I seem to have the google redirect bug. Enclosed is my Hijack log. I have followed the procedure before posting( i believe). The virus scan comes up clean.

Thanks

Chris

Logfile of HijackThis v1.99.1
Scan saved at 6:58:24 AM, on 5/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\SoftwareTime\ComputerTime\bin\fbserver.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Spyware\spy scan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.line6.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154609974359
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Unknown owner - C:\Program Files\SoftwareTime\ComputerTime\bin\fbserver.exe" -s (file missing)
O23 - Service: GearSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.

You have not provided much information and HJT is not showing much either. Where exactly are you being redirected to? Here is what I see in the HJT log.

See this: http://forums.spybot.info/showpost.php?p=12880&postcount=2
C:\Program Files\Java\jre1.5.0_11\ <<< start by downloading the newest Java version, then uninstall all old versions in Add Remove programs.

Do you know what this is? O15 - Trusted Zone: *.line6.net

Let's do a little looking to see what we can find.

1) Please download F-Secure BlackLight Beta:
https://europe.f-secure.com/exclude/blacklight/index.shtml

Save it to its own folder in the Desktop
Double-click blbeta.exe to run the program
Click : Scan
A list of all items found is created

The list is in the BlackLight folder on the Desktop, and named fsbl.xxxxxxx.log (xxxxxxx are numbers).

Please provide the log created by BlackLight in your next reply.

(do not remove anything, most if not all will be valid)

2) Follow the directions in this link to download, install, update and run AVG Anti-Spyware. Delete or quarantine anything it finds and post the scan report. http://forums.security-central.us/showthread.php?t=3165

3) Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.

Restart the computer and post any information I requested, the uninstall list, the report from BlackLight and the scan report from AVG Anti-Spyware.

Thanks

Thanks for the reply

1. I updated Java and deleted old

2. Line6 is a guitar-computer interface

3. Blacklight log


05/21/07 17:35:59 [Info]: BlackLight Engine 1.0.61 initialized
05/21/07 17:35:59 [Info]: OS: 5.1 build 2600 (Service Pack 2)
05/21/07 17:35:59 [Note]: 7019 4
05/21/07 17:35:59 [Note]: 7005 0
05/21/07 17:36:02 [Note]: 7006 0
05/21/07 17:36:02 [Note]: 7011 588
05/21/07 17:36:02 [Note]: 7026 0
05/21/07 17:36:02 [Note]: 7026 0
05/21/07 17:36:04 [Note]: FSRAW library version 1.7.1021
05/21/07 17:43:01 [Info]: Hidden file: c:\WINDOWS\system32\kdzwl.exe
05/21/07 17:43:01 [Note]: 7002 32
05/21/07 17:43:01 [Note]: 7003 1
05/21/07 17:43:01 [Note]: 10002 1
05/21/07 17:45:33 [Note]: 2000 1012
05/21/07 17:47:04 [Note]: 7007 0



4. AVG Log



---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:03:58 PM 5/21/2007

+ Scan result:



C:\Documents and Settings\Cynthia\Local Settings\Temp\1801B.tmp -> Adware.Solution : No action taken.
:mozilla.6:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.10:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.11:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.12:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.13:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.14:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.15:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.169:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.16:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.17:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.18:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.19:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.205:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.20:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.21:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.22:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.23:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.24:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.25:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.26:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.275:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.27:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.7:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.8:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.9:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.122:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
C:\Documents and Settings\Cynthia_2\Cookies\cynthia_2@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : No action taken.
:mozilla.101:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.102:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Cynthia_2\Cookies\cynthia_2@burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.129:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.130:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.48:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Cynthia\Cookies\cynthia@cdn.euroclick[1].txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.84:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.236:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.
:mozilla.237:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.
:mozilla.526:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.527:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.528:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.231:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Masterstats : No action taken.
:mozilla.354:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Msn : No action taken.
:mozilla.355:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Msn : No action taken.
:mozilla.356:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Msn : No action taken.
C:\Documents and Settings\Cynthia\Cookies\cynthia@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : No action taken.
:mozilla.371:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.372:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.302:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.303:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.307:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.479:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Paypal : No action taken.
:mozilla.57:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.58:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.59:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.60:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.320:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.321:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.328:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Real : No action taken.
:mozilla.329:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Real : No action taken.
:mozilla.330:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.331:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.332:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.317:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Realtracker : No action taken.
:mozilla.318:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Realtracker : No action taken.
:mozilla.333:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.334:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.335:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.336:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.167:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.168:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.361:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.362:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.363:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.364:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.49:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Cynthia\Local Settings\Temp\Cookies\cynthia@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Cynthia_2\Cookies\cynthia_2@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.217:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Starware : No action taken.
:mozilla.218:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Starware : No action taken.
:mozilla.397:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Starware : No action taken.
:mozilla.373:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Statistik-gallup : No action taken.
:mozilla.378:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.379:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.391:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.392:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.393:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.395:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Cynthia_2\Cookies\cynthia_2@m.webtrends[2].txt -> TrackingCookie.Webtrends : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@m.webtrends[1].txt -> TrackingCookie.Webtrends : No action taken.
:mozilla.514:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.515:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.517:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.518:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.519:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.520:C:\Documents and Settings\Cynthia\Application Data\Mozilla\Firefox\Profiles\s9unmpg4.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.


::Report end



5. Uninstall list to come next reply





Thanks

Chris

Uninstall list


Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Reader 8
Adobe Shockwave Player
Albatross18 (NtreevSoft)
AMD CPUInfo
Apple Software Update
ArtMoney SE v7.19
Audacity 1.2.6
avast! Antivirus
AVG Anti-Spyware 7.5
Battlefield 2(TM)
BigFix
Brain Builder 3.0
Cakewalk Pyro 2003
Cakewalk VST Adapter 4
Cakewalk XL Pack
Canon MP Drivers
Canon MP Toolbox 4.1
Canon Utilities Easy-PhotoPrint
CD_DRV_82
CodeStuff Starter
ComputerTime 2.0
Counter-Strike: Source
DesertCombat 0.7
Digital Media Reader
DigiTech X-Edit 2.1
Direct WAV MP3 Splitter 2.4
DomainInspect
Easy-WebPrint
GameSpy Arcade
GearBox 1.00 (Remove Only)
GearBox 1.02 (Remove Only)
GearBox 3.00 (Remove Only)
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Video Player
Guitar Tracks Pro 3
GuitarVision
Hamachi 1.0.1.5
Hollywood FX Pack 26 - Extra FX
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
iTunes
Java(TM) SE Runtime Environment 6 Update 1
Joint Operations: Typhoon Rising
Kaspersky Online Scanner
LADSPA_plugins-win-0.4.15
LimeWire 4.12.11
Line 6 Drivers 3.2.7.0 (Remove Only)
Line 6 Drivers 3.2.9.2 (Remove Only)
Line 6 Monkey 1.15 (Remove Only)
Line 6 Monkey 1.16 (Remove Only)
Logitech Desktop Messenger
Logitech iTouch Software
Logitech MouseWare 9.79
Logitech Resource Center
Machine Check Analysis Tool
MapleStory
Math Blaster Algebra
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Baseline Security Analyzer 2.0.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Starter Edition 2006
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
mkw Audio Compression Toolkit
Mozilla Firefox (2.0.0.1)
MSN Music Assistant
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MySpaceIM
Napster Burn Engine
Nero BurnRights
Nero OEM
n-Track Studio 4
NVIDIA Drivers
OmniPage SE
Pinnacle Hollywood FX 4.6
Portrait Professional 3.0
PowerDVD
Presto! PageManager 6
Pro Media Director Version 1.1.1.1
PunkBuster for Joint Operations: Typhoon Rising
QuickTime
Realtek AC'97 Audio
Registry Mechanic 5.1
Revolution 1.0.2.8
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
SoftV92 Data Fax Modem with SmartCP
SONAR Home Studio 6
Sonic Encoders
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Steam
StickMen War 2.4
Studio 8
Studio Content CD
TeamSpeak 2 RC2
TeamSpeak 2 Server RC2
TonePort Drivers 2.8.9.0 (Remove Only)
Tony Hawk's Pro Skater 2
Turbo Lister 2
TurboTax 2005
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2005
TurboTax ItsDeductible 2006
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update Rollup 2 for Windows XP Media Center Edition 2005
Ventrilo Client
Ventrilo Server
Viewpoint Media Player
VST Bridge 1.0
WAVManager
WexTech AnswerWorks
Windows Backup Utility
Windows Defender
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Media Center Edition 2005 KB925766
WinRAR archiver
World of Warcraft
ZoneAlarm


Thanks

Chris

Hi

Doing it again. I get taken to this site frequently, marchex

http://adservices10.marchex.com/cap?e1=hygEtYSjboZci2ESsbjs2Gvv3AZk3gDvjwBSFG0v5xuLPFGmuAJVpWNzjfgFpdrsAuMbYvCnt0fhtRjQuOgBEEPiqHP1ixXYbAWyRpbT5TzW2ZTTXBSRpEJQeCCUhlweumZgqAjMEnzkIl5zQLvnqjBrJJsYLrwbDFBR3agdI0rQfBvqvEG3eiWzGMiXtzOYmrCsFskFmsqKSP1Hv03WTpdQ2iBLclwjGruu3H3eCpsYg4VuagwGoGbEAbStixVKgPHEjv2uJIdRwvcNybjRPGnmdVnZBJ4sjubzixldTY3NEgNqw4UhLNQtErbZFDAGsETx0YiMwR2MIKnT4HZawoOIj55ZzdwOvBfmpTEMdRe5Dwd2ZJFgjsifE3UtXwsC1wbOCxtQSSGgxTWyRMpaMFZJgZu2UDcJVxWeckVjlHku4hWKpYkEoPoAjVuwyhuhcxp4ErorgoYERhksMwh4dyOudTZ5NBbCWNzyeprFPHalRMGKXSqhda2Vettd3SBAsYfFpG0ObXCLEnZLcnUyyopCx0zO3oUBPELGO3OvAYcMGbQg0GmxADyY5TQcPbAHkPkD&h=0Zgr2J5PQmrBeDCyM&k=truckee%20yellow%20pages%20rv&ui=213153142554407955I

Chris

Thanks for returning your information, let's start with the rootkit infection reported by BlackLight.
Read these instructions carefully so you will know what you are doing.
http://www.bleepingcomputer.com/tutorials/tutorial124.html
This is the bad file: c:\WINDOWS\system32\kdzwl.exe

AVG Anti-Spyware, return to the instructions "delete or quarantine" and you have "no action taken", rerun the scan and post a new report.

Uninstall list:
Viewpoint Media Player: aol installs the junk without your knowledge
http://www.greatis.com/appdata/u/v/viewmgr.exe.htm
http://www.spywareinfo.com/newsletter/archives/2005/nov4.php#viewpoint
http://www.clickz.com/news/article.php/3561546

Chris, I see no obvious malware but do not know all of your programs. I suggest you take a look to make sure nothing is there that does not belong there.

Make sure you restart the computer and post the AVG Avti-Spyware scan report and a new HJT log. Let me know about any malware issues.

Thanks

Hi

Thanks again

It is still redirecting, it's driving my son and me crazy.

I reran Blacklight, it didn't find kdzwl.exe.

Enclosed is the Avg log

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:51:49 PM 5/22/2007

+ Scan result:



C:\Documents and Settings\Cynthia\Local Settings\Temp\1801B.tmp -> Adware.Solution : Ignored.
C:\Documents and Settings\Cynthia\Cookies\cynthia@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.


::Report end


Here is the Hijack log

Logfile of HijackThis v1.99.1
Scan saved at 6:44:06 AM, on 5/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\SoftwareTime\ComputerTime\bin\fbserver.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\VundoFix64.exe
C:\Spyware\spy scan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.line6.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154609974359
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.5.0_11) -
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Unknown owner - C:\Program Files\SoftwareTime\ComputerTime\bin\fbserver.exe" -s (file missing)
O23 - Service: GearSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Let's clean some junk out of your log and find out about a few items.

You have so much stuff installed on this computer I do not know, it is possible we may never find the reason for this. Just because something says "download" does not mean you have to.

C:\Documents and Settings\Owner\Desktop\VundoFix64.exe <<< uninstall this and any other Vundofix you have on the computer.

Why was this "Ignored" this could be your problem! Delete everything in that TEMP folder (not the folder)
C:\Documents and Settings\Cynthia\Local Settings\Temp\1801B.tmp -> Adware.Solution : Ignored.

1) Turn off TeaTimer: http://russelltexas.com/malware/teatimer.htm

2) We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
Open Windows Defender, Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.

3) AVG Anti-Spyware: Deactivate the Resident Shield
- Before proceeding, deactivate the "Resident Shield" as this may prevent changes to the registry.
- To do this, click "Change State" to the right of the Resident Shield option in the main window.
- You will clearly see the status change to Inactive if you have done this correctly.

4) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.5.0_11) -

Close all programs but HJT and all browser windows, then click on "Fix Checked"

run cleanmgr
http://spyware-free.us/tutorials/cleanmgr/

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found: http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.



Post the log from Dr.Web, and a new HJT log. Add any comments you think will help.

Thanks

Still with us windsurf14?

This topic is closed due to lack of a response.

If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

Anyone else with similar problems please start a new topic.

Thanks