25 PM | Computer Name = DAVID | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 10/17/2010 3:40:25 PM | Computer Name = DAVID | Source = Service Control Manager | ID = 7000
Description = The wscsvc service failed to start due to the following error: %%1083

Error - 10/17/2010 3:52:28 PM | Computer Name = DAVID | Source = Service Control Manager | ID = 7000
Description = The helpsvc service failed to start due to the following error: %%2

Error - 10/17/2010 3:52:28 PM | Computer Name = DAVID | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 10/17/2010 3:52:28 PM | Computer Name = DAVID | Source = Service Control Manager | ID = 7000
Description = The wscsvc service failed to start due to the following error: %%1083

Error - 10/17/2010 10:59:52 PM | Computer Name = DAVID | Source = Service Control Manager | ID = 7000
Description = The helpsvc service failed to start due to the following error: %%2

Error - 10/17/2010 10:59:52 PM | Computer Name = DAVID | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 10/17/2010 10:59:52 PM | Computer Name = DAVID | Source = Service Control Manager | ID = 7000
Description = The wscsvc service failed to start due to the following error: %%1083

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Okay, firstly run this program:

Please download *JavaRa* to your desktop and unzip it to its own folder 

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions. 
Accept any prompts. 
Open JavaRa.exe again and select *Search For Updates*. 
Select *Update Using Sun Java's Website* then click Search and click on the *Open Webpage* button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

--------------

After doing the above, the do the following:

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:OTL
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
:Files
C:\Documents and Settings\NetworkService\Local Settings\Application Data\tptcioddl
C:\Documents and Settings\David Schuldenfrei\Local Settings\Application Data\opulfyknl
C:\Documents and Settings\David Schuldenfrei\Local Settings\Application Data\qnbmewikc
C:\WINDOWS\System32\drivers\logiflt.iad
C:\WINDOWS\System32\drivers\lvuvc.hs
C:\zrpt.xml
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]
```

Then click the *Run Fix* button at the top 
Let the program run unhindered, reboot the PC when it is done 
Open OTL again and click the *Quick Scan* button. Post the log it produces in your next reply. 

eddie


----------



## fryguy8585 (Aug 24, 2006)

OTL logfile created on: 10/20/2010 12:56:38 PM - Run 2
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\David Schuldenfrei\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2096)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 91.75 Gb Total Space | 5.84 Gb Free Space | 6.36% Space Free | Partition Type: NTFS
Drive E: | 488.25 Mb Total Space | 333.58 Mb Free Space | 68.32% Space Free | Partition Type: FAT

Computer Name: DAVID | User Name: David Schuldenfrei | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/18 01:32:20 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Schuldenfrei\Desktop\OTL.exe
PRC - [2010/10/04 14:46:19 | 002,067,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/09/28 10:04:57 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/09/23 15:52:08 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/09/17 13:09:34 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/09/17 13:09:29 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/01 02:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/08/24 05:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/08/24 05:38:16 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/07/20 17:49:14 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/15 18:02:14 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/15 18:02:10 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/15 18:01:15 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/15 18:01:13 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/08 17:04:49 | 003,972,440 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/07/16 16:35:42 | 005,458,704 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Logitech Vid\Vid.exe
PRC - [2008/11/21 04:33:32 | 000,431,472 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2008/11/19 12:20:33 | 009,201,614 | ---- | M] () -- C:\Program Files\Student Backup\BackupClient.exe
PRC - [2008/05/06 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/10 05:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe

========== Modules (SafeList) ==========

MOD - [2010/10/18 01:32:20 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Schuldenfrei\Desktop\OTL.exe
MOD - [2008/05/06 08:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\wscsvc.dll -- (wscsvc)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\ersvc.dll -- (ERSvc)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\cisvc.exe -- (CiSvc)
SRV - [2010/08/24 05:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/20 17:49:14 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/15 18:02:10 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/11/21 04:33:32 | 000,431,472 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\DAVIDS~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/15 18:02:15 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/15 18:01:15 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/02 09:31:39 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/07 04:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 04:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam S5500(UVC)
DRV - [2009/10/07 04:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/05/25 15:43:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/11/21 04:15:54 | 000,023,552 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2008/11/11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/05/06 08:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/05/10 05:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/03/30 21:34:14 | 005,704,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/01/30 13:12:06 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/08/27 13:40:54 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "msn.com"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.5331
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.search-go.net/?sid=10101049100&s="
FF - prefs.js..network.proxy.type: 0

FF - user.js..browser.search.selectedEngine: "Google"
FF - user.js..browser.search.order.1: "Google"
FF - user.js..keyword.URL: "http://search.search-go.net/?sid=10101049100&s="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/09/23 15:52:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/06 00:10:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/20 12:31:48 | 000,000,000 | ---D | M]

[2009/10/22 11:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Mozilla\Extensions
[2009/10/22 11:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Mozilla\Extensions\[email protected]
[2010/10/20 02:33:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Mozilla\Firefox\Profiles\6yk6a511.default\extensions
[2010/03/24 17:45:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David Schuldenfrei\Application Data\Mozilla\Firefox\Profiles\6yk6a511.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/03/11 17:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Mozilla\Firefox\Profiles\6yk6a511.default\extensions\[email protected]
[2010/03/24 17:45:34 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Application Data\Mozilla\Firefox\Profiles\6yk6a511.default\searchplugins\aim-search-1.xml
[2009/10/24 20:25:31 | 000,004,554 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Application Data\Mozilla\Firefox\Profiles\6yk6a511.default\searchplugins\aim-search.xml
[2010/10/20 12:32:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/20 12:31:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/10/20 12:31:31 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/10/19 23:07:53 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2008/05/05 16:06:41 | 000,365,056 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npupd62.dll

O1 HOSTS File: ([2010/10/20 12:34:08 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BackupClient.exe] C:\Program Files\Student Backup\BackupClient.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuFavorites = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowMyComputer = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowMyDocs = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowMyMusic = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowRun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowSearch = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 128.226.136.8 128.226.136.12
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/19 17:11:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/20 12:34:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/20 12:32:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/10/20 12:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/20 12:22:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Desktop\JavaRa
[2010/10/18 01:32:21 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David Schuldenfrei\Desktop\OTL.exe
[2010/10/14 16:44:47 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/10/13 00:36:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Application Data\uTorrent
[2010/10/12 21:07:17 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/12 17:24:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/10/12 17:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/10/12 17:24:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010/10/12 17:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\outlook express
[2010/10/12 17:24:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010/10/12 17:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2010/10/12 17:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\movie maker
[2010/10/12 17:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/10/12 17:24:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010/10/12 15:56:25 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/12 15:50:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/12 15:50:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/12 15:50:38 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/12 15:50:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/12 15:48:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/07 17:41:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Application Data\SUPERAntiSpyware.com
[2010/10/07 17:41:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/10/07 17:41:39 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/10/07 17:24:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Malwarebytes
[2010/10/06 00:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/06 00:08:35 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/10/03 15:42:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Desktop\Pictures
[2010/09/25 03:30:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Desktop\Dave Matthews Band- Howard Demo
[2010/09/25 03:21:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Desktop\Dave Matthews Band- Mixtape
[2010/09/25 03:14:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Desktop\Dave Matthews Band- Demo
[2010/09/24 00:27:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Desktop\The Lillywhite Sessions
[2010/09/23 21:45:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Desktop\Granny's Basement
[2010/09/20 02:02:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Blackberry Desktop
[2010/09/20 01:58:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\My Documents\BlackBerry
[2010/09/20 01:56:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Research In Motion
[2010/09/20 01:48:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/09/20 01:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2010/09/20 01:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2010/09/20 01:44:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/09/20 01:43:54 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/09/20 01:43:38 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/09/20 01:42:38 | 000,000,000 | ---D | C] -- C:\b2073029b2282cac4788f4
[2010/09/20 01:40:49 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/09/20 01:39:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/09/15 20:52:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Ukeqy
[2010/09/15 20:41:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\My Documents\HWS 104
[2010/09/04 19:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/09/04 18:15:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/09/04 18:12:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Application Data\DivX
[2010/09/04 18:11:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/09/04 18:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Local Settings\Application Data\Temp
[2010/09/04 18:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/09/04 18:10:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Local Settings\Application Data\Google
[2010/09/04 18:10:14 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/09/04 18:10:09 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/09/04 18:09:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/09/03 16:59:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\My Documents\ACCT 460
[2010/09/03 15:17:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\My Documents\VirtualDJ
[2010/09/03 15:17:52 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2010/08/17 15:51:32 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/08/17 14:17:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/16 12:48:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\My Documents\MGMT 411
[2010/08/09 19:01:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/09 19:01:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/09 19:01:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/09 19:01:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/05 07:36:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Update
[2010/07/25 13:05:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[1 C:\Documents and Settings\David Schuldenfrei\Application Data\*.tmp files -> C:\Documents and Settings\David Schuldenfrei\Application Data\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/20 12:48:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/20 12:34:08 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/10/20 12:22:29 | 000,205,540 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\JavaRa.zip
[2010/10/20 12:21:10 | 066,614,401 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/10/19 12:21:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/19 00:15:24 | 000,014,446 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\P 4-5A, Requirements 3-5.docx
[2010/10/18 23:43:33 | 033,688,706 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\Matt Nathanson -- Thunder Road (Live cover from Acoustic Cafe).mp3
[2010/10/18 15:27:58 | 000,529,657 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\Haier Presentation.pptx
[2010/10/18 01:32:20 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Schuldenfrei\Desktop\OTL.exe
[2010/10/15 16:24:15 | 000,323,584 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\JMS Tech Wizards.accdb
[2010/10/12 20:31:17 | 000,034,711 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\Fall 2010.xlsx
[2010/10/12 16:14:41 | 000,433,318 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/12 16:14:41 | 000,067,288 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/12 15:56:32 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/10/12 15:47:34 | 003,877,496 | R--- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\ComboFix.exe
[2010/10/11 22:47:36 | 000,008,614 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\Money.xlsx
[2010/10/10 17:56:29 | 000,034,104 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/06 00:36:49 | 000,175,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/06 00:15:06 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/06 00:10:47 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/02 16:03:33 | 000,014,671 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\journal.docx
[2010/09/22 17:55:02 | 000,055,819 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\Wal-mart Exhibit 1.docx
[2010/09/22 17:54:38 | 000,138,771 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\Cover Page.docx
[2010/09/21 22:45:42 | 078,203,977 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\peprally.zip
[2010/09/20 01:57:54 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/07 01:58:52 | 000,011,902 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\scholarship thank you.docx
[2010/09/04 18:22:07 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/02 00:06:42 | 000,011,611 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\Security Deposits.xlsx
[2010/07/25 12:49:12 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[1 C:\Documents and Settings\David Schuldenfrei\Application Data\*.tmp files -> C:\Documents and Settings\David Schuldenfrei\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/20 12:22:33 | 000,205,540 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\JavaRa.zip
[2010/10/19 00:15:24 | 000,014,446 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\P 4-5A, Requirements 3-5.docx
[2010/10/18 23:40:34 | 033,688,706 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\Matt Nathanson -- Thunder Road (Live cover from Acoustic Cafe).mp3
[2010/10/18 15:28:15 | 000,529,657 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\Haier Presentation.pptx
[2010/10/15 16:18:40 | 000,323,584 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\JMS Tech Wizards.accdb
[2010/10/12 15:56:32 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/10/12 15:56:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/12 15:50:38 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/12 15:50:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/12 15:50:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/12 15:50:38 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/12 15:50:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/12 15:47:04 | 003,877,496 | R--- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\ComboFix.exe
[2010/10/11 22:47:35 | 000,008,614 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\Money.xlsx
[2010/10/06 00:15:06 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/06 00:10:47 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/02 15:11:45 | 000,014,671 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\journal.docx
[2010/09/22 17:54:38 | 000,138,771 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\Cover Page.docx
[2010/09/22 17:45:42 | 000,055,819 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\Wal-mart Exhibit 1.docx
[2010/09/21 22:40:16 | 078,203,977 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\peprally.zip
[2010/09/20 01:56:29 | 000,000,231 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Application Data\Rim.Desktop.Exception.log
[2010/09/20 01:48:38 | 000,000,857 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Application Data\Rim.Desktop.HttpServerSetup.log
[2010/09/20 01:44:44 | 000,198,096 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/07 01:58:51 | 000,011,902 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\scholarship thank you.docx
[2010/09/04 18:22:07 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/23 15:55:46 | 000,034,711 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\Fall 2010.xlsx
[2010/05/25 09:31:06 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/25 19:25:27 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\BladeEnc.dll
[2009/11/25 19:25:27 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ShnDll32.dll
[2009/11/09 01:10:35 | 000,000,127 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/10/29 22:47:55 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/10/25 15:04:23 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/10/25 15:04:23 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/10/21 02:21:58 | 000,003,466 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/10/20 19:49:48 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2009/10/19 18:05:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/10/19 17:13:40 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/10/07 02:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 02:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2008/05/06 08:00:00 | 000,000,287 | ---- | C] () -- C:\WINDOWS\System32\Oeminfo.ini

========== LOP Check ==========

[2009/10/24 20:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/10/24 20:24:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2010/08/09 20:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/02/13 15:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2010/09/20 01:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/04/17 16:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2010/08/17 15:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/22 11:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/10/07 17:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Update
[2010/07/04 02:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2010/05/29 11:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010/05/04 17:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/04 01:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/24 20:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\acccore
[2010/09/20 02:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Blackberry Desktop
[2009/11/27 21:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\CopyTrans
[2010/05/08 16:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\DC++
[2009/11/11 14:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Foxit Software
[2009/11/12 18:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\GetRightToGo
[2010/03/26 13:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Image Zone Express
[2009/11/09 11:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Individual Software
[2010/04/09 10:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Juniper Networks
[2009/10/29 22:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Leadertech
[2009/10/20 22:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\OpenOffice.org
[2010/02/10 23:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Printer Info Cache
[2010/09/20 01:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Research In Motion
[2010/04/17 16:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\TaxCut
[2009/10/22 11:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\TomTom
[2010/09/22 15:57:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Ukeqy
[2010/10/13 00:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\uTorrent
[2010/05/29 11:46:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\WindSolutions
[2010/03/11 14:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Xerox

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Please download *GooredFix* from one of the locations below and *save it to your Desktop*
*Download Mirror #1*
*Download Mirror #2*

Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select *Run As Administrator* (Vista).
When prompted to run the scan, click *Yes*.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

eddie


----------



## fryguy8585 (Aug 24, 2006)

GooredFix by jpshortstuff (03.07.10.1)
Log created at 21:40 on 20/10/2010 (David Schuldenfrei)
Firefox version 3.6.10 (en-US)

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [21:14 19/10/2009]
{B13721C7-F507-4982-B2E5-502A71474FED} [02:50 30/10/2009]
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [16:31 20/10/2010]

C:\Documents and Settings\David Schuldenfrei\Application Data\Mozilla\Firefox\Profiles\6yk6a511.default\extensions\
[email protected] [21:24 11/03/2010]
{c2f863cd-0429-48c7-bb54-db756a951760} [21:44 24/03/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG9\Firefox" [02:45 20/10/2009]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [05:45 20/09/2010]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [16:31 20/10/2010]

-=E.O.F=-


----------



## eddie5659 (Mar 19, 2001)

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:OTL
FF - prefs.js..keyword.URL: "http://search.search-go.net/?sid=10101049100&s="
FF - user.js..keyword.URL: "http://search.search-go.net/?sid=10101049100&s="
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]
```

Then click the *Run Fix* button at the top 
Let the program run unhindered, reboot the PC when it is done 
Open OTL again and click the *Quick Scan* button. Post the log it produces in your next reply. 

eddie


----------



## fryguy8585 (Aug 24, 2006)

OTL logfile created on: 10/21/2010 5:23:36 PM - Run 4
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\David Schuldenfrei\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2096)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 91.75 Gb Total Space | 5.84 Gb Free Space | 6.36% Space Free | Partition Type: NTFS
Drive E: | 488.25 Mb Total Space | 333.58 Mb Free Space | 68.32% Space Free | Partition Type: FAT

Computer Name: DAVID | User Name: David Schuldenfrei | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/18 01:32:20 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Schuldenfrei\Desktop\OTL.exe
PRC - [2010/10/04 14:46:19 | 002,067,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/09/28 10:04:57 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/09/23 15:52:08 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/09/01 02:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/08/24 05:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/08/24 05:38:16 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/07/20 17:49:14 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/15 18:02:14 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/15 18:02:10 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/15 18:01:15 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/15 18:01:13 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/08 17:04:49 | 003,972,440 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/07/16 16:35:42 | 005,458,704 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Logitech Vid\Vid.exe
PRC - [2008/11/21 04:33:32 | 000,431,472 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2008/11/19 12:20:33 | 009,201,614 | ---- | M] () -- C:\Program Files\Student Backup\BackupClient.exe
PRC - [2008/05/06 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/10 05:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe

========== Modules (SafeList) ==========

MOD - [2010/10/18 01:32:20 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Schuldenfrei\Desktop\OTL.exe
MOD - [2008/05/06 08:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\wscsvc.dll -- (wscsvc)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\ersvc.dll -- (ERSvc)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\cisvc.exe -- (CiSvc)
SRV - [2010/08/24 05:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/20 17:49:14 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/15 18:02:10 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/11/21 04:33:32 | 000,431,472 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\DAVIDS~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/15 18:02:15 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/15 18:01:15 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/02 09:31:39 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/07 04:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 04:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam S5500(UVC)
DRV - [2009/10/07 04:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/05/25 15:43:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/11/21 04:15:54 | 000,023,552 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2008/11/11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/05/06 08:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/05/10 05:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/03/30 21:34:14 | 005,704,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/01/30 13:12:06 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/08/27 13:40:54 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "msn.com"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.5331
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/09/23 15:52:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/06 00:10:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/20 12:31:48 | 000,000,000 | ---D | M]

[2009/10/22 11:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Mozilla\Extensions
[2009/10/22 11:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Mozilla\Extensions\[email protected]
[2010/10/20 12:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Mozilla\Firefox\Profiles\6yk6a511.default\extensions
[2010/03/24 17:45:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David Schuldenfrei\Application Data\Mozilla\Firefox\Profiles\6yk6a511.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/03/11 17:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Mozilla\Firefox\Profiles\6yk6a511.default\extensions\[email protected]
[2010/03/24 17:45:34 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Application Data\Mozilla\Firefox\Profiles\6yk6a511.default\searchplugins\aim-search-1.xml
[2009/10/24 20:25:31 | 000,004,554 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Application Data\Mozilla\Firefox\Profiles\6yk6a511.default\searchplugins\aim-search.xml
[2010/10/21 17:19:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/20 12:31:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/10/20 12:31:31 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/10/19 23:07:53 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2008/05/05 16:06:41 | 000,365,056 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npupd62.dll

O1 HOSTS File: ([2010/10/21 16:30:40 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BackupClient.exe] C:\Program Files\Student Backup\BackupClient.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuFavorites = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowMyComputer = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowMyDocs = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowMyMusic = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowRun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowSearch = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/19 17:11:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/20 21:40:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Desktop\GooredFix Backups
[2010/10/20 21:40:16 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\David Schuldenfrei\Desktop\GooredFix.exe
[2010/10/20 12:34:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/20 12:32:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/10/20 12:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/20 12:22:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Desktop\JavaRa
[2010/10/18 01:32:21 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David Schuldenfrei\Desktop\OTL.exe
[2010/10/14 16:44:47 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/10/13 00:36:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Application Data\uTorrent
[2010/10/12 21:07:17 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/12 17:24:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/10/12 17:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/10/12 17:24:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010/10/12 17:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\outlook express
[2010/10/12 17:24:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010/10/12 17:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2010/10/12 17:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\movie maker
[2010/10/12 17:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/10/12 17:24:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010/10/12 15:56:25 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/12 15:50:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/12 15:50:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/12 15:50:38 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/12 15:50:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/12 15:48:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/07 17:41:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Application Data\SUPERAntiSpyware.com
[2010/10/07 17:41:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/10/07 17:41:39 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/10/07 17:24:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Malwarebytes
[2010/10/06 00:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/06 00:08:35 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/10/03 15:42:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Desktop\Pictures
[2010/09/25 03:30:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Desktop\Dave Matthews Band- Howard Demo
[2010/09/25 03:21:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Desktop\Dave Matthews Band- Mixtape
[2010/09/25 03:14:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Desktop\Dave Matthews Band- Demo
[2010/09/24 00:27:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Desktop\The Lillywhite Sessions
[2010/09/23 21:45:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Desktop\Granny's Basement
[2010/09/20 02:02:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Blackberry Desktop
[2010/09/20 01:58:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\My Documents\BlackBerry
[2010/09/20 01:56:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Research In Motion
[2010/09/20 01:48:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/09/20 01:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2010/09/20 01:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2010/09/20 01:44:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/09/20 01:43:54 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/09/20 01:43:38 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/09/20 01:42:38 | 000,000,000 | ---D | C] -- C:\b2073029b2282cac4788f4
[2010/09/20 01:40:49 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/09/20 01:39:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/09/15 20:52:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Ukeqy
[2010/09/15 20:41:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\My Documents\HWS 104
[2010/09/04 19:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/09/04 18:15:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/09/04 18:12:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Application Data\DivX
[2010/09/04 18:11:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/09/04 18:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Local Settings\Application Data\Temp
[2010/09/04 18:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/09/04 18:10:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Local Settings\Application Data\Google
[2010/09/04 18:10:14 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/09/04 18:10:09 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/09/04 18:09:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/09/03 16:59:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\My Documents\ACCT 460
[2010/09/03 15:17:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\My Documents\VirtualDJ
[2010/09/03 15:17:52 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2010/08/17 15:51:32 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/08/17 14:17:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/16 12:48:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\My Documents\MGMT 411
[2010/08/09 19:01:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/09 19:01:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/09 19:01:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/09 19:01:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/05 07:36:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Update
[2010/07/25 13:05:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[1 C:\Documents and Settings\David Schuldenfrei\Application Data\*.tmp files -> C:\Documents and Settings\David Schuldenfrei\Application Data\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/21 16:34:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/21 16:30:40 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/10/21 12:01:27 | 066,653,626 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/10/20 21:40:13 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\David Schuldenfrei\Desktop\GooredFix.exe
[2010/10/20 12:22:29 | 000,205,540 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\JavaRa.zip
[2010/10/19 12:21:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/19 00:15:24 | 000,014,446 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\P 4-5A, Requirements 3-5.docx
[2010/10/18 23:43:33 | 033,688,706 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\Matt Nathanson -- Thunder Road (Live cover from Acoustic Cafe).mp3
[2010/10/18 15:27:58 | 000,529,657 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\Haier Presentation.pptx
[2010/10/18 01:32:20 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Schuldenfrei\Desktop\OTL.exe
[2010/10/15 16:24:15 | 000,323,584 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\JMS Tech Wizards.accdb
[2010/10/12 20:31:17 | 000,034,711 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\Fall 2010.xlsx
[2010/10/12 16:14:41 | 000,433,318 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/12 16:14:41 | 000,067,288 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/12 15:56:32 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/10/12 15:47:34 | 003,877,496 | R--- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\ComboFix.exe
[2010/10/11 22:47:36 | 000,008,614 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\Money.xlsx
[2010/10/10 17:56:29 | 000,034,104 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/06 00:36:49 | 000,175,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/06 00:15:06 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/06 00:10:47 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/02 16:03:33 | 000,014,671 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\journal.docx
[2010/09/22 17:55:02 | 000,055,819 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\Wal-mart Exhibit 1.docx
[2010/09/22 17:54:38 | 000,138,771 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\Cover Page.docx
[2010/09/21 22:45:42 | 078,203,977 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\peprally.zip
[2010/09/20 01:57:54 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/07 01:58:52 | 000,011,902 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\scholarship thank you.docx
[2010/09/04 18:22:07 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/02 00:06:42 | 000,011,611 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\Security Deposits.xlsx
[2010/07/25 12:49:12 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[1 C:\Documents and Settings\David Schuldenfrei\Application Data\*.tmp files -> C:\Documents and Settings\David Schuldenfrei\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/20 12:22:33 | 000,205,540 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\JavaRa.zip
[2010/10/19 00:15:24 | 000,014,446 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\P 4-5A, Requirements 3-5.docx
[2010/10/18 23:40:34 | 033,688,706 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\Matt Nathanson -- Thunder Road (Live cover from Acoustic Cafe).mp3
[2010/10/18 15:28:15 | 000,529,657 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\Haier Presentation.pptx
[2010/10/15 16:18:40 | 000,323,584 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\JMS Tech Wizards.accdb
[2010/10/12 15:56:32 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/10/12 15:56:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/12 15:50:38 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/12 15:50:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/12 15:50:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/12 15:50:38 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/12 15:50:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/12 15:47:04 | 003,877,496 | R--- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\ComboFix.exe
[2010/10/11 22:47:35 | 000,008,614 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\Money.xlsx
[2010/10/06 00:15:06 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/06 00:10:47 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/02 15:11:45 | 000,014,671 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\journal.docx
[2010/09/22 17:54:38 | 000,138,771 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\Cover Page.docx
[2010/09/22 17:45:42 | 000,055,819 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\Wal-mart Exhibit 1.docx
[2010/09/21 22:40:16 | 078,203,977 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\peprally.zip
[2010/09/20 01:56:29 | 000,000,231 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Application Data\Rim.Desktop.Exception.log
[2010/09/20 01:48:38 | 000,000,857 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Application Data\Rim.Desktop.HttpServerSetup.log
[2010/09/20 01:44:44 | 000,198,096 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/07 01:58:51 | 000,011,902 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\scholarship thank you.docx
[2010/09/04 18:22:07 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/23 15:55:46 | 000,034,711 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\Fall 2010.xlsx
[2010/05/25 09:31:06 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/25 19:25:27 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\BladeEnc.dll
[2009/11/25 19:25:27 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ShnDll32.dll
[2009/11/09 01:10:35 | 000,000,127 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/10/29 22:47:55 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/10/25 15:04:23 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/10/25 15:04:23 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/10/21 02:21:58 | 000,003,466 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/10/20 19:49:48 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2009/10/19 18:05:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/10/19 17:13:40 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/10/07 02:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 02:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2008/05/06 08:00:00 | 000,000,287 | ---- | C] () -- C:\WINDOWS\System32\Oeminfo.ini

========== LOP Check ==========

[2009/10/24 20:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/10/24 20:24:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2010/08/09 20:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/02/13 15:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2010/09/20 01:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/04/17 16:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2010/08/17 15:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/22 11:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/10/07 17:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Update
[2010/07/04 02:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2010/05/29 11:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010/05/04 17:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/04 01:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/24 20:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\acccore
[2010/09/20 02:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Blackberry Desktop
[2009/11/27 21:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\CopyTrans
[2010/05/08 16:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\DC++
[2009/11/11 14:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Foxit Software
[2009/11/12 18:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\GetRightToGo
[2010/03/26 13:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Image Zone Express
[2009/11/09 11:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Individual Software
[2010/04/09 10:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Juniper Networks
[2009/10/29 22:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Leadertech
[2009/10/20 22:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\OpenOffice.org
[2010/02/10 23:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Printer Info Cache
[2010/09/20 01:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Research In Motion
[2010/04/17 16:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\TaxCut
[2009/10/22 11:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\TomTom
[2010/09/22 15:57:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Ukeqy
[2010/10/13 00:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\uTorrent
[2010/05/29 11:46:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\WindSolutions
[2010/03/11 14:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Xerox

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2

< End of report >


----------



## fryguy8585 (Aug 24, 2006)

OTL logfile created on: 10/21/2010 5:23:36 PM - Run 4
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\David Schuldenfrei\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2096)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 91.75 Gb Total Space | 5.84 Gb Free Space | 6.36% Space Free | Partition Type: NTFS
Drive E: | 488.25 Mb Total Space | 333.58 Mb Free Space | 68.32% Space Free | Partition Type: FAT

Computer Name: DAVID | User Name: David Schuldenfrei | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/18 01:32:20 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Schuldenfrei\Desktop\OTL.exe
PRC - [2010/10/04 14:46:19 | 002,067,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/09/28 10:04:57 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/09/23 15:52:08 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/09/01 02:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/08/24 05:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/08/24 05:38:16 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/07/20 17:49:14 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/15 18:02:14 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/15 18:02:10 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/15 18:01:15 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/15 18:01:13 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/08 17:04:49 | 003,972,440 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/07/16 16:35:42 | 005,458,704 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Logitech Vid\Vid.exe
PRC - [2008/11/21 04:33:32 | 000,431,472 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2008/11/19 12:20:33 | 009,201,614 | ---- | M] () -- C:\Program Files\Student Backup\BackupClient.exe
PRC - [2008/05/06 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/10 05:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe

========== Modules (SafeList) ==========

MOD - [2010/10/18 01:32:20 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Schuldenfrei\Desktop\OTL.exe
MOD - [2008/05/06 08:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\wscsvc.dll -- (wscsvc)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\ersvc.dll -- (ERSvc)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\cisvc.exe -- (CiSvc)
SRV - [2010/08/24 05:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/20 17:49:14 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/15 18:02:10 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/11/21 04:33:32 | 000,431,472 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\DAVIDS~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/15 18:02:15 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/15 18:01:15 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/02 09:31:39 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/07 04:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 04:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam S5500(UVC)
DRV - [2009/10/07 04:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/05/25 15:43:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/11/21 04:15:54 | 000,023,552 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2008/11/11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/05/06 08:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/05/10 05:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/03/30 21:34:14 | 005,704,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/01/30 13:12:06 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/08/27 13:40:54 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "msn.com"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.5331
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/09/23 15:52:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/06 00:10:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/20 12:31:48 | 000,000,000 | ---D | M]

[2009/10/22 11:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Mozilla\Extensions
[2009/10/22 11:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Mozilla\Extensions\[email protected]
[2010/10/20 12:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Mozilla\Firefox\Profiles\6yk6a511.default\extensions
[2010/03/24 17:45:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David Schuldenfrei\Application Data\Mozilla\Firefox\Profiles\6yk6a511.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/03/11 17:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Mozilla\Firefox\Profiles\6yk6a511.default\extensions\[email protected]
[2010/03/24 17:45:34 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Application Data\Mozilla\Firefox\Profiles\6yk6a511.default\searchplugins\aim-search-1.xml
[2009/10/24 20:25:31 | 000,004,554 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Application Data\Mozilla\Firefox\Profiles\6yk6a511.default\searchplugins\aim-search.xml
[2010/10/21 17:19:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/20 12:31:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/10/20 12:31:31 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/10/19 23:07:53 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2008/05/05 16:06:41 | 000,365,056 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npupd62.dll

O1 HOSTS File: ([2010/10/21 16:30:40 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BackupClient.exe] C:\Program Files\Student Backup\BackupClient.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuFavorites = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowMyComputer = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowMyDocs = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowMyMusic = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowRun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowSearch = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/19 17:11:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/20 21:40:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Desktop\GooredFix Backups
[2010/10/20 21:40:16 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\David Schuldenfrei\Desktop\GooredFix.exe
[2010/10/20 12:34:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/20 12:32:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/10/20 12:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/20 12:22:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Desktop\JavaRa
[2010/10/18 01:32:21 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David Schuldenfrei\Desktop\OTL.exe
[2010/10/14 16:44:47 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/10/13 00:36:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Application Data\uTorrent
[2010/10/12 21:07:17 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/12 17:24:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/10/12 17:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/10/12 17:24:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010/10/12 17:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\outlook express
[2010/10/12 17:24:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010/10/12 17:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2010/10/12 17:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\movie maker
[2010/10/12 17:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/10/12 17:24:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010/10/12 15:56:25 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/12 15:50:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/12 15:50:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/12 15:50:38 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/12 15:50:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/12 15:48:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/07 17:41:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Application Data\SUPERAntiSpyware.com
[2010/10/07 17:41:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/10/07 17:41:39 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/10/07 17:24:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Malwarebytes
[2010/10/06 00:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/06 00:08:35 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/10/03 15:42:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Desktop\Pictures
[2010/09/25 03:30:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Desktop\Dave Matthews Band- Howard Demo
[2010/09/25 03:21:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Desktop\Dave Matthews Band- Mixtape
[2010/09/25 03:14:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Desktop\Dave Matthews Band- Demo
[2010/09/24 00:27:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Desktop\The Lillywhite Sessions
[2010/09/23 21:45:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Desktop\Granny's Basement
[2010/09/20 02:02:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Blackberry Desktop
[2010/09/20 01:58:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\My Documents\BlackBerry
[2010/09/20 01:56:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Research In Motion
[2010/09/20 01:48:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/09/20 01:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2010/09/20 01:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2010/09/20 01:44:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/09/20 01:43:54 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/09/20 01:43:38 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/09/20 01:42:38 | 000,000,000 | ---D | C] -- C:\b2073029b2282cac4788f4
[2010/09/20 01:40:49 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/09/20 01:39:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/09/15 20:52:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Ukeqy
[2010/09/15 20:41:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\My Documents\HWS 104
[2010/09/04 19:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/09/04 18:15:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/09/04 18:12:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Application Data\DivX
[2010/09/04 18:11:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/09/04 18:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Local Settings\Application Data\Temp
[2010/09/04 18:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/09/04 18:10:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Local Settings\Application Data\Google
[2010/09/04 18:10:14 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/09/04 18:10:09 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/09/04 18:09:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/09/03 16:59:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\My Documents\ACCT 460
[2010/09/03 15:17:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\My Documents\VirtualDJ
[2010/09/03 15:17:52 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2010/08/17 15:51:32 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/08/17 14:17:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/16 12:48:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\My Documents\MGMT 411
[2010/08/09 19:01:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/09 19:01:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/09 19:01:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/09 19:01:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/05 07:36:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Update
[2010/07/25 13:05:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[1 C:\Documents and Settings\David Schuldenfrei\Application Data\*.tmp files -> C:\Documents and Settings\David Schuldenfrei\Application Data\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/21 16:34:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/21 16:30:40 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/10/21 12:01:27 | 066,653,626 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/10/20 21:40:13 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\David Schuldenfrei\Desktop\GooredFix.exe
[2010/10/20 12:22:29 | 000,205,540 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\JavaRa.zip
[2010/10/19 12:21:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/19 00:15:24 | 000,014,446 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\P 4-5A, Requirements 3-5.docx
[2010/10/18 23:43:33 | 033,688,706 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\Matt Nathanson -- Thunder Road (Live cover from Acoustic Cafe).mp3
[2010/10/18 15:27:58 | 000,529,657 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\Haier Presentation.pptx
[2010/10/18 01:32:20 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Schuldenfrei\Desktop\OTL.exe
[2010/10/15 16:24:15 | 000,323,584 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\JMS Tech Wizards.accdb
[2010/10/12 20:31:17 | 000,034,711 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\Fall 2010.xlsx
[2010/10/12 16:14:41 | 000,433,318 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/12 16:14:41 | 000,067,288 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/12 15:56:32 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/10/12 15:47:34 | 003,877,496 | R--- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\ComboFix.exe
[2010/10/11 22:47:36 | 000,008,614 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\Money.xlsx
[2010/10/10 17:56:29 | 000,034,104 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/06 00:36:49 | 000,175,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/06 00:15:06 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/06 00:10:47 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/02 16:03:33 | 000,014,671 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\journal.docx
[2010/09/22 17:55:02 | 000,055,819 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\Wal-mart Exhibit 1.docx
[2010/09/22 17:54:38 | 000,138,771 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\Cover Page.docx
[2010/09/21 22:45:42 | 078,203,977 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\peprally.zip
[2010/09/20 01:57:54 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/07 01:58:52 | 000,011,902 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\scholarship thank you.docx
[2010/09/04 18:22:07 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/02 00:06:42 | 000,011,611 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\Security Deposits.xlsx
[2010/07/25 12:49:12 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[1 C:\Documents and Settings\David Schuldenfrei\Application Data\*.tmp files -> C:\Documents and Settings\David Schuldenfrei\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/20 12:22:33 | 000,205,540 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\JavaRa.zip
[2010/10/19 00:15:24 | 000,014,446 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\P 4-5A, Requirements 3-5.docx
[2010/10/18 23:40:34 | 033,688,706 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\Matt Nathanson -- Thunder Road (Live cover from Acoustic Cafe).mp3
[2010/10/18 15:28:15 | 000,529,657 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\Haier Presentation.pptx
[2010/10/15 16:18:40 | 000,323,584 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\JMS Tech Wizards.accdb
[2010/10/12 15:56:32 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/10/12 15:56:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/12 15:50:38 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/12 15:50:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/12 15:50:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/12 15:50:38 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/12 15:50:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/12 15:47:04 | 003,877,496 | R--- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\ComboFix.exe
[2010/10/11 22:47:35 | 000,008,614 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\Money.xlsx
[2010/10/06 00:15:06 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/06 00:10:47 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/02 15:11:45 | 000,014,671 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\journal.docx
[2010/09/22 17:54:38 | 000,138,771 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\Cover Page.docx
[2010/09/22 17:45:42 | 000,055,819 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\Wal-mart Exhibit 1.docx
[2010/09/21 22:40:16 | 078,203,977 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\peprally.zip
[2010/09/20 01:56:29 | 000,000,231 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Application Data\Rim.Desktop.Exception.log
[2010/09/20 01:48:38 | 000,000,857 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Application Data\Rim.Desktop.HttpServerSetup.log
[2010/09/20 01:44:44 | 000,198,096 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/07 01:58:51 | 000,011,902 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\scholarship thank you.docx
[2010/09/04 18:22:07 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/23 15:55:46 | 000,034,711 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\Fall 2010.xlsx
[2010/05/25 09:31:06 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/25 19:25:27 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\BladeEnc.dll
[2009/11/25 19:25:27 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ShnDll32.dll
[2009/11/09 01:10:35 | 000,000,127 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/10/29 22:47:55 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/10/25 15:04:23 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/10/25 15:04:23 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/10/21 02:21:58 | 000,003,466 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/10/20 19:49:48 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2009/10/19 18:05:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/10/19 17:13:40 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/10/07 02:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 02:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2008/05/06 08:00:00 | 000,000,287 | ---- | C] () -- C:\WINDOWS\System32\Oeminfo.ini

========== LOP Check ==========

[2009/10/24 20:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/10/24 20:24:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2010/08/09 20:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/02/13 15:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2010/09/20 01:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/04/17 16:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2010/08/17 15:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/22 11:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/10/07 17:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Update
[2010/07/04 02:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2010/05/29 11:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010/05/04 17:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/04 01:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/24 20:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\acccore
[2010/09/20 02:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Blackberry Desktop
[2009/11/27 21:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\CopyTrans
[2010/05/08 16:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\DC++
[2009/11/11 14:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Foxit Software
[2009/11/12 18:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\GetRightToGo
[2010/03/26 13:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Image Zone Express
[2009/11/09 11:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Individual Software
[2010/04/09 10:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Juniper Networks
[2009/10/29 22:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Leadertech
[2009/10/20 22:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\OpenOffice.org
[2010/02/10 23:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Printer Info Cache
[2010/09/20 01:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Research In Motion
[2010/04/17 16:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\TaxCut
[2009/10/22 11:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\TomTom
[2010/09/22 15:57:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Ukeqy
[2010/10/13 00:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\uTorrent
[2010/05/29 11:46:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\WindSolutions
[2010/03/11 14:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Xerox

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Okay, I hate to say it, but we're going to have to run ComboFix, as there was some entries that tool found, which still need removing.

Can you delete the copy that you have on your desktop, and download this one:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Then, follow as before. Popped it here just in case:

** IMPORTANT !!! Save ComboFix.exe to your Desktop*


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

============

If it comes up with the error's about protected files, let it continue, as it will tell us a lot more information about the infections.

eddie


----------



## fryguy8585 (Aug 24, 2006)

ComboFix 10-10-23.02 - David Schuldenfrei 10/24/2010 15:08:50.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1361 [GMT -4:00]
Running from: c:\documents and settings\David Schuldenfrei\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Ndisrd

((((((((((((((((((((((((( Files Created from 2010-09-24 to 2010-10-24 )))))))))))))))))))))))))))))))
.

2010-10-22 20:59 . 2010-10-22 20:59	53248	----a-r-	c:\documents and settings\David Schuldenfrei\Application Data\Microsoft\Installer\{23C12370-3A82-4558-B727-F345B473AD87}\ARPPRODUCTICON.exe
2010-10-22 18:08 . 2010-10-22 18:08	--------	d-----w-	C:\ACL Data
2010-10-22 18:08 . 2010-10-22 18:08	--------	d-----w-	c:\program files\ACL Software
2010-10-22 16:08 . 2010-10-22 16:08	--------	d-----w-	c:\documents and settings\David Schuldenfrei\Application Data\AVG10
2010-10-22 16:06 . 2010-10-22 16:06	--------	d--h--w-	c:\documents and settings\All Users\Application Data\Common Files
2010-10-22 16:04 . 2010-10-24 14:28	--------	d-----w-	c:\windows\system32\drivers\AVG
2010-10-22 16:04 . 2010-10-22 16:06	--------	d-----w-	c:\documents and settings\All Users\Application Data\AVG10
2010-10-22 06:13 . 2010-10-22 06:14	--------	d-----w-	c:\documents and settings\All Users\Application Data\MFAData
2010-10-20 16:34 . 2010-10-20 16:34	--------	d-----w-	C:\_OTL
2010-10-20 16:32 . 2010-10-20 16:32	--------	d-----w-	c:\program files\Common Files\Java
2010-10-20 16:31 . 2010-10-20 16:31	472808	----a-w-	c:\windows\system32\deployJava1.dll
2010-10-20 16:31 . 2010-10-20 16:31	472808	----a-w-	c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-13 04:36 . 2010-10-13 04:36	--------	d-----w-	c:\documents and settings\David Schuldenfrei\Application Data\uTorrent
2010-10-12 21:24 . 2010-10-12 21:24	--------	d-----w-	c:\windows\system32\xircom
2010-10-12 21:24 . 2010-10-12 21:24	--------	d-----w-	c:\windows\system32\wbem\snmp
2010-10-12 21:24 . 2010-10-12 21:24	--------	d-----w-	c:\windows\system32\oobe
2010-10-12 21:24 . 2010-10-12 21:24	--------	d-----w-	c:\windows\srchasst
2010-10-12 21:24 . 2010-10-12 21:24	--------	d-----w-	c:\program files\microsoft frontpage
2010-10-07 21:41 . 2010-10-07 21:41	--------	d-----w-	c:\documents and settings\David Schuldenfrei\Application Data\SUPERAntiSpyware.com
2010-10-07 21:41 . 2010-10-07 21:41	--------	d-----w-	c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-10-07 21:41 . 2010-10-07 21:42	--------	d-----w-	c:\program files\SUPERAntiSpyware
2010-10-07 21:24 . 2010-10-07 21:24	--------	d-----w-	c:\documents and settings\David Schuldenfrei\Application Data\Malwarebytes
2010-10-06 04:14 . 2010-10-06 04:14	--------	d-----w-	c:\program files\iPod
2010-10-06 04:10 . 2010-10-06 04:10	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
2010-10-06 04:10 . 2010-10-06 04:10	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
2010-10-06 04:10 . 2010-10-06 04:10	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2010-10-06 04:10 . 2010-10-06 04:10	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2010-10-06 04:10 . 2010-10-06 04:10	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2010-10-06 04:10 . 2010-10-06 04:10	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2010-10-06 04:10 . 2010-10-06 04:10	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2010-10-06 04:08 . 2010-10-06 04:08	--------	d-----w-	c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-20 16:31 . 2009-10-20 04:40	73728	----a-w-	c:\windows\system32\javacpl.cpl
2010-09-13 20:27 . 2010-09-13 20:27	25680	----a-w-	c:\windows\system32\drivers\AVGIDSEH.sys
2010-09-08 15:17 . 2010-09-08 15:17	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17 . 2010-09-08 15:17	69632	----a-w-	c:\windows\system32\QuickTime.qts
2010-09-07 07:49 . 2010-09-07 07:49	298448	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2010-09-07 07:48 . 2010-09-07 07:48	34384	----a-w-	c:\windows\system32\drivers\avgmfx86.sys
2010-09-07 07:48 . 2010-09-07 07:48	249424	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2010-09-07 07:48 . 2010-09-07 07:48	26064	----a-w-	c:\windows\system32\drivers\avgrkx86.sys
2010-08-20 01:42 . 2010-08-20 01:42	30288	----a-w-	c:\windows\system32\drivers\AVGIDSFilter.sys
2010-08-20 01:42 . 2010-08-20 01:42	123472	----a-w-	c:\windows\system32\drivers\AVGIDSDriver.sys
2010-08-20 01:42 . 2010-08-20 01:42	26192	----a-w-	c:\windows\system32\drivers\AVGIDSShim.sys
2010-08-17 19:51 . 2010-08-17 19:51	388096	----a-r-	c:\documents and settings\David Schuldenfrei\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-12 04:07 . 2010-09-04 22:12	9200	------w-	c:\windows\system32\drivers\cdralw2k.sys
2010-08-12 04:07 . 2010-09-04 22:12	9072	------w-	c:\windows\system32\drivers\cdr4_xp.sys
2010-08-12 04:07 . 2010-09-04 22:12	45648	----a-w-	c:\windows\system32\drivers\PxHelp20.sys
2010-08-12 04:07 . 2010-09-04 22:12	133616	------w-	c:\windows\system32\pxafs.dll
2010-08-12 04:07 . 2010-09-04 22:12	126448	------w-	c:\windows\system32\pxinsi64.exe
2010-08-12 04:07 . 2010-09-04 22:12	123888	------w-	c:\windows\system32\pxcpyi64.exe
2010-08-11 16:44 . 2010-08-11 16:44	507904	----a-r-	c:\windows\system32\btwapi.dll
2010-07-27 22:44 . 2010-07-27 22:44	91424	----a-w-	c:\windows\system32\dnssd.dll
2010-07-27 22:44 . 2010-07-27 22:44	107808	----a-w-	c:\windows\system32\dns-sd.exe
2008-05-05 20:14 . 2009-10-19 21:13	34048	----a-w-	c:\program files\opera\program\plugins\upd62i9x.dll
2008-05-05 20:14 . 2009-10-19 21:13	45056	----a-w-	c:\program files\opera\program\plugins\upd62int.dll
.

------- Sigcheck -------

[-] 2008-05-06 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys

c:\windows\System32\wuauclt.exe ... is missing !!
c:\windows\System32\wscntfy.exe ... is missing !!
c:\windows\System32\ctfmon.exe ... is missing !!
.
((((((((((((((((((((((((((((( [email protected]_20.10.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 04:02 . 2009-07-12 04:02	51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02	59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02	42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02	43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02	61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02	62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02	61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02	61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02	53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02	63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02	36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02	35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05	59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05	59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2010-10-24 19:19 . 2010-10-24 19:19	16384 c:\windows\Temp\Perflib_Perfdata_1a8.dat
+ 2010-10-22 20:46 . 2009-01-09 21:18	27136 c:\windows\system32\ReinstallBackups\0010\DriverFiles\RimSerial.sys
- 2008-05-06 12:00 . 2010-09-20 05:44	67288 c:\windows\system32\perfc009.dat
+ 2008-05-06 12:00 . 2010-10-12 20:14	67288 c:\windows\system32\perfc009.dat
+ 2009-10-19 21:08 . 2008-04-14 08:43	40840 c:\windows\system32\drivers\termdd.sys
- 2009-10-19 21:08 . 2008-04-14 03:43	40840 c:\windows\system32\drivers\termdd.sys
+ 2009-10-19 21:08 . 2008-04-14 08:43	40840 c:\windows\system32\dllcache\termdd.sys
- 2010-09-20 05:48 . 2010-09-20 05:48	69632 c:\windows\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\NewShortcut4_838BDC75346D4F49BD1D5328F986CD86.exe
+ 2010-09-20 05:48 . 2010-10-22 20:46	69632 c:\windows\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\NewShortcut4_838BDC75346D4F49BD1D5328F986CD86.exe
+ 2010-10-22 18:08 . 2010-10-22 18:08	4286 c:\windows\Installer\{C424D5B8-BDE9-48FD-805E-FF276FCC76DF}\ARPPRODUCTICON.exe
+ 2010-10-22 18:08 . 2010-10-22 18:08	2238 c:\windows\Installer\{C424D5B8-BDE9-48FD-805E-FF276FCC76DF}\ACLUtility_DD98A6FAFD374B06B015F50EA4840A00.exe
+ 2010-10-22 18:08 . 2010-10-22 18:08	4286 c:\windows\Installer\{C424D5B8-BDE9-48FD-805E-FF276FCC76DF}\ACLProgEdu_C424D5B8BDE948FD805EFF276FCC76DF.exe
+ 2010-10-22 18:08 . 2010-10-22 18:08	4286 c:\windows\Installer\{C424D5B8-BDE9-48FD-805E-FF276FCC76DF}\ACLDeskTopEdu_C424D5B8BDE948FD805EFF276FCC76DF.exe
+ 2009-07-12 04:02 . 2009-07-12 04:02	653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02	569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05	225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02	159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2009-12-06 18:13 . 2010-10-12 21:24	416360 c:\windows\system32\Restore\rstrlog.dat
+ 2008-05-06 12:00 . 2010-10-12 20:14	433318 c:\windows\system32\perfh009.dat
- 2008-05-06 12:00 . 2010-09-20 05:44	433318 c:\windows\system32\perfh009.dat
+ 2001-02-03 06:26 . 2001-02-03 06:26	163840 c:\windows\system32\P2SMON.DLL
+ 2010-10-20 16:31 . 2010-10-20 16:31	153376 c:\windows\system32\javaws.exe
- 2009-10-20 04:40 . 2009-10-20 04:40	145184 c:\windows\system32\javaw.exe
+ 2010-10-20 16:31 . 2010-10-20 16:31	145184 c:\windows\system32\javaw.exe
- 2009-10-20 04:40 . 2009-10-20 04:40	145184 c:\windows\system32\java.exe
+ 2010-10-20 16:31 . 2010-10-20 16:31	145184 c:\windows\system32\java.exe
+ 2001-06-14 11:19 . 2001-06-14 11:19	446464 c:\windows\system32\HHActiveX.dll
+ 2009-10-19 22:03 . 2010-10-22 20:30	178648 c:\windows\system32\FNTCACHE.DAT
+ 2008-05-06 12:00 . 2008-05-06 12:00	640000 c:\windows\system32\dllcache\dbghelp.dll
+ 2010-10-22 06:17 . 2010-10-22 06:17	219648 c:\windows\Installer\216ab81.msi
+ 2010-10-20 16:32 . 2010-10-20 16:32	180224 c:\windows\Installer\208e9.msi
+ 2010-10-20 16:31 . 2010-10-20 16:31	677376 c:\windows\Installer\208e4.msi
+ 2010-09-20 05:48 . 2010-10-22 20:46	413696 c:\windows\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\NewShortcut2_5B2EDCAA303A43629DACC3FFFABD0901.exe
- 2010-09-20 05:48 . 2010-09-20 05:48	413696 c:\windows\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\NewShortcut2_5B2EDCAA303A43629DACC3FFFABD0901.exe
+ 2010-09-20 05:48 . 2010-10-22 20:46	413696 c:\windows\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\NewShortcut1_9F9ABBA94B874F449DBFBD7EB1332F16.exe
- 2010-09-20 05:48 . 2010-09-20 05:48	413696 c:\windows\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\NewShortcut1_9F9ABBA94B874F449DBFBD7EB1332F16.exe
- 2010-09-20 05:48 . 2010-09-20 05:48	413696 c:\windows\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\ARPPRODUCTICON.exe
+ 2010-09-20 05:48 . 2010-10-22 20:46	413696 c:\windows\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\ARPPRODUCTICON.exe
+ 2009-07-12 04:02 . 2009-07-12 04:02	3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02	3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2001-02-10 00:43 . 2001-02-10 00:43	4587577 c:\windows\system32\CRPE32.DLL
+ 2010-10-22 18:08 . 2010-10-22 18:08	2612736 c:\windows\Installer\73a2ac.msi
+ 2010-10-22 06:18 . 2010-10-22 06:18	1542656 c:\windows\Installer\216ab85.msi
+ 2010-10-22 16:17 . 2010-10-22 16:17	3014656 c:\windows\Installer\204ac.msi
+ 2010-10-22 20:59 . 2010-10-22 20:59	1242624 c:\windows\Installer\1ab532.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]
"Aim"="c:\program files\AIM\aim.exe" [2010-03-08 3972440]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-28 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"BackupClient.exe"="c:\program files\Student Backup\BackupClient.exe" [2008-11-19 9201614]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2010-09-15 2745696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-05-06 99840]

c:\documents and settings\David Schuldenfrei\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Update Notifier.lnk - c:\program files\Update Notifier\updatenotifier.exe [2009-10-19 462848]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"StartMenuFavorites"= 0 (0x0)
"Start_ShowMyComputer"= 1 (0x1)
"Start_ShowMyDocs"= 1 (0x1)
"Start_ShowMyMusic"= 0 (0x0)
"Start_ShowRun"= 1 (0x1)
"Start_ShowSearch"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21	548352	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders	schannel.dll, digest.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 3:48 AM 249424]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 3:49 AM 298448]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [9/3/2010 10:35 AM 6104144]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [9/10/2010 1:45 AM 265400]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/24/2010 5:38 AM 92008]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 9:42 PM 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 9:42 PM 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 9:42 PM 26192]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [5/25/2009 3:43 PM 32408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12	REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\David Schuldenfrei\Application Data\Mozilla\Firefox\Profiles\6yk6a511.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - msn.com
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\AVG\AVG10\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-24 15:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(932)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(3280)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\xpsp3res.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\AVG\AVG10\avgemcx.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2010-10-24 15:25:13 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-24 19:25
ComboFix2.txt 2010-10-12 20:14

Pre-Run: 4,800,389,120 bytes free
Post-Run: 4,945,702,912 bytes free

- - End Of File - - A6389617C909768954BC005C53495B9F


----------



## eddie5659 (Mar 19, 2001)

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:filefind
termdd.sys
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

eddie


----------



## fryguy8585 (Aug 24, 2006)

SystemLook 04.09.10 by jpshortstuff
Log created at 01:07 on 27/10/2010 by David Schuldenfrei
Administrator - Elevation successful

========== filefind ==========

Searching for "termdd.sys"
C:\WINDOWS\system32\dllcache\termdd.sys	--a---- 40840 bytes	[21:08 19/10/2009]	[08:43 14/04/2008] 88155247177638048422893737429D9E
C:\WINDOWS\system32\drivers\termdd.sys	--a---- 40840 bytes	[21:08 19/10/2009]	[08:43 14/04/2008] 88155247177638048422893737429D9E

-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

Hmmm, can you post the contents of the ComboFix-quarantined-files.txt again, just want to make sure its gone


----------



## fryguy8585 (Aug 24, 2006)

2010-10-24 19:20:55 . 2010-10-24 19:20:55 54,019 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Temp\logishrd\_LVPrcInj01_.dll.zip
2010-10-24 14:22:54 . 2009-10-07 06:47:22 109,080 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Temp\logishrd\LVPrcInj01.dll.vir
2010-10-14 20:45:58 . 2010-10-14 20:45:58 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
2010-10-12 20:13:06 . 2010-10-24 19:23:14 320 ----a-w- C:\Qoobox\Quarantine\Registry_backups\URLSearchHooks-Rank.reg.dat
2010-10-12 20:13:06 . 2010-10-24 19:23:14 428 ----a-w- C:\Qoobox\Quarantine\Registry_backups\URLSearchHooks-HookURL.reg.dat
2010-10-12 20:07:42 . 2010-10-24 19:13:02 1,468 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ndisrd.reg.dat
2010-10-12 20:07:42 . 2010-10-12 20:07:42 774 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_6TO4.reg.dat
2010-10-12 20:07:37 . 2010-10-24 19:12:52 9,573 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-10-12 19:50:29 . 2010-10-24 19:20:59 390 ----a-w- C:\Qoobox\Quarantine\catchme.log
2010-09-16 03:09:34 . 2010-09-16 03:09:34 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David Schuldenfrei\Application Data\Eqywo\ydodp.xeo.vir
2010-08-05 19:37:48 . 2010-08-05 19:37:48 2,074 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\searchplugins\google_search.xml.vir
2010-08-05 12:06:14 . 2010-08-05 12:06:14 2,357 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David Schuldenfrei\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk.vir
2010-08-05 12:06:14 . 2010-08-05 12:06:14 1,303 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David Schuldenfrei\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk.vir
2009-10-19 21:08:45 . 2008-04-14 03:43:22 40,840 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\termdd.sys.vir
2008-05-06 12:00:00 . 2008-05-06 12:00:00 169,984 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\msconfig.exe.vir
2007-11-07 12:03:18 . 2007-11-07 12:03:18 562,688 ----a-w- C:\Qoobox\Quarantine\C\install.exe.vir


----------



## eddie5659 (Mar 19, 2001)

Okay, looks okay for what I wanted, but can you upload this file for me, so I can see if its okay:

Download suspicious file packer from http://www.safer-networking.org/en/tools/index.html (direct download http://www.safer-networking.org/files/sfp.zip )

Unzip it to desktop, open it & paste in the contents of the quote box below, press next & it will create an archive (zip/cab file) on desktop

please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files

Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file



> *c:\windows\system32\drivers\ndisrd.sys*


Let me know when its uploaded 

=========================

Also, can you do an online scan here:

Using Internet Explorer or Firefox, visit *Kaspersky Online Scanner*

*1.* Click *Accept*, when prompted to download and install the program files and database of malware definitions.

*2.* To *optimize scanning time* and produce a more sensible report for review:

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan. Click *HERE* to see how to disable the most common antivirus programs.
*3.* Click *Run* at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.

Once the update is complete, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
[*]Spyware, adware, dialers, and other riskware
[*]Archives
[*]E-mail databases

Click on *My Computer* under the green *Scan* bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do *NOT* be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click *View report...* at the bottom.
 Click the *Save report...* button.










 Change the *Files of type* dropdown box to *Text file (.txt)* and name the file *KasReport.txt* to save the file to your desktop so that you may post it in your next reply

eddie


----------



## fryguy8585 (Aug 24, 2006)

Eddie, the online scanner is still going, but I have posted the suspicious file packer in the other forum for your review.


----------



## fryguy8585 (Aug 24, 2006)

Eddie, the scan is not making any progress. It has been going for over an hour, says it has scanned zero objects, and on the bottom where it shows "scanning" and "path," both are blank. I have AVG Free 2011 which I disabled before the scan, and I am still getting nowhere.


----------



## eddie5659 (Mar 19, 2001)

Okay, abandon the online scan, and try this one instead:

Download * Dr.Web CureIt* to the desktop. 

Doubleclick the *drweb-cureit.exe* file, then on *Start* and allow to run the express scan 
This will scan the files currently running in memory and when something is found, click the *yes* button when it asks you if you want to cure it. This is only a short scan. 
Once the short scan has finished, chose the *Complete Scan*. 
Select all drives. A red dot shows which drives have been chosen. 
Click the green arrow







at the right, and the scan will start. 
Click *'Yes to all'* if it asks if you want to cure/move the file. 
When the scan has finished, look and see if you can click the following icon next to the files found: 








If so, click it and then click the next icon right below and select Move incurable as you'll see in next image: 








This will move it to the *%userprofile%\DoctorWeb\quarantaine-folder* if it can't be cured. (this in case if we need samples) 
After selecting, in the *Dr.Web CureIt* menu on top, click file and choose save report list 
Save the report to your desktop. The report will be called *DrWeb.csv* 
*Close Dr.Web Cureit*. 
*Reboot your computer* to allow files that were in use to be moved/deleted during reboot. 
After reboot, post the contents of the log from *Dr.Web* you saved previously in your next reply along with a new *OTL log*. 
*NOTE*: _ During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on *X* in upper right corner._

eddie


----------



## fryguy8585 (Aug 24, 2006)

dsncservice.exe;c:\program files\juniper networks\common files;Probably DLOADER.Trojan;Moved.;
avgns.log;C:\Documents and Settings\All Users\Application Data\AVG10\log;Modification of VBS.NewLove;Moved.;
A0046642.exe;C:\System Volume Information\_restore{6AD634D4-5036-4A7A-8C71-7B10D3E001C0}\RP260;Trojan.Searcher.138;Incurable.Moved.;
A0059672.cmd;C:\System Volume Information\_restore{6AD634D4-5036-4A7A-8C71-7B10D3E001C0}\RP315;Probably BATCH.Virus;Moved.;
A0060148.cmd;C:\System Volume Information\_restore{6AD634D4-5036-4A7A-8C71-7B10D3E001C0}\RP317;Probably BATCH.Virus;Moved.;
A0061187.exe;C:\System Volume Information\_restore{6AD634D4-5036-4A7A-8C71-7B10D3E001C0}\RP330;Archive contains infected objects;Moved.;
A0061218.cmd;C:\System Volume Information\_restore{6AD634D4-5036-4A7A-8C71-7B10D3E001C0}\RP330;Probably BATCH.Virus;Moved.;
A0061344.exe;C:\System Volume Information\_restore{6AD634D4-5036-4A7A-8C71-7B10D3E001C0}\RP331;Trojan.DownLoader1.22637;Incurable.Moved.;
pskill.exe;C:\WINDOWS\system32;Tool.Prockill;Incurable.Moved.;
termdd.sys.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers;BackDoor.Tdss.2459;Cured.;
A0060211.sys;C:\System Volume Information\_restore{6AD634D4-5036-4A7A-8C71-7B10D3E001C0}\RP317;BackDoor.Tdss.2459;Cured.;
pskill.exe;C:\WINDOWS\system32;Tool.Prockill;Invalid path to file ;
dsNcService.exe;C:\Program Files\Juniper Networks\Common Files;Probably DLOADER.Trojan;Invalid path to file ;
ComboFix.exe\32788R22FWJFW\Create.cmd;C:\Documents and Settings\David Schuldenfrei\Desktop\ComboFix.exe;Probably BATCH.Virus;;
A0061187.exe\32788R22FWJFW\Create.cmd;C:\System Volume Information\_restore{6AD634D4-5036-4A7A-8C71-7B10D3E001C0}\RP330\A0061187.exe;Probably BATCH.Virus;;
ComboFix.exe;C:\Documents and Settings\David Schuldenfrei\Desktop;Archive contains infected objects;;

OTL logfile created on: 11/3/2010 1:18:18 AM - Run 5
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\David Schuldenfrei\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2096)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 91.75 Gb Total Space | 3.79 Gb Free Space | 4.13% Space Free | Partition Type: NTFS
Drive D: | 106.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 1.84 Gb Total Space | 1.79 Gb Free Space | 97.39% Space Free | Partition Type: FAT

Computer Name: DAVID | User Name: David Schuldenfrei | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/28 11:19:06 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/10/18 00:32:20 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Schuldenfrei\Desktop\OTL.exe
PRC - [2010/10/11 11:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/10/11 11:58:12 | 000,725,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/10/06 16:24:38 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/10/06 16:24:36 | 001,065,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2010/10/06 16:24:08 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/10/06 16:24:08 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/09/17 12:09:34 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/09/17 12:09:29 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/15 04:29:10 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010/09/10 00:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/09/07 02:50:22 | 001,047,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2010/09/01 01:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/08/24 04:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/08/24 04:38:16 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/08 16:04:49 | 003,972,440 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/07/16 15:35:42 | 005,458,704 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Logitech Vid\Vid.exe
PRC - [2008/11/19 11:20:33 | 009,201,614 | ---- | M] () -- C:\Program Files\Student Backup\BackupClient.exe
PRC - [2008/05/06 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/10 04:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe

========== Modules (SafeList) ==========

MOD - [2010/10/18 00:32:20 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Schuldenfrei\Desktop\OTL.exe
MOD - [2008/05/06 07:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\wscsvc.dll -- (wscsvc)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\ersvc.dll -- (ERSvc)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\cisvc.exe -- (CiSvc)
SRV - [2010/10/11 11:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/09/10 00:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/24 04:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\DAVIDS~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/11/02 11:39:54 | 000,125,304 | ---- | M] (Doctor Web, Ltd.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\dwprot.sys -- (DwProt)
DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 02:49:00 | 000,298,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/07 02:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 02:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 02:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/27 01:33:30 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2010/08/19 20:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 20:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 20:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/07 03:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 03:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam S5500(UVC)
DRV - [2009/10/07 03:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/05/25 14:43:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/11/11 12:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 12:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 12:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/05/06 07:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/13 23:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/05/10 04:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/03/30 20:34:14 | 005,704,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/01/30 12:12:06 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/08/27 12:40:54 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "msn.com"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.5331
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1151
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/10/25 11:15:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/29 02:32:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/20 11:31:48 | 000,000,000 | ---D | M]

[2009/10/22 10:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Mozilla\Extensions
[2009/10/22 10:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Mozilla\Extensions\[email protected]
[2010/11/03 00:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Mozilla\Firefox\Profiles\6yk6a511.default\extensions
[2010/03/24 16:45:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David Schuldenfrei\Application Data\Mozilla\Firefox\Profiles\6yk6a511.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/03/11 16:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Mozilla\Firefox\Profiles\6yk6a511.default\extensions\[email protected]
[2010/03/24 16:45:34 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Application Data\Mozilla\Firefox\Profiles\6yk6a511.default\searchplugins\aim-search-1.xml
[2009/10/24 19:25:31 | 000,004,554 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Application Data\Mozilla\Firefox\Profiles\6yk6a511.default\searchplugins\aim-search.xml
[2010/11/02 23:56:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/20 11:31:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/10/20 11:31:31 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/10/19 22:07:53 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2008/05/05 15:06:41 | 000,365,056 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npupd62.dll

O1 HOSTS File: ([2010/10/29 00:42:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BackupClient.exe] C:\Program Files\Student Backup\BackupClient.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuFavorites = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowMyComputer = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowMyDocs = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowMyMusic = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowRun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowSearch = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/19 16:11:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/07/26 15:35:25 | 000,000,042 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/02 11:39:55 | 000,125,304 | ---- | C] (Doctor Web, Ltd.) -- C:\WINDOWS\System32\drivers\dwprot.sys
[2010/10/31 13:03:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\DoctorWeb
[2010/10/28 22:57:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Local Settings\Application Data\PCHealth
[2010/10/27 15:17:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/24 20:46:32 | 000,398,704 | ---- | C] (Juniper Networks) -- C:\WINDOWS\System32\dsNcSmartCardProv.dll
[2010/10/24 14:05:57 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/22 13:08:30 | 000,000,000 | ---D | C] -- C:\ACL Data
[2010/10/22 13:08:21 | 000,000,000 | ---D | C] -- C:\Program Files\ACL Software
[2010/10/22 11:08:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Application Data\AVG10
[2010/10/22 11:06:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/10/22 11:04:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/22 11:04:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2010/10/22 01:13:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/10/21 19:45:30 | 004,290,744 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\David Schuldenfrei\Desktop\avg_free_stb_all_2011_1136_upgrade.exe
[2010/10/20 20:40:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Desktop\GooredFix Backups
[2010/10/20 20:40:16 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\David Schuldenfrei\Desktop\GooredFix.exe
[2010/10/20 11:34:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/20 11:32:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/10/20 11:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/20 11:31:48 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/10/20 11:31:48 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/10/20 11:31:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/10/20 11:31:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/20 11:25:58 | 016,074,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\David Schuldenfrei\Desktop\jre-6u22-windows-i586.exe
[2010/10/20 11:22:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Desktop\JavaRa
[2010/10/18 00:32:21 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David Schuldenfrei\Desktop\OTL.exe
[2010/10/12 23:36:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Application Data\uTorrent
[2010/10/12 16:24:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/10/12 16:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/10/12 16:24:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010/10/12 16:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\outlook express
[2010/10/12 16:24:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010/10/12 16:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2010/10/12 16:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\movie maker
[2010/10/12 16:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/10/12 16:24:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010/10/12 14:56:25 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/12 14:50:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/12 14:50:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/12 14:50:38 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/12 14:50:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/12 14:48:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/07 16:41:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Application Data\SUPERAntiSpyware.com
[2010/10/07 16:41:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/10/07 16:41:39 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/10/07 16:24:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Malwarebytes
[2010/10/05 23:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/05 23:08:35 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[1 C:\Documents and Settings\David Schuldenfrei\Application Data\*.tmp files -> C:\Documents and Settings\David Schuldenfrei\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/02 23:49:57 | 000,433,318 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/02 23:49:57 | 000,067,288 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/02 23:45:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/02 23:39:48 | 000,001,838 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\DrWeb.csv
[2010/11/02 11:39:54 | 000,125,304 | ---- | M] (Doctor Web, Ltd.) -- C:\WINDOWS\System32\drivers\dwprot.sys
[2010/11/02 11:25:47 | 098,219,479 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2010/11/01 13:53:24 | 000,093,279 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\27179_677492577362_8110673_38759296_7551248_n.jpg
[2010/11/01 13:53:05 | 000,071,634 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\photo.php
[2010/11/01 02:39:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/11/01 02:39:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/10/31 16:52:51 | 000,537,705 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\audit.zip
[2010/10/31 12:57:42 | 051,419,656 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\drweb-cureit.exe
[2010/10/31 10:53:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/30 21:46:16 | 032,774,444 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\nathanson2002-04-26d1t6.wav
[2010/10/29 01:27:45 | 000,178,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/29 00:42:09 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/29 00:24:49 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\Calculate Caloric Expenditure.doc
[2010/10/28 22:18:44 | 000,053,760 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\gennaBattery.doc
[2010/10/28 14:19:36 | 000,000,383 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\requested-files[2010-10-28_15_19].cab
[2010/10/28 14:18:11 | 000,264,875 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\sfp.zip
[2010/10/27 14:47:58 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2010/10/27 00:06:44 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\SystemLook.exe
[2010/10/26 22:48:19 | 005,066,752 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\oar2001-11-24-SoMovedOn.mp3
[2010/10/24 14:03:00 | 003,883,109 | R--- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\ComboFix.exe
[2010/10/22 17:12:27 | 037,966,748 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\LoaderBackup-(2010-10-22).ipd
[2010/10/22 15:46:13 | 000,001,956 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Desktop Software.lnk
[2010/10/22 15:23:53 | 105,378,136 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\600_b047_multilanguage.exe
[2010/10/22 13:08:33 | 000,001,906 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ACL Desktop Education Edition.lnk
[2010/10/21 19:45:40 | 004,290,744 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\David Schuldenfrei\Desktop\avg_free_stb_all_2011_1136_upgrade.exe
[2010/10/20 20:40:13 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\David Schuldenfrei\Desktop\GooredFix.exe
[2010/10/20 11:31:31 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/10/20 11:31:31 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/10/20 11:31:31 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/10/20 11:31:31 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/20 11:31:31 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/10/20 11:26:17 | 016,074,528 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\David Schuldenfrei\Desktop\jre-6u22-windows-i586.exe
[2010/10/20 11:22:29 | 000,205,540 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\JavaRa.zip
[2010/10/18 23:15:24 | 000,014,446 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\P 4-5A, Requirements 3-5.docx
[2010/10/18 22:43:33 | 033,688,706 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\Matt Nathanson -- Thunder Road (Live cover from Acoustic Cafe).mp3
[2010/10/18 14:27:58 | 000,529,657 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\Haier Presentation.pptx
[2010/10/18 00:32:20 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Schuldenfrei\Desktop\OTL.exe
[2010/10/15 15:24:15 | 000,323,584 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\JMS Tech Wizards.accdb
[2010/10/12 19:31:17 | 000,034,711 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\Fall 2010.xlsx
[2010/10/12 14:56:32 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/10/11 21:47:36 | 000,008,614 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\Money.xlsx
[2010/10/10 16:56:29 | 000,034,104 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/05 23:15:06 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/05 23:10:47 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[1 C:\Documents and Settings\David Schuldenfrei\Application Data\*.tmp files -> C:\Documents and Settings\David Schuldenfrei\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/02 23:39:48 | 000,001,838 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\DrWeb.csv
[2010/11/02 11:25:47 | 098,219,479 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2010/11/01 13:53:24 | 000,093,279 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\27179_677492577362_8110673_38759296_7551248_n.jpg
[2010/11/01 13:53:05 | 000,071,634 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\photo.php
[2010/10/31 16:52:44 | 000,537,705 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\audit.zip
[2010/10/31 11:48:52 | 051,419,656 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\drweb-cureit.exe
[2010/10/30 21:46:56 | 032,774,444 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\nathanson2002-04-26d1t6.wav
[2010/10/28 22:18:44 | 000,053,760 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\gennaBattery.doc
[2010/10/28 14:19:36 | 000,000,383 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\requested-files[2010-10-28_15_19].cab
[2010/10/28 14:18:11 | 000,264,875 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\sfp.zip
[2010/10/27 22:09:06 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\Calculate Caloric Expenditure.doc
[2010/10/27 00:06:46 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\SystemLook.exe
[2010/10/26 22:47:37 | 005,066,752 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\oar2001-11-24-SoMovedOn.mp3
[2010/10/26 20:17:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/10/26 20:17:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/10/24 14:02:28 | 003,883,109 | R--- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\ComboFix.exe
[2010/10/22 17:12:24 | 037,966,748 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\LoaderBackup-(2010-10-22).ipd
[2010/10/22 15:46:13 | 000,001,956 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Desktop Software.lnk
[2010/10/22 14:43:38 | 105,378,136 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\600_b047_multilanguage.exe
[2010/10/22 13:08:33 | 000,001,906 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ACL Desktop Education Edition.lnk
[2010/10/22 11:06:04 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2010/10/20 11:22:33 | 000,205,540 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\JavaRa.zip
[2010/10/18 23:15:24 | 000,014,446 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\P 4-5A, Requirements 3-5.docx
[2010/10/18 22:40:34 | 033,688,706 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\Matt Nathanson -- Thunder Road (Live cover from Acoustic Cafe).mp3
[2010/10/18 14:28:15 | 000,529,657 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\Haier Presentation.pptx
[2010/10/15 15:18:40 | 000,323,584 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\My Documents\JMS Tech Wizards.accdb
[2010/10/12 14:56:32 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/10/12 14:56:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/12 14:50:38 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/12 14:50:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/12 14:50:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/12 14:50:38 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/12 14:50:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/11 21:47:35 | 000,008,614 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\Money.xlsx
[2010/10/05 23:15:06 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/05 23:10:47 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/09/20 00:56:29 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Application Data\Rim.Desktop.Exception.log
[2010/09/20 00:48:38 | 000,001,616 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Application Data\Rim.Desktop.HttpServerSetup.log
[2010/09/20 00:44:44 | 001,075,576 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/25 08:31:06 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/25 18:25:27 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\BladeEnc.dll
[2009/11/25 18:25:27 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ShnDll32.dll
[2009/11/09 00:10:35 | 000,000,127 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/10/29 21:47:55 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/10/25 14:04:23 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/10/25 14:04:23 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/10/21 01:21:58 | 000,003,466 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/10/20 18:49:48 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2009/10/19 17:05:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/10/19 16:13:40 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2008/05/06 07:00:00 | 000,000,287 | ---- | C] () -- C:\WINDOWS\System32\Oeminfo.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Just before I go thru the above log, it looks like this was moved:

*dsncservice.exe;c:\program files\juniper networks\common files;Probably DLOADER.Trojan;Moved.;*

But it may belong to the Juniper Network Connect Service for VPN connections. Can you let me know if you use this service, and if so, is it still okay?

eddie


----------



## fryguy8585 (Aug 24, 2006)

Yes, I do use the service. I am a college student, and I use the VPN to connect to my campus network while I am in my apartment. It now says that I cannot start the NetworkConnect service, and to please reinstall it, although I do not know how to reinstall it.


----------



## eddie5659 (Mar 19, 2001)

Okay, lets restore the file...

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)










Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

eddie


----------



## fryguy8585 (Aug 24, 2006)

ComboFix 10-11-03.04 - David Schuldenfrei 11/09/2010 12:54:05.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1408 [GMT -5:00]
Running from: c:\documents and settings\David Schuldenfrei\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\David Schuldenfrei\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2010-10-09 to 2010-11-09 )))))))))))))))))))))))))))))))
.

2010-11-02 16:39 . 2010-11-02 16:39	125304	----a-w-	c:\windows\system32\drivers\dwprot.sys
2010-10-31 18:03 . 2010-10-31 19:59	--------	d-----w-	c:\documents and settings\David Schuldenfrei\DoctorWeb
2010-10-29 03:57 . 2010-10-29 03:57	--------	d-----w-	c:\documents and settings\David Schuldenfrei\Local Settings\Application Data\PCHealth
2010-10-25 01:46 . 2010-08-27 06:56	398704	----a-w-	c:\windows\system32\dsNcSmartCardProv.dll
2010-10-22 20:59 . 2010-10-22 20:59	53248	----a-r-	c:\documents and settings\David Schuldenfrei\Application Data\Microsoft\Installer\{23C12370-3A82-4558-B727-F345B473AD87}\ARPPRODUCTICON.exe
2010-10-22 18:08 . 2010-10-22 18:08	--------	d-----w-	C:\ACL Data
2010-10-22 18:08 . 2010-10-22 18:08	--------	d-----w-	c:\program files\ACL Software
2010-10-22 16:08 . 2010-10-22 16:08	--------	d-----w-	c:\documents and settings\David Schuldenfrei\Application Data\AVG10
2010-10-22 16:06 . 2010-10-22 16:06	--------	d--h--w-	c:\documents and settings\All Users\Application Data\Common Files
2010-10-22 16:04 . 2010-11-09 17:26	--------	d-----w-	c:\windows\system32\drivers\AVG
2010-10-22 16:04 . 2010-10-22 16:06	--------	d-----w-	c:\documents and settings\All Users\Application Data\AVG10
2010-10-22 06:13 . 2010-10-22 06:14	--------	d-----w-	c:\documents and settings\All Users\Application Data\MFAData
2010-10-20 16:34 . 2010-10-20 16:34	--------	d-----w-	C:\_OTL
2010-10-20 16:32 . 2010-10-20 16:32	--------	d-----w-	c:\program files\Common Files\Java
2010-10-20 16:31 . 2010-10-20 16:31	472808	----a-w-	c:\windows\system32\deployJava1.dll
2010-10-20 16:31 . 2010-10-20 16:31	472808	----a-w-	c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-13 04:36 . 2010-10-13 04:36	--------	d-----w-	c:\documents and settings\David Schuldenfrei\Application Data\uTorrent
2010-10-12 21:24 . 2010-10-12 21:24	--------	d-----w-	c:\windows\system32\xircom
2010-10-12 21:24 . 2010-10-12 21:24	--------	d-----w-	c:\windows\system32\wbem\snmp
2010-10-12 21:24 . 2010-10-12 21:24	--------	d-----w-	c:\windows\system32\oobe
2010-10-12 21:24 . 2010-10-12 21:24	--------	d-----w-	c:\windows\srchasst
2010-10-12 21:24 . 2010-10-12 21:24	--------	d-----w-	c:\program files\microsoft frontpage

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-20 16:31 . 2009-10-20 04:40	73728	----a-w-	c:\windows\system32\javacpl.cpl
2010-09-13 20:27 . 2010-09-13 20:27	25680	----a-w-	c:\windows\system32\drivers\AVGIDSEH.sys
2010-09-08 15:17 . 2010-09-08 15:17	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17 . 2010-09-08 15:17	69632	----a-w-	c:\windows\system32\QuickTime.qts
2010-09-07 07:49 . 2010-09-07 07:49	298448	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2010-09-07 07:48 . 2010-09-07 07:48	34384	----a-w-	c:\windows\system32\drivers\avgmfx86.sys
2010-09-07 07:48 . 2010-09-07 07:48	249424	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2010-09-07 07:48 . 2010-09-07 07:48	26064	----a-w-	c:\windows\system32\drivers\avgrkx86.sys
2010-08-27 06:56 . 2010-02-13 19:45	345456	----a-w-	c:\windows\system32\dsNcCredProv.dll
2010-08-27 06:53 . 2010-08-27 06:53	225280	----a-w-	c:\windows\system32\dsGinaLoader.dll
2010-08-27 06:33 . 2008-11-21 08:15	26624	----a-w-	c:\windows\system32\drivers\dsNcAdpt.sys
2010-08-20 01:42 . 2010-08-20 01:42	30288	----a-w-	c:\windows\system32\drivers\AVGIDSFilter.sys
2010-08-20 01:42 . 2010-08-20 01:42	123472	----a-w-	c:\windows\system32\drivers\AVGIDSDriver.sys
2010-08-20 01:42 . 2010-08-20 01:42	26192	----a-w-	c:\windows\system32\drivers\AVGIDSShim.sys
2010-08-17 19:51 . 2010-08-17 19:51	388096	----a-r-	c:\documents and settings\David Schuldenfrei\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-12 04:07 . 2010-09-04 22:12	9200	------w-	c:\windows\system32\drivers\cdralw2k.sys
2010-08-12 04:07 . 2010-09-04 22:12	9072	------w-	c:\windows\system32\drivers\cdr4_xp.sys
2010-08-12 04:07 . 2010-09-04 22:12	45648	----a-w-	c:\windows\system32\drivers\PxHelp20.sys
2010-08-12 04:07 . 2010-09-04 22:12	133616	------w-	c:\windows\system32\pxafs.dll
2010-08-12 04:07 . 2010-09-04 22:12	126448	------w-	c:\windows\system32\pxinsi64.exe
2010-08-12 04:07 . 2010-09-04 22:12	123888	------w-	c:\windows\system32\pxcpyi64.exe
2008-05-05 20:14 . 2009-10-19 21:13	34048	----a-w-	c:\program files\opera\program\plugins\upd62i9x.dll
2008-05-05 20:14 . 2009-10-19 21:13	45056	----a-w-	c:\program files\opera\program\plugins\upd62int.dll
.

------- Sigcheck -------

[-] 2008-05-06 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys

c:\windows\System32\wuauclt.exe ... is missing !!
c:\windows\System32\wscntfy.exe ... is missing !!
c:\windows\System32\ctfmon.exe ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot_2010-10-24_19.20.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-09 18:03 . 2010-11-09 18:03	16384 c:\windows\Temp\Perflib_Perfdata_e10.dat
+ 2008-05-06 12:00 . 2010-11-09 17:24	67288 c:\windows\system32\perfc009.dat
- 2008-05-06 12:00 . 2010-10-12 20:14	67288 c:\windows\system32\perfc009.dat
+ 2009-11-04 05:39 . 2010-11-05 05:00	34856 c:\windows\system32\mlfcache.dat
- 2009-11-12 22:26 . 2009-11-12 22:26	35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-11-12 22:26 . 2010-10-29 02:25	35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-11-12 22:26 . 2009-11-12 22:26	18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-11-12 22:26 . 2010-10-29 02:25	18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-11-12 22:26 . 2009-11-12 22:26	20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-11-12 22:26 . 2010-10-29 02:25	20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-11-21 00:14 . 2010-10-29 02:23	35088 c:\windows\Installer\{90120000-001B-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-11-21 00:14 . 2009-11-21 00:14	35088 c:\windows\Installer\{90120000-001B-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-11-21 00:14 . 2009-11-21 00:14	18704 c:\windows\Installer\{90120000-001B-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-11-21 00:14 . 2010-10-29 02:23	18704 c:\windows\Installer\{90120000-001B-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-11-21 00:14 . 2009-11-21 00:14	20240 c:\windows\Installer\{90120000-001B-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-11-21 00:14 . 2010-10-29 02:23	20240 c:\windows\Installer\{90120000-001B-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-11-20 23:34 . 2009-11-20 23:34	35088 c:\windows\Installer\{90120000-001A-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-11-20 23:34 . 2010-10-29 02:22	35088 c:\windows\Installer\{90120000-001A-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-11-20 23:34 . 2009-11-20 23:34	18704 c:\windows\Installer\{90120000-001A-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-11-20 23:34 . 2010-10-29 02:22	18704 c:\windows\Installer\{90120000-001A-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-11-20 23:34 . 2010-10-29 02:22	20240 c:\windows\Installer\{90120000-001A-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-11-20 23:34 . 2009-11-20 23:34	20240 c:\windows\Installer\{90120000-001A-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-11-20 23:39 . 2010-10-29 02:22	35088 c:\windows\Installer\{90120000-0018-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-11-20 23:39 . 2009-11-20 23:39	35088 c:\windows\Installer\{90120000-0018-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-11-20 23:39 . 2009-11-20 23:39	18704 c:\windows\Installer\{90120000-0018-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-11-20 23:39 . 2010-10-29 02:22	18704 c:\windows\Installer\{90120000-0018-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-11-20 23:39 . 2010-10-29 02:22	20240 c:\windows\Installer\{90120000-0018-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-11-20 23:39 . 2009-11-20 23:39	20240 c:\windows\Installer\{90120000-0018-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-11-20 23:28 . 2010-10-29 02:21	35088 c:\windows\Installer\{90120000-0016-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-11-20 23:28 . 2009-11-20 23:28	35088 c:\windows\Installer\{90120000-0016-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-11-20 23:28 . 2010-10-29 02:21	18704 c:\windows\Installer\{90120000-0016-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-11-20 23:28 . 2009-11-20 23:28	18704 c:\windows\Installer\{90120000-0016-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-11-20 23:28 . 2010-10-29 02:21	20240 c:\windows\Installer\{90120000-0016-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-11-20 23:28 . 2009-11-20 23:28	20240 c:\windows\Installer\{90120000-0016-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-03-11 05:43 . 2010-03-11 05:43	35088 c:\windows\Installer\{90120000-0015-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-03-11 05:43 . 2010-10-29 02:20	35088 c:\windows\Installer\{90120000-0015-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-03-11 05:43 . 2010-03-11 05:43	18704 c:\windows\Installer\{90120000-0015-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-03-11 05:43 . 2010-10-29 02:20	18704 c:\windows\Installer\{90120000-0015-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-03-11 05:43 . 2010-10-29 02:20	20240 c:\windows\Installer\{90120000-0015-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-03-11 05:43 . 2010-03-11 05:43	20240 c:\windows\Installer\{90120000-0015-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-11-21 00:11 . 2010-04-06 23:00	35088 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-11-21 00:11 . 2010-10-29 02:19	35088 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-11-21 00:11 . 2010-04-06 23:00	18704 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-11-21 00:11 . 2010-10-29 02:19	18704 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-11-21 00:11 . 2010-10-29 02:19	20240 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-11-21 00:11 . 2010-04-06 23:00	20240 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-08-20 00:32 . 2010-08-20 00:32	42896 c:\windows\Downloaded Program Files\JuniperSetupClientCtrlUninstaller.exe
+ 2010-10-29 02:24 . 2010-10-29 02:24	82784 c:\windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
+ 2008-05-06 12:00 . 2010-11-09 17:24	433318 c:\windows\system32\perfh009.dat
- 2008-05-06 12:00 . 2010-10-12 20:14	433318 c:\windows\system32\perfh009.dat
- 2009-10-19 22:03 . 2010-10-22 20:30	178648 c:\windows\system32\FNTCACHE.DAT
+ 2009-10-19 22:03 . 2010-10-29 06:27	178648 c:\windows\system32\FNTCACHE.DAT
- 2009-11-12 22:26 . 2009-11-12 22:26	888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-11-12 22:26 . 2010-10-29 02:25	888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-11-12 22:26 . 2009-11-12 22:26	922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-11-12 22:26 . 2010-10-29 02:25	922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2009-11-12 22:26 . 2009-11-12 22:26	217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2009-11-12 22:26 . 2010-10-29 02:25	217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2009-11-12 22:26 . 2010-10-29 02:25	184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2009-11-12 22:26 . 2009-11-12 22:26	184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-10-29 02:24 . 2010-10-29 02:24	217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2010-04-06 22:59 . 2010-04-06 22:59	217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2009-11-21 00:14 . 2009-11-21 00:14	888080 c:\windows\Installer\{90120000-001B-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-11-21 00:14 . 2010-10-29 02:23	888080 c:\windows\Installer\{90120000-001B-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-11-21 00:14 . 2009-11-21 00:14	217864 c:\windows\Installer\{90120000-001B-0000-0000-0000000FF1CE}\misc.exe
+ 2009-11-21 00:14 . 2010-10-29 02:23	217864 c:\windows\Installer\{90120000-001B-0000-0000-0000000FF1CE}\misc.exe
- 2009-11-20 23:34 . 2009-11-20 23:34	845584 c:\windows\Installer\{90120000-001A-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-11-20 23:34 . 2010-10-29 02:22	845584 c:\windows\Installer\{90120000-001A-0000-0000-0000000FF1CE}\outicon.exe
- 2009-11-20 23:34 . 2009-11-20 23:34	217864 c:\windows\Installer\{90120000-001A-0000-0000-0000000FF1CE}\misc.exe
+ 2009-11-20 23:34 . 2010-10-29 02:22	217864 c:\windows\Installer\{90120000-001A-0000-0000-0000000FF1CE}\misc.exe
- 2009-11-20 23:39 . 2009-11-20 23:39	922384 c:\windows\Installer\{90120000-0018-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-11-20 23:39 . 2010-10-29 02:22	922384 c:\windows\Installer\{90120000-0018-0000-0000-0000000FF1CE}\pptico.exe
- 2009-11-20 23:39 . 2009-11-20 23:39	217864 c:\windows\Installer\{90120000-0018-0000-0000-0000000FF1CE}\misc.exe
+ 2009-11-20 23:39 . 2010-10-29 02:22	217864 c:\windows\Installer\{90120000-0018-0000-0000-0000000FF1CE}\misc.exe
+ 2009-11-20 23:28 . 2010-10-29 02:21	217864 c:\windows\Installer\{90120000-0016-0000-0000-0000000FF1CE}\misc.exe
- 2009-11-20 23:28 . 2009-11-20 23:28	217864 c:\windows\Installer\{90120000-0016-0000-0000-0000000FF1CE}\misc.exe
+ 2010-03-11 05:43 . 2010-10-29 02:20	217864 c:\windows\Installer\{90120000-0015-0000-0000-0000000FF1CE}\misc.exe
- 2010-03-11 05:43 . 2010-03-11 05:43	217864 c:\windows\Installer\{90120000-0015-0000-0000-0000000FF1CE}\misc.exe
- 2009-11-21 00:11 . 2010-04-06 23:00	888080 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-11-21 00:11 . 2010-10-29 02:19	888080 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-11-21 00:11 . 2010-04-06 23:00	922384 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-11-21 00:11 . 2010-10-29 02:19	922384 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-11-21 00:11 . 2010-10-29 02:19	845584 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\outicon.exe
- 2009-11-21 00:11 . 2010-04-06 23:00	845584 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\outicon.exe
- 2009-11-21 00:11 . 2010-04-06 23:00	217864 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\misc.exe
+ 2009-11-21 00:11 . 2010-10-29 02:19	217864 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\misc.exe
+ 2010-08-20 00:32 . 2010-08-20 00:32	402800 c:\windows\Downloaded Program Files\JuniperExt.exe
+ 2010-10-27 19:48 . 2010-10-27 19:48	3019264 c:\windows\Installer\8476c.msi
+ 2010-10-25 16:12 . 2010-10-25 16:12	1543680 c:\windows\Installer\79751.msi
- 2009-11-12 22:26 . 2009-11-12 22:26	1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-11-12 22:26 . 2010-10-29 02:25	1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-11-20 23:28 . 2009-11-20 23:28	1172240 c:\windows\Installer\{90120000-0016-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-11-20 23:28 . 2010-10-29 02:21	1172240 c:\windows\Installer\{90120000-0016-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-03-11 05:43 . 2010-03-11 05:43	1165584 c:\windows\Installer\{90120000-0015-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-03-11 05:43 . 2010-10-29 02:20	1165584 c:\windows\Installer\{90120000-0015-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-11-21 00:11 . 2010-10-29 02:19	1172240 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-11-21 00:11 . 2010-04-06 23:00	1172240 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-10-29 02:24 . 2010-10-29 02:24	1215328 c:\windows\assembly\GAC\IACore\1.7.6223.0__31bf3856ad364e35\IACore.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]
"Aim"="c:\program files\AIM\aim.exe" [2010-03-08 3972440]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-28 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"BackupClient.exe"="c:\program files\Student Backup\BackupClient.exe" [2008-11-19 9201614]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2010-09-15 2745696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-05-06 99840]

c:\documents and settings\David Schuldenfrei\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Update Notifier.lnk - c:\program files\Update Notifier\updatenotifier.exe [2009-10-19 462848]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"StartMenuFavorites"= 0 (0x0)
"Start_ShowMyComputer"= 1 (0x1)
"Start_ShowMyDocs"= 1 (0x1)
"Start_ShowMyMusic"= 0 (0x0)
"Start_ShowRun"= 1 (0x1)
"Start_ShowSearch"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21	548352	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders	schannel.dll, digest.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 3:27 PM 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 2:48 AM 26064]
R0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [11/2/2010 11:39 AM 125304]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 2:48 AM 249424]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 2:49 AM 298448]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [10/11/2010 11:58 AM 6104656]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [9/10/2010 12:45 AM 265400]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/24/2010 4:38 AM 92008]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 8:42 PM 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 8:42 PM 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 8:42 PM 26192]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [5/25/2009 2:43 PM 32408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12	REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
FF - ProfilePath - c:\documents and settings\David Schuldenfrei\Application Data\Mozilla\Firefox\Profiles\6yk6a511.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - msn.com
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\AVG\AVG10\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-09 13:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\docume~1\DAVIDS~1\LOCALS~1\Temp\STS7.tmp 81 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(956)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(3240)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\AVG\AVG10\avgemcx.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2010-11-09 13:07:33 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-09 18:07
ComboFix2.txt 2010-10-24 19:25
ComboFix3.txt 2010-10-12 20:14

Pre-Run: 3,822,428,160 bytes free
Post-Run: 4,181,397,504 bytes free

- - End Of File - - DE8A6E8015CCE08BE936C3F373A5E9F1


----------



## eddie5659 (Mar 19, 2001)

Is your VPN working again? If so, I'll come back with the next part of his thread, and I'll also let the developers know this is a legit file.


----------



## fryguy8585 (Aug 24, 2006)

Hey Eddie,

The VPN still does not work; it says I need to reinstall Network Connect


----------



## eddie5659 (Mar 19, 2001)

Okay, lets see if this works for the VPN:

Firstly, start Dr.Web and then you should see this icon in your taskbar, near your clock:










Click on the icon above, and select *Tools*, and then select *Quarantine*

The following table should now be available:










On the left-hand side, select *Files*.

In the table, look for these files:

*dsncservice.exe
dsNcService.exe*

If one or both are there, click to highlight them (or one at at time if it won't allow multiple selecting) and then press the *Restore* button.

After doing the above, press the X in the top right to exit the table.

Restart your computer, and let me know if that solves the VPN problem.

eddie


----------



## fryguy8585 (Aug 24, 2006)

Eddie,

I don't have the icon near my clock. When I start Dr. Web, it just starts scanning. I cannot click tools anywhere, or get to a list of quarantined files...or am I supposed to run the scan again?


----------



## eddie5659 (Mar 19, 2001)

Okay, cam you do this for me:

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:


> :dir
> %userprofile%\DoctorWeb\quarantaine
> c:\documents and settings\David Schuldenfrei\DoctorWeb\quarantaine



Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

eddie


----------



## fryguy8585 (Aug 24, 2006)

SystemLook 04.09.10 by jpshortstuff
Log created at 00:47 on 16/11/2010 by David Schuldenfrei
Administrator - Elevation successful

========== dir ==========

C:\Documents and Settings\David Schuldenfrei\DoctorWeb\quarantaine - Unable to find folder.

c:\documents and settings\David Schuldenfrei\DoctorWeb\quarantaine - Unable to find folder.

-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

Okay, lets do a full search for the actual folder, in case its in a different place.

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:


> :folderfind
> *DoctorWeb*



Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

eddie


----------



## fryguy8585 (Aug 24, 2006)

SystemLook 04.09.10 by jpshortstuff
Log created at 02:36 on 22/11/2010 by David Schuldenfrei
Administrator - Elevation successful

========== folderfind ==========

Searching for "*DoctorWeb*"
C:\Documents and Settings\David Schuldenfrei\DoctorWeb	d------	[18:03 31/10/2010]

-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

Okay, hopefully we'll be able to see the file to recover the VPN, so can you try this:


Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:


> :dir
> C:\Documents and Settings\David Schuldenfrei\DoctorWeb /s



Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

It may be a long list, so if needbe, upload it


----------



## fryguy8585 (Aug 24, 2006)

SystemLook 04.09.10 by jpshortstuff
Log created at 02:24 on 26/11/2010 by David Schuldenfrei
Administrator - Elevation successful

========== dir ==========

C:\Documents and Settings\David Schuldenfrei\DoctorWeb - Parameters: "/s "

---Files---
CureIt.log	--a---- 10490732 bytes	[18:03 31/10/2010]	[07:02 15/11/2010]

C:\Documents and Settings\David Schuldenfrei\DoctorWeb\Quarantine	d------	[19:59 31/10/2010]
A0046642.exe	--a---- 315199 bytes	[01:12 03/11/2010]	[01:12 03/11/2010]
A0059672.cmd	--a---- 16682 bytes	[04:38 03/11/2010]	[04:38 03/11/2010]
A0060148.cmd	--a---- 16682 bytes	[04:38 03/11/2010]	[04:38 03/11/2010]
A0061187.exe	--a---- 3877496 bytes	[02:13 03/11/2010]	[02:13 03/11/2010]
A0061218.cmd	--a---- 17603 bytes	[04:38 03/11/2010]	[04:38 03/11/2010]
A0061344.exe	--a---- 37021 bytes	[02:13 03/11/2010]	[02:13 03/11/2010]
avgns.log	--a---- 264948 bytes	[19:59 31/10/2010]	[19:59 31/10/2010]
avgns__0.log	--a---- 281912 bytes	[16:10 01/11/2010]	[16:10 01/11/2010]
avgns__1.log	--a---- 313322 bytes	[20:31 02/11/2010]	[20:31 02/11/2010]
avgns__2.log	--a---- 321028 bytes	[23:20 02/11/2010]	[23:20 02/11/2010]
ComboFi0.exe	--a---- 3883109 bytes	[23:51 02/11/2010]	[23:51 02/11/2010]
ComboFi1.exe	--a---- 3883109 bytes	[04:38 03/11/2010]	[04:38 03/11/2010]
ComboFix.exe	--a---- 3883109 bytes	[21:04 02/11/2010]	[21:04 02/11/2010]
descript.ion	--a---- 1117 bytes	[19:59 31/10/2010]	[04:38 03/11/2010]
dsncservice.exe	--a---- 660848 bytes	[04:38 03/11/2010]	[04:38 03/11/2010]
pskill.exe	--a---- 94208 bytes	[04:38 03/11/2010]	[04:38 03/11/2010]

-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

At last, we've found the elusive file 

So, lets see if we can get it back to where it should be

Can you delete the copy of Combofix on your Desktop, and download the new one from here:

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

** IMPORTANT !!! Save ComboFix.exe to your Desktop*

Then,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)










Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

I'm off to work in 4 mins, but will have a look at lunch-time.

eddie


----------



## fryguy8585 (Aug 24, 2006)

Eddie,

I disabled my AVG Free Edition 2011 before running ComboFix, but it is telling me that ComboFix cannot run unless I uninstall AVG and that it would be too dangerous to continue running ComboFix while I have AVG. Do you suggest I uninstall AVG?


----------



## eddie5659 (Mar 19, 2001)

Nope, we'll try it another way. Back in a minute to create a fix


----------



## eddie5659 (Mar 19, 2001)

Okay, we'll do this the manual way 

If you open up Windows Explorer, and navigate to this folder:

*C:\Documents and Settings\David Schuldenfrei\DoctorWeb\Quarantine*

In there, look for this file:

*dsncservice.exe*

When you find it, click to highlight it, and then right-click and select *Copy*

Then, navigate to this folder:

*C:\program files\juniper networks\common files*

Right-click inside the folder, and choose *Paste*

Reboot, and then hopefully the VPN will now work......he says


----------



## fryguy8585 (Aug 24, 2006)

It still is not working; I attached a screen shot of what I'm seeing.


----------



## eddie5659 (Mar 19, 2001)

Okay, let me have a look at this indepth...


----------



## eddie5659 (Mar 19, 2001)

Okay, lets see if its the service that has stopped, as we've just put the file back.

Go to Control Panel, open up *Administrative Tools*, and then open *Services*.

In there, scroll down the list until you find this one:

*dsNcService*

or

*Juniper Networks*

It could be either one.

I've selected a random one in the below picture. Then, right-click on it and select *Properties*










Then, from the drop down list, select Automatic:










Close the Service by clicking the X at the top right, reboot and see if that helps.

eddie


----------



## fryguy8585 (Aug 24, 2006)

Hey Eddie,

Neither one of those exist in my list (I attached another screen shot.) The file that you told me to copy and paste previously, dsncservice.exe, was not listed as a .exe file. Rather, it was an application. I am not sure if that is what is causing the problem, just thought I would make you aware.


----------



## eddie5659 (Mar 19, 2001)

In the list was there a Network Connect service? Screenshot just stopped short of the N's.


----------



## fryguy8585 (Aug 24, 2006)

Here is the rest of the list, sorry about that.


----------



## eddie5659 (Mar 19, 2001)

Okay, will have to look at this in the morning, as looks like some people have turned up, and I have to make an appearance 

Just a heads up, to save me asking, but is the Network installed by the College/University, or did you do it yourself?

The reason I ask, is a reinstall of the network may be needed, but if you don't have the file, I'll have a read up at Juniper's tomorrow 

eddie


----------



## fryguy8585 (Aug 24, 2006)

Eddie,

I am not sure if I fully understand your question. I installed the network on my computer on my own. The site to log on is ssl.binghamton.edu. I log on and then I click "Start" next to Network Connect. The first time I did this, it led me through a series of installations. Every time after that, the VPN client usually just popped up and I was good to go


----------



## eddie5659 (Mar 19, 2001)

Okay, I'm going to look at this in a bit, but I just want to make sure all malware is gone, just in case this is the reason for the VPN failing.

Can you delete the copy of OTL that you have.

Then, download the new one as follows:

Download *OTL* to your Desktop

Then, Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:OTL
O13 - DefaultPrefix: 
O13 - WWW Prefix: 
O13 - Home Prefix: 
O13 - Mosaic Prefix: 
O13 - FTP Prefix: 
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]
```

Then click the *Run Fix* button at the top 
Let the program run unhindered, reboot the PC when it is done

-----------------

After doing that, can you then do this:


Double click on the OTL to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click on *Minimal Output* at the top 
Download the following file *scan.txt* to your *Desktop*. *Click here to download it*. You may need to right click on it and select *"Save"* 
Double click inside the Custom Scan box at the bottom 
A window will appear saying *"Click Ok to load a custom scan from a file or Cancel to cancel"* 
Click the Ok button and navigate to the file *scan.txt* which we just saved to your desktop 
Select *scan.txt* and click Open. Writing will now appear under the Custom Scan box 
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. 
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic 


----------------------

And then finally an online scan of this:


Please go to  VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the *"Suspicious files to scan"*box on the top of the page:

*C\WINDOWS\system32\Drivers\termdd.sys*

 Click on the *Upload* button
 Once the Scan is completed, click on the "*Copy to Clipboard*" button. This will copy the link of the report into the Clipboard.
 Paste the contents of the Clipboard in your next reply.

eddie


----------



## fryguy8585 (Aug 24, 2006)

Hey Eddie,
For whatever reason, OTL is not producing an Extras.txt file; I did a full search of my computer and could not locate it. Here is everything else:

OTL logfile created on: 12/1/2010 11:54:36 AM - Run 7
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\David Schuldenfrei\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2096)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 91.75 Gb Total Space | 3.26 Gb Free Space | 3.55% Space Free | Partition Type: NTFS
Drive D: | 106.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 488.25 Mb Total Space | 333.58 Mb Free Space | 68.32% Space Free | Partition Type: FAT

Computer Name: DAVID | User Name: David Schuldenfrei | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\David Schuldenfrei\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files\AIM\aim.exe (AOL Inc.)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\Logitech Vid\Vid.exe (Logitech Inc.)
PRC - C:\Program Files\Student Backup\BackupClient.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\David Schuldenfrei\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\GdiPlus.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\sti.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\cfgmgr32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (wscsvc) -- C:\WINDOWS\System32\wscsvc.dll File not found
SRV - (ERSvc) -- C:\WINDOWS\System32\ersvc.dll File not found
SRV - (CiSvc) -- C:\WINDOWS\System32\cisvc.exe File not found
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (DwProt) -- C:\WINDOWS\system32\drivers\dwprot.sys (Doctor Web, Ltd.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (dsNcAdpt) -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys (Juniper Networks)
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) Logitech QuickCam S5500(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (SMSIVZAM5) -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys (Smith Micro Inc.)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "msn.com"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.5331
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/11/23 16:11:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/29 02:32:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/20 11:31:48 | 000,000,000 | ---D | M]

[2009/10/22 10:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Mozilla\Extensions
[2009/10/22 10:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Mozilla\Extensions\[email protected]
[2010/11/29 17:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Mozilla\Firefox\Profiles\6yk6a511.default\extensions
[2010/03/24 16:45:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David Schuldenfrei\Application Data\Mozilla\Firefox\Profiles\6yk6a511.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/03/11 16:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Mozilla\Firefox\Profiles\6yk6a511.default\extensions\[email protected]
[2010/03/24 16:45:34 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Application Data\Mozilla\Firefox\Profiles\6yk6a511.default\searchplugins\aim-search-1.xml
[2009/10/24 19:25:31 | 000,004,554 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Application Data\Mozilla\Firefox\Profiles\6yk6a511.default\searchplugins\aim-search.xml
[2010/12/01 11:47:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/20 11:31:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/10/20 11:31:31 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/10/19 22:07:53 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2008/05/05 15:06:41 | 000,365,056 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npupd62.dll

O1 HOSTS File: ([2010/12/01 03:43:54 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BackupClient.exe] C:\Program Files\Student Backup\BackupClient.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuFavorites = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowMyComputer = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowMyDocs = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowMyMusic = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowRun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowSearch = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/19 16:11:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/07/26 15:35:25 | 000,000,042 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msaudio1 - msaud32.acm File not found
Drivers32: msacm.sl_anet - sl_anet.acm File not found
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - 
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - 
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - 
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - 
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - 
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - 
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - 
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - 
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - 
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - 
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - 
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - 
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - 
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - 
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\INF\unregmp2.exe /ShowWMP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS -

========== Files/Folders - Created Within 30 Days ==========

[2010/11/17 00:43:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/11/17 00:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/11/17 00:38:16 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/11/13 13:31:45 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/11/09 12:51:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/09 12:51:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/09 12:51:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/09 12:51:53 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/09 12:51:44 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/11/02 11:39:55 | 000,125,304 | ---- | C] (Doctor Web, Ltd.) -- C:\WINDOWS\System32\drivers\dwprot.sys
[1 C:\Documents and Settings\David Schuldenfrei\Application Data\*.tmp files -> C:\Documents and Settings\David Schuldenfrei\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/01 11:23:21 | 000,433,318 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/01 11:23:21 | 000,067,288 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/01 11:18:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/01 09:51:35 | 100,706,008 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2010/12/01 03:43:54 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/12/01 03:43:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Schuldenfrei\Desktop\OTL.exe
[2010/11/29 18:11:08 | 000,033,141 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\Copy of ACC211 Project 1 Fall 2010 Nico Fiume.xlsx
[2010/11/29 17:13:24 | 000,042,984 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\ACCT211_Project_TrevorHartquist.xlsx
[2010/11/29 16:57:59 | 000,258,863 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\nico.JPG
[2010/11/29 13:13:42 | 000,036,979 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\Exercise 10-6.docx
[2010/11/28 14:34:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/26 14:40:29 | 000,195,228 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\print screen 2.JPG
[2010/11/26 14:39:57 | 000,191,448 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\print screen.JPG
[2010/11/26 12:11:04 | 003,913,031 | R--- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\ComboFix.exe
[2010/11/23 16:12:15 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2010/11/23 01:49:45 | 000,234,727 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\tetris.JPG
[2010/11/22 02:35:52 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\SystemLook.exe
[2010/11/18 12:56:57 | 000,050,688 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\W10-Grading-set1.doc
[2010/11/17 20:22:45 | 000,053,248 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\Summary Outline of Management Issues.doc
[2010/11/17 12:27:07 | 000,062,976 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\Improving your Cash Position (final copy).docx
[2010/11/17 00:44:37 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/11/17 00:39:30 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/15 23:02:38 | 004,640,768 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\JMS Tech Wizards.accdb
[2010/11/15 13:57:04 | 000,001,508 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\DivX Movies.lnk
[2010/11/15 13:56:50 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/11/09 22:20:58 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/11/09 17:56:28 | 002,688,151 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\Lincoln Electric FINAL.pptx
[2010/11/09 17:36:42 | 000,048,640 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\integ-W10-JMS-TechWizards-nodb.doc
[2010/11/08 21:20:51 | 000,270,154 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\Lincoln Electric Supplemental Slids.pptx
[2010/11/08 16:24:42 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\LE presentation.doc
[2010/11/07 19:33:31 | 000,068,103 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\Implementation.pptx
[2010/11/05 12:38:55 | 018,577,240 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\08-Crazy.mp3
[2010/11/05 00:00:27 | 000,034,856 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/11/03 18:36:29 | 000,088,064 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/02 23:39:48 | 000,001,838 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\DrWeb.csv
[2010/11/02 11:39:54 | 000,125,304 | ---- | M] (Doctor Web, Ltd.) -- C:\WINDOWS\System32\drivers\dwprot.sys
[2010/11/01 13:53:24 | 000,093,279 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\27179_677492577362_8110673_38759296_7551248_n.jpg
[2010/11/01 13:53:05 | 000,071,634 | ---- | M] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\photo.php
[1 C:\Documents and Settings\David Schuldenfrei\Application Data\*.tmp files -> C:\Documents and Settings\David Schuldenfrei\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/29 18:11:08 | 000,033,141 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\Copy of ACC211 Project 1 Fall 2010 Nico Fiume.xlsx
[2010/11/29 17:13:23 | 000,042,984 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\ACCT211_Project_TrevorHartquist.xlsx
[2010/11/29 16:57:59 | 000,258,863 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\nico.JPG
[2010/11/29 13:13:41 | 000,036,979 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\Exercise 10-6.docx
[2010/11/26 14:40:29 | 000,195,228 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\print screen 2.JPG
[2010/11/26 13:13:19 | 000,191,448 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\print screen.JPG
[2010/11/23 01:49:45 | 000,234,727 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\tetris.JPG
[2010/11/17 20:22:48 | 000,053,248 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\Summary Outline of Management Issues.doc
[2010/11/17 12:27:07 | 000,062,976 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\Improving your Cash Position (final copy).docx
[2010/11/17 00:44:37 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/11/17 00:39:30 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/15 13:57:04 | 000,001,508 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\DivX Movies.lnk
[2010/11/15 13:56:50 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/11/10 18:32:08 | 000,050,688 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\W10-Grading-set1.doc
[2010/11/10 16:59:53 | 004,640,768 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\JMS Tech Wizards.accdb
[2010/11/09 17:56:22 | 002,688,151 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\Lincoln Electric FINAL.pptx
[2010/11/09 17:36:47 | 000,048,640 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\integ-W10-JMS-TechWizards-nodb.doc
[2010/11/09 12:51:53 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/09 12:51:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/09 12:51:53 | 000,088,064 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/09 12:51:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/09 12:51:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/09 12:46:31 | 003,913,031 | R--- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\ComboFix.exe
[2010/11/08 21:20:51 | 000,270,154 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\Lincoln Electric Supplemental Slids.pptx
[2010/11/08 16:24:42 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\LE presentation.doc
[2010/11/05 12:38:03 | 018,577,240 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\08-Crazy.mp3
[2010/11/05 01:51:00 | 000,068,103 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\Implementation.pptx
[2010/11/02 23:39:48 | 000,001,838 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\DrWeb.csv
[2010/11/01 13:53:24 | 000,093,279 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\27179_677492577362_8110673_38759296_7551248_n.jpg
[2010/11/01 13:53:05 | 000,071,634 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Desktop\photo.php
[2010/09/20 00:56:29 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Application Data\Rim.Desktop.Exception.log
[2010/09/20 00:48:38 | 000,001,616 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Application Data\Rim.Desktop.HttpServerSetup.log
[2010/09/20 00:44:44 | 001,075,576 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/25 08:31:06 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\David Schuldenfrei\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/25 18:25:27 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\BladeEnc.dll
[2009/11/25 18:25:27 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ShnDll32.dll
[2009/11/09 00:10:35 | 000,000,127 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/10/29 21:47:55 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/10/25 14:04:23 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/10/25 14:04:23 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/10/21 01:21:58 | 000,003,466 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/10/20 18:49:48 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2009/10/19 17:05:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/10/19 16:13:40 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2008/05/06 07:00:00 | 000,000,287 | ---- | C] () -- C:\WINDOWS\System32\Oeminfo.ini

========== LOP Check ==========

[2009/10/24 19:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/10/24 19:24:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2010/10/22 11:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/22 01:18:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/22 11:06:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/02/13 14:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2010/10/22 01:14:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/09/20 00:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/04/17 15:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2010/08/17 14:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/22 10:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/10/07 16:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Update
[2010/07/04 01:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2010/05/29 10:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010/05/04 16:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/04 00:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/24 19:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\acccore
[2010/10/22 11:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\AVG10
[2010/09/20 01:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Blackberry Desktop
[2009/11/27 20:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\CopyTrans
[2010/05/08 15:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\DC++
[2009/11/11 13:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Foxit Software
[2009/11/12 17:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\GetRightToGo
[2010/10/29 01:20:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Image Zone Express
[2009/11/09 10:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Individual Software
[2010/11/26 15:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Juniper Networks
[2009/10/29 21:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Leadertech
[2009/10/20 21:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\OpenOffice.org
[2010/02/10 22:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Printer Info Cache
[2010/09/20 00:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Research In Motion
[2010/04/17 15:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\TaxCut
[2009/10/22 10:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\TomTom
[2010/09/22 14:57:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Ukeqy
[2010/10/12 23:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\uTorrent
[2010/05/29 10:46:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\WindSolutions
[2010/03/11 13:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Schuldenfrei\Application Data\Xerox

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2

< End of report >

VirSCAN.org Scanned Report :
Scanned time : 2009/09/09 11:10:52 (CST)
Scanner results: Scanners did not find malware!
File Name : termdd.sys
File Size : 40840 byte
File Type : PE32 executable for MS Windows (DLL) (native) Intel 80386 32
MD5 : 88155247177638048422893737429d9e
SHA1 : e1057801f2c9748345c08d2e343b78861941abb5
Online report : http://virscan.org/report/4887eb405e401c240ab63a96c3dec2e2.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20090909070112 2009-09-09 6.18 -
AhnLab V3 2009.09.08.03 2009.09.08 2009-09-08 0.97 -
AntiVir 8.2.1.12 7.1.5.219 2009-09-08 0.43 -
Antiy 2.0.18 20090908.2764775 2009-09-08 0.12 -
Arcavir 2009 200909081908 2009-09-08 0.06 -
Authentium 5.1.1 200909081407 2009-09-08 1.25 -
AVAST! 4.7.4 090908-0 2009-09-08 0.01 -
AVG 8.5.288 270.13.86/2355 2009-09-09 0.32 -
BitDefender 7.81008.4115457 7.27602 2009-09-09 3.53 -
CA (VET) 9.0.0.143 31.6.6725 2009-09-09 9.08 -
ClamAV 0.95.2 9784 2009-09-08 0.01 -
Comodo 3.11 2258 2009-09-09 0.69 -
CP Secure 1.3.0.5 2009.09.07 2009-09-07 0.05 -
Dr.Web 4.44.0.9170 2009.09.08 2009-09-08 5.34 -
F-Prot 4.4.4.56 20090908 2009-09-08 1.27 -
F-Secure 7.02.73807 2009.09.09.01 2009-09-09 0.13 -
Fortinet 2.81-3.120 10.807 2009-09-08 0.19 -
GData 19.7717/19.469 20090909 2009-09-09 3.99 -
ViRobot 20090908 2009.09.08 2009-09-08 0.53 -
Ikarus T3.1.01.72 2009.09.09.73506 2009-09-09 3.92 -
JiangMin 11.0.800 2009.09.07 2009-09-07 9.26 -
Kaspersky 5.5.10 2009.09.09 2009-09-09 0.10 -
KingSoft 2009.2.5.15 2009.9.9.7 2009-09-09 0.56 -
McAfee 5.3.00 5735 2009-09-08 3.26 -
Microsoft 1.5005 2009.09.08 2009-09-08 6.31 -
Norman 6.01.09 6.01.00 2009-09-08 4.01 -
Panda 9.05.01 2009.09.08 2009-09-08 1.93 -
Trend Micro 8.700-1004 6.428.02 2009-09-08 0.03 -
Quick Heal 10.00 2009.09.08 2009-09-08 1.11 -
Rising 20.0 21.46.20.00 2009-09-09 0.79 -
Sophos 2.90.1 4.45 2009-09-09 3.19 -
Sunbelt 5380 5380 2009-09-08 1.51 -
Symantec 1.3.0.24 20090908.018 2009-09-08 0.20 -
nProtect 20090908.01 5379803 2009-09-08 6.80 -
The Hacker 6.3.4.3 v00398 2009-09-08 0.73 -
VBA32 3.12.10.10 20090908.1427 2009-09-08 1.94 -
VirusBuster 4.5.11.10 10.112.31/1851645 2009-09-08 2.27 -


----------



## eddie5659 (Mar 19, 2001)

Its okay about the extras, as all the info I wanted was in the first one you posted 

I have a feeling the VPN still doesn't work, so bear with me, as I think we need to add a Service.

Just to triple-check, you do have this file here:

C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

and this one here:

C:\WINDOWS\system32\drivers\dsNcAdpt.sys

If so, I'll get back with a reply


----------



## eddie5659 (Mar 19, 2001)

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:reg 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*


----------



## fryguy8585 (Aug 24, 2006)

Eddie, I'm not sure if C:\Program Files\Juniper Networks\Common Files\dsNcService.exe is the same as the dsncservice application file that I see in the folder. There is no ".exe" extension. I do see this file in its proper place. C:\WINDOWS\system32\drivers\dsNcAdpt.sys


----------



## fryguy8585 (Aug 24, 2006)

SystemLook 04.09.10 by jpshortstuff
Log created at 02:31 on 08/12/2010 by David Schuldenfrei
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
(No values found)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Data]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET Data Provider for Oracle]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET Data Provider for SqlServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NETFramework]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Abiosdsk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\abp480n5]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ACPI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ACPIEC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\adpu160m]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aec]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Aha154x]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aic78u2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aic78xx]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Alerter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ALG]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AliIde]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amsint]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Apple Mobile Device]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Arp1394]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3350p]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3550]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ASP.NET]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ASP.NET_2.0.50727]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aspnet_state]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AsyncMac]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Atdisk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Atmarpc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\audstub]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avg]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AVGIDSAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AVGIDSDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AVGIDSEH]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AVGIDSFilter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AVGIDSShim]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgldx86]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgmfx86]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgrkx86]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgtdix]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgwd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BattC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BCM43XX]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bcm4sbxp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Beep]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bonjour Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cbidf2k]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CCDECODE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cd20xrnt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdaudio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdfs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Changer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CiSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ClipSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\clr_optimization_v2.0.50727_32]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CmBatt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CmdIde]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Compbatt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\COMSysApp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cpqarray]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dac2w2k]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dac960nt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmadmin]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmboot]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmload]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmserver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DMusic]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dot3svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dpti2o]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\drmkaud]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dsNcAdpt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DwProt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dwshd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ERSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventSystem]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fastfat]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FastUserSwitchingCompatibility]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fdc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FilterService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fips]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Flpydisk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FltMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FontCache3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ftdisk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GEARAspiWDM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Gpc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HDAudBus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\helpsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HidServ]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HidUsb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hkmsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hpn]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hpqcxs08]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hpqddsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HPZid412]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HPZipr12]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HPZius12]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTPFilter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i2omp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ialm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\idsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Imapi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ImapiService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ini910u]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Inport]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IntelIde]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\intelppm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ip6Fw]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpFilterDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpInIp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpNat]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iPod Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IRENUM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\isapnp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\JavaQuickStarterService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Kbdclass]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kmixer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KSecDD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ldap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LicenseService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LVPr2Mon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LVPrcSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LVRS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LVUVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McComponentHostService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmdd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmsrvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Modem]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mouclass]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MountMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mraid35x]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MRxDAV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MRxSmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSDTC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSDTC Bridge 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Msfs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSKSSRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSPCLOCK]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSPQM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mssmbios]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSTEE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NABTSFEC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\napagent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NdisIP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NdisTapi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NdisWan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NDProxy]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Net Driver HPZ12]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDEdsdm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netman]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetTcpPortSharing]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NIC1394]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nla]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Npfs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ntfs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtLmSsp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtmsSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Null]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NwlnkFlt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NwlnkFwd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\odserv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ohci1394]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ose]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Outlook]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Parport]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PartMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ParVdm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCIDump]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCIIde]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Pcmcia]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PDRELI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\perc2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\perc2hib]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PerfNet]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PerfOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PerfProc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Pml Driver HPZ12]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PptpMiniport]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ProtectedStorage]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PSched]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ptilink]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PxHelp20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ql1080]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ql10wnt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ql12160]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ql1240]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ql1280]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasAcd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasAuto]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rasl2tp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasPppoe]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Raspti]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPCDD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPDD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdpdr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPNP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPWD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDSessMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\redbook]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RimUsb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RimVSerPort]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcLocator]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RSVP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SamSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SASDIFSV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SASKUTIL]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sdbus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Secdrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SENS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Serial]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ServiceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ServiceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ServiceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sffdisk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sffp_sd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ShellHWDetection]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Simbad]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SLIP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SMSIVZAM5]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SMSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sparrow]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\splitter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Spooler]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Srv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSDPSRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\STHDA]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\stisvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\streamip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swenum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swmidi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SwPrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\symc810]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\symc8xx]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sym_hi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sym_u3]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysaudio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TapiSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDTCP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermDD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Themes]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TomTomHOMEService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TosIde]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrkWks]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TSDDD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Udfs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ultra]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\upnphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UPS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBAAPL]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbaudio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbbus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbccgp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbDiag]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbehci]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbhub]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBModem]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbprint]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbscan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbuhci]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbvideo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VgaSave]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ViaIde]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VolSnap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VxD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wanarp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDICA]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wdmaud]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Workflow Foundation 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winmgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinTrust]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmdmPmSN]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wmi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmiApSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WMPNetworkSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WS2IFSL]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WSTCODEC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WZCSVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xmlprov]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{0D3A0FE6-E3EE-4A1B-BDF5-25F35EB4FA88}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{1E09029B-D7C5-42BF-B4AA-5B773BACB7C4}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{2F754635-732B-44EB-BC45-3FB443843156}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{58CE6CAA-711C-4415-AF94-D8BC452B18B1}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{E2DC3C66-D6DE-4B3F-872A-9E9C93A1C2E6}]

-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

Okay, lets have a closer look at a few things. Can you run SystemLook for the following things. As they may be large logs, can you run them seperately.



> :reg
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dsNcAdpt /s


And then again with this:


```
:dir
C:\Program Files\Juniper Networks /s
```
and finally:



> :file
> C:\Program Files\Juniper Networks\Common Files\dsNcService.exe


I just want to see what we have actually there, will solve this if it kills me 

eddie


----------



## fryguy8585 (Aug 24, 2006)

SystemLook 04.09.10 by jpshortstuff
Log created at 11:04 on 09/12/2010 by David Schuldenfrei
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dsNcAdpt]
"Type"= 0x0000000001 (1)
"Start"= 0x0000000003 (3)
"ErrorControl"= 0x0000000001 (1)
"Tag"= 0x0000000011 (17)
"ImagePath"="system32\DRIVERS\dsNcAdpt.sys"
"DisplayName"="Juniper Network Connect Adapter"
"Group"="NDIS"
"TextModeFlags"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dsNcAdpt\Security]
"Security"=01 00 14 80 90 00 00 00 9c 00 00 00 14 00 00 00 30 00 00 00 02 00 1c 00 01 00 00 00 02 80 14 00 ff 01 0f 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 fd 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 ff 01 0f 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8d 01 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 18 00 fd 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 (REG_BINARY)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dsNcAdpt\Enum]
"0"="Root\DSNCADPT\0000"
"Count"= 0x0000000001 (1)
"NextInstance"= 0x0000000001 (1)

-= EOF =-

SystemLook 04.09.10 by jpshortstuff
Log created at 11:05 on 09/12/2010 by David Schuldenfrei
Administrator - Elevation successful

========== dir ==========

C:\Program Files\Juniper Networks - Parameters: "/s"

---Files---
None found.

C:\Program Files\Juniper Networks\Common Files	d------	[19:45 13/02/2010]
config.ini	--a---- 285 bytes	[19:45 13/02/2010]	[05:31 29/10/2010]
dsncservice.exe	--a---- 660848 bytes	[17:52 26/11/2010]	[04:38 03/11/2010]

C:\Program Files\Juniper Networks\Network Connect 6.3.0	d------	[19:45 13/02/2010]
dsNcAdmin.dll	--a---- 99624 bytes	[08:33 21/11/2008]	[08:33 21/11/2008]
dsNcCredProv.dll	--a---- 345384 bytes	[08:33 21/11/2008]	[08:33 21/11/2008]
dsNcDiag.dll	--a---- 159810 bytes	[08:29 21/11/2008]	[08:29 21/11/2008]
dsNcGina.dll	--a---- 600106 bytes	[08:31 21/11/2008]	[08:31 21/11/2008]
dsNCGinaCompatible.txt	--a---- 71 bytes	[08:15 21/11/2008]	[08:15 21/11/2008]
dsNCResource_DE.dll	--a---- 126976 bytes	[08:31 21/11/2008]	[08:31 21/11/2008]
dsNCResource_EN.dll	--a---- 118784 bytes	[08:31 21/11/2008]	[08:31 21/11/2008]
dsNCResource_ES.dll	--a---- 126976 bytes	[08:31 21/11/2008]	[08:31 21/11/2008]
dsNCResource_FR.dll	--a---- 126976 bytes	[08:31 21/11/2008]	[08:31 21/11/2008]
dsNCResource_JA.dll	--a---- 110592 bytes	[08:31 21/11/2008]	[08:31 21/11/2008]
dsNCResource_KO.dll	--a---- 106496 bytes	[08:31 21/11/2008]	[08:31 21/11/2008]
dsNCResource_ZH.dll	--a---- 102400 bytes	[08:31 21/11/2008]	[08:31 21/11/2008]
dsNCResource_ZH_CN.dll	--a---- 102400 bytes	[08:31 21/11/2008]	[08:31 21/11/2008]
dsNetworkConnect.exe	--a---- 853368 bytes	[08:33 21/11/2008]	[08:33 21/11/2008]
dsWinClientResource_DE.dll	--a---- 32857 bytes	[08:24 21/11/2008]	[08:24 21/11/2008]
dsWinClientResource_EN.dll	--a---- 28761 bytes	[08:24 21/11/2008]	[08:24 21/11/2008]
dsWinClientResource_ES.dll	--a---- 28761 bytes	[08:24 21/11/2008]	[08:24 21/11/2008]
dsWinClientResource_FR.dll	--a---- 32857 bytes	[08:24 21/11/2008]	[08:24 21/11/2008]
dsWinClientResource_JA.dll	--a---- 28761 bytes	[08:24 21/11/2008]	[08:24 21/11/2008]
dsWinClientResource_KO.dll	--a---- 28761 bytes	[08:24 21/11/2008]	[08:24 21/11/2008]
dsWinClientResource_ZH.dll	--a---- 28761 bytes	[08:24 21/11/2008]	[08:24 21/11/2008]
dsWinClientResource_ZH_CN.dll	--a---- 28764 bytes	[08:24 21/11/2008]	[08:24 21/11/2008]
install.log	--a---- 15902 bytes	[19:45 13/02/2010]	[19:45 13/02/2010]
nclauncher.exe	--a---- 163840 bytes	[08:31 21/11/2008]	[08:31 21/11/2008]
setproxy.html	--a---- 3298 bytes	[08:15 21/11/2008]	[08:15 21/11/2008]
uninstall.exe	--a---- 87800 bytes	[08:33 21/11/2008]	[08:33 21/11/2008]
versionInfo.ini	--a---- 381 bytes	[08:26 21/11/2008]	[19:45 13/02/2010]

C:\Program Files\Juniper Networks\Network Connect 7.0.0	d------	[01:45 25/10/2010]
dsNcAdmin.dll	--a---- 177520 bytes	[06:56 27/08/2010]	[06:56 27/08/2010]
dsNcCredProv.dll	--a---- 345456 bytes	[06:56 27/08/2010]	[06:56 27/08/2010]
dsNcDiag.dll	--a---- 163840 bytes	[06:53 27/08/2010]	[06:53 27/08/2010]
dsNcGina.dll	--a---- 593920 bytes	[06:54 27/08/2010]	[06:54 27/08/2010]
dsNCGinaCompatible.txt	--a---- 71 bytes	[06:33 27/08/2010]	[06:33 27/08/2010]
dsNCResource_DE.dll	--a---- 126976 bytes	[06:56 27/08/2010]	[06:56 27/08/2010]
dsNCResource_EN.dll	--a---- 122880 bytes	[06:56 27/08/2010]	[06:56 27/08/2010]
dsNCResource_ES.dll	--a---- 126976 bytes	[06:56 27/08/2010]	[06:56 27/08/2010]
dsNCResource_FR.dll	--a---- 126976 bytes	[06:56 27/08/2010]	[06:56 27/08/2010]
dsNCResource_JA.dll	--a---- 110592 bytes	[06:56 27/08/2010]	[06:56 27/08/2010]
dsNCResource_KO.dll	--a---- 110592 bytes	[06:56 27/08/2010]	[06:56 27/08/2010]
dsNCResource_ZH.dll	--a---- 106496 bytes	[06:56 27/08/2010]	[06:56 27/08/2010]
dsNCResource_ZH_CN.dll	--a---- 102400 bytes	[06:56 27/08/2010]	[06:56 27/08/2010]
dsNcSmartCardProv.dll	--a---- 398704 bytes	[06:56 27/08/2010]	[06:56 27/08/2010]
dsNetworkConnect.exe	--a---- 1062256 bytes	[06:56 27/08/2010]	[06:56 27/08/2010]
dsWinClientResource_DE.dll	--a---- 25088 bytes	[06:53 27/08/2010]	[06:53 27/08/2010]
dsWinClientResource_EN.dll	--a---- 24576 bytes	[06:53 27/08/2010]	[06:53 27/08/2010]
dsWinClientResource_ES.dll	--a---- 25088 bytes	[06:53 27/08/2010]	[06:53 27/08/2010]
dsWinClientResource_FR.dll	--a---- 25088 bytes	[06:53 27/08/2010]	[06:53 27/08/2010]
dsWinClientResource_JA.dll	--a---- 23040 bytes	[06:53 27/08/2010]	[06:53 27/08/2010]
dsWinClientResource_KO.dll	--a---- 23040 bytes	[06:53 27/08/2010]	[06:53 27/08/2010]
dsWinClientResource_ZH.dll	--a---- 22016 bytes	[06:53 27/08/2010]	[06:53 27/08/2010]
dsWinClientResource_ZH_CN.dll	--a---- 22016 bytes	[06:53 27/08/2010]	[06:53 27/08/2010]
install.log	--a---- 22442 bytes	[01:46 25/10/2010]	[01:46 25/10/2010]
nclauncher.exe	--a---- 692224 bytes	[06:53 27/08/2010]	[06:53 27/08/2010]
setproxy.html	--a---- 3298 bytes	[06:33 27/08/2010]	[06:33 27/08/2010]
uninstall.exe	--a---- 129144 bytes	[06:56 27/08/2010]	[06:56 27/08/2010]
versionInfo.ini	--a---- 381 bytes	[06:51 27/08/2010]	[01:46 25/10/2010]

C:\Program Files\Juniper Networks\Network Connect 7.0.0\Microsoft.VC80.CRT	d------	[01:45 25/10/2010]
Microsoft.VC80.CRT.manifest	--a---- 1862 bytes	[00:11 20/08/2010]	[00:11 20/08/2010]
msvcp80.dll	--a---- 548864 bytes	[00:11 20/08/2010]	[00:11 20/08/2010]
msvcr80.dll	--a---- 626688 bytes	[00:11 20/08/2010]	[00:11 20/08/2010]

-= EOF =-

SystemLook 04.09.10 by jpshortstuff
Log created at 11:05 on 09/12/2010 by David Schuldenfrei
Administrator - Elevation successful

========== file ==========

C:\Program Files\Juniper Networks\Common Files\dsNcService.exe - File found and opened.
MD5: 2AA446F9786E5CD57FBC469E9000D159
Created at 17:52 on 26/11/2010
Modified at 04:38 on 03/11/2010
Size: 660848 bytes
Attributes: --a----
FileDescription: Network Connect Service
FileVersion: 7, 0, 0, 16499
ProductVersion: 7, 0, 0, 16499
OriginalFilename: dsNcService.exe
InternalName: Network Connect Service
ProductName: Network Connect
CompanyName: Juniper Networks
LegalCopyright: Copyright © 2001-2010 Juniper Networks, Inc. All rights reserved.
Comments:

-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

Okay, been thru this entire thread, making notes as to what was there and what isn't etc.

What I have seen on the above reply that you posted is this:



> C:\Program Files\Juniper Networks\Network Connect 6.3.0
> dsNetworkConnect.exe --a---- 853368 bytes [08:33 21/11/2008] [08:33 21/11/2008]
> 
> C:\Program Files\Juniper Networks\Network Connect 7.0.0 d------ [01:45 25/10/2010]
> dsNetworkConnect.exe --a---- 1062256 bytes [06:56 27/08/2010] [06:56 27/08/2010]


Now, the file that is causing the problems, shows as this:



> Created at 17:52 on 26/11/2010
> Modified at 04:38 on 03/11/2010
> Size: 660848 bytes
> Attributes: --a----
> ...


Now, this is the latest version of Network Connect.

Can you do something for me? Do you click on a shortcut to start the Network? If so, rightclick on it and select Properties. In the Shortcut tab, under Target will be the location of the actual program. Does it show as 6.3 or 7.0?

eddie


----------



## fryguy8585 (Aug 24, 2006)

I don't use a shortcut. I log into my school's network through the website ssl.binghamton.edu. Here is a screen shot of what I see when I log in; I click "start" next to where it says "network connect." I also attached a screenshot of the error message I am getting.


----------



## fryguy8585 (Aug 24, 2006)

Eddie, I'm not quite sure but it keeps saying that the uploads fail. Again, it's not a shortcut, just a link that says "start" on the site. A box pops up that says "Setup: Network Connect 7.0.0" The error message pops up in front of that box "NetworkConnect" and the message "Cannot start the Network Connect service. Please re-install Network Connect. (nc.windows.app.23787)


----------



## flavallee (May 12, 2002)

fryguy8585:

You haven't submitted a HiJackThis log in a long time, so let's see what a current one looks like.

Close all open windows first, then start HiJackThis and click "Do a system scan and save a log file", then save the log that appears, then submit it here.

---------------------------------------------------------------


----------



## TheOutcaste (Aug 8, 2007)

Searched Junipers Knowledgebase, and found this for the *nc.windows.app.23787* error:
[WEBQUOTE="http://kb.juniper.net/InfoCenter/index?page=content&id=KB12321&actp=search&viewlocale=en_US&searchid=1293056725486"]This behavior can occur if the Network Connect service is disabled or if the service is disabled for the hardware profile that you are currently using[/WEBQUOTE]
From the above article you should be seeing a *Network Connect* service in *Control Panel* | *Administrative Tools* | *Services*, but it's not listed in the screen shots you posted earlier (posts #59 & #61).
The first HiJackThis log lists it as:
*Juniper Network Connect Service (dsNcService)*, so it should be in the *J*'s
The *dsNcService* entry is not listed in the list of services shown in post #69, though the Kernel Driver (*dsNcAdpt*) is. The *dsNcAdpt* should appear in Device Manager as *Juniper Network Connect Adapter*.

The two files related to that service are *dsNCService.exe* and *dsNetworkConnect.exe* and are present, but looks like the Registry entries that start the service are missing. I suspect when you post the HijackThis log *flavallee* requested, it will be missing.

Best bet may be to manually uninstall Network Connect, then re-install, unless *flavallee* has another idea.
How to manually remove Network Connect

The article shows version 5.X.X, but you should remove both the 6.X.X and 7.X.X versions.

Then log on to the University site and let it re-install the client.


----------



## eddie5659 (Mar 19, 2001)

Thanks guys :up:


----------



## flavallee (May 12, 2002)

No reply from fryguy8585 in the last 5 days.

---------------------------------------------------------------


----------



## eddie5659 (Mar 19, 2001)

He tends to reply when he can, as the VPN is at home, and he may be at college still


----------



## flavallee (May 12, 2002)

Thought maybe he's on Christmas break. 

---------------------------------------------------------------


----------



## eddie5659 (Mar 19, 2001)

Ah, you could be right. I'll be here through Christmas anyway


----------



## fryguy8585 (Aug 24, 2006)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:40:27 PM, on 12/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Student Backup\BackupClient.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Logitech\Logitech Vid\vid.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BackupClient.exe] C:\Program Files\Student Backup\BackupClient.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 8951 bytes


----------



## TheOutcaste (Aug 8, 2007)

The *Juniper Network Connect Service* is missing, and doesn't look like the system is setup to check for that and rfe-install it if needed.

I'd suggest going through the steps in the manual uninstall article:
How to manually remove Network Connect

I'd also go into Device Manager, and uninstall the *Juniper Network Connect Adapter*.

Click *Start | Run* (or press *WinKey+R*), type *devmgmt.msc*, press *Enter*
Expand *Network Adapters*
Right click the *Juniper Network Connect Adapter* and click *Uninstall*.
You may have to click *View | Show hidden devices* to see it.

Then the next time you log into the school network, it should offer to re-install the software.

One odd thing, this line in the log:
*O1 - Hosts: ÿþ127.0.0.1 localhost*

This indicates the Hosts file has had all the comments removed, and was saved as Unicode instead of ANSI. The *ÿþ* charactesrs are the Boot Order Marker (BOM) bytes found at the start of a Unicode file. I'm not aware of this being any kind of a problem, seems to have no effect in my testing, just wanted to explain what those characters are. Perhaps Eddie or flavallee know if this could be an issue. Easy to fix in any case.


----------



## fryguy8585 (Aug 24, 2006)

Hey All,

I'm sorry I took a while to respond. For whatever reason, I did not receive email notification about your responses. I will definitely be more on top of things now that I am home for the holidays. I read the instructions on how to manually remove Network Connect. I was able to remove it from the add/remove programs, and was able to delete the first two files listed. However, I was unable to locate:

C:\Documents and Settings\<user>\Application Data\Juniper Networks\Network Connect 5.x.x

I was also unable to locate Juniper Network Connect Adapter in Device Manager, even after I clicked to show hidden devices.

However, I did return to the school's network site, and was able to successfully re-install Network Connect and I am now able to connect to the school network.


----------



## eddie5659 (Mar 19, 2001)

That's excellent news 

Thanks for stopping by guys, sometimes we all need help :up:

Can we see a fresh HijackThis log after you did the things above?


----------



## flavallee (May 12, 2002)

eddie5659 said:


> Can we see a fresh HijackThis log after you did the things above?


I see 9 - 10 startup entries that don't need to auto-load and run.

It also appears that *AVG 10* and *McAfee Security Scan Pro* are both auto-loading and running.

---------------------------------------------------------------


----------



## TheOutcaste (Aug 8, 2007)

fryguy8585 said:


> However, I was unable to locate:
> 
> C:\Documents and Settings\<user>\Application Data\Juniper Networks\Network Connect 5.x.x
> 
> I was also unable to locate Juniper Network Connect Adapter in Device Manager, even after I clicked to show hidden devices.


Probably got removed when you uninstalled from Add/Remove Programs, so nothing to worry about, especially as it re-installed successfully.


fryguy8585 said:


> However, I did return to the school's network site, and was able to successfully re-install Network Connect and I am now able to connect to the school network.


Glad to hear it.

I'll leave you to flavallee and eddie5659 to finish up with what they do best, glad I could help.


----------



## fryguy8585 (Aug 24, 2006)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:17:34 AM, on 12/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Student Backup\BackupClient.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Logitech\Logitech Vid\vid.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\AVG\AVG10\avgmfapx.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BackupClient.exe] C:\Program Files\Student Backup\BackupClient.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sealmon.exe] C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 9802 bytes


----------



## eddie5659 (Mar 19, 2001)

Okay, let me just go thru my notes and see where we were up to before the blasted DrWeb removed your VPN file


----------



## eddie5659 (Mar 19, 2001)

Thanks for hanging in there frguy :up:

Okay, firstly lets look at what flavallee spotted, as in you have *AVG 10* and *McAfee Security Scan Pro* are both auto-loading and running.

Am I right in assuming McAfee is the paid version? If so, I would suggest uninstalling AVG as follows:

*Step 1 - Uninstall your AVG consumer products*

Download AVG uninstall/cleanup utilty and run it: 

For 32 bit Windows versions avgremover.exe 

*Step 2 - After restart remove these folders:*

*Windows 2000/XP* 
C:\Program Files\AVG 
C:\Documents and settings\All users\Application data\AVG9

--------------------

There was also some entries that Combofix had problems with, so can we see if they're still missing.

Using *SystemLook* like you did before, when we were trying to locate the Juniper files, can you do this for me:


Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:


```
:filefind
wuauclt.exe
wscntfy.exe
ctfmon.exe
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

---------------

Flavelle, if you want to jump in anytime with a cleanup of the startup entries, go for it :up:

-------------

eddie


----------



## flavallee (May 12, 2002)

fryguy8585:

After you've completed eddie5659's instructions for getting rid of AVG and have restarted your computer, start HiJackThis and run a scan, then submit that new log here.

----------------------------------------------------------------


----------



## fryguy8585 (Aug 24, 2006)

In trying to delete C:\Program Files/AVG, I received the error shown in the screen shot.


----------



## eddie5659 (Mar 19, 2001)

Have you rebooted the computer before you tried to delete the folder?

eddie


----------



## fryguy8585 (Aug 24, 2006)

Yes, I rebooted and am still having trouble deleting it. It happens to be the free version, not the paid version. I'm not sure if that makes a difference.


----------



## eddie5659 (Mar 19, 2001)

Er, looks like we made a mistake 

It looks like you have McAfee Security Scan Plus installed, which just checks the status of software, and not the McAfee Security Scan Pro which we thought you had.

So, whilst trying to eat some humble pie, don't worry about the AVG folders for now (we'll sort them out in a bit), but can you get this antivirus:

*Avast Home Edition*

I do know that the latest version of AVG is having a few problems, so its best to not download that at the moment, but I use Avast all the time 

Just don't want you without any antivirus programs.

eddie


----------



## flavallee (May 12, 2002)

eddie5659 said:


> It looks like you have McAfee Security Scan Plus installed, which just checks the status of software, and not the McAfee Security Scan Pro which we thought you had.


That was a typo on my part. It should've been "Plus" instead of "Pro".

---------------------------------------------------------------


----------



## fryguy8585 (Aug 24, 2006)

Ok, I installed Avast.

Happy New Year!


----------



## eddie5659 (Mar 19, 2001)

Happy New Year 

Will wait for flavallee to reply for his stuff


----------



## fryguy8585 (Aug 24, 2006)

Hey Eddie,

Is there anything else I should be doing? Or are we still waiting on flavallee?


----------



## flavallee (May 12, 2002)

I went back and read this entire thread and haven't had any involvement in it, other than to make a comment in post #86 about AVG and McAfee and the startup list.

------------------------------------------------------------------

Are you still using versions 1.46 and 4.44.0.1000 of *Malwarebytes Anti-Malware* and *SUPERAntiSpyware*, or have you updated them to versions 1.50.1.1100 and 4.48.0.1000?

------------------------------------------------------------------


----------



## eddie5659 (Mar 19, 2001)

Hiya

I've been away for a week, so not been able to catchup here.

I'll have a read thru this thread, and see what stage we're at tonight


----------



## eddie5659 (Mar 19, 2001)

Okay, there was just this to look at that Combofix had problems with, so can we see if they're still missing.

Using *SystemLook* like you did before, when we were trying to locate the Juniper files, can you do this for me:


Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:


```
:filefind
wuauclt.exe
wscntfy.exe
ctfmon.exe
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

eddie


----------



## fryguy8585 (Aug 24, 2006)

Sorry it took a while to get back to you. Here's the scan. I should also mention that my school's network requires a download of McAfee Anti-virus software, so as of right now, it looks like I have McAfee, Avast, and that AVG Anti-Virus Free Edition 2011 (that we couldn't figure out how to get rid of.)

SystemLook 04.09.10 by jpshortstuff
Log created at 20:45 on 01/02/2011 by David Schuldenfrei
Administrator - Elevation successful

========== filefind ==========

Searching for "wuauclt.exe"
No files found.

Searching for "wscntfy.exe"
No files found.

Searching for "ctfmon.exe"
No files found.

-= EOF =-


----------



## flavallee (May 12, 2002)

fryguy8585 said:


> I should also mention that my school's network requires a download of McAfee Anti-virus software, so as of right now, it looks like I have McAfee, Avast, and that AVG Anti-Virus Free Edition 2011 (that we couldn't figure out how to get rid of.)


You've got *3* antivirus programs installed and running at the same time? 

I'll leave you with eddie5659.

--------------------------------------------------------------


----------



## eddie5659 (Mar 19, 2001)

Okay, as you have Mcafee and that's needed for your school, uninstall Avast from AddRemove via the Control Panel. We'll look at the AVG after.

In the meantime, as those files are missing and they're needed by Windows, see if this works:

Okay, lets try this first.

Go to start | Run and type this in:

*cmd*

And press Enter

Now, in the box that pops up, type the following. Note the space before the /:

*sfc /scannow*

And press Enter.

This will scan your system for any corrupted files, and may replace them. If Windows was preinstalled, it should be able to locate the originals in the cab files.

If not, you're looking for the Windows XP disk, that should have the product ID number on it. Don't type the number here, its just so you know which one to look for 

It may take a while, so grab a cuppa 

Let me know if there are any problems/questions.

eddie


----------



## fryguy8585 (Aug 24, 2006)

Eddie,

I deleted avast, but I am being asked to insert the Windows XP Service Pack 3 disk that I do not have with me at school. However, I will be going home this weekend and the disk should be there. My only concern is that a friend of a friend worked on my computer a few years ago and installed Windows XP Professional on my machine. I only have the Home Edition that my computer came with.

What do you recommend I do?


----------



## eddie5659 (Mar 19, 2001)

Well, the two files:

wuauclt.exe
wscntfy.exe

Can be attributed to your Windows Update.

See if going here still works:

http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us


----------



## fryguy8585 (Aug 24, 2006)

I was able to perform the update, even though I was still getting pop-ups about registered files and inserting my Service Pack 3 CD, as I have been getting for a while now.


----------



## eddie5659 (Mar 19, 2001)

Okay, so looks like the missing files aren't a major problem, but you did say that you have the Service Pack CD at home, so let us know how that goes. I have a feeling it will be replacing any corrupt files that you have.


----------



## fryguy8585 (Aug 24, 2006)

So once I get the disk, should I run that scan with the cmd prompt again?


----------



## eddie5659 (Mar 19, 2001)

It may work with SP3 disk, but I thought you were getting prompts about inserting the disk regarding registered files.

If so, when you get the popup, insert the disk and it should start to re-register the files.


----------



## fryguy8585 (Aug 24, 2006)

I have the Service Pack 2 CD, ran that command prompt again and still got the error telling me to insert Service Pack 3...which I do not have. What's the next step?


----------



## eddie5659 (Mar 19, 2001)

Okay, looks like for some reason Service Pack 3 is having problems, so re-install it from here:

http://windows.microsoft.com/en-us/windows/help/learn-how-to-install-windows-xp-service-pack-3-sp3


----------



## fryguy8585 (Aug 24, 2006)

Okay so I went to install Service Pack 3 but it said I was already all up date so it didn't do anything. Now I am getting something that says I do not have a genuine version of of Windows and that I may be at a security risk because of it. Again, this could go back to what that friend of a friend did for me a couple of years ago where I just gave him my computer and said, "Fix it."


----------



## eddie5659 (Mar 19, 2001)

Okay, lets have a look at this:

Please run the MGA Diagnostic Tool and post back the report it shall produce:

Download *MGADiag* to your desktop.
Double-click on MGADiag.exe to launch the program
Click "Continue"
Ensure that the "Windows" tab is selected (it should be by default).
Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
Paste the MGA Diagnostic Report back here in your next reply.


----------



## fryguy8585 (Aug 24, 2006)

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Blocked VLK
Validation Code: 3
Cached Validation Code: N/A
Windows Product Key: *****-*****-3R89F-D2KXW-VPK3J
Windows Product Key Hash: Ro/Y7HENE9CfW7lW+QtlNbYQEE8=
Windows Product ID: 76487-640-8365391-23371
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {4847C449-BAE0-4154-AB13-DEDC47ECED1D}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.42.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 3
File Exists: Yes
Version: 1.9.40.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Standard 2007 - 100 Genuine
Microsoft Office Access 2007 - 100 Genuine
Microsoft Office Excel 2007 - 100 Genuine
Microsoft Office PowerPoint 2007 - 100 Genuine
Microsoft Office Outlook 2007 - 100 Genuine
Microsoft Office Word 2007 - 100 Genuine
Microsoft Office Home and Student 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-800a_E2AD56EA-766-1f7_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-8

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\WINDOWS\system32\syssetup.dll[5.1.2600.5512], Hr = 0x800b0100

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{4847C449-BAE0-4154-AB13-DEDC47ECED1D}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-VPK3J</PKey><PID>76487-640-8365391-23371</PID><PIDType>1</PIDType><SID>S-1-5-21-1177238915-1343024091-1417001333</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>MP061 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A01</Version><SMBIOSVersion major="2" minor="4"/><Date>20060317000000.000000+000</Date></BIOS><HWID>AACD3CCF0184C07F</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>1</stat><msppid></msppid><name>TinyXP Rev09 [4]</name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.9.40.0"/><File Name="WgaLogon.dll" Version="1.9.40.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0012-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Standard 2007</Name><Ver>12</Ver><Val>1A4ED471201A586</Val><Hash>c9RB1C4E9G3oH2cRWnkxxInmZq0=</Hash><Pid>89396-707-0259516-65228</Pid><PidType>14</PidType></Product><Product GUID="{90120000-0015-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Access 2007</Name><Ver>12</Ver><Val>5BFC5B78C91AF10</Val><Hash>L6vHUmS03rrrMrvy44Z4Zxd/+eA=</Hash><Pid>89384-904-8989001-63121</Pid><PidType>1</PidType></Product><Product GUID="{90120000-0016-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Excel 2007</Name><Ver>12</Ver><Val>23A6AB3B5DE586</Val><Hash>N9xhuiP4yR3lxdByMf3scfqXYQ8=</Hash><Pid>89385-707-0255702-63701</Pid><PidType>14</PidType></Product><Product GUID="{90120000-0018-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office PowerPoint 2007</Name><Ver>12</Ver><Val>23A6AB3B5DE586</Val><Hash>N9xhuiP4yR3lxdByMf3scfqXYQ8=</Hash><Pid>89400-707-0255702-63325</Pid><PidType>14</PidType></Product><Product GUID="{90120000-001A-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Outlook 2007</Name><Ver>12</Ver><Val>23A6AB3B5DE586</Val><Hash>N9xhuiP4yR3lxdByMf3scfqXYQ8=</Hash><Pid>89399-707-0255702-63276</Pid><PidType>14</PidType></Product><Product GUID="{90120000-001B-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Word 2007</Name><Ver>12</Ver><Val>23A6AB3B5DE586</Val><Hash>N9xhuiP4yR3lxdByMf3scfqXYQ8=</Hash><Pid>89407-707-0255702-63537</Pid><PidType>14</PidType></Product><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><Val>A098504E66B1B2E</Val><Hash>8VWndQ7ZFwjOGrUzfC1/K4FVap8=</Hash><Pid>81602-407-3231633-68868</Pid><PidType>10</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 4000ell Inc|4000:Microsoft Corporation
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A


----------



## eddie5659 (Mar 19, 2001)

Looks like the version of Windows you have installed isn't legal. It's a volume license that was blocked because either it's unauthorized to be transferred from a corporation to an individual, or its not a legal version.

So, for the error's you're receiving, the only way to stop these is to buy a legit version of Windows XP


----------



## fryguy8585 (Aug 24, 2006)

I have my brother mailing me the Service Pack 2 CD for the Home Edition...is there anyway we can get that back onto my machine?


----------



## eddie5659 (Mar 19, 2001)

Don't think it'll work. It's the entire Windows. If it's the same version you can use the CD to install it but you have to buy a valid license key to activate as you don't have one so you might as well get the proper CD with SP3 at the same time.


----------



## fryguy8585 (Aug 24, 2006)

I would assume that the computer came with an original installation CD of Windows that should be laying around my house somewhere, perhaps that would do it? Again, the version I have now was put on my computer by a friend of a friend who supposedly knew how to fix computers. I did have a legal, valid copy of XP on this computer before I gave it to him to fix.


----------



## eddie5659 (Mar 19, 2001)

If you can get the original CD, it will have to be a format, so I would suggest backing up all your important files before. Things for college/work, home stuff like certain pictures etc.

You will need the license key, so make sure the disk has it before formatting. It should be either on the CD box, or on the booklet that came with the disk.


----------

