PDA

View Full Version : getting rid of "protection Center"


sand man
2010-06-06, 05:23
I have "protection Center" fake program and I can not get rid of it. I
have run Spybot and Malwarebytes. I have also had problems with redirecting

Ran Erunt

Ran DDS - included both DDS and Attach.txt

DDS (Ver_10-03-17.01) - NTFSx86
Run by me at 20:04:11.48 on Sat 06/05/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.346 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Protection Center *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Robert Anderson\Local Settings\Temporary Internet Files\Content.IE5\PBQPJJNG\dds[1].scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://sandiego.cox.net/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iwin\tbiWi1.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: eGames Toolbar: {4e7bd74f-2b8d-469e-85b2-bc27fe9aae2e} - c:\progra~1\egames~1\EGAMES~1.DLL
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll
BHO: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iwin\tbiWi1.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iwin\tbiWi1.dll
TB: eGames Toolbar: {4e7bd74f-2b8d-469e-85b2-bc27fe9aae2e} - c:\progra~1\egames~1\EGAMES~1.DLL
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_1_0
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Protection Center] "c:\program files\protection center\cntprot.exe" -noscan
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\robert~1\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158616179000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-26 96520]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-2-27 26824]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-5-26 231192]
R2 Belkin 54g Wireless USB Network Adapter Service;Belkin 54g Wireless USB Network Adapter;c:\program files\belkin\belkin wireless network utility\WLService.exe [2010-5-27 49152]
R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2009-4-27 78104]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;c:\windows\system32\drivers\rt2500usb.sys [2010-5-27 140416]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2006-4-20 189792]
S4 kxcjo;kxcjo;c:\windows\system32\drivers\sabsvfnl.sys [2010-6-5 54016]

=============== Created Last 30 ================

2010-06-06 00:50:13 54016 ----a-w- c:\windows\system32\drivers\sabsvfnl.sys
2010-06-06 00:20:26 141 ----a-w- c:\program files\ypp_3788625.bat
2010-06-05 23:32:01 0 d-----w- c:\program files\Protection Center
2010-06-05 17:09:42 0 d-----w- c:\windows\system32\wbem\Repository
2010-05-28 22:56:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-28 22:56:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-28 21:58:32 0 d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-05-28 21:58:31 0 d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2010-05-28 21:58:31 0 d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-05-28 21:58:31 0 d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-05-28 03:09:03 15939 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-05-28 03:08:51 40960 ----a-w- c:\windows\system32\B11gUSB.dll
2010-05-28 03:08:51 0 d-----w- c:\windows\options
2010-05-28 03:08:49 94208 ----a-w- c:\windows\system32\GTW32N50.dll
2010-05-28 03:08:49 31930 ----a-w- c:\windows\system32\GTNDIS3.VXD
2010-05-28 03:08:49 15872 ----a-w- c:\windows\system32\GTNDIS5.sys
2010-05-28 03:08:49 140416 ----a-w- c:\windows\system32\drivers\rt2500usb.sys
2010-05-28 03:08:48 1085440 ----a-w- c:\windows\system32\AegisE5.dll
2010-05-28 03:08:47 0 d-----w- c:\program files\Belkin
2010-05-27 01:12:33 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-25 05:38:43 0 d-----w- c:\program files\iWin
2010-05-25 05:38:37 0 d-----w- c:\program files\common files\AnswerWorks 4.0
2010-05-25 05:37:56 0 d-----w- c:\program files\Conduit
2010-05-25 05:37:39 0 d-----w- c:\program files\AOL Companion
2010-05-25 05:37:39 0 d-----w- c:\program files\America Online 9.0
2010-05-25 05:37:35 0 d-----w- c:\program files\common files\aolshare
2010-05-25 05:37:15 0 d-----w- c:\docume~1\alluse~1\applic~1\Zylom
2010-05-25 05:37:08 0 d-----w- c:\program files\Scholastic
2010-05-07 03:55:21 0 d-----w- c:\docume~1\robert~1\applic~1\Malwarebytes
2010-05-07 03:55:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-07 03:55:09 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2008-09-16 21:23:06 33346 ----a-w- c:\program files\Uninstal.log
2009-07-10 03:15:47 56 --sh--r- c:\windows\system32\9712AEF766.sys
2009-07-10 03:15:49 3558 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-12-22 18:56:10 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008122220081223\index.dat

============= FINISH: 20:06:05.51 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/4/2006 9:55:50 AM
System Uptime: 6/5/2010 7:46:49 PM (1 hours ago)

Motherboard: Dell Inc. | | 0WG261
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 144 GiB total, 36.932 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA

==== System Restore Points ===================

RP1088: 3/30/2010 8:25:43 PM - System Checkpoint
RP1089: 3/31/2010 7:47:20 AM - System Checkpoint
RP1090: 3/31/2010 8:07:21 AM - Software Distribution Service 3.0
RP1091: 4/1/2010 8:10:34 AM - System Checkpoint
RP1092: 4/7/2010 6:33:11 PM - System Checkpoint
RP1093: 4/8/2010 6:51:27 PM - System Checkpoint
RP1094: 4/10/2010 6:50:18 PM - System Checkpoint
RP1095: 4/11/2010 6:55:46 PM - System Checkpoint
RP1096: 4/13/2010 7:20:38 PM - System Checkpoint
RP1097: 4/13/2010 9:28:45 PM - Software Distribution Service 3.0
RP1098: 4/14/2010 10:00:03 PM - Software Distribution Service 3.0
RP1099: 4/16/2010 11:49:38 AM - System Checkpoint
RP1100: 4/17/2010 1:45:02 PM - System Checkpoint
RP1101: 4/18/2010 3:22:28 PM - System Checkpoint
RP1102: 4/19/2010 6:39:02 PM - System Checkpoint
RP1103: 4/20/2010 7:08:18 PM - System Checkpoint
RP1104: 4/21/2010 7:57:56 PM - System Checkpoint
RP1105: 4/22/2010 8:22:44 PM - System Checkpoint
RP1106: 4/24/2010 9:09:56 AM - System Checkpoint
RP1107: 4/25/2010 2:13:20 PM - System Checkpoint
RP1108: 4/26/2010 5:19:28 PM - System Checkpoint
RP1109: 4/27/2010 9:16:07 PM - System Checkpoint
RP1110: 4/29/2010 7:36:19 AM - System Checkpoint
RP1111: 4/30/2010 8:00:07 AM - System Checkpoint
RP1112: 5/1/2010 8:06:41 AM - System Checkpoint
RP1113: 5/2/2010 11:31:39 AM - System Checkpoint
RP1114: 5/3/2010 5:13:16 PM - System Checkpoint
RP1115: 5/4/2010 6:18:35 PM - System Checkpoint
RP1116: 5/6/2010 5:07:32 PM - System Checkpoint
RP1117: 5/6/2010 8:25:02 PM - Restore Operation
RP1118: 5/6/2010 10:07:03 PM - Removed DING!
RP1119: 5/6/2010 10:10:43 PM - Removed QuickBooks
RP1120: 5/8/2010 10:40:19 AM - System Checkpoint
RP1121: 5/8/2010 11:11:42 AM - Removed Musicmatch for Windows Media Player
RP1122: 5/9/2010 3:09:49 PM - System Checkpoint
RP1123: 5/10/2010 4:45:16 PM - System Checkpoint
RP1124: 5/11/2010 5:38:14 PM - System Checkpoint
RP1125: 5/12/2010 8:18:28 AM - Software Distribution Service 3.0
RP1126: 5/13/2010 8:25:16 AM - System Checkpoint
RP1127: 5/14/2010 2:26:08 PM - System Checkpoint
RP1128: 5/15/2010 3:19:41 PM - System Checkpoint
RP1129: 5/17/2010 7:27:06 AM - System Checkpoint
RP1130: 5/18/2010 7:33:12 AM - System Checkpoint
RP1131: 5/19/2010 4:10:36 PM - System Checkpoint
RP1132: 5/21/2010 5:06:03 PM - System Checkpoint
RP1133: 5/22/2010 8:45:33 PM - System Checkpoint
RP1134: 5/23/2010 9:06:30 PM - System Checkpoint
RP1135: 5/24/2010 10:25:50 PM - Restore Operation
RP1136: 5/24/2010 10:35:07 PM - Restore Operation
RP1137: 5/26/2010 9:31:00 AM - System Checkpoint
RP1138: 5/26/2010 6:06:48 PM - Removed DING!
RP1139: 5/26/2010 6:12:02 PM - Installed Java(TM) 6 Update 20
RP1140: 5/27/2010 8:08:47 PM - Installed Belkin 54g USB Network Adapter
RP1141: 5/31/2010 3:43:37 PM - System Checkpoint
RP1142: 6/1/2010 5:57:05 PM - System Checkpoint
RP1143: 6/5/2010 10:08:58 AM - Restore Operation

==== Installed Programs ======================

AccompanEase
Adobe Flash Player 10 ActiveX
Adobe Reader 7.1.0
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
AVG Free 8.0
Baby Luv (remove only)
Belkin 54g USB Network Adapter
Bonjour
Burger Island
Burger Island (remove only)
Camp Funshine - Carrie the Caregiver 3 (remove only)
Canon iP4300
Canon iP4300 User Registration
Canon My Printer
Canon Setup Utility 2.3
Canon Utilities Easy-PhotoPrint
CCleaner
CCScore
Compatibility Pack for the 2007 Office system
Delicious 2 Deluxe
Delicious 2 Deluxe (remove only)
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Digital Content Portal
Diner Dash - Flo on the Go
Easy-WebPrint
EducateU
eGames Toolbar
ELIcon
EPSON Printer Software
ESPNMotion
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
fflink
Garmin City Navigator North America NT 2009 Update
Garmin Communicator Plugin
Garmin WebUpdater
Google AFE
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Intel(R) 537EP V9x DF PCI Modem
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
iPod for Windows 2006-01-10
iTunes
iWin Games (remove only)
iWin Toolbar
J2SE Runtime Environment 5.0 Update 17
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 20
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kid Pix Deluxe 3
Kodak EasyShare software
KSU
Learn2 Player (Uninstall Only)
Lernout & Hauspie TruVoice American English TTS Engine
Macromedia Flash Player
Malwarebytes' Anti-Malware
Mavis Beacon Teaches Typing 15
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 3.0 Runtime
Modem Event Monitor
Modem Helper
Modem On Hold
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch for Windows Media Player
MY CAMERA
Nanny Mania
netbrdg
Notifier
OfotoXMI
Otto
PowerDVD 5.5
Protection Center
Qualxserve Service Agreement
QuickBooks Simple Start Special Edition
QuickTime
RealPlayer
Sandlot Games Client Services
Scholastic's I SPY Fantasy
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
SFR
SHASTA
SKIN0001
SKINXSDK
Sonic Encoders
Sony Picture Utility
Sony USB Driver
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
staticcr
The Sims™ 3
tooltips
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
VPN Client
VPRINTOL
WebCyberCoach 3.2 Dell
WebFldrs XP
Windows Driver Package - Camera Maker (MR97310_USB_DUAL_CAMERA) Image (05/02/2006 2.0.1.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB919803
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WIRELESS
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

6/5/2010 7:03:15 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
6/5/2010 7:00:33 PM, error: PlugPlayManager [11] - The device Root\LEGACY_DCXGXXG\0000 disappeared from the system without first being prepared for removal.
6/3/2010 7:15:34 AM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
6/3/2010 7:14:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Workstation service to connect.
6/3/2010 7:14:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Audio service to connect.
6/3/2010 7:14:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Task Scheduler service to connect.
6/3/2010 7:14:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Shell Hardware Detection service to connect.
6/3/2010 7:14:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Background Intelligent Transfer Service service to connect.
6/3/2010 7:14:07 AM, error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
6/3/2010 7:14:07 AM, error: Service Control Manager [7000] - The Workstation service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/3/2010 7:14:07 AM, error: Service Control Manager [7000] - The Windows Audio service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/3/2010 7:14:07 AM, error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/3/2010 7:14:07 AM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/2/2010 6:41:23 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service COMSysApp with arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}
6/2/2010 5:03:37 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
6/2/2010 5:03:37 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
6/2/2010 5:03:33 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Themes service to connect.
6/2/2010 5:03:33 PM, error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/1/2010 6:56:40 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
5/31/2010 1:47:34 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Wireless Zero Configuration service to connect.
5/31/2010 1:47:34 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the DHCP Client service to connect.
5/31/2010 1:47:34 PM, error: Service Control Manager [7000] - The Wireless Zero Configuration service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/31/2010 1:47:34 PM, error: Service Control Manager [7000] - The DHCP Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================
km2357
2010-06-08, 20:52
Hello and welcome to Safer Networking.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Sorry for the delay in replying, the forum is very busy. If you still need help, please post a fresh set of DDS Logs (Both DDS and Attach.txt)
sand man
2010-06-09, 04:26
Km2357 -great to have you on job. here are new DDS.TXT and Attttach.txt


DDS (Ver_10-03-17.01) - NTFSx86
Run by me at 19:20:32.56 on Tue 06/08/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.110 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Protection Center *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Protection Center\cntprot.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Robert Anderson\Local Settings\Temporary Internet Files\Content.IE5\BZ00V8UZ\dds[1].com

============== Pseudo HJT Report ===============

uStart Page = hxxp://sandiego.cox.net/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iwin\tbiWi1.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: eGames Toolbar: {4e7bd74f-2b8d-469e-85b2-bc27fe9aae2e} - c:\progra~1\egames~1\EGAMES~1.DLL
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll
BHO: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iwin\tbiWi1.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iwin\tbiWi1.dll
TB: eGames Toolbar: {4e7bd74f-2b8d-469e-85b2-bc27fe9aae2e} - c:\progra~1\egames~1\EGAMES~1.DLL
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_1_0
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Protection Center] "c:\program files\protection center\cntprot.exe" -noscan
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\robert~1\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158616179000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-26 96520]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-2-27 26824]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-5-26 231192]
R2 Belkin 54g Wireless USB Network Adapter Service;Belkin 54g Wireless USB Network Adapter;c:\program files\belkin\belkin wireless network utility\WLService.exe [2010-5-27 49152]
R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2009-4-27 78104]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;c:\windows\system32\drivers\rt2500usb.sys [2010-5-27 140416]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2006-4-20 189792]
S4 kxcjo;kxcjo;c:\windows\system32\drivers\sabsvfnl.sys [2010-6-5 54016]

=============== Created Last 30 ================

2010-06-06 19:49:51 0 d-----w- c:\windows\system32\MpEngineStore
2010-06-06 19:16:58 171 ----a-w- c:\windows\system32\MRT.INI
2010-06-06 00:50:13 54016 ----a-w- c:\windows\system32\drivers\sabsvfnl.sys
2010-06-06 00:20:26 141 ----a-w- c:\program files\ypp_3788625.bat
2010-06-05 23:32:01 0 d-----w- c:\program files\Protection Center
2010-06-05 17:09:42 0 d-----w- c:\windows\system32\wbem\Repository
2010-05-28 22:56:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-28 22:56:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-28 21:58:32 0 d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-05-28 21:58:31 0 d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2010-05-28 21:58:31 0 d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-05-28 21:58:31 0 d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-05-28 03:09:03 15939 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-05-28 03:08:51 40960 ----a-w- c:\windows\system32\B11gUSB.dll
2010-05-28 03:08:51 0 d-----w- c:\windows\options
2010-05-28 03:08:49 94208 ----a-w- c:\windows\system32\GTW32N50.dll
2010-05-28 03:08:49 31930 ----a-w- c:\windows\system32\GTNDIS3.VXD
2010-05-28 03:08:49 15872 ----a-w- c:\windows\system32\GTNDIS5.sys
2010-05-28 03:08:49 140416 ----a-w- c:\windows\system32\drivers\rt2500usb.sys
2010-05-28 03:08:48 1085440 ----a-w- c:\windows\system32\AegisE5.dll
2010-05-28 03:08:47 0 d-----w- c:\program files\Belkin
2010-05-27 01:12:33 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-25 05:38:43 0 d-----w- c:\program files\iWin
2010-05-25 05:38:37 0 d-----w- c:\program files\common files\AnswerWorks 4.0
2010-05-25 05:37:56 0 d-----w- c:\program files\Conduit
2010-05-25 05:37:39 0 d-----w- c:\program files\AOL Companion
2010-05-25 05:37:39 0 d-----w- c:\program files\America Online 9.0
2010-05-25 05:37:35 0 d-----w- c:\program files\common files\aolshare
2010-05-25 05:37:15 0 d-----w- c:\docume~1\alluse~1\applic~1\Zylom
2010-05-25 05:37:08 0 d-----w- c:\program files\Scholastic

==================== Find3M ====================

2008-09-16 21:23:06 33346 ----a-w- c:\program files\Uninstal.log
2009-07-10 03:15:47 56 --sh--r- c:\windows\system32\9712AEF766.sys
2009-07-10 03:15:49 3558 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-12-22 18:56:10 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008122220081223\index.dat

============= FINISH: 19:22:36.47 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/4/2006 9:55:50 AM
System Uptime: 6/8/2010 7:05:10 PM (0 hours ago)

Motherboard: Dell Inc. | | 0WG261
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 144 GiB total, 36.936 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA

==== System Restore Points ===================

RP1088: 3/30/2010 8:25:43 PM - System Checkpoint
RP1089: 3/31/2010 7:47:20 AM - System Checkpoint
RP1090: 3/31/2010 8:07:21 AM - Software Distribution Service 3.0
RP1091: 4/1/2010 8:10:34 AM - System Checkpoint
RP1092: 4/7/2010 6:33:11 PM - System Checkpoint
RP1093: 4/8/2010 6:51:27 PM - System Checkpoint
RP1094: 4/10/2010 6:50:18 PM - System Checkpoint
RP1095: 4/11/2010 6:55:46 PM - System Checkpoint
RP1096: 4/13/2010 7:20:38 PM - System Checkpoint
RP1097: 4/13/2010 9:28:45 PM - Software Distribution Service 3.0
RP1098: 4/14/2010 10:00:03 PM - Software Distribution Service 3.0
RP1099: 4/16/2010 11:49:38 AM - System Checkpoint
RP1100: 4/17/2010 1:45:02 PM - System Checkpoint
RP1101: 4/18/2010 3:22:28 PM - System Checkpoint
RP1102: 4/19/2010 6:39:02 PM - System Checkpoint
RP1103: 4/20/2010 7:08:18 PM - System Checkpoint
RP1104: 4/21/2010 7:57:56 PM - System Checkpoint
RP1105: 4/22/2010 8:22:44 PM - System Checkpoint
RP1106: 4/24/2010 9:09:56 AM - System Checkpoint
RP1107: 4/25/2010 2:13:20 PM - System Checkpoint
RP1108: 4/26/2010 5:19:28 PM - System Checkpoint
RP1109: 4/27/2010 9:16:07 PM - System Checkpoint
RP1110: 4/29/2010 7:36:19 AM - System Checkpoint
RP1111: 4/30/2010 8:00:07 AM - System Checkpoint
RP1112: 5/1/2010 8:06:41 AM - System Checkpoint
RP1113: 5/2/2010 11:31:39 AM - System Checkpoint
RP1114: 5/3/2010 5:13:16 PM - System Checkpoint
RP1115: 5/4/2010 6:18:35 PM - System Checkpoint
RP1116: 5/6/2010 5:07:32 PM - System Checkpoint
RP1117: 5/6/2010 8:25:02 PM - Restore Operation
RP1118: 5/6/2010 10:07:03 PM - Removed DING!
RP1119: 5/6/2010 10:10:43 PM - Removed QuickBooks
RP1120: 5/8/2010 10:40:19 AM - System Checkpoint
RP1121: 5/8/2010 11:11:42 AM - Removed Musicmatch for Windows Media Player
RP1122: 5/9/2010 3:09:49 PM - System Checkpoint
RP1123: 5/10/2010 4:45:16 PM - System Checkpoint
RP1124: 5/11/2010 5:38:14 PM - System Checkpoint
RP1125: 5/12/2010 8:18:28 AM - Software Distribution Service 3.0
RP1126: 5/13/2010 8:25:16 AM - System Checkpoint
RP1127: 5/14/2010 2:26:08 PM - System Checkpoint
RP1128: 5/15/2010 3:19:41 PM - System Checkpoint
RP1129: 5/17/2010 7:27:06 AM - System Checkpoint
RP1130: 5/18/2010 7:33:12 AM - System Checkpoint
RP1131: 5/19/2010 4:10:36 PM - System Checkpoint
RP1132: 5/21/2010 5:06:03 PM - System Checkpoint
RP1133: 5/22/2010 8:45:33 PM - System Checkpoint
RP1134: 5/23/2010 9:06:30 PM - System Checkpoint
RP1135: 5/24/2010 10:25:50 PM - Restore Operation
RP1136: 5/24/2010 10:35:07 PM - Restore Operation
RP1137: 5/26/2010 9:31:00 AM - System Checkpoint
RP1138: 5/26/2010 6:06:48 PM - Removed DING!
RP1139: 5/26/2010 6:12:02 PM - Installed Java(TM) 6 Update 20
RP1140: 5/27/2010 8:08:47 PM - Installed Belkin 54g USB Network Adapter
RP1141: 5/31/2010 3:43:37 PM - System Checkpoint
RP1142: 6/1/2010 5:57:05 PM - System Checkpoint
RP1143: 6/5/2010 10:08:58 AM - Restore Operation
RP1144: 6/6/2010 12:08:54 PM - Software Distribution Service 3.0
RP1145: 6/7/2010 6:48:15 PM - System Checkpoint

==== Installed Programs ======================

AccompanEase
Adobe Flash Player 10 ActiveX
Adobe Reader 7.1.0
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
AVG Free 8.0
Belkin 54g USB Network Adapter
Bonjour
Burger Island
Canon iP4300
Canon iP4300 User Registration
Canon My Printer
Canon Setup Utility 2.3
Canon Utilities Easy-PhotoPrint
CCleaner
CCScore
Compatibility Pack for the 2007 Office system
Delicious 2 Deluxe
Delicious 2 Deluxe (remove only)
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Digital Content Portal
Diner Dash - Flo on the Go
Easy-WebPrint
EducateU
eGames Toolbar
ELIcon
EPSON Printer Software
ESPNMotion
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
fflink
Garmin City Navigator North America NT 2009 Update
Garmin Communicator Plugin
Garmin WebUpdater
Google AFE
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Intel(R) 537EP V9x DF PCI Modem
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
iPod for Windows 2006-01-10
iTunes
iWin Games (remove only)
iWin Toolbar
J2SE Runtime Environment 5.0 Update 17
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 20
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kid Pix Deluxe 3
Kodak EasyShare software
KSU
Learn2 Player (Uninstall Only)
Lernout & Hauspie TruVoice American English TTS Engine
Macromedia Flash Player
Malwarebytes' Anti-Malware
Mavis Beacon Teaches Typing 15
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 3.0 Runtime
Modem Event Monitor
Modem Helper
Modem On Hold
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch for Windows Media Player
MY CAMERA
Nanny Mania
netbrdg
Notifier
OfotoXMI
Otto
PowerDVD 5.5
Protection Center
Qualxserve Service Agreement
QuickBooks Simple Start Special Edition
QuickTime
RealPlayer
Sandlot Games Client Services
Scholastic's I SPY Fantasy
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
SFR
SHASTA
SKIN0001
SKINXSDK
Sonic Encoders
Sony Picture Utility
Sony USB Driver
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
staticcr
The Sims™ 3
tooltips
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
VPN Client
VPRINTOL
WebCyberCoach 3.2 Dell
WebFldrs XP
Windows Driver Package - Camera Maker (MR97310_USB_DUAL_CAMERA) Image (05/02/2006 2.0.1.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB919803
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WIRELESS
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

6/5/2010 7:03:15 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
6/5/2010 7:00:33 PM, error: PlugPlayManager [11] - The device Root\LEGACY_DCXGXXG\0000 disappeared from the system without first being prepared for removal.
6/5/2010 4:08:39 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
6/5/2010 4:08:39 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
6/5/2010 4:08:27 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Themes service to connect.
6/5/2010 4:08:27 PM, error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/5/2010 10:11:16 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
6/4/2010 7:27:53 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Wireless Zero Configuration service to connect.
6/4/2010 7:27:53 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the DHCP Client service to connect.
6/4/2010 7:27:53 AM, error: Service Control Manager [7000] - The Wireless Zero Configuration service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/4/2010 7:27:53 AM, error: Service Control Manager [7000] - The DHCP Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/3/2010 7:15:34 AM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
6/3/2010 7:14:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Workstation service to connect.
6/3/2010 7:14:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Audio service to connect.
6/3/2010 7:14:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Task Scheduler service to connect.
6/3/2010 7:14:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Shell Hardware Detection service to connect.
6/3/2010 7:14:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Background Intelligent Transfer Service service to connect.
6/3/2010 7:14:07 AM, error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
6/3/2010 7:14:07 AM, error: Service Control Manager [7000] - The Workstation service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/3/2010 7:14:07 AM, error: Service Control Manager [7000] - The Windows Audio service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/3/2010 7:14:07 AM, error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/3/2010 7:14:07 AM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/2/2010 6:58:24 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service COMSysApp with arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}

==== End Of File ===========================
km2357
2010-06-09, 06:17
According to your DDS Log, AVG is out of date. Update it ASAP, if you can.

C:\Documents and Settings\Robert Anderson\Local Settings\Temporary Internet Files\Content.IE5\BZ00V8UZ\dds[1].com

The bold entry above shows you didn't save DDS to your Desktop.

I'll be asking for more DDS Log as we go through fixing your computer. Download and save DDS to your Desktop, this way you don't have to keep downloading it over and over.



Step # 1: Download and Run Gmer

Please download gmer.zip (http://www.gmer.net/gmer.zip) from Gmer and save it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure that the 'Sections' button is ticked and the 'Show All' button is unticked. Click the Scan button and let the program do its work. GMER will produce a log.

Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.

GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.
sand man
2010-06-10, 06:21
KM5327 - I ran GMER but not sure I had is set right. All the boxes were checked, not just the one that said "sections" but I did have the "show all" unchecked. It ran for over 2 1/2 hours before I stopped it. This is what showed up on the log almost right away. Is this enough? If not can I uncheck some of the boxes or should I just plan for a 3 plus hour scan?

started running GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-09 20:57:46
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\pxtdapod.sys


---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\pci.sys entry point in ".rsrc" section [0xF7520994]
init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xF7A3D760]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[732] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006E000A
.text C:\WINDOWS\system32\svchost.exe[732] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 006F000A
.text C:\WINDOWS\system32\svchost.exe[732] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 006D000C
.text C:\WINDOWS\system32\svchost.exe[732] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0170000A
.text C:\WINDOWS\system32\svchost.exe[732] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 012F000A
.text C:\WINDOWS\Explorer.EXE[1304] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B8000A
.text C:\WINDOWS\Explorer.EXE[1304] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C2000A
.text C:\WINDOWS\Explorer.EXE[1304] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B7000C

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \Fat EE1AFD20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device -> \Driver\atapi \Device\Harddisk0\DR0 86F06EE4

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\pci.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----
km2357
2010-06-10, 20:11
No need to plan for a longer GMER scan, the log you posted has given me enough information to move onto the next step.


Step # 1: Download and Run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

*Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

When finished, it shall produce a log for you. Please include C:\ComboFix.txt in your next reply.
sand man
2010-06-11, 04:53
Km2357 combo fix ran - "Protection center" is no longer poping up. See any other issues?


ComboFix 10-06-10.03 - me 06/10/2010 19:31:06.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.669 [GMT -7:00]
Running from: c:\documents and settings\Robert Anderson\My Documents\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Robert Anderson\Start Menu\Programs\Protection Center
c:\documents and settings\Robert Anderson\Start Menu\Programs\Protection Center\About.lnk
c:\documents and settings\Robert Anderson\Start Menu\Programs\Protection Center\Activate.lnk
c:\documents and settings\Robert Anderson\Start Menu\Programs\Protection Center\Buy.lnk
c:\documents and settings\Robert Anderson\Start Menu\Programs\Protection Center\Protection Center Support.lnk
c:\documents and settings\Robert Anderson\Start Menu\Programs\Protection Center\Protection Center.lnk
c:\documents and settings\Robert Anderson\Start Menu\Programs\Protection Center\Scan.lnk
c:\documents and settings\Robert Anderson\Start Menu\Programs\Protection Center\Settings.lnk
c:\documents and settings\Robert Anderson\Start Menu\Programs\Protection Center\Update.lnk
c:\program files\iWin Games\iWinGamesHookIE.dll
c:\program files\iWin\tbiWi1.dll
c:\program files\Protection Center
c:\program files\Protection Center\about.ico
c:\program files\Protection Center\activate.ico
c:\program files\Protection Center\buy.ico
c:\program files\Protection Center\cnt.db
c:\program files\Protection Center\cntext.dll
c:\program files\Protection Center\cnthook.dll
c:\program files\Protection Center\cntprot.exe
c:\program files\Protection Center\help.ico
c:\program files\Protection Center\scan.ico
c:\program files\Protection Center\settings.ico
c:\program files\Protection Center\splash.mp3
c:\program files\Protection Center\Uninstall.exe
c:\program files\Protection Center\update.ico
c:\program files\Protection Center\virus.mp3
c:\windows\system32\bszip.dll
c:\windows\system32\drivers\sabsvfnl.sys

Infected copy of c:\windows\system32\drivers\pci.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_kxcjo
-------\Service_kxcjo


((((((((((((((((((((((((( Files Created from 2010-05-11 to 2010-06-11 )))))))))))))))))))))))))))))))
.

2010-06-06 19:49 . 2010-06-06 20:06 -------- d-----w- c:\windows\system32\MpEngineStore
2010-06-06 00:20 . 2010-06-06 00:20 141 ----a-w- c:\program files\ypp_3788625.bat
2010-06-05 17:09 . 2010-06-05 17:09 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-28 22:56 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-28 22:56 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-28 21:58 . 2010-05-28 21:58 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-05-28 21:58 . 2010-05-28 21:58 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2010-05-28 21:58 . 2010-05-28 21:58 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-05-28 21:58 . 2010-05-28 21:58 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-05-28 03:09 . 2010-05-28 03:09 15939 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-05-28 03:08 . 2010-05-28 03:08 -------- d-----w- c:\windows\options
2010-05-28 03:08 . 2004-04-30 22:12 40960 ----a-w- c:\windows\system32\B11gUSB.dll
2010-05-28 03:08 . 2004-07-16 18:14 140416 ----a-w- c:\windows\system32\drivers\rt2500usb.sys
2010-05-28 03:08 . 2003-10-13 22:30 94208 ----a-w- c:\windows\system32\GTW32N50.dll
2010-05-28 03:08 . 2003-09-26 05:15 15872 ----a-w- c:\windows\system32\GTNDIS5.sys
2010-05-28 03:08 . 2004-03-30 19:51 1085440 ----a-w- c:\windows\system32\AegisE5.dll
2010-05-28 03:08 . 2010-05-28 03:08 -------- d-----w- c:\program files\Belkin
2010-05-27 01:12 . 2010-04-13 00:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-25 15:01 . 2010-05-25 15:01 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\iWin
2010-05-25 15:01 . 2010-05-25 15:01 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple
2010-05-25 05:38 . 2010-06-11 02:39 -------- d-----w- c:\program files\iWin
2010-05-25 05:38 . 2010-05-26 02:06 -------- d-----w- c:\documents and settings\Robert Anderson\Local Settings\Application Data\iWin
2010-05-25 05:38 . 2010-05-25 05:38 -------- d-----w- c:\program files\Common Files\AnswerWorks 4.0
2010-05-25 05:37 . 2010-05-25 05:37 -------- d-----w- c:\program files\Conduit
2010-05-25 05:37 . 2010-05-25 05:37 -------- d-----w- c:\documents and settings\Robert Anderson\Local Settings\Application Data\Conduit
2010-05-25 05:37 . 2010-05-25 05:37 -------- d-----w- c:\program files\America Online 9.0
2010-05-25 05:37 . 2010-05-25 05:37 -------- d-----w- c:\program files\AOL Companion
2010-05-25 05:37 . 2010-05-25 05:37 -------- d-----w- c:\program files\Common Files\aolshare
2010-05-25 05:37 . 2010-05-25 05:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Zylom
2010-05-25 05:37 . 2010-05-25 05:37 -------- d-----w- c:\program files\Scholastic
2010-05-12 03:01 . 2010-05-25 05:36 -------- d-sh--w- c:\documents and settings\NetworkService\UserData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-11 02:39 . 2009-05-06 20:25 -------- d-----w- c:\program files\iWin Games
2010-06-06 19:55 . 2008-09-27 04:03 -------- d-----w- c:\program files\Yahoo! Games
2010-06-06 00:19 . 2008-01-20 20:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-05 23:31 . 2008-05-26 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-05-28 22:57 . 2010-05-07 03:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-28 22:45 . 2006-04-30 21:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-28 22:05 . 2006-12-10 21:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-27 01:12 . 2006-01-21 20:47 -------- d-----w- c:\program files\Common Files\Java
2010-05-27 01:12 . 2010-05-27 01:12 503808 ----a-w- c:\documents and settings\Robert Anderson\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-150704cb-n\msvcp71.dll
2010-05-27 01:12 . 2010-05-27 01:12 499712 ----a-w- c:\documents and settings\Robert Anderson\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-150704cb-n\jmc.dll
2010-05-27 01:12 . 2010-05-27 01:12 348160 ----a-w- c:\documents and settings\Robert Anderson\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-150704cb-n\msvcr71.dll
2010-05-27 01:12 . 2010-05-27 01:12 61440 ----a-w- c:\documents and settings\Robert Anderson\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3347f80a-n\decora-sse.dll
2010-05-27 01:12 . 2010-05-27 01:12 12800 ----a-w- c:\documents and settings\Robert Anderson\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3347f80a-n\decora-d3d.dll
2010-05-27 01:12 . 2006-01-21 20:47 -------- d-----w- c:\program files\Java
2010-05-25 13:26 . 2006-03-05 22:00 46864 -c--a-w- c:\documents and settings\Robert Anderson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-25 05:38 . 2010-05-07 03:50 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Adobe(2)
2010-05-25 05:37 . 2006-01-21 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2010-05-25 05:37 . 2006-01-21 20:58 -------- d-----w- c:\program files\Common Files\AOL
2010-05-23 21:28 . 2006-10-14 18:11 -------- d-----w- c:\program files\CCleaner
2010-05-07 05:11 . 2006-01-21 20:59 -------- d-----w- c:\program files\Common Files\Intuit
2010-05-07 03:55 . 2010-05-07 03:55 -------- d-----w- c:\documents and settings\Robert Anderson\Application Data\Malwarebytes
2010-05-07 03:55 . 2010-05-07 03:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-09-16 21:23 . 2008-09-16 21:23 33346 ----a-w- c:\program files\Uninstal.log
2009-07-10 03:15 . 2006-03-05 21:59 56 --sh--r- c:\windows\system32\9712AEF766.sys
2009-07-10 03:15 . 2006-03-05 21:59 3558 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-27 68856]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1191936]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-29 198160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-07-03 1232152]

c:\documents and settings\Robert Anderson\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-4-4 344064]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2009-11-20 1470480]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 23:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 08:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2009-09-29 04:20 222728 ----a-w- c:\program files\real\realplayer\realplay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/26/2008 10:05 AM 96520]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/26/2008 10:04 AM 231192]
R2 Belkin 54g Wireless USB Network Adapter Service;Belkin 54g Wireless USB Network Adapter;c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe [5/27/2010 8:08 PM 49152]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [4/27/2009 6:49 AM 78104]
R3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;c:\windows\system32\drivers\rt2500usb.sys [5/27/2010 8:08 PM 140416]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder

2010-06-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://sandiego.cox.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKCU-Run-Protection Center - c:\program files\Protection Center\cntprot.exe
HKLM-Run-ISUSPM Startup - c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe
MSConfigStartUp-MimBoot - c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe
MSConfigStartUp-MMTray - c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
AddRemove-Dell Game Console - c:\program files\WildTangent\Apps\Dell Game Console\Uninstall.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-10 19:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3140)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\windows\eHome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-06-10 19:49:04 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-11 02:49

Pre-Run: 39,615,213,568 bytes free
Post-Run: 39,648,698,368 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 843CEA68799790E7D67337ED1B9BA4C7
km2357
2010-06-11, 20:20
ComboFix definitely helped out a lot, but we still have some more to do. :)

AVG 8 still looks to be out of date, please update it if you haven't already.

Step # 1 Upload Files

Go to Jotti (http://virusscan.jotti.org)
Copy the following line into the white textbox:
c:\program files\ypp_3788625.bat
Click Submit.
Please post the results of this scan to this thread.


If Jotti is busy, Go to VirusTotal (http://www.virustotal.com/en/indexf.html) and scan the file(s) there.
sand man
2010-06-12, 18:34
Here are the results. I will update AVG but wanted to send this first

thanks for you continued help.



Jotti's malware scan
Filename: ypp_3788625.bat
Status: Scan finished. 0 out of 19 scanners reported malware.
Scan taken on: Sat 12 Jun 2010 18:30:50 (CET) Permalink



--------------------------------------------------------------------------------
Additional info
File size: 141 bytes
Filetype: MS-DOS batch file text
MD5: 6a729099258cb406fa1bed5255ea82fd
SHA1: e3e45141975e811b1aa55f516ecb3227f595c2bc







Scanners
2010-06-11 Found nothing 2010-06-12 Found nothing
2010-06-12 Found nothing 2010-06-12 Found nothing
2010-06-11 Found nothing 2010-06-12 Found nothing
2010-06-11 Found nothing 2010-06-12 Found nothing
2010-06-12 Found nothing 2010-06-12 Found nothing
2010-06-12 Found nothing 2010-06-11 Found nothing
2010-06-12 Found nothing 2010-06-12 Found nothing
2010-06-12 Found nothing 2010-06-11 Found nothing
2010-06-11 Found nothing 2010-06-11 Found nothing
2010-06-12 Found nothing



--------------------------------------------------------------------------------



Scan a file - Hash search - Frequently Asked Questions - Privacy policy

© 2004-2010 Jotti <jotti@jotti.org>
km2357
2010-06-12, 19:09
Step # 1 Remove old versions of Java

Older Java versions have vulnerabilities and need to be removed.

Go to Start-Settings-Control Panel, click on Add Remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on remove. Then close the Control Panel.

Java 2 Runtime Environment, SE v1.4.2_03

J2SE Runtime Environment 5.0 Update 17

Reboot your Computer.



Step # 2 Run CCleaner

CCleaner will remove everything from the temp/temporary folders but please note that it will not make back ups!


Before first use, select Options > Advanced and UNCHECK Only delete files in Windows Temp folder older than 24 hours
Then select the items you wish to clean up.

In the Windows Tab:

Clean all entries in the Internet Explorer section except Cookies
Clean all the entries in the Windows Explorer section
Clean all entries in the System section
Clean all entries in the Advanced section
Clean any others that you choose

In the Applications Tab:

Clean all except cookies in the Firefox/Mozilla section if you use it
Clean all in the Opera section if you use it
Clean Sun Java in the Internet Section
Clean any others that you choose

Click the Run Cleaner button.
A pop up box will appear advising this process will permanently delete files from your system.
Click OK and it will scan and clean your system.
Click exit when done.
If it asks you to reboot at the end, click NO



Step # 3 Run Malwarebytes' Anti-Malware

Launch Malwarebytes' Anti-Malware.
Before running a scan, click the Update tab, next click Check for Updates to download any updates, if available.
Next click the Scanner tab and select Perform Quick Scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location.
You can also access the log by doing the following:

Click on the Malwarebytes' Anti-Malware icon to launch the program.
Click on the Logs tab.
Click on the log at the bottom of those listed to highlight it.
Click Open.


In your next post/reply, I need to see the following:

1. MalwareBytes' Log
2. A fresh DDS Log
sand man
2010-06-13, 18:39
KM2357 - I think I got it all

Upgraded to AVG 9, removed java programs, ran CCleaner and malware bytes. here are two logs

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4152

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/12/2010 9:03:57 PM
mbam-log-2010-06-12 (21-03-57).txt

Scan type: Full scan (C:\|)
Objects scanned: 251304
Time elapsed: 58 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/4/2006 9:55:50 AM
System Uptime: 6/13/2010 9:28:35 AM (0 hours ago)

Motherboard: Dell Inc. | | 0WG261
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 144 GiB total, 36.019 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA

==== System Restore Points ===================

RP1088: 3/30/2010 8:25:43 PM - System Checkpoint
RP1089: 3/31/2010 7:47:20 AM - System Checkpoint
RP1090: 3/31/2010 8:07:21 AM - Software Distribution Service 3.0
RP1091: 4/1/2010 8:10:34 AM - System Checkpoint
RP1092: 4/7/2010 6:33:11 PM - System Checkpoint
RP1093: 4/8/2010 6:51:27 PM - System Checkpoint
RP1094: 4/10/2010 6:50:18 PM - System Checkpoint
RP1095: 4/11/2010 6:55:46 PM - System Checkpoint
RP1096: 4/13/2010 7:20:38 PM - System Checkpoint
RP1097: 4/13/2010 9:28:45 PM - Software Distribution Service 3.0
RP1098: 4/14/2010 10:00:03 PM - Software Distribution Service 3.0
RP1099: 4/16/2010 11:49:38 AM - System Checkpoint
RP1100: 4/17/2010 1:45:02 PM - System Checkpoint
RP1101: 4/18/2010 3:22:28 PM - System Checkpoint
RP1102: 4/19/2010 6:39:02 PM - System Checkpoint
RP1103: 4/20/2010 7:08:18 PM - System Checkpoint
RP1104: 4/21/2010 7:57:56 PM - System Checkpoint
RP1105: 4/22/2010 8:22:44 PM - System Checkpoint
RP1106: 4/24/2010 9:09:56 AM - System Checkpoint
RP1107: 4/25/2010 2:13:20 PM - System Checkpoint
RP1108: 4/26/2010 5:19:28 PM - System Checkpoint
RP1109: 4/27/2010 9:16:07 PM - System Checkpoint
RP1110: 4/29/2010 7:36:19 AM - System Checkpoint
RP1111: 4/30/2010 8:00:07 AM - System Checkpoint
RP1112: 5/1/2010 8:06:41 AM - System Checkpoint
RP1113: 5/2/2010 11:31:39 AM - System Checkpoint
RP1114: 5/3/2010 5:13:16 PM - System Checkpoint
RP1115: 5/4/2010 6:18:35 PM - System Checkpoint
RP1116: 5/6/2010 5:07:32 PM - System Checkpoint
RP1117: 5/6/2010 8:25:02 PM - Restore Operation
RP1118: 5/6/2010 10:07:03 PM - Removed DING!
RP1119: 5/6/2010 10:10:43 PM - Removed QuickBooks
RP1120: 5/8/2010 10:40:19 AM - System Checkpoint
RP1121: 5/8/2010 11:11:42 AM - Removed Musicmatch for Windows Media Player
RP1122: 5/9/2010 3:09:49 PM - System Checkpoint
RP1123: 5/10/2010 4:45:16 PM - System Checkpoint
RP1124: 5/11/2010 5:38:14 PM - System Checkpoint
RP1125: 5/12/2010 8:18:28 AM - Software Distribution Service 3.0
RP1126: 5/13/2010 8:25:16 AM - System Checkpoint
RP1127: 5/14/2010 2:26:08 PM - System Checkpoint
RP1128: 5/15/2010 3:19:41 PM - System Checkpoint
RP1129: 5/17/2010 7:27:06 AM - System Checkpoint
RP1130: 5/18/2010 7:33:12 AM - System Checkpoint
RP1131: 5/19/2010 4:10:36 PM - System Checkpoint
RP1132: 5/21/2010 5:06:03 PM - System Checkpoint
RP1133: 5/22/2010 8:45:33 PM - System Checkpoint
RP1134: 5/23/2010 9:06:30 PM - System Checkpoint
RP1135: 5/24/2010 10:25:50 PM - Restore Operation
RP1136: 5/24/2010 10:35:07 PM - Restore Operation
RP1137: 5/26/2010 9:31:00 AM - System Checkpoint
RP1138: 5/26/2010 6:06:48 PM - Removed DING!
RP1139: 5/26/2010 6:12:02 PM - Installed Java(TM) 6 Update 20
RP1140: 5/27/2010 8:08:47 PM - Installed Belkin 54g USB Network Adapter
RP1141: 5/31/2010 3:43:37 PM - System Checkpoint
RP1142: 6/1/2010 5:57:05 PM - System Checkpoint
RP1143: 6/5/2010 10:08:58 AM - Restore Operation
RP1144: 6/6/2010 12:08:54 PM - Software Distribution Service 3.0
RP1145: 6/7/2010 6:48:15 PM - System Checkpoint
RP1146: 6/8/2010 8:41:08 PM - System Checkpoint
RP1147: 6/10/2010 8:56:23 AM - System Checkpoint
RP1148: 6/11/2010 8:07:09 AM - Software Distribution Service 3.0
RP1149: 6/12/2010 10:05:32 AM - Installed AVG Free 9.0
RP1150: 6/12/2010 10:13:13 AM - Avg Update
RP1151: 6/12/2010 5:02:34 PM - Removed J2SE Runtime Environment 5.0 Update 17
RP1152: 6/12/2010 5:03:25 PM - Removed Java 2 Runtime Environment, SE v1.4.2_03

==== Installed Programs ======================

AccompanEase
Adobe Flash Player 10 ActiveX
Adobe Reader 7.1.0
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
AVG Free 9.0
Belkin 54g USB Network Adapter
Bonjour
Burger Island
Canon iP4300
Canon iP4300 User Registration
Canon My Printer
Canon Setup Utility 2.3
Canon Utilities Easy-PhotoPrint
CCleaner
CCScore
Compatibility Pack for the 2007 Office system
Delicious 2 Deluxe
Delicious 2 Deluxe (remove only)
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Digital Content Portal
Diner Dash - Flo on the Go
Easy-WebPrint
EducateU
eGames Toolbar
ELIcon
EPSON Printer Software
ESPNMotion
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
fflink
Garmin City Navigator North America NT 2009 Update
Garmin Communicator Plugin
Garmin WebUpdater
Google AFE
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) 537EP V9x DF PCI Modem
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
iPod for Windows 2006-01-10
iTunes
iWin Games (remove only)
iWin Toolbar
Java Auto Updater
Java(TM) 6 Update 20
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kid Pix Deluxe 3
Kodak EasyShare software
KSU
Learn2 Player (Uninstall Only)
Lernout & Hauspie TruVoice American English TTS Engine
Macromedia Flash Player
Malwarebytes' Anti-Malware
Mavis Beacon Teaches Typing 15
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 3.0 Runtime
Modem Event Monitor
Modem Helper
Modem On Hold
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch for Windows Media Player
MY CAMERA
Nanny Mania
netbrdg
Notifier
OfotoXMI
Otto
PowerDVD 5.5
Qualxserve Service Agreement
QuickBooks Simple Start Special Edition
QuickTime
RealPlayer
Sandlot Games Client Services
Scholastic's I SPY Fantasy
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
SFR
SHASTA
SKIN0001
SKINXSDK
Sonic Encoders
Sony Picture Utility
Sony USB Driver
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
staticcr
The Sims™ 3
tooltips
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
VPN Client
VPRINTOL
WebFldrs XP
Windows Driver Package - Camera Maker (MR97310_USB_DUAL_CAMERA) Image (05/02/2006 2.0.1.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB919803
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WIRELESS
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

6/9/2010 4:29:39 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
6/9/2010 4:29:38 PM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
6/9/2010 4:28:12 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Workstation service to connect.
6/9/2010 4:28:12 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Audio service to connect.
6/9/2010 4:28:12 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Task Scheduler service to connect.
6/9/2010 4:28:12 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Shell Hardware Detection service to connect.
6/9/2010 4:28:12 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Background Intelligent Transfer Service service to connect.
6/9/2010 4:28:12 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
6/9/2010 4:28:12 PM, error: Service Control Manager [7000] - The Workstation service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/9/2010 4:28:12 PM, error: Service Control Manager [7000] - The Windows Audio service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/9/2010 4:28:12 PM, error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/9/2010 4:28:12 PM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/8/2010 7:05:53 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
6/8/2010 10:05:05 PM, error: Print [6161] - The document http://forums.spybot.info/showthread.php?p=373705#post373705 owned by me failed to print on printer Canon iP4300. Data type: NT EMF 1.008. Size of the spool file in bytes: 4421272. Number of bytes printed: 604416. Total number of pages in the document: 26. Number of pages printed: 0. Client machine: \\DELL. Win32 error code returned by the print processor: 13 (0xd).
6/6/2010 12:34:04 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
6/6/2010 12:34:04 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
6/6/2010 12:33:52 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Wireless Zero Configuration service to connect.
6/6/2010 12:33:52 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Themes service to connect.
6/6/2010 12:33:52 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the DHCP Client service to connect.
6/6/2010 12:33:52 PM, error: Service Control Manager [7000] - The Wireless Zero Configuration service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/6/2010 12:33:52 PM, error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/6/2010 12:33:52 PM, error: Service Control Manager [7000] - The DHCP Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/12/2010 9:46:49 AM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service COMSysApp with arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}
6/12/2010 9:24:58 AM, error: Print [6161] - The document http://www.foodnetwork.com/food/cda/recipe_print/0,1946,FOOD_99 owned by me failed to print on printer Canon iP4300. Data type: NT EMF 1.008. Size of the spool file in bytes: 254784. Number of bytes printed: 204172. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\DELL. Win32 error code returned by the print processor: 13 (0xd).
6/10/2010 7:39:51 PM, error: PlugPlayManager [11] - The device Root\LEGACY_KXCJO\0000 disappeared from the system without first being prepared for removal.
6/10/2010 7:27:41 PM, error: Service Control Manager [7031] - The Belkin 54g Wireless USB Network Adapter service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

==== End Of File ===========================
km2357
2010-06-14, 04:02
The database version you used in your MalwareBytes' scan is out of date (4152), the latest version is in the 4190's.

Please do another Quick Scan with MalwareBytes', before running a scan, click the Update tab, next click Check for Updates to download any updates, if available. Post back the new MBAM Log in your next post/reply.

You also posted the Attach.txt Log, I needed to see the DDS.txt (the main DDS Log). Go ahead and run DDS again and post the main log in your next post/reply. :)



Step # 1 Update Adobe Acrobat Reader

There is a newer version of Adobe Acrobat Reader available. (See Note below)


First, go to Add/Remove Programs and uninstall Adobe Reader 7.1.0.
Please go to this link Adobe Acrobat Reader Download Link (http://www.adobe.com/products/acrobat/readstep2.html)
On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
Click the Continue button
Click Run, and click Run again
Next click the Install Now button and follow the on screen prompts

Note: Adobe 9.3.2 is a large program and if you prefer a smaller program you can get Foxit 3.3.0 instead from http://www.foxitsoftware.com/downloads/index.php

If you decide to install Foxit 3.3.0 instead of Adobe, do the following during Foxit's Setup/Installation process:

Uncheck the following boxes:

I accept the License Terms and want to install Foxit Toolbar

Make Ask.com my default search

Create desktop, quick launch and start menu icon to eBay



Step # 2: Run Kaspersky Online Scan

Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.


In your next post/reply, I need to see the following:

1. Kaspersky Log
2. The new MalwareBytes' Log
3. A fresh DDS Log
4. How is your computer doing, any problems?
tashi
2010-06-17, 19:39
sand man this thread has been archived due to inactivity.

As it has been four days or more since your last post, and the helper assisting you posted a response to which you did not reply, your topic will not be re-opened. If you still require help, please start a new topic and include a DDS log with a link to your previous thread.

Please do not add any logs that might have been requested previously, you would be starting fresh.

Applies only to the original poster, anyone else with similar problems please start your own topic.

Thank you km2357. :)