Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google search results redirected

Started by drumking78 , Feb 07 2009 01:01 AM

  • Please log in to reply

#1
drumking78
Posted 07 February 2009 - 01:01 AM

drumking78

    New Member

  • Member
  • Pip
  • 4 posts
Hi. Recently when I click on any google search results I get redirected to other websites when I click a link. I ran MBAM and my antivirus (AVG), rebooting after each and still have to same problem. Here is the log from HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:54:32 AM, on 2009-02-07
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~2\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~2\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~2\Grisoft\AVG7\avgemc.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\System32\CTsvcCDA.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\program files\MagicTune Premium\MagicTuneEngine.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\STOPzilla!\STOPzilla.exe
D:\WINDOWS\System32\MsPMSPSv.exe
D:\program files\MagicTune Premium\MagicTune.exe
D:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
D:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
D:\Program Files\Microsoft IntelliType Pro\type32.exe
D:\Program Files\Microsoft IntelliPoint\point32.exe
D:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe
D:\WINDOWS\V0270Mon.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\WINDOWS\CTHELPER.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\PROGRA~2\Grisoft\AVG7\avgcc.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
D:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
D:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
D:\Documents and Settings\Douglas Hawkins\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
D:\Program Files\Windows Media Player\WMPNSCFG.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\program files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\program files\MagicTune Premium\GammaTray.exe
D:\program files\SEC\Natural Color Pro\NCProTray.exe
D:\program files\Orbitdownloader\orbitdm.exe
D:\program files\CyberPower\PowerPanel\PowPanel.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\program files\Orbitdownloader\orbitnet.exe
D:\PROGRA~2\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
D:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
D:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
D:\program files\Mozilla Firefox\firefox.exe
D:\program files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: (no name) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - D:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: (no name) - {208329A3-615B-4225-9322-9CA6161FEFFB} - D:\WINDOWS\system32\byXPHxUl.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {4614CA41-DD4E-4DC2-B2EB-99AC41945A86} - D:\WINDOWS\system32\rqRJBUmJ.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~2\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7CABF84D-9887-4E4A-9694-B0B40E28BBC2} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {B40AC783-253A-4555-8C7E-5B93614B3C52} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - D:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)
O2 - BHO: (no name) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - D:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] D:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] D:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WINCINEMAMGR] "D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [type32] "D:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "D:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Name of App] D:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [V0270Mon.exe] D:\WINDOWS\V0270Mon.exe
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "D:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~2\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\RunOnce: [GrpConv] grpconv.exe -o
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [RemoteCenter] D:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "D:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [OCAEBNDVDUpdate] D:\Program Files\ObjectCube\XXX2Burn DVD Wizard\xxx2burn.exe /update
O4 - HKCU\..\Run: [Nokia.PCSync] "D:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Douglas Hawkins\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] D:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~2\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] D:\PROGRA~2\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] D:\PROGRA~2\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] D:\PROGRA~2\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: BJ Status Monitor Canon i960.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: NCProTray.lnk = ?
O4 - Global Startup: Orbit.lnk = D:\program files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: PowerPanel.lnk = D:\program files\CyberPower\PowerPanel\PowPanel.exe
O8 - Extra context menu item: &Download by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://D:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~2\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Send to &Bluetooth Device... - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~2\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~2\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~2\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1189008553700
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1200453490671
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15030/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~2\MI1933~1\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: cbXQgHxu - D:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\program files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~2\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~2\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~2\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MagicTuneEngine - Unknown owner - D:\program files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - D:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: TVersityMediaServer - Unknown owner - D:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - D:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - D:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 16222 bytes


Also, here is the uninstall list:

Ad-Aware 2007
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Linguistics CS4
Adobe Media Player
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 8.1.2
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AIM 6
Apple Software Update
Ares 2.0.9
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Audacity 1.2.6
AVI Joiner version 1.22
AVI Video Joiner 1.2
AviSynth 2.5
AVS Video Converter 6
AVS4YOU Software Navigator 1.2
Canon i960
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PhotoPrint Plus
Connect
Creative Audio Console
Creative Live! Cam Center
Creative Live! Cam Manager
Creative Live! Cam Optia Driver (1.01.02.00)
Creative Live! Cam Optia User's Guide (English)
Creative MediaSource
Creative Photo Calendar
Creative Photo Manager
Creative Software AutoUpdate
Creative System Information
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DTS Neo:6 Settings
DVD Decrypter (Remove Only)
Easy Video Joiner 5.21
Easy-WebPrint
ERUNT 1.1j
ffdshow [rev 1324] [2007-07-01]
Firebird SQL Server - MAGIX Edition
FLV Player 2.0, build 24
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 4.2.0620
FW LiveUpdate
Google Gmail Notifier
Guitar Chord Legend 1.00
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
InterVideo Launcher
iS3 ANTIvirus by AVG
J2SE Runtime Environment 5.0 Update 1
Java Application Platform SDK
Java™ 6 Update 11
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
K-Lite Codec Pack 3.5.3 Full
kSolo Recorder
kuler
Live 6.0.10
Live 7.0.3
MagicTune Premium
Malwarebytes' Anti-Malware
MAXpc
Memorex exPressit Label Design Studio
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.6)
Mozilla Thunderbird (2.0.0.9)
Mp3tag v2.42
MSVC80_x86
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 4.1
Natural Color Pro
Nero OEM
Nero Suite
Netscape Navigator (9.0.0.5)
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
Open Video Joiner version 3.21
OpenCV 3x
OpenOffice.org 2.3
Opera 9.51
Orbit Downloader
PC Connectivity Solution
PDF Settings CS4
Photoshop Camera Raw
Picasa 3
PopCap Browser Plugin
PowerPanel 2.03
PS Media Tunnel
PS3 Media Center X 0.92
PS3 Video 9 4.04
QuickTime
RealPlayer
Registry Mechanic 5.1
Rhapsody
Rhapsody Player Engine
Rhapsody Player Engine
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Sibelius Scorch
Sibelius Scorch (ActiveX Only)
Sibelius Scorch Plugin
SightSpeed (remove only)
SmartSound Quicktracks Plugin
Sound Blaster Audigy 2 ZS
Spybot - Search & Destroy
STOPzilla
Studio 9
Suite Shared Configuration CS4
SUPERAntiSpyware Free Edition
TBS WMP Plug-in
Text-To-Speech-Runtime
The Ultimate Troubleshooter
TVersity Codec Pack 1.1
TVersity Media Server 0.9.11.4 beta
TVersity Media Server 0.9.10.8a beta
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Utherverse 3D Client
VC 9.0 Runtime
VideoLAN VLC media player 0.8.6h
Virtual Desktop Manager Powertoy for Windows XP
WIDCOMM Bluetooth Software
Winamp (remove only)
Windows Driver Package - Nokia Modem (03/05/2008 3.7)
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
Windows Driver Package - Nokia Modem (05/22/2008 3.8)
Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinRAR archiver
XoftSpySE
XP Codec Pack
XXX2Burn DVD Wizard (remove only)
Yahoo! Anti-Spy
Yahoo! Messenger
ZoneAlarm
ZoneAlarm Spy Blocker



Thanks in advance for your help
  • 0

Advertisements

#2
kahdah
Posted 07 February 2009 - 07:00 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello drumking78

Welcome to G2Go. :)
=====================

Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.
---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.
================
Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
  • 0

#3
drumking78
Posted 07 February 2009 - 01:13 PM

drumking78

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
DDS.txt:


DDS (Ver_09-02-01.01) - NTFSx86
Run by Douglas Hawkins at 13:42:58.18 on 2009-02-07
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1039 [GMT -5:00]

AV: AVG 7.5.552 *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *enabled*

============== Running Processes ===============

D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost -k DcomLaunch
D:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~2\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~2\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~2\Grisoft\AVG7\avgemc.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\System32\CTsvcCDA.exe
D:\WINDOWS\System32\svchost.exe -k HTTPFilter
D:\Program Files\Java\jre6\bin\jqs.exe
D:\program files\MagicTune Premium\MagicTuneEngine.exe
D:\WINDOWS\System32\svchost.exe -k imgsvc
D:\WINDOWS\System32\MsPMSPSv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\STOPzilla!\STOPzilla.exe
D:\program files\MagicTune Premium\MagicTune.exe
D:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
D:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
D:\Program Files\Microsoft IntelliType Pro\type32.exe
D:\Program Files\Microsoft IntelliPoint\point32.exe
D:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe
D:\WINDOWS\V0270Mon.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\WINDOWS\CTHELPER.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\PROGRA~2\Grisoft\AVG7\avgcc.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
D:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
D:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
D:\Documents and Settings\Douglas Hawkins\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
D:\Program Files\Windows Media Player\WMPNSCFG.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\program files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\program files\MagicTune Premium\GammaTray.exe
D:\program files\SEC\Natural Color Pro\NCProTray.exe
D:\program files\Orbitdownloader\orbitdm.exe
D:\program files\CyberPower\PowerPanel\PowPanel.exe
D:\program files\Orbitdownloader\orbitnet.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
D:\PROGRA~2\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
D:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
D:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
D:\PROGRA~2\Grisoft\AVG7\avgw.exe
D:\program files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Douglas Hawkins\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = google.com
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = local
BHO: {000123B4-9B42-4900-B3F7-F4B073EFC214} - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - d:\program files\stopzilla!\SZSG.dll
BHO: {208329a3-615b-4225-9322-9ca6161feffb} - d:\windows\system32\byXPHxUl.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {4614ca41-dd4e-4dc2-b2eb-99ac41945a86} - d:\windows\system32\rqRJBUmJ.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\progra~2\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\progra~2\mi1933~1\office12\GRA8E1~1.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - d:\program files\java\jre6\bin\ssv.dll
BHO: {7CABF84D-9887-4E4A-9694-B0B40E28BBC2} - No File
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: {B40AC783-253A-4555-8C7E-5B93614B3C52} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - d:\program files\stopzilla!\SZIEBHO.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No File
BHO: {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - No File
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - d:\program files\canon\easy-webprint\Toolband.dll
TB: ZoneAlarm Spy Blocker: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - d:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - d:\program files\stopzilla!\SZSG.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [RemoteCenter] d:\program files\creative\mediasource\remotecontrol\RCMan.EXE
uRun: [Creative Live! Cam Manager] "d:\program files\creative\creative live! cam\live! cam manager\CTLCMgr.exe"
uRun: [SpybotSD TeaTimer] d:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
uRun: [PC Suite Tray] "d:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [OCAEBNDVDUpdate] d:\program files\objectcube\xxx2burn dvd wizard\xxx2burn.exe /update
uRun: [Nokia.PCSync] "d:\program files\nokia\nokia pc suite 7\PCSync2.exe" /NoDialog
uRun: [Google Update] "d:\documents and settings\douglas hawkins\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] d:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] d:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [CTSysVol] d:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTDVDDET] d:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDet.EXE
mRun: [SBDrvDet] d:\program files\creative\sb drive det\SBDrvDet.exe /r
mRun: [UpdReg] d:\windows\UpdReg.EXE
mRun: [NeroFilterCheck] d:\windows\system32\NeroCheck.exe
mRun: [WINCINEMAMGR] "d:\program files\intervideo\common\bin\WinCinemaMgr.exe"
mRun: [type32] "d:\program files\microsoft intellitype pro\type32.exe"
mRun: [IntelliPoint] "d:\program files\microsoft intellipoint\point32.exe"
mRun: [Name of App] d:\program files\samsung\fw liveupdate\FWManager.exe r
mRun: [QuickTime Task] "d:\program files\quicktime\qttask.exe" -atboottime
mRun: [V0270Mon.exe] d:\windows\V0270Mon.exe
mRun: [StartCCC] "d:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [SunJavaUpdateSched] "d:\program files\java\jre6\bin\jusched.exe"
mRun: [RegistryMechanic]
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [PinnacleDriverCheck] d:\windows\system32\PSDrvCheck.exe -CheckReg
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "d:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AdobeCS4ServiceManager] "d:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [ZoneAlarm Client] "d:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [AVG7_CC] d:\progra~2\grisoft\avg7\avgcc.exe /STARTUP
mRun: [GrooveMonitor] "d:\program files\microsoft office\office12\GrooveMonitor.exe"
mRunOnce: [GrpConv] grpconv.exe -o
dRun: [AVG7_Run] d:\progra~2\grisoft\avg7\avgw.exe /RUNONCE
StartupFolder: d:\docume~1\dougla~1\startm~1\programs\startup\BJSTAT~1.LNK -
StartupFolder: d:\docume~1\alluse~1.win\startm~1\programs\startup\blueto~1.lnk - d:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: d:\docume~1\alluse~1.win\startm~1\programs\startup\gammat~1.lnk - d:\program files\magictune premium\GammaTray.exe
StartupFolder: d:\docume~1\alluse~1.win\startm~1\programs\startup\ncprot~1.lnk - d:\program files\sec\natural color pro\NCProTray.exe
StartupFolder: d:\docume~1\alluse~1.win\startm~1\programs\startup\orbit.lnk - d:\program files\orbitdownloader\orbitdm.exe
StartupFolder: d:\docume~1\alluse~1.win\startm~1\programs\startup\powerp~1.lnk - d:\program files\cyberpower\powerpanel\PowPanel.exe
IE: &Download by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - d:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - d:\progra~2\mi1933~1\office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - d:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - d:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - d:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - d:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: Send to &Bluetooth Device... - d:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - d:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\progra~2\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~2\mi1933~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\progra~2\spybot~1\SDHelper.dll
LSP: d:\program files\common files\is3\anti-spyware\iS3lsp.dll
Trusted Zone: aol.com\free
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189008553700
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200453490671
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\progra~2\mi1933~1\office12\GR99D3~1.DLL
Notify: !SASWinLogon - d:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\progra~2\mi1933~1\office12\GRA8E1~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 d:\windows\system32\byXPHxUl

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\dougla~1\applic~1\mozilla\firefox\profiles\0dqawfms.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - component: d:\documents and settings\douglas hawkins\application data\mozilla\firefox\profiles\0dqawfms.default\extensions\[email protected]\components\BkMrkExt.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpjplug.dll
FF - plugin: d:\documents and settings\douglas hawkins\application data\mozilla\firefox\profiles\0dqawfms.default\extensions\[email protected]\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: d:\documents and settings\douglas hawkins\local settings\application data\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: d:\program files\google\picasa3\npPicasa3.dll
FF - plugin: d:\program files\ksolo\npAVX.dll
FF - plugin: d:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - plugin: d:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: d:\program files\mozilla firefox\plugins\NPZoneSB.dll
FF - plugin: d:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: d:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 ivicd;Ivi CDVD Filter Driver;d:\windows\system32\drivers\ivicd.sys [2007-9-5 38784]
R0 szkg5;szkg;d:\windows\system32\drivers\SZKG.sys [2008-12-2 54656]
R1 Avg7Core;AVG7 Kernel;d:\windows\system32\drivers\avg7core.sys [2008-12-29 821856]
R1 Avg7RsW;AVG7 Wrap Driver;d:\windows\system32\drivers\avg7rsw.sys [2008-12-29 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP;d:\windows\system32\drivers\avg7rsxp.sys [2008-12-29 27776]
R1 AvgClean;AVG7 Clean Driver;d:\windows\system32\drivers\avgclean.sys [2008-12-29 10760]
R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R1 vsdatant;vsdatant;d:\windows\system32\vsdatant.sys [2008-10-1 353680]
R2 aawservice;Ad-Aware 2007 Service;d:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-10-29 587096]
R2 Avg7Alrt;AVG7 Alert Manager Server;d:\progra~2\grisoft\avg7\avgamsvr.exe [2008-12-29 418816]
R2 Avg7UpdSvc;AVG7 Update Service;d:\progra~2\grisoft\avg7\avgupsvc.exe [2008-12-29 49664]
R2 AVGEMS;AVG E-mail Scanner;d:\progra~2\grisoft\avg7\avgemc.exe [2008-12-29 406528]
R2 AvgTdi;AVG Network Redirector;d:\windows\system32\drivers\avgtdi.sys [2008-12-29 4960]
R2 PfDetNT;PfDetNT;d:\windows\system32\drivers\pfmodnt.sys [2006-8-11 8192]
R2 vsmon;TrueVector Internet Monitor;d:\windows\system32\zonelabs\vsmon.exe -service --> d:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 SASENUM;SASENUM;d:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"d:\program files\viewpoint\common\viewpointservice.exe" --> d:\program files\viewpoint\common\ViewpointService.exe [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;d:\program files\magix\common\database\bin\fbserver.exe [2009-1-7 1527900]
S3 iviudf;iviudf;d:\windows\system32\drivers\IviUdf.sys [2007-9-5 116224]
S3 VF0270Dev;Live! Cam Optia;d:\windows\system32\drivers\V0270Dev.sys [2007-9-5 225632]
S3 VF0270Vfx;VF0270 Video FX;d:\windows\system32\drivers\V0270Vfx.sys [2007-9-5 6912]

=============== Created Last 30 ================

2009-02-07 13:07 2,144 a------- d:\windows\system32\drivers\kgpcpy.cfg
2009-02-07 01:54 <DIR> --d----- d:\program files\Trend Micro
2009-02-07 01:30 <DIR> --d----- d:\docume~1\dougla~1\applic~1\Malwarebytes
2009-02-07 01:30 15,504 a------- d:\windows\system32\drivers\mbam.sys
2009-02-07 01:30 38,496 a------- d:\windows\system32\drivers\mbamswissarmy.sys
2009-02-07 01:30 <DIR> --d----- d:\program files\Malwarebytes' Anti-Malware
2009-02-07 01:30 <DIR> --d----- d:\docume~1\alluse~1.win\applic~1\Malwarebytes
2009-02-05 02:26 <DIR> --d----- d:\program files\XoftSpySE
2009-02-05 02:02 161,792 a------- d:\windows\SWREG.exe
2009-02-05 02:02 98,816 a------- d:\windows\sed.exe
2009-02-05 02:01 <DIR> --d----- D:\ComboFix
2009-02-05 02:01 389,120 a------- d:\windows\system32\CF7598.exe
2009-02-05 02:01 2,204 a------- d:\windows\ojmaczrh
2009-02-05 02:01 1,014 a--sh--- d:\windows\system32\lUxHPXyb.ini
2009-02-05 02:01 591 a--sh--- d:\windows\system32\lUxHPXyb.ini2
2009-02-01 14:52 32,592 a------- d:\windows\system32\msonpmon.dll
2009-02-01 14:45 <DIR> --d----- d:\program files\Microsoft Visual Studio 8
2009-02-01 14:44 <DIR> --d----- d:\windows\SHELLNEW
2009-01-25 18:50 <DIR> --d----- d:\windows\Logs
2009-01-22 00:47 <DIR> --d----- d:\docume~1\dougla~1\applic~1\Intuit
2009-01-22 00:45 <DIR> --d----- d:\program files\common files\AnswerWorks 5.0
2009-01-22 00:42 <DIR> --d----- d:\program files\common files\Intuit
2009-01-22 00:42 <DIR> --d----- d:\docume~1\alluse~1.win\applic~1\Intuit
2009-01-22 00:42 <DIR> --d----- d:\program files\TurboTax
2009-01-18 01:16 91 a------- D:\sysrun23.dll
2009-01-18 01:14 209,608 -------- d:\windows\system32\TABCTL32.OCX
2009-01-18 01:14 <DIR> --d----- d:\program files\Northworks Solutions Ltd
2009-01-17 14:20 68 a------- d:\windows\MyProg.ini
2009-01-16 20:30 <DIR> --d----- D:\Redding Sound
2009-01-12 02:45 124,688 a------- d:\windows\system32\MSWinSck.ocx
2009-01-12 02:45 1,753,088 a------- d:\windows\system32\ExGrid.dll
2009-01-12 02:45 614,400 a------- d:\windows\system32\ExButton.dll
2009-01-12 02:45 602,112 a------- d:\windows\system32\ExMenu.dll
2009-01-12 02:45 307,200 a------- d:\windows\system32\ExPMenu.dll
2009-01-12 02:45 516,096 a------- d:\windows\system32\ExTab.dll
2009-01-12 02:45 356,352 a------- d:\windows\system32\eSellerateEngine.dll
2009-01-12 02:45 118,784 a------- d:\windows\system32\eWebControl.dll
2009-01-12 02:45 <DIR> --d----- d:\program files\common files\eSellerate
2009-01-12 02:44 <DIR> --d----- d:\program files\AnswersThatWork

==================== Find3M ====================

2009-02-06 01:04 4,508 a------- d:\windows\system32\tmp.reg
2009-01-07 16:07 162,454 a------- d:\windows\pchealth\helpctr\config\cache\Personal_32_1033.dat
2009-01-05 17:33 3,751,995 a------- d:\windows\system32\GPhotos.scr
2009-01-01 04:05 675,500 a--sh--- d:\windows\system32\JmUBJRqr.ini2
2008-12-31 14:05 102,664 a------- d:\windows\system32\drivers\tmcomm.sys
2008-12-28 00:50 410,984 a------- d:\windows\system32\deploytk.dll
2008-12-17 17:26 17,408 a----r-- d:\windows\system32\SZIO5.dll
2008-12-17 17:25 282,624 a----r-- d:\windows\system32\SZBase5.dll
2008-12-17 17:24 540,672 a----r-- d:\windows\system32\SZComp5.dll
2008-12-09 13:53 4,212 a---h--- d:\windows\system32\zllictbl.dat
2008-11-24 16:19 126,976 a----r-- d:\windows\system32\IS3HTUI5.dll
2008-11-24 16:19 364,544 a----r-- d:\windows\system32\IS3DBA5.dll
2008-11-24 16:18 372,736 a----r-- d:\windows\system32\IS3UI5.dll
2008-11-24 16:18 61,440 a----r-- d:\windows\system32\IS3Hks5.dll
2008-11-24 16:18 23,040 a----r-- d:\windows\system32\IS3XDat5.dll
2008-11-24 16:17 212,992 a----r-- d:\windows\system32\IS3Win325.dll
2008-11-24 16:17 94,208 a----r-- d:\windows\system32\IS3Inet5.dll
2008-11-24 16:17 90,112 a----r-- d:\windows\system32\IS3Svc5.dll
2008-11-24 16:14 708,608 a----r-- d:\windows\system32\IS3Base5.dll
2008-11-13 15:18 1,221,008 a------- d:\windows\system32\zpeng25.dll
2008-07-02 21:47 1,568 a------- d:\docume~1\dougla~1\applic~1\mpauth.dat
2007-09-05 11:53 65 a------- d:\program files\common files\appop.log
2003-07-02 00:00 12,800 a------- d:\documents and settings\douglas hawkins\cnmss Canon i960 (Local).exe
2008-01-31 02:19 132 a--shr-- d:\windows\Regbak.dat
2008-08-01 20:57 32,768 a--sh--- d:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080120080802\index.dat

============= FINISH: 13:43:54.45 ===============



Attach.txt:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 2007-09-05 10:58:25 AM
System Uptime: 2009-02-07 1:07:03 PM (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | A8N-SLI DELUXE
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4200+ | Socket 939 | 2211/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 186 GiB total, 108.047 GiB free.
D: is FIXED (NTFS) - 186 GiB total, 84.408 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Memory Controller
Device ID: PCI\VEN_10DE&DEV_005E&SUBSYS_00000000&REV_A3\3&2411E6FE&0&00
Manufacturer:
Name: PCI Memory Controller
PNP Device ID: PCI\VEN_10DE&DEV_005E&SUBSYS_00000000&REV_A3\3&2411E6FE&0&00
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_10DE&DEV_0052&SUBSYS_815A1043&REV_A2\3&2411E6FE&0&09
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_10DE&DEV_0052&SUBSYS_815A1043&REV_A2\3&2411E6FE&0&09
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_10DE&DEV_005B&SUBSYS_815A1043&REV_A3\3&2411E6FE&0&11
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_10DE&DEV_005B&SUBSYS_815A1043&REV_A3\3&2411E6FE&0&11
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\4&13699180&0&3848
Manufacturer: Realtek
Name: Realtek RTL8139 Family PCI Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\4&13699180&0&3848
Service: rtl8139

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: RAID Controller
Device ID: PCI\VEN_1095&DEV_3114&SUBSYS_81671043&REV_02\4&13699180&0&5048
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_1095&DEV_3114&SUBSYS_81671043&REV_02\4&13699180&0&5048
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_811A1043&REV_13\4&13699180&0&6048
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_811A1043&REV_13\4&13699180&0&6048
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Other PCI Bridge Device
Device ID: PCI\VEN_10DE&DEV_0057&SUBSYS_81411043&REV_A3\3&2411E6FE&0&50
Manufacturer:
Name: Other PCI Bridge Device
PNP Device ID: PCI\VEN_10DE&DEV_0057&SUBSYS_81411043&REV_A3\3&2411E6FE&0&50
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth LAN Access Server Driver
Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTWDNDIS\1&30EE4AD&0&1000000020000
Manufacturer: Broadcom
Name: Bluetooth LAN Access Server Driver
PNP Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTWDNDIS\1&30EE4AD&0&1000000020000
Service: BTWDNDIS

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6555b
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6555b
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

==== System Restore Points ===================

RP364: 2009-02-05 2:01:37 AM - System Checkpoint
RP365: 2009-02-05 2:01:37 AM - Removed Microsoft Office Professional 2007 Trial
RP366: 2009-02-05 2:01:37 AM - Removed SUPERAntiSpyware Free Edition
RP367: 2009-02-05 2:01:37 AM - System Checkpoint
RP368: 2009-02-05 2:01:37 AM - System Checkpoint
RP369: 2009-02-05 2:01:37 AM - System Checkpoint
RP370: 2009-02-05 2:01:37 AM - System Checkpoint
RP371: 2009-02-05 2:01:37 AM - System Checkpoint
RP372: 2009-02-05 2:01:37 AM - System Checkpoint
RP373: 2009-02-05 2:01:37 AM - Software Distribution Service 3.0
RP374: 2009-02-05 2:01:37 AM - System Checkpoint
RP375: 2009-02-05 2:01:37 AM - System Checkpoint
RP376: 2009-02-05 2:01:37 AM - System Checkpoint
RP377: 2009-02-05 2:01:37 AM - Software Distribution Service 3.0
RP378: 2009-02-05 2:01:37 AM - System Checkpoint
RP379: 2009-02-05 2:01:38 AM - System Checkpoint
RP380: 2009-02-05 2:01:38 AM - Software Distribution Service 3.0
RP381: 2009-02-05 2:01:38 AM - System Checkpoint
RP382: 2009-02-05 2:01:38 AM - System Checkpoint
RP383: 2009-02-05 2:01:38 AM - System Checkpoint
RP384: 2009-02-05 2:01:38 AM - System Checkpoint
RP385: 2009-02-05 2:01:38 AM - Installed PC SpeedScan Pro
RP386: 2009-02-05 2:01:38 AM - System Checkpoint
RP387: 2009-02-05 2:01:38 AM - System Checkpoint
RP388: 2009-02-05 2:01:38 AM - System Checkpoint
RP389: 2009-02-05 2:01:38 AM - System Checkpoint
RP390: 2009-02-05 2:01:38 AM - System Checkpoint
RP391: 2009-02-05 2:01:38 AM - System Checkpoint
RP392: 2009-02-05 2:01:38 AM - System Checkpoint
RP393: 2009-02-05 2:01:38 AM - Software Distribution Service 3.0
RP394: 2009-02-05 2:01:38 AM - System Checkpoint
RP395: 2009-02-05 2:01:38 AM - System Checkpoint
RP396: 2009-02-05 2:01:38 AM - System Checkpoint
RP397: 2009-02-05 2:01:38 AM - System Checkpoint
RP398: 2009-02-05 2:01:38 AM - System Checkpoint
RP399: 2009-02-05 2:01:38 AM - System Checkpoint
RP400: 2009-02-05 2:01:38 AM - System Checkpoint
RP401: 2009-02-05 2:01:38 AM - System Checkpoint
RP402: 2009-02-05 2:01:38 AM - System Checkpoint
RP403: 2009-02-05 2:01:38 AM - System Checkpoint
RP404: 2009-02-05 2:01:38 AM - System Checkpoint
RP405: 2009-02-05 2:01:38 AM - System Checkpoint
RP406: 2009-02-05 2:01:38 AM - System Checkpoint
RP407: 2009-02-05 2:01:38 AM - System Checkpoint
RP408: 2009-02-05 2:01:38 AM - System Checkpoint
RP409: 2009-02-05 2:01:38 AM - Software Distribution Service 3.0
RP410: 2009-02-05 2:01:39 AM - System Checkpoint
RP411: 2009-02-05 2:01:39 AM - Software Distribution Service 3.0
RP412: 2009-02-05 2:01:39 AM - System Checkpoint
RP413: 2009-02-05 2:01:39 AM - System Checkpoint
RP414: 2009-02-05 2:01:39 AM - Software Distribution Service 3.0
RP415: 2009-02-05 2:01:39 AM - System Checkpoint
RP416: 2009-02-05 2:01:39 AM - System Checkpoint
RP417: 2009-02-05 2:01:39 AM - System Checkpoint
RP418: 2009-02-05 2:01:39 AM - System Checkpoint
RP419: 2009-02-05 2:01:39 AM - System Checkpoint
RP420: 2009-02-05 2:01:39 AM - Installed Java™ 6 Update 7
RP421: 2009-02-05 2:01:39 AM - Installed Java™ 6 Update 11
RP422: 2009-02-05 2:01:39 AM - Last known good configuration
RP423: 2009-02-05 2:01:39 AM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP424: 2009-02-05 2:01:39 AM - MAXpc Restore Point
RP425: 2009-02-05 2:01:39 AM - Installed AVG 7.5
RP426: 2009-02-05 2:01:39 AM - Uninstall CASHFLOW® THE E-GAME
RP427: 2009-02-05 2:01:40 AM - Last known good configuration
RP428: 2009-02-05 2:01:40 AM - System Checkpoint
RP429: 2009-02-05 2:01:40 AM - System Checkpoint
RP430: 2009-02-05 2:01:40 AM - System Checkpoint
RP431: 2009-02-05 2:01:40 AM - System Checkpoint
RP432: 2009-02-05 2:01:41 AM - System Checkpoint
RP433: 2009-02-05 2:01:41 AM - Installed Text-To-Speech-Runtime
RP434: 2009-02-05 2:01:41 AM - System Checkpoint
RP435: 2009-02-05 2:01:42 AM - System Checkpoint
RP436: 2009-02-05 2:01:42 AM - The Ultimate Troubleshooter Installation
RP437: 2009-02-05 2:01:42 AM - System Checkpoint
RP438: 2009-02-05 2:01:42 AM - Removed RedLightCenter
RP439: 2009-02-05 2:01:43 AM - System Checkpoint
RP440: 2009-02-05 2:01:43 AM - System Checkpoint
RP441: 2009-02-05 2:01:43 AM - System Checkpoint
RP442: 2009-02-05 2:01:43 AM - Installed TurboTax 2008 wrapper
RP443: 2009-02-05 2:01:43 AM - Installed TurboTax 2008 WinPerReleaseEngine
RP444: 2009-02-05 2:01:43 AM - Installed TurboTax 2008 WinPerFedFormset
RP445: 2009-02-05 2:01:43 AM - Installed TurboTax 2008 WinPerTaxSupport
RP446: 2009-02-05 2:01:43 AM - Installed TurboTax 2008 WinPerProgramHelp
RP447: 2009-02-05 2:01:43 AM - Installed TurboTax 2008 WinPerUserEducation
RP448: 2009-02-05 2:01:44 AM - Installed AnswerWorks 5.0 English Runtime
RP449: 2009-02-05 2:01:44 AM - System Checkpoint
RP450: 2009-02-05 2:01:44 AM - System Checkpoint
RP451: 2009-02-05 2:01:44 AM - Installed DirectX
RP452: 2009-02-05 2:01:44 AM - System Checkpoint
RP453: 2009-02-05 2:01:44 AM - Installed TurboTax 2008 wgaiper
RP454: 2009-02-05 2:01:45 AM - Removed TurboTax 2008 wgaiper
RP455: 2009-02-05 2:01:45 AM - Removed AnswerWorks 5.0 English Runtime
RP456: 2009-02-05 2:01:45 AM - Removed TurboTax 2008 WinPerUserEducation
RP457: 2009-02-05 2:01:45 AM - Removed TurboTax 2008 WinPerProgramHelp
RP458: 2009-02-05 2:01:45 AM - Removed TurboTax 2008 WinPerTaxSupport
RP459: 2009-02-05 2:01:45 AM - Removed TurboTax 2008 WinPerFedFormset
RP460: 2009-02-05 2:01:45 AM - Removed TurboTax 2008 WinPerReleaseEngine
RP461: 2009-02-05 2:01:46 AM - Removed TurboTax 2008 wrapper
RP462: 2009-02-05 2:01:46 AM - System Checkpoint
RP463: 2009-02-05 2:01:46 AM - Installed Microsoft Office Enterprise 2007
RP464: 2009-02-05 2:01:46 AM - Printer Driver Send To Microsoft OneNote Driver Installed
RP465: 2009-02-05 2:01:47 AM - System Checkpoint
RP466: 2009-02-05 2:01:47 AM - System Checkpoint
RP467: 2009-02-05 2:01:47 AM - System Checkpoint
RP468: 2009-02-05 2:01:54 AM - Last known good configuration
RP469: 2009-02-05 3:16:57 PM - Installed SUPERAntiSpyware Free Edition
RP470: 2009-02-06 9:13:47 PM - System Checkpoint
RP471: 2009-02-07 1:27:46 AM - Automatic Restore Point

==== Installed Programs ======================


Ad-Aware 2007
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color Common Settings
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS3
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AIM 6
Apple Software Update
Ares 2.0.9
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Audacity 1.2.6
AutoUpdate
AVI Joiner version 1.22
AVI Video Joiner 1.2
AviSynth 2.5
AVS Video Converter 6
AVS4YOU Software Navigator 1.2
Canon i960
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PhotoPrint Plus
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
Connect
Creative Audio Console
Creative Live! Cam Center
Creative Live! Cam Manager
Creative Live! Cam Optia Driver (1.01.02.00)
Creative Live! Cam Optia User's Guide (English)
Creative MediaSource
Creative Photo Calendar
Creative Photo Manager
Creative Software AutoUpdate
Creative System Information
Crossword Weaver 8.0
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DTS Neo:6 Settings
DVD Decrypter (Remove Only)
Easy-WebPrint
Easy Video Joiner 5.21
ERUNT 1.1j
ffdshow [rev 1324] [2007-07-01]
Firebird SQL Server - MAGIX Edition
FLV Player 2.0, build 24
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 4.2.0620
FW LiveUpdate
Google Chrome
Google Gmail Notifier
Guitar Chord Legend 1.00
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
InterVideo Launcher
iS3 ANTIvirus by AVG
J2SE Runtime Environment 5.0 Update 1
Java Application Platform SDK
Java™ 6 Update 11
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
K-Lite Codec Pack 3.5.3 Full
kSolo Recorder
kuler
Live 6.0.10
Live 7.0.3
MagicTune Premium
Malwarebytes' Anti-Malware
MAXpc
Memorex exPressit Label Design Studio
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 5.0
Microsoft IntelliType Pro 5.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.0.6)
Mozilla Thunderbird (2.0.0.9)
Mp3tag v2.42
MSVC80_x86
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 4.1
Natural Color Pro
Nero OEM
Nero Suite
Netscape Navigator (9.0.0.5)
Nokia Connectivity Cable Driver
Nokia PC Suite
Open Video Joiner version 3.21
OpenCV 3x
OpenOffice.org 2.3
Opera 9.51
Orbit Downloader
PC Connectivity Solution
PDF Settings CS4
Photoshop Camera Raw
Picasa 3
PopCap Browser Plugin
PowerPanel 2.03
PS Media Tunnel
PS3 Media Center X 0.92
PS3 Video 9 4.04
QuickTime
RealPlayer
Registry Mechanic 5.1
Rhapsody
Rhapsody Player Engine
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Sibelius Scorch
Sibelius Scorch (ActiveX Only)
Sibelius Scorch Plugin
SightSpeed (remove only)
Skins
SmartSound Quicktracks Plugin
Sound Blaster Audigy 2 ZS
Spybot - Search & Destroy
STOPzilla
Studio 9
Suite Shared Configuration CS4
SUPERAntiSpyware Free Edition
TBS WMP Plug-in
Text-To-Speech-Runtime
The Ultimate Troubleshooter
TVersity Codec Pack 1.1
TVersity Media Server 0.9.11.4 beta
TVersity Media Server 0.9.10.8a beta
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Utherverse 3D Client
VC 9.0 Runtime
VideoLAN VLC media player 0.8.6h
Virtual Desktop Manager Powertoy for Windows XP
WebFldrs XP
WIDCOMM Bluetooth Software
Winamp (remove only)
Windows Driver Package - Nokia Modem (03/05/2008 3.7)
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
Windows Driver Package - Nokia Modem (05/22/2008 3.8)
Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinRAR archiver
XoftSpySE
XP Codec Pack
XXX2Burn DVD Wizard (remove only)
Yahoo! Anti-Spy
Yahoo! Messenger
ZoneAlarm
ZoneAlarm Spy Blocker

==== Event Viewer Messages From Past Week ========

2009-02-05 2:08:41 AM, error: ati2mtag [45062] - CRT invalid display type
2009-02-05 2:06:16 AM, error: Service Control Manager [7034] - The MagicTuneEngine service terminated unexpectedly. It has done this 1 time(s).
2009-02-05 2:04:49 AM, error: Service Control Manager [7034] - The AVG7 Alert Manager Server service terminated unexpectedly. It has done this 1 time(s).
2009-02-05 2:04:38 AM, error: Service Control Manager [7034] - The AVG7 Update Service service terminated unexpectedly. It has done this 1 time(s).
2009-02-05 2:04:28 AM, error: Service Control Manager [7034] - The AVG E-mail Scanner service terminated unexpectedly. It has done this 1 time(s).
2009-02-05 2:01:59 AM, error: Service Control Manager [7034] - The STOPzilla Service service terminated unexpectedly. It has done this 1 time(s).
2009-02-05 1:47:48 AM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).
2009-02-04 3:24:47 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
2009-02-01 10:49:41 PM, error: Service Control Manager [7034] - The avast! Web Scanner service terminated unexpectedly. It has done this 1 time(s).
2009-02-05 2:11:04 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ojmaczrh SASDIFSV SASKUTIL
2009-02-05 2:14:14 AM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
2009-02-05 2:14:14 AM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
2009-02-05 2:38:34 AM, error: Service Control Manager [7034] - The Viewpoint Manager Service service terminated unexpectedly. It has done this 1 time(s).
2009-02-05 2:41:31 PM, error: Service Control Manager [7000] - The Viewpoint Manager Service service failed to start due to the following error: The system cannot find the path specified.
2009-02-06 1:02:29 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
2009-02-06 1:03:02 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
2009-02-06 1:03:21 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
2009-02-06 1:03:21 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2009-02-06 1:03:21 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
2009-02-06 1:03:21 AM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
2009-02-06 1:03:21 AM, error: Service Control Manager [7001] - The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2009-02-06 1:03:21 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
2009-02-06 1:03:21 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi Avg7Core Avg7RsW Avg7RsXP Fips IPSec MRxSmb NetBIOS NetBT ohci1394 PCLEPCI Processor RasAcd Rdbss SASDIFSV SASKUTIL Tcpip vsdatant WS2IFSL
2009-02-07 1:37:36 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

==== End Of File ===========================


Tried to run GMER 3 times. All 3 times it scans for about a minute and then I get an error saying GMER encountered an error and needs to close.
  • 0

#4
kahdah
Posted 07 February 2009 - 02:45 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
==============================================
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#5
drumking78
Posted 08 February 2009 - 03:12 PM

drumking78

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Ran ATF Cleaner and Kapersky. Kapersky didn't find anything:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, February 8, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, February 08, 2009 17:19:11
Records in database: 1769603
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 227521
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 03:31:25

No malware has been detected. The scan area is clean.

The selected area was scanned.
  • 0

#6
kahdah
Posted 09 February 2009 - 06:56 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#7
drumking78
Posted 10 February 2009 - 09:32 AM

drumking78

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
ComboFix keeps telling me that AVG antivirus is running even after I have turned it off. I even went into task manager and ended any process that said avg and still ComboFix is saying that AVG is running. Any ideas?
  • 0

#8
kahdah
Posted 10 February 2009 - 12:42 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
It may still detect certain components of AVG but if you have disabled the resident shield then run it anyway please.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP