Google search redirect

G

GabeM

New member
Hello,

I've been having an issue where Google search results are being redirected whenever I click on a link. I've run Spybot, CCleaner, and Ad Aware without the problem being fixed. I have followed the instructions in "BEFORE you POST" and here are the results of my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:17:06 PM, on 1/9/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2070625
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2070625
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Gabe & Jessica\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8F5586D-7A35-40C5-85E7-C689A1FAB24D}: NameServer = 68.105.28.12,68.105.29.12
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c983ebca928344) (gupdate1c983ebca928344) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9287 bytes
 
Hi,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.


Download GMER here by clicking download exe -button and then saving it your desktop:
  • Double-click .exe that you downloaded
  • Click rootkit-tab and then scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.
 
DDS.txt

DDS (Ver_09-12-01.01) - NTFSx86
Run by Gabe & Jessica at 17:19:59.34 on Thu 01/14/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.958.311 [GMT -8:00]

AV: avast! antivirus 4.8.1296 [VPS 100109-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Gabe & Jessica\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Gabe & Jessica\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gabe & Jessica\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gabe & Jessica\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gabe & Jessica\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gabe & Jessica\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gabe & Jessica\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gabe & Jessica\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gabe & Jessica\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gabe & Jessica\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
I:\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2070625
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [Aim6]
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [Google Update] "c:\documents and settings\gabe & jessica\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\gabe&j~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: {D8F5586D-7A35-40C5-85E7-C689A1FAB24D} = 68.105.28.12,68.105.29.12
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\gabe&j~1\applic~1\mozilla\firefox\profiles\67xm9zfk.default\
FF - prefs.js: browser.startup.homepage - hxxp://chud.com/articles/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\gabe & jessica\application data\mozilla\firefox\profiles\67xm9zfk.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\documents and settings\gabe & jessica\application data\mozilla\firefox\profiles\67xm9zfk.default\extensions\{e0b8c461-f8fb-49b4-8373-fe32e9252800}\platform\winnt_x86-msvc\components\enbar3.dll
FF - component: c:\documents and settings\gabe & jessica\application data\mozilla\firefox\profiles\67xm9zfk.default\extensions\fotofox@mozilla.com\platform\winnt_x86-msvc\components\mozFotofox.dll
FF - component: c:\documents and settings\gabe & jessica\application data\mozilla\firefox\profiles\67xm9zfk.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dll
FF - component: c:\program files\mozilla firefox 3 beta 5\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\gabe & jessica\application data\mozilla\firefox\profiles\67xm9zfk.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\documents and settings\gabe & jessica\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.133.37\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox 3 beta 5\plugins\nplalaDl.dll
FF - plugin: c:\program files\mozilla firefox 3 beta 5\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox 3 beta 5\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-9 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-17 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-17 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2007-11-18 155160]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-1-15 204800]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-6-25 1247600]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-19 24652]
S2 gupdate1c983ebca928344;Google Update Service (gupdate1c983ebca928344);c:\program files\google\update\GoogleUpdate.exe [2009-1-31 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2007-11-18 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2007-11-18 352920]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-1-31 30192]

=============== Created Last 30 ================

2010-01-10 04:22:09 0 d-----w- c:\program files\Trend Micro
2010-01-10 03:12:51 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-10 01:40:30 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-10 01:38:08 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-10 01:37:33 0 d-----w- c:\program files\Lavasoft
2010-01-09 18:47:18 771688 ----a-w- c:\windows\system32\xa.tmp
2010-01-08 01:19:17 876544 ----a-w- c:\windows\system32\TEACico2.dll
2009-12-27 00:51:42 0 d-----w- c:\program files\iPod
2009-12-20 01:43:47 0 d-----w- c:\program files\common files\DivX Shared

==================== Find3M ====================

2010-01-08 02:12:19 43144 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-23 00:28:06 256 ----a-w- c:\documents and settings\gabe & jessica\pool.bin
2009-11-14 00:47:32 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47:28 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47:28 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47:28 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47:28 696320 ----a-w- c:\windows\system32\DivX.dll
2009-10-28 14:36:11 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-28 14:36:11 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-10-28 06:54:16 634632 ------w- c:\windows\system32\dllcache\iexplore.exe
2009-10-28 06:52:46 161792 ------w- c:\windows\system32\dllcache\ieakui.dll

============= FINISH: 17:22:48.72 ===============
 
Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 6/28/2007 6:20:23 AM
System Uptime: 1/14/2010 5:14:41 PM (0 hours ago)

Motherboard: Dell Inc | |
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3600+ | Socket M2 | 1903/1000mhz
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3600+ | Socket M2 | 1904/1000mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 71 GiB total, 50.031 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is FIXED (FAT32) - 279 GiB total, 122.323 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP774: 10/11/2009 10:51:53 PM - System Checkpoint
RP775: 10/13/2009 12:02:57 AM - System Checkpoint
RP776: 10/14/2009 3:00:21 AM - Software Distribution Service 3.0
RP777: 10/15/2009 3:40:55 AM - System Checkpoint
RP778: 10/16/2009 4:10:42 AM - System Checkpoint
RP779: 10/18/2009 8:14:10 PM - System Checkpoint
RP780: 10/19/2009 8:29:50 PM - System Checkpoint
RP781: 10/20/2009 8:40:12 PM - System Checkpoint
RP782: 10/23/2009 7:12:50 AM - System Checkpoint
RP783: 10/24/2009 7:36:04 AM - System Checkpoint
RP784: 10/25/2009 7:54:02 AM - System Checkpoint
RP785: 10/26/2009 8:02:58 AM - System Checkpoint
RP786: 10/27/2009 9:02:04 AM - System Checkpoint
RP787: 10/28/2009 9:49:27 AM - System Checkpoint
RP788: 10/29/2009 10:41:15 AM - System Checkpoint
RP789: 10/30/2009 11:30:32 AM - System Checkpoint
RP790: 10/31/2009 11:43:34 AM - System Checkpoint
RP791: 11/2/2009 8:04:41 AM - System Checkpoint
RP792: 11/3/2009 8:47:25 AM - System Checkpoint
RP793: 11/4/2009 4:00:20 AM - Software Distribution Service 3.0
RP794: 11/5/2009 4:45:29 AM - System Checkpoint
RP795: 11/6/2009 5:20:59 AM - System Checkpoint
RP796: 11/7/2009 6:20:59 AM - System Checkpoint
RP797: 11/8/2009 2:10:43 PM - System Restore 110809
RP798: 11/9/2009 3:15:26 PM - System Checkpoint
RP799: 11/10/2009 3:53:08 PM - System Checkpoint
RP800: 11/10/2009 8:53:57 PM - Software Distribution Service 3.0
RP801: 11/11/2009 9:32:35 PM - System Checkpoint
RP802: 11/12/2009 10:32:26 PM - System Checkpoint
RP803: 11/13/2009 11:20:34 PM - System Checkpoint
RP804: 11/15/2009 12:20:35 AM - System Checkpoint
RP805: 11/16/2009 1:20:28 AM - System Checkpoint
RP806: 11/17/2009 2:20:46 AM - System Checkpoint
RP807: 11/18/2009 2:54:55 AM - System Checkpoint
RP808: 11/19/2009 3:42:56 AM - System Checkpoint
RP809: 11/20/2009 4:42:56 AM - System Checkpoint
RP810: 11/21/2009 5:42:56 AM - System Checkpoint
RP811: 11/22/2009 6:42:49 AM - System Checkpoint
RP812: 11/22/2009 4:17:48 PM - Installed BlackBerry Desktop Software 5.0.1.
RP813: 11/22/2009 4:20:02 PM - Removed BlackBerry Desktop Software 4.2
RP814: 11/23/2009 4:42:57 PM - System Checkpoint
RP815: 11/24/2009 8:34:51 PM - Installed Java(TM) 6 Update 17
RP816: 11/25/2009 3:00:42 AM - Software Distribution Service 3.0
RP817: 11/26/2009 3:25:21 AM - System Checkpoint
RP818: 11/27/2009 4:25:27 AM - System Checkpoint
RP819: 11/27/2009 10:37:38 AM - Removed BlackBerry® Media Sync
RP820: 11/27/2009 10:37:45 AM - Installed BlackBerry® Media Sync
RP821: 11/27/2009 10:45:43 AM - Installed Roxio Media Manager
RP822: 11/28/2009 11:30:10 AM - System Checkpoint
RP823: 11/29/2009 11:39:56 AM - System Checkpoint
RP824: 11/30/2009 12:01:44 PM - System Checkpoint
RP825: 12/1/2009 1:01:44 PM - System Checkpoint
RP826: 12/2/2009 2:01:44 PM - System Checkpoint
RP827: 12/3/2009 3:33:57 PM - System Checkpoint
RP828: 12/4/2009 4:01:44 PM - System Checkpoint
RP829: 12/5/2009 5:01:45 PM - System Checkpoint
RP830: 12/6/2009 5:12:05 PM - System Checkpoint
RP831: 12/7/2009 7:09:19 PM - System Checkpoint
RP832: 12/8/2009 8:05:56 PM - System Checkpoint
RP833: 12/9/2009 6:02:04 PM - Software Distribution Service 3.0
RP834: 12/10/2009 3:00:21 AM - Software Distribution Service 3.0
RP835: 12/11/2009 3:21:46 AM - System Checkpoint
RP836: 12/12/2009 3:33:37 AM - System Checkpoint
RP837: 12/13/2009 4:21:38 AM - System Checkpoint
RP838: 12/14/2009 4:45:14 AM - System Checkpoint
RP839: 12/15/2009 5:45:06 AM - System Checkpoint
RP840: 12/16/2009 5:47:07 AM - System Checkpoint
RP841: 12/17/2009 6:47:09 AM - System Checkpoint
RP842: 12/18/2009 7:18:16 AM - System Checkpoint
RP843: 12/19/2009 7:48:14 AM - System Checkpoint
RP844: 12/20/2009 8:16:28 AM - System Checkpoint
RP845: 12/21/2009 8:30:34 AM - System Checkpoint
RP846: 12/22/2009 9:30:27 AM - System Checkpoint
RP847: 12/23/2009 10:30:28 AM - System Checkpoint
RP848: 12/24/2009 11:37:37 AM - System Checkpoint
RP849: 12/25/2009 12:30:29 PM - System Checkpoint
RP850: 12/26/2009 12:44:26 PM - System Checkpoint
RP851: 12/27/2009 1:12:22 PM - System Checkpoint
RP852: 12/28/2009 2:12:22 PM - System Checkpoint
RP853: 12/29/2009 3:26:00 PM - System Checkpoint
RP854: 12/30/2009 4:12:14 PM - System Checkpoint
RP855: 12/31/2009 5:12:15 PM - System Checkpoint
RP856: 1/1/2010 7:25:37 PM - System Checkpoint
RP857: 1/2/2010 8:12:07 PM - System Checkpoint
RP858: 1/3/2010 9:12:07 PM - System Checkpoint
RP859: 1/4/2010 9:13:50 PM - System Checkpoint
RP860: 1/6/2010 7:46:01 AM - System Checkpoint
RP861: 1/7/2010 8:09:49 AM - System Checkpoint
RP862: 1/7/2010 5:19:23 PM - Installed 32 bit Windows Card Reader Driver
RP863: 1/8/2010 5:48:06 PM - System Checkpoint

==== Installed Programs ======================

µTorrent
32 bit Windows Card Reader Driver
AAC Decoder
Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 7.0.8
Adobe Shockwave Player
AIM 6
Amazon MP3 Downloader 1.0.3
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
avast! Antivirus
BlackBerry Desktop Software 5.0.1
BlackBerry Device Software v4.5.0 for the BlackBerry 8100 smartphone
BlackBerry® Media Sync
Bonjour
Broadcom Management Programs
CCleaner (remove only)
CCScore
CDisplay 1.8
Critical Update for Windows Media Player 11 (KB959772)
Dell CinePlayer
Dell Support 3.2.1
Dell System Restore
DivX Codec
DivX Converter
DivX Plus DirectShow Filters
DivX Plus Web Player
DivX Version Checker
DVD Decrypter (Remove Only)
DVD Shrink 3.2
ERUNT 1.1j
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Evernote
fflink
Flickr Uploadr 3.0.5
FoxyTunes for Firefox
Google Chrome
Google Desktop
Google Gears
Google Update Helper
H.264 Decoder
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
ImgBurn
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 17
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
Lala Music Mover
Learn2 Player (Uninstall Only)
LimeWire 4.16.6
Linksys EasyLink Advisor
Linksys Updater
LP Recorder
LP Ripper
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MKV Splitter
MobileMe Control Panel
Mozilla Firefox (3.5.7)
Mozilla Sunbird (0.9)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
netbrdg
NVIDIA Drivers
OfotoXMI
OpenOffice.org 3.0
Picasa 3
Pure Networks Platform
Qualxserve Service Agreement
QuickTime
RealPlayer Basic
RocketDock 1.3.5
Roxio DLA
Roxio Media Manager
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SearchAssist
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
SFR
SHASTA
skin0001
SKINXSDK
Sonic Activation Module
Sonic Update Manager
Spybot - Search & Destroy
staticcr
Symantec KB-DocID:2003093015493306
SyncBack
tooltips
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URL Assistant
VC80CRTRedist - 8.0.50727.4053
VideoLAN VLC media player 0.8.6c
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPRINTOL
Wave Corrector DeClick version 1.0
WebEx Support Manager for Internet Explorer
WebFldrs XP
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Presentation Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinZip 11.2
WIRELESS
XML Paper Specification Shared Components Pack 1.0
Xvid 1.1.3 final uninstall

==== Event Viewer Messages From Past Week ========

1/9/2010 9:06:56 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.
1/9/2010 9:06:56 PM, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/9/2010 5:49:35 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Mail Scanner service to connect.
1/9/2010 5:49:35 PM, error: Service Control Manager [7000] - The avast! Mail Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/9/2010 5:44:53 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.
1/9/2010 5:44:05 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
1/9/2010 5:44:05 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
1/9/2010 5:42:25 PM, error: Service Control Manager [7000] - The Lbd service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================
 
After finishing with DDS I ran GMER (took about an hour and a half) and ran into problems once the report was generated. I was trying to save it in a notepad file when my system began to hang. I then got a BSOD saying I had to restart Windows. I rebooted my system hoping the log would still be on the clipboard, but no luck.

I started running GMER a second time and it still has not finished the scan. It's now been nearly 3 hours. I'm going to be going to bed soon and wanted to give an update. Hopefully I didn't make things worse by running it twice. I'll check on it in the morning and post the results as soon as I can.

I really appreciate the help. I don't know what I would do without it.
 
Gmer

I stuck it out a bit longer and it finally finished. I managed to save it this time, but when I opened up my browser my system got hung up again. I did a restart and now here is the zip.
 
Hello,

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent
LimeWire


I'd like you to read this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).


After that:


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
 
ComboxFix.txt

ComboFix 10-01-14.07 - Gabe & Jessica 01/15/2010 9:08.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.958.432 [GMT -8:00]
Running from: c:\documents and settings\Gabe & Jessica\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 100115-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\xa.tmp

.
((((((((((((((((((((((((( Files Created from 2009-12-15 to 2010-01-15 )))))))))))))))))))))))))))))))
.

2010-01-10 04:22 . 2010-01-10 04:22 -------- d-----w- c:\program files\Trend Micro
2010-01-10 04:21 . 2010-01-10 04:22 -------- d-----w- c:\program files\ERUNT
2010-01-10 03:12 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-10 01:40 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-10 01:38 . 2009-12-07 14:10 2953352 -c--a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2010-01-10 01:38 . 2010-01-10 01:38 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-10 01:37 . 2010-01-10 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-10 01:37 . 2010-01-10 01:37 -------- d-----w- c:\program files\Lavasoft
2010-01-08 01:19 . 2007-06-08 09:10 876544 ----a-w- c:\windows\system32\TEACico2.dll
2009-12-27 00:51 . 2009-12-27 00:51 -------- d-----w- c:\program files\iPod
2009-12-27 00:49 . 2009-12-27 00:49 -------- d-----w- c:\program files\QuickTime
2009-12-27 00:46 . 2009-12-27 00:46 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-20 01:43 . 2009-12-20 01:44 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-19 19:39 . 2009-12-19 19:39 -------- d-----w- c:\documents and settings\LocalService\Application Data\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 05:18 . 2008-04-03 01:06 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 5
2010-01-10 04:28 . 2009-04-26 17:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-10 04:24 . 2009-04-26 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-08 02:12 . 2008-10-12 15:51 43144 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-08 01:19 . 2008-04-19 18:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-08 01:14 . 2009-02-06 01:02 256 ----a-w- c:\windows\system32\pool.bin
2010-01-06 14:56 . 2008-04-03 01:09 -------- d-----w- c:\program files\Mozilla Sunbird
2009-12-27 00:52 . 2008-09-12 01:57 -------- d-----w- c:\program files\iTunes
2009-12-27 00:51 . 2008-08-28 00:41 -------- d-----w- c:\program files\Common Files\Apple
2009-12-21 04:42 . 2008-04-19 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-12-20 01:45 . 2007-08-20 01:35 -------- d-----w- c:\program files\DivX
2009-12-19 16:11 . 2009-08-24 04:59 670448 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-11 15:07 . 2009-12-11 14:42 -------- d-----w- c:\documents and settings\Gabe & Jessica\Application Data\Roxio
2009-12-11 14:42 . 2009-12-11 14:42 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2009-11-28 01:20 . 2007-06-28 13:20 56272 ----a-w- c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-27 18:48 . 2008-09-06 17:17 -------- d-----w- c:\documents and settings\Gabe & Jessica\Application Data\InstallShield
2009-11-27 18:47 . 2007-06-25 14:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-11-27 18:46 . 2007-06-25 14:12 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-11-27 18:46 . 2007-06-25 14:12 -------- d-----w- c:\program files\Roxio
2009-11-27 18:45 . 2009-11-27 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-11-27 18:37 . 2009-11-23 00:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2009-11-27 18:37 . 2007-12-10 03:48 -------- d-----w- c:\program files\Research In Motion
2009-11-27 18:36 . 2007-12-10 03:49 -------- d-----w- c:\documents and settings\Gabe & Jessica\Application Data\Research In Motion
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 49152 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\RedirectorEXE2_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-26 17:54 . 2009-11-23 00:18 69632 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\DesktopMgr.exe
2009-11-26 17:54 . 2009-11-23 00:18 49152 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\RedirectorEXE1_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-11-26 17:54 . 2009-11-23 00:18 49152 ----a-r- c:\documents and settings\Gabe & Jessica\Application Data\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\RedirectorEXE_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-11-26 05:14 . 2008-11-16 18:33 1 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-25 04:35 . 2007-06-25 14:02 -------- d-----w- c:\program files\Java
2009-11-25 04:34 . 2009-11-25 04:34 152576 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-25 04:34 . 2009-11-25 04:34 79488 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-23 00:30 . 2007-12-10 03:48 -------- d-----w- c:\documents and settings\Gabe & Jessica\Application Data\Blackberry Desktop
2009-11-23 00:28 . 2009-11-23 00:26 256 ----a-w- c:\documents and settings\Gabe & Jessica\pool.bin
2009-11-23 00:18 . 2007-12-10 03:48 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-11-18 19:26 . 2009-11-20 03:56 90112 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\entbcompose.dll
2009-11-18 19:26 . 2009-11-20 03:56 241664 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enclip.dll
2009-11-18 19:26 . 2009-11-20 03:56 167936 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enbar3.dll
2009-11-18 19:26 . 2009-11-20 03:56 114688 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\ENImaDLL.dll
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-03 19:46 . 2009-11-11 19:27 51200 ----a-w- c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\fotofox@mozilla.com\platform\WINNT_x86-msvc\components\mozFotofox.dll
2009-10-29 07:46 . 2004-08-10 17:51 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-10 17:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2004-08-10 17:50 17408 ----a-w- c:\windows\system32\corpol.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Google Update"="c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"nwiz"="nwiz.exe" [2006-08-23 1617920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-10-24 206112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-09 648504]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]

c:\documents and settings\Gabe & Jessica\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-01-31 21:16 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LELA]
2008-05-01 18:38 131072 ----a-w- c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2007-06-25 14:08 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"5900:TCP"= 5900:TCP:*:Disabled:vnc5900
"5800:TCP"= 5800:TCP:*:Disabled:vnc5800

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/9/2010 5:40 PM 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4/17/2008 6:12 PM 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/17/2008 6:12 PM 20560]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [1/15/2008 9:28 AM 204800]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/19/2008 8:09 AM 24652]
S2 gupdate1c983ebca928344;Google Update Service (gupdate1c983ebca928344);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2009 1:35 PM 133104]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/31/2009 1:16 PM 30192]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 5:19 AM 1181328]
.
Contents of the 'Scheduled Tasks' folder

2010-01-10 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-10 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-10 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-10 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:39]

2010-01-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-31 21:34]

2010-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-31 21:34]

2010-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-441016661-653199342-2991297117-1006Core.job
- c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 00:50]

2010-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-441016661-653199342-2991297117-1006UA.job
- c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 00:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {D8F5586D-7A35-40C5-85E7-C689A1FAB24D} = 68.105.28.12,68.105.29.12
FF - ProfilePath - c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\
FF - prefs.js: browser.startup.homepage - hxxp://chud.com/articles/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enbar3.dll
FF - component: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\fotofox@mozilla.com\platform\WINNT_x86-msvc\components\mozFotofox.dll
FF - component: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - component: c:\program files\Mozilla Firefox 3 Beta 5\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Gabe & Jessica\Application Data\Mozilla\Firefox\Profiles\67xm9zfk.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\documents and settings\Gabe & Jessica\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\nplalaDl.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-15 09:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x856D7841]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbfc3
\Driver\ACPI -> ACPI.sys @ 0xf735ecb8
\Driver\atapi -> atapi.sys @ 0xf73167b4
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x80581684
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x80581684
NDIS: Broadcom 440x 10/100 Integrated Controller -> SendCompleteHandler -> NDIS.sys @ 0xf71f2ba0
PacketIndicateHandler -> NDIS.sys @ 0xf71ffb21
SendHandler -> NDIS.sys @ 0xf71dd87b
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-441016661-653199342-2991297117-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(728)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1120)
c:\windows\system32\WININET.dll
c:\program files\RocketDock\RocketDock.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\stsystra.exe
c:\windows\system32\java.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-01-15 09:25:37 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-15 17:25

Pre-Run: 53,451,792,384 bytes free
Post-Run: 53,374,275,584 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 821A6FBDB2F64F94308066F04CA642C7
 
DDS.txt

DDS (Ver_09-12-01.01) - NTFSx86
Run by Gabe & Jessica at 9:26:32.45 on Fri 01/15/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.958.496 [GMT -8:00]

AV: avast! antivirus 4.8.1296 [VPS 100115-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\java.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Gabe & Jessica\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [Google Update] "c:\documents and settings\gabe & jessica\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\gabe&j~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: {D8F5586D-7A35-40C5-85E7-C689A1FAB24D} = 68.105.28.12,68.105.29.12
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\gabe&j~1\applic~1\mozilla\firefox\profiles\67xm9zfk.default\
FF - prefs.js: browser.startup.homepage - hxxp://chud.com/articles/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\gabe & jessica\application data\mozilla\firefox\profiles\67xm9zfk.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\documents and settings\gabe & jessica\application data\mozilla\firefox\profiles\67xm9zfk.default\extensions\{e0b8c461-f8fb-49b4-8373-fe32e9252800}\platform\winnt_x86-msvc\components\enbar3.dll
FF - component: c:\documents and settings\gabe & jessica\application data\mozilla\firefox\profiles\67xm9zfk.default\extensions\fotofox@mozilla.com\platform\winnt_x86-msvc\components\mozFotofox.dll
FF - component: c:\documents and settings\gabe & jessica\application data\mozilla\firefox\profiles\67xm9zfk.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dll
FF - component: c:\program files\mozilla firefox 3 beta 5\components\GoogleDesktopMozilla.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox 3 beta 5\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-9 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-17 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-17 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2007-11-18 155160]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-1-15 204800]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-6-25 1247600]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-19 24652]
S2 gupdate1c983ebca928344;Google Update Service (gupdate1c983ebca928344);c:\program files\google\update\GoogleUpdate.exe [2009-1-31 133104]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2007-11-18 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2007-11-18 352920]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-1-31 30192]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]

=============== Created Last 30 ================

2010-01-15 17:06:34 0 d-sha-r- C:\cmdcons
2010-01-15 17:05:11 98816 ----a-w- c:\windows\sed.exe
2010-01-15 17:05:11 77312 ----a-w- c:\windows\MBR.exe
2010-01-15 17:05:11 261632 ----a-w- c:\windows\PEV.exe
2010-01-15 17:05:11 161792 ----a-w- c:\windows\SWREG.exe
2010-01-10 04:22:09 0 d-----w- c:\program files\Trend Micro
2010-01-10 03:12:51 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-10 01:40:30 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-10 01:38:08 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-10 01:37:33 0 d-----w- c:\program files\Lavasoft
2010-01-08 01:19:17 876544 ----a-w- c:\windows\system32\TEACico2.dll
2009-12-27 00:51:42 0 d-----w- c:\program files\iPod
2009-12-20 01:43:47 0 d-----w- c:\program files\common files\DivX Shared

==================== Find3M ====================

2010-01-08 02:12:19 43144 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-23 00:28:06 256 ----a-w- c:\documents and settings\gabe & jessica\pool.bin
2009-11-14 00:47:32 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47:28 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47:28 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47:28 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47:28 696320 ----a-w- c:\windows\system32\DivX.dll
2009-10-28 14:36:11 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-28 14:36:11 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-10-28 06:54:16 634632 ------w- c:\windows\system32\dllcache\iexplore.exe
2009-10-28 06:52:46 161792 ------w- c:\windows\system32\dllcache\ieakui.dll

============= FINISH: 9:28:52.28 ===============
 
Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 6/28/2007 6:20:23 AM
System Uptime: 1/15/2010 9:17:22 AM (0 hours ago)

Motherboard: Dell Inc | |
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3600+ | Socket M2 | 1904/1000mhz
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3600+ | Socket M2 | 1904/1000mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 71 GiB total, 49.72 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is FIXED (FAT32) - 279 GiB total, 122.32 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP774: 10/11/2009 10:51:53 PM - System Checkpoint
RP775: 10/13/2009 12:02:57 AM - System Checkpoint
RP776: 10/14/2009 3:00:21 AM - Software Distribution Service 3.0
RP777: 10/15/2009 3:40:55 AM - System Checkpoint
RP778: 10/16/2009 4:10:42 AM - System Checkpoint
RP779: 10/18/2009 8:14:10 PM - System Checkpoint
RP780: 10/19/2009 8:29:50 PM - System Checkpoint
RP781: 10/20/2009 8:40:12 PM - System Checkpoint
RP782: 10/23/2009 7:12:50 AM - System Checkpoint
RP783: 10/24/2009 7:36:04 AM - System Checkpoint
RP784: 10/25/2009 7:54:02 AM - System Checkpoint
RP785: 10/26/2009 8:02:58 AM - System Checkpoint
RP786: 10/27/2009 9:02:04 AM - System Checkpoint
RP787: 10/28/2009 9:49:27 AM - System Checkpoint
RP788: 10/29/2009 10:41:15 AM - System Checkpoint
RP789: 10/30/2009 11:30:32 AM - System Checkpoint
RP790: 10/31/2009 11:43:34 AM - System Checkpoint
RP791: 11/2/2009 8:04:41 AM - System Checkpoint
RP792: 11/3/2009 8:47:25 AM - System Checkpoint
RP793: 11/4/2009 4:00:20 AM - Software Distribution Service 3.0
RP794: 11/5/2009 4:45:29 AM - System Checkpoint
RP795: 11/6/2009 5:20:59 AM - System Checkpoint
RP796: 11/7/2009 6:20:59 AM - System Checkpoint
RP797: 11/8/2009 2:10:43 PM - System Restore 110809
RP798: 11/9/2009 3:15:26 PM - System Checkpoint
RP799: 11/10/2009 3:53:08 PM - System Checkpoint
RP800: 11/10/2009 8:53:57 PM - Software Distribution Service 3.0
RP801: 11/11/2009 9:32:35 PM - System Checkpoint
RP802: 11/12/2009 10:32:26 PM - System Checkpoint
RP803: 11/13/2009 11:20:34 PM - System Checkpoint
RP804: 11/15/2009 12:20:35 AM - System Checkpoint
RP805: 11/16/2009 1:20:28 AM - System Checkpoint
RP806: 11/17/2009 2:20:46 AM - System Checkpoint
RP807: 11/18/2009 2:54:55 AM - System Checkpoint
RP808: 11/19/2009 3:42:56 AM - System Checkpoint
RP809: 11/20/2009 4:42:56 AM - System Checkpoint
RP810: 11/21/2009 5:42:56 AM - System Checkpoint
RP811: 11/22/2009 6:42:49 AM - System Checkpoint
RP812: 11/22/2009 4:17:48 PM - Installed BlackBerry Desktop Software 5.0.1.
RP813: 11/22/2009 4:20:02 PM - Removed BlackBerry Desktop Software 4.2
RP814: 11/23/2009 4:42:57 PM - System Checkpoint
RP815: 11/24/2009 8:34:51 PM - Installed Java(TM) 6 Update 17
RP816: 11/25/2009 3:00:42 AM - Software Distribution Service 3.0
RP817: 11/26/2009 3:25:21 AM - System Checkpoint
RP818: 11/27/2009 4:25:27 AM - System Checkpoint
RP819: 11/27/2009 10:37:38 AM - Removed BlackBerry® Media Sync
RP820: 11/27/2009 10:37:45 AM - Installed BlackBerry® Media Sync
RP821: 11/27/2009 10:45:43 AM - Installed Roxio Media Manager
RP822: 11/28/2009 11:30:10 AM - System Checkpoint
RP823: 11/29/2009 11:39:56 AM - System Checkpoint
RP824: 11/30/2009 12:01:44 PM - System Checkpoint
RP825: 12/1/2009 1:01:44 PM - System Checkpoint
RP826: 12/2/2009 2:01:44 PM - System Checkpoint
RP827: 12/3/2009 3:33:57 PM - System Checkpoint
RP828: 12/4/2009 4:01:44 PM - System Checkpoint
RP829: 12/5/2009 5:01:45 PM - System Checkpoint
RP830: 12/6/2009 5:12:05 PM - System Checkpoint
RP831: 12/7/2009 7:09:19 PM - System Checkpoint
RP832: 12/8/2009 8:05:56 PM - System Checkpoint
RP833: 12/9/2009 6:02:04 PM - Software Distribution Service 3.0
RP834: 12/10/2009 3:00:21 AM - Software Distribution Service 3.0
RP835: 12/11/2009 3:21:46 AM - System Checkpoint
RP836: 12/12/2009 3:33:37 AM - System Checkpoint
RP837: 12/13/2009 4:21:38 AM - System Checkpoint
RP838: 12/14/2009 4:45:14 AM - System Checkpoint
RP839: 12/15/2009 5:45:06 AM - System Checkpoint
RP840: 12/16/2009 5:47:07 AM - System Checkpoint
RP841: 12/17/2009 6:47:09 AM - System Checkpoint
RP842: 12/18/2009 7:18:16 AM - System Checkpoint
RP843: 12/19/2009 7:48:14 AM - System Checkpoint
RP844: 12/20/2009 8:16:28 AM - System Checkpoint
RP845: 12/21/2009 8:30:34 AM - System Checkpoint
RP846: 12/22/2009 9:30:27 AM - System Checkpoint
RP847: 12/23/2009 10:30:28 AM - System Checkpoint
RP848: 12/24/2009 11:37:37 AM - System Checkpoint
RP849: 12/25/2009 12:30:29 PM - System Checkpoint
RP850: 12/26/2009 12:44:26 PM - System Checkpoint
RP851: 12/27/2009 1:12:22 PM - System Checkpoint
RP852: 12/28/2009 2:12:22 PM - System Checkpoint
RP853: 12/29/2009 3:26:00 PM - System Checkpoint
RP854: 12/30/2009 4:12:14 PM - System Checkpoint
RP855: 12/31/2009 5:12:15 PM - System Checkpoint
RP856: 1/1/2010 7:25:37 PM - System Checkpoint
RP857: 1/2/2010 8:12:07 PM - System Checkpoint
RP858: 1/3/2010 9:12:07 PM - System Checkpoint
RP859: 1/4/2010 9:13:50 PM - System Checkpoint
RP860: 1/6/2010 7:46:01 AM - System Checkpoint
RP861: 1/7/2010 8:09:49 AM - System Checkpoint
RP862: 1/7/2010 5:19:23 PM - Installed 32 bit Windows Card Reader Driver
RP863: 1/8/2010 5:48:06 PM - System Checkpoint
RP864: 1/15/2010 8:38:09 AM - Software Distribution Service 3.0
RP865: 1/15/2010 8:42:26 AM - Software Distribution Service 3.0

==== Installed Programs ======================

32 bit Windows Card Reader Driver
AAC Decoder
Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 7.0.8
Adobe Shockwave Player
AIM 6
Amazon MP3 Downloader 1.0.3
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
avast! Antivirus
BlackBerry Desktop Software 5.0.1
BlackBerry Device Software v4.5.0 for the BlackBerry 8100 smartphone
BlackBerry® Media Sync
Bonjour
Broadcom Management Programs
CCleaner (remove only)
CCScore
CDisplay 1.8
Critical Update for Windows Media Player 11 (KB959772)
Dell CinePlayer
Dell Support 3.2.1
Dell System Restore
DivX Codec
DivX Converter
DivX Plus DirectShow Filters
DivX Plus Web Player
DivX Version Checker
DVD Decrypter (Remove Only)
DVD Shrink 3.2
ERUNT 1.1j
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Evernote
fflink
Flickr Uploadr 3.0.5
FoxyTunes for Firefox
Google Chrome
Google Desktop
Google Gears
Google Update Helper
H.264 Decoder
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
ImgBurn
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 17
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
Lala Music Mover
Learn2 Player (Uninstall Only)
Linksys EasyLink Advisor
Linksys Updater
LP Recorder
LP Ripper
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MKV Splitter
MobileMe Control Panel
Mozilla Firefox (3.5.7)
Mozilla Sunbird (0.9)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
netbrdg
NVIDIA Drivers
OfotoXMI
OpenOffice.org 3.0
Picasa 3
Pure Networks Platform
Qualxserve Service Agreement
QuickTime
RealPlayer Basic
RocketDock 1.3.5
Roxio DLA
Roxio Media Manager
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SearchAssist
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
SFR
SHASTA
skin0001
SKINXSDK
Sonic Activation Module
Sonic Update Manager
Spybot - Search & Destroy
staticcr
Symantec KB-DocID:2003093015493306
SyncBack
tooltips
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URL Assistant
VC80CRTRedist - 8.0.50727.4053
VideoLAN VLC media player 0.8.6c
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPRINTOL
Wave Corrector DeClick version 1.0
WebEx Support Manager for Internet Explorer
WebFldrs XP
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Presentation Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinZip 11.2
WIRELESS
XML Paper Specification Shared Components Pack 1.0
Xvid 1.1.3 final uninstall

==== Event Viewer Messages From Past Week ========

1/9/2010 9:06:56 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.
1/9/2010 9:06:56 PM, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/9/2010 5:49:35 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Mail Scanner service to connect.
1/9/2010 5:49:35 PM, error: Service Control Manager [7000] - The avast! Mail Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/9/2010 5:44:53 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.
1/9/2010 5:44:05 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
1/9/2010 5:44:05 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
1/9/2010 5:42:25 PM, error: Service Control Manager [7000] - The Lbd service failed to start due to the following error: The system cannot find the file specified.
1/15/2010 9:08:36 AM, error: Service Control Manager [7034] - The Linksys Updater service terminated unexpectedly. It has done this 1 time(s).
1/14/2010 7:25:42 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the service.
1/14/2010 7:24:12 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avast! Mail Scanner service.

==== End Of File ===========================
 
Hi again,


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: 
    :filefind
atapi.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

--------
Then I need you to do one other thing. Have these instructions printed to have access on them while in recovery console.

1. Restart your computer
2. Before Windows loads, you will be prompted to choose which Operating System to start
3. Use the up and down arrow key to select Microsoft Windows Recovery Console
4. You must enter which Windows installation to log onto. Type 1 and press enter.
5. At the C:\Windows prompt, type the following bolded text, and press Enter:

cd system32\drivers

6. At the next prompt, type the following bolded text, and press Enter:

copy /y atapi.sys atapi.sys.bad

You should see message "1 file(s) copied."
8. If that went fine, at the next prompt, type the following bolded text, and press Enter:

exit

Let Windows reboot back to normal mode and then upload c:\windows\system32\drivers\atapi.sys.bad file to http://www.virustotal.com. Post back the results.
 
SystemLook.txt

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 10:01 on 15/01/2010 by Gabe & Jessica (Administrator - Elevation successful)

========== filefind ==========

Searching for "atapi.sys"
C:\i386\atapi.sys --a--- 95360 bytes [10:13 11/07/2007] [03:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\ERDNT\cache\atapi.sys --a--- 95360 bytes [17:21 15/01/2010] [03:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\atapi.sys --a--- 96512 bytes [11:04 19/12/2008] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys --a--- 96512 bytes [05:29 24/09/2008] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\drivers\atapi.sys ------ 95360 bytes [03:59 04/08/2004] [03:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys --a--- 95360 bytes [13:54 25/06/2007] [03:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys --a--- 95360 bytes [13:54 25/06/2007] [03:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51

-=End Of File=-
 
C:\windows

I am at the part where I enter: copy /y atapi.sys atapi.sys.bad

I receive this message when doing so: The parameter is not valid. Try ? for help.
 
virustotal results

Hello

Removing that piece worked like a charm, here are the results:

MD5: cdfe4411a69c224bd1d11b2da92dac51
First received: 2008.03.02 11:23:58 UTC
Date: 2010.01.15 18:10:27 UTC [<1D]
Results: 0/41
Permalink: analisis/0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d-1263579027
 
Hi,

Before we take other steps could you check if search results are still redirected, please?
 
Redirects

Hello,

Yes, they are still being redirected. However, I noticed that fewer links are being redirected. The first few I tried gave me the actual site, but after that the redirects started.

Also, Avast notified me that it found "Win32:Alureon-EU" in "C:WINDOWS\system32\drivers\nvata.sys" after the ComboFix had been run and restarted my system. I selected "no action" when the prompt appeared. Thought you might like to know about that.
 
Ok. Please run SystemLook again with this contents:
Code: 
:filefind
nvata.sys
 
SystemLook.txt

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 08:02 on 16/01/2010 by Gabe & Jessica (Administrator - Elevation successful)

========== filefind ==========

Searching for "nvata.sys"
C:\drivers\storage\R149470\nvata.sys --a--- 105472 bytes [13:50 25/06/2007] [02:25 26/02/2007] EF9941593B2E9B436F64A87DDB570D1A
C:\i386\nvata.sys --a--- 105472 bytes [10:13 11/07/2007] [02:25 26/02/2007] EF9941593B2E9B436F64A87DDB570D1A
C:\WINDOWS\system32\drivers\nvata.sys --a--- 105472 bytes [13:50 25/06/2007] [17:54 15/01/2010] EF9941593B2E9B436F64A87DDB570D1A

-=End Of File=-
 
Hi,

Please start the system in recovery console and run following command there:
Code: 
copy C:\WINDOWS\system32\drivers\nvata.sys C:\WINDOWS\system32\drivers\nvata.sys.bad

Reboot back into normal mode and upload C:\WINDOWS\system32\drivers\nvata.sys.bad file to VirusTotal.
 
You must log in or register to reply here.
Back
Top