Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Task manager does not open


  • Please log in to reply
11 replies to this topic

#1 bonedoggy

bonedoggy

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 29 April 2009 - 07:53 PM

Hi everyone.
My task manager does not open anymore, ive run Spybot, Super anti spyware, and AVG but everything came up fine. I also ran HijackThis and these are the results....

DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 20:45:35.50 on Wed 04/29/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.148 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
svchost.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\PROGRA~1\AVG\AVG8\avgnsx.exe
D:\Program Files\Sandboxie\SbieSvc.exe
D:\WINDOWS\System32\svchost.exe -k imgsvc
D:\PROGRA~1\AVG\AVG8\avgemc.exe
D:\Program Files\AVG\AVG8\avgcsrvx.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Microsoft IntelliPoint\ipoint.exe
D:\WINDOWS\system32\igfxpers.exe
D:\PROGRA~1\AVG\AVG8\avgtray.exe
D:\WINDOWS\system32\dla\tfswctrl.exe
D:\Program Files\Dell\Media Experience\PCMService.exe
d:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Native Instruments\Audio Kontrol 1\Audio Kontrol 1.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
D:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
D:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Documents and Settings\Owner\Desktop\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local;localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - d:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - d:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - d:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - d:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - d:\windows\system32\dla\tfswshx.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - d:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - d:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - d:\progra~1\yahoo!\companion\installs\cpn\yt.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Audio Kontrol 1] d:\program files\native instruments\audio kontrol 1\Audio Kontrol 1.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERANTISPYWARE.EXE
uRun: [SpybotSD TeaTimer] d:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Sonic RecordNow!]
uRun: [Gadwin PrintScreen] d:\program files\gadwin systems\printscreen\PrintScreen.exe /nosplash
uRun: [LogitechSoftwareUpdate] "d:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [Google Update] "d:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [LDM] d:\program files\logitech\desktop messenger\8876480\program\BackWeb-8876480.exe
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
mRun: [IntelliPoint] "d:\program files\microsoft intellipoint\ipoint.exe"
mRun: [igfxtray] d:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] d:\windows\system32\hkcmd.exe
mRun: [igfxpers] d:\windows\system32\igfxpers.exe
mRun: [AVG8_TRAY] d:\progra~1\avg\avg8\avgtray.exe
mRun: [dla] d:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "d:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [PCMService] "d:\program files\dell\media experience\PCMService.exe"
mRun: [TkBellExe] "d:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [LogitechVideoRepair] d:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] d:\program files\logitech\video\LogiTray.exe
mRun: [LogitechGalleryRepair] d:\program files\logitech\video\ISStart.exe
mRun: [AppleSyncNotifier] d:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [RoxWatchTray] "d:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "d:\program files\java\jre6\bin\jusched.exe"
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - d:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - d:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: Add to Google Photos Screensa&ver - d:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - d:\program files\yahoo!\common\yiesrvc.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\progra~1\spybot~1\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - d:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1218726855312
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\owner\applic~1\mozilla\firefox\profiles\3y93ah2q.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - plugin: c:\program files\mozilla firefox\plugins\np_gp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppl3260.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpjplug.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpjplug.dll
FF - plugin: d:\documents and settings\owner\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: d:\program files\google\picasa3\npPicasa2.dll
FF - plugin: d:\program files\google\picasa3\npPicasa3.dll
FF - plugin: d:\program files\opera\program\plugins\np_gp.dll
FF - plugin: d:\windows\system32\c2mp\npdivx32.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys [2008-8-21 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;d:\windows\system32\drivers\avgmfx86.sys [2008-8-21 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;d:\windows\system32\drivers\avgtdix.sys [2008-8-21 108552]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 55024]
R2 avg8emc;AVG Free8 E-mail Scanner;d:\progra~1\avg\avg8\avgemc.exe [2008-8-21 908056]
R2 avg8wd;AVG Free8 WatchDog;d:\progra~1\avg\avg8\avgwdsvc.exe [2008-8-21 298264]
R3 ak1avs;ak1avs;d:\windows\system32\drivers\ak1avs.sys [2008-8-14 25088]
R3 ak1usb;ak1usb;d:\windows\system32\drivers\ak1usb.sys [2008-8-14 84992]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
R3 SbieDrv;SbieDrv;d:\program files\sandboxie\SbieDrv.sys [2008-11-15 102912]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 9968]

=============== Created Last 30 ================

2009-04-29 15:21 <DIR> --d----- d:\documents and settings\owner\Tracing
2009-04-28 22:16 102,664 a------- d:\windows\system32\drivers\tmcomm.sys
2009-04-28 22:16 <DIR> --d----- d:\documents and settings\owner\.housecall6.6
2009-04-28 22:15 73,728 a------- d:\windows\system32\javacpl.cpl
2009-04-28 22:15 410,984 a------- d:\windows\system32\deploytk.dll
2009-04-27 19:24 <DIR> --d----- d:\windows\system32\Adobe
2009-04-27 13:05 372 a------- d:\windows\Shortcut to WINDOWS.lnk
2009-04-27 13:05 372 a------- d:\windows\Shortcut (2) to WINDOWS.lnk
2009-04-26 12:49 <DIR> --d----- d:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-15 19:06 1,203,922 -c------ d:\windows\system32\dllcache\sysmain.sdb
2009-04-15 19:06 2,560 -------- d:\windows\system32\xpsp4res.dll
2009-04-15 19:06 215,552 -c------ d:\windows\system32\dllcache\wordpad.exe
2009-04-15 19:05 284,160 -c------ d:\windows\system32\dllcache\pdh.dll
2009-04-15 19:05 401,408 -c------ d:\windows\system32\dllcache\rpcss.dll
2009-04-15 19:05 110,592 -c------ d:\windows\system32\dllcache\services.exe
2009-04-15 19:05 473,600 -c------ d:\windows\system32\dllcache\fastprox.dll
2009-04-15 19:05 453,120 -c------ d:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 19:05 227,840 -c------ d:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 19:05 729,088 -c------ d:\windows\system32\dllcache\lsasrv.dll
2009-04-15 19:05 617,472 -c------ d:\windows\system32\dllcache\advapi32.dll
2009-04-15 19:05 714,752 -c------ d:\windows\system32\dllcache\ntdll.dll

==================== Find3M ====================

2009-04-25 12:42 325,640 a------- d:\windows\system32\drivers\avgldx86.sys
2009-04-25 12:42 10,520 a------- d:\windows\system32\avgrsstx.dll
2009-04-25 12:42 108,552 a------- d:\windows\system32\drivers\avgtdix.sys
2009-03-19 16:32 23,400 a------- d:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-17 23:48 833,128 a------- d:\windows\BigSeq VST plug-in Uninstaller.exe
2009-03-16 18:41 28,116 a---h--- d:\windows\system32\mlfcache.dat
2009-03-06 10:22 284,160 a------- d:\windows\system32\pdh.dll
2009-03-05 23:59 1,900,544 a------- d:\windows\system32\usbaaplrc.dll
2009-03-05 23:59 36,864 a------- d:\windows\system32\drivers\usbaapl.sys
2009-03-02 20:18 826,368 a------- d:\windows\system32\wininet.dll
2009-02-20 14:09 78,336 -------- d:\windows\system32\ieencode.dll
2009-02-09 08:10 729,088 a------- d:\windows\system32\lsasrv.dll
2009-02-09 08:10 714,752 a------- d:\windows\system32\ntdll.dll
2009-02-09 08:10 617,472 a------- d:\windows\system32\advapi32.dll
2009-02-09 08:10 401,408 a------- d:\windows\system32\rpcss.dll
2009-02-09 07:13 1,846,784 a------- d:\windows\system32\win32k.sys
2009-02-07 19:02 2,066,048 a------- d:\windows\system32\ntkrnlpa.exe
2009-02-06 18:52 49,504 a------- d:\windows\system32\sirenacm.dll
2009-02-06 07:11 110,592 a------- d:\windows\system32\services.exe
2009-02-06 07:08 2,189,056 a------- d:\windows\system32\ntoskrnl.exe
2009-02-06 06:39 35,328 a------- d:\windows\system32\sc.exe
2009-02-03 23:41 25,001 a------- d:\windows\unins000.dat
2009-02-03 23:40 678,746 a------- d:\windows\unins000.exe
2009-02-03 15:59 56,832 a------- d:\windows\system32\secur32.dll
2008-12-09 19:21 161 a------- d:\program files\streamosaur.ini
2008-12-02 14:02 2,352 a------- d:\program files\unins000.dat
2008-12-02 14:02 691,545 a------- d:\program files\unins000.exe
2008-11-03 15:15 61,440 a------- d:\program files\Streamosaur.1.0.0.1.exe
2008-08-14 00:56 14,336 a------- d:\program files\wmdmhelper.dll
2008-08-14 00:56 153,176 a------- d:\program files\RecordingManager.exe
2008-08-14 00:55 7,168 a------- d:\program files\realjbox.exe
2008-08-14 00:55 214,560 a------- d:\program files\realplay.exe
2007-11-12 06:54 15,294,464 a------- d:\program files\Nepheton.dll
2006-07-11 21:15 144 a------- d:\program files\www.reFX.net.url
2005-08-14 12:49 2,238 a------- d:\program files\reFX Icon.ico

============= FINISH: 20:46:52.21 ===============
Thanks in advance for the help.

Attached Files


Edited by bonedoggy, 29 April 2009 - 09:26 PM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:17 PM

Posted 11 May 2009 - 10:40 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. You can find information on A/V control HERE

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 bonedoggy

bonedoggy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 15 May 2009 - 10:13 PM

Thanks, here is the scan results....
DDS (Ver_09-05-14.01) - NTFSx86
Run by Owner at 23:05:37.23 on Fri 05/15/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.258 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
svchost.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\PROGRA~1\AVG\AVG8\avgnsx.exe
D:\Program Files\Sandboxie\SbieSvc.exe
D:\WINDOWS\System32\svchost.exe -k imgsvc
D:\PROGRA~1\AVG\AVG8\avgemc.exe
D:\Program Files\AVG\AVG8\avgcsrvx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Microsoft IntelliPoint\ipoint.exe
D:\WINDOWS\system32\igfxpers.exe
d:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
D:\PROGRA~1\AVG\AVG8\avgtray.exe
D:\WINDOWS\system32\dla\tfswctrl.exe
D:\Program Files\Dell\Media Experience\PCMService.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
D:\Program Files\Native Instruments\Audio Kontrol 1\Audio Kontrol 1.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
D:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WinZip\WZQKPICK.EXE
D:\Program Files\procexp.exe
D:\WINDOWS\system32\igfxsrvc.exe
D:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
D:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
D:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
D:\Documents and Settings\Owner\Desktop\Downloads\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local;localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - d:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - d:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - d:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - d:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - d:\windows\system32\dla\tfswshx.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - d:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - d:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - d:\progra~1\yahoo!\companion\installs\cpn\yt.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Audio Kontrol 1] d:\program files\native instruments\audio kontrol 1\Audio Kontrol 1.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERANTISPYWARE.EXE
uRun: [SpybotSD TeaTimer] d:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Sonic RecordNow!]
uRun: [Gadwin PrintScreen] d:\program files\gadwin systems\printscreen\PrintScreen.exe /nosplash
uRun: [LogitechSoftwareUpdate] "d:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [Google Update] "d:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [LDM] d:\program files\logitech\desktop messenger\8876480\program\BackWeb-8876480.exe
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
mRun: [IntelliPoint] "d:\program files\microsoft intellipoint\ipoint.exe"
mRun: [igfxtray] d:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] d:\windows\system32\hkcmd.exe
mRun: [igfxpers] d:\windows\system32\igfxpers.exe
mRun: [AVG8_TRAY] d:\progra~1\avg\avg8\avgtray.exe
mRun: [dla] d:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "d:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [PCMService] "d:\program files\dell\media experience\PCMService.exe"
mRun: [TkBellExe] "d:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [LogitechVideoRepair] d:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] d:\program files\logitech\video\LogiTray.exe
mRun: [LogitechGalleryRepair] d:\program files\logitech\video\ISStart.exe
mRun: [AppleSyncNotifier] d:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "d:\program files\java\jre6\bin\jusched.exe"
mRun: [BlackBerryAutoUpdate] d:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "d:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - d:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - d:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: Add to Google Photos Screensa&ver - d:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - d:\program files\yahoo!\common\yiesrvc.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\progra~1\spybot~1\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - d:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1218726855312
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\owner\applic~1\mozilla\firefox\profiles\3y93ah2q.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - plugin: c:\program files\mozilla firefox\plugins\np_gp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppl3260.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpjplug.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpjplug.dll
FF - plugin: d:\documents and settings\owner\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: d:\program files\google\picasa3\npPicasa2.dll
FF - plugin: d:\program files\google\picasa3\npPicasa3.dll
FF - plugin: d:\program files\opera\program\plugins\np_gp.dll
FF - plugin: d:\windows\system32\c2mp\npdivx32.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys [2008-8-21 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;d:\windows\system32\drivers\avgmfx86.sys [2008-8-21 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;d:\windows\system32\drivers\avgtdix.sys [2008-8-21 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 55024]
R2 avg8emc;AVG Free8 E-mail Scanner;d:\progra~1\avg\avg8\avgemc.exe [2008-8-21 908568]
R2 avg8wd;AVG Free8 WatchDog;d:\progra~1\avg\avg8\avgwdsvc.exe [2008-8-21 298776]
R3 ak1avs;ak1avs;d:\windows\system32\drivers\ak1avs.sys [2008-8-14 25088]
R3 ak1usb;ak1usb;d:\windows\system32\drivers\ak1usb.sys [2008-8-14 84992]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
R3 SbieDrv;SbieDrv;d:\program files\sandboxie\SbieDrv.sys [2008-11-15 102912]

=============== Created Last 30 ================

2009-05-15 12:28 <DIR> --d----- d:\program files\Roxio
2009-05-15 10:32 <DIR> --dsh--- d:\windows\ftpcache
2009-05-05 15:09 <DIR> --d----- d:\docume~1\owner\applic~1\Malwarebytes
2009-05-05 15:09 15,504 a------- d:\windows\system32\drivers\mbam.sys
2009-05-05 15:09 38,496 a------- d:\windows\system32\drivers\mbamswissarmy.sys
2009-05-05 15:09 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-05 15:09 <DIR> --d----- d:\program files\Malwarebytes' Anti-Malware
2009-04-30 13:00 256 a------- d:\windows\system32\pool.bin
2009-04-29 18:48 3,550,592 a------- d:\program files\procexp.exe
2009-04-29 15:21 <DIR> --d----- d:\documents and settings\owner\Tracing
2009-04-28 22:16 102,664 a------- d:\windows\system32\drivers\tmcomm.sys
2009-04-28 22:16 <DIR> --d----- d:\documents and settings\owner\.housecall6.6
2009-04-28 22:15 73,728 a------- d:\windows\system32\javacpl.cpl
2009-04-28 22:15 410,984 a------- d:\windows\system32\deploytk.dll
2009-04-27 19:24 <DIR> --d----- d:\windows\system32\Adobe
2009-04-27 13:05 372 a------- d:\windows\Shortcut to WINDOWS.lnk
2009-04-27 13:05 372 a------- d:\windows\Shortcut (2) to WINDOWS.lnk
2009-04-26 12:49 <DIR> --d----- d:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

==================== Find3M ====================

2009-05-02 12:14 11,952 a------- d:\windows\system32\avgrsstx.dll
2009-05-02 12:14 325,896 a------- d:\windows\system32\drivers\avgldx86.sys
2009-05-02 12:14 108,552 a------- d:\windows\system32\drivers\avgtdix.sys
2009-03-19 16:32 23,400 a------- d:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-17 23:48 833,128 a------- d:\windows\BigSeq VST plug-in Uninstaller.exe
2009-03-16 18:41 28,116 a---h--- d:\windows\system32\mlfcache.dat
2009-03-06 10:22 284,160 a------- d:\windows\system32\pdh.dll
2009-03-05 23:59 1,900,544 a------- d:\windows\system32\usbaaplrc.dll
2009-03-02 20:18 826,368 a------- d:\windows\system32\wininet.dll
2009-02-20 14:09 78,336 -------- d:\windows\system32\ieencode.dll
2008-12-09 19:21 161 a------- d:\program files\streamosaur.ini
2008-12-02 14:02 2,352 a------- d:\program files\unins000.dat
2008-12-02 14:02 691,545 a------- d:\program files\unins000.exe
2008-11-03 15:15 61,440 a------- d:\program files\Streamosaur.1.0.0.1.exe
2008-08-14 00:56 14,336 a------- d:\program files\wmdmhelper.dll
2008-08-14 00:56 153,176 a------- d:\program files\RecordingManager.exe
2008-08-14 00:55 7,168 a------- d:\program files\realjbox.exe
2008-08-14 00:55 214,560 a------- d:\program files\realplay.exe
2007-11-12 06:54 15,294,464 a------- d:\program files\Nepheton.dll
2006-07-11 21:15 144 a------- d:\program files\www.reFX.net.url
2005-08-14 12:49 2,238 a------- d:\program files\reFX Icon.ico

============= FINISH: 23:06:27.09 ===============

Inserted Attach.txt in-line ~ Maurice
Attach.txt:

DDS (Ver_09-05-14.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/14/2008 8:13:24 PM
System Uptime: 5/15/2009 1:30:07 PM (10 hours ago)

Motherboard: Dell Computer Corp. | | 0TC667
Processor: Intel® Celeron® CPU 2.66GHz | Microprocessor | 2660/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 2.081 GiB free.
D: is FIXED (NTFS) - 75 GiB total, 0.626 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&1C660DD6&0&08F0
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&1C660DD6&0&08F0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_019D1028&REV_02\3&172E68DD&0&FD
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_019D1028&REV_02\3&172E68DD&0&FD
Service:

==== System Restore Points ===================

RP302: 5/15/2009 5:21:32 PM - System Checkpoint

==== Installed Programs ======================

7-Zip 4.60 beta
ABL 2.1.2
ACDSee Pro 2
Acrobat.com
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Audition 3.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Help Viewer CS3
Adobe PDF Library Files
Adobe Photoshop CS
Adobe Reader 9.1
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Apple Mobile Device Support
Apple Software Update
Atomic RAR Password Recovery 1.20
Audio.Damage.Ronin.v1.0.VST-DAC
AudioRealism Bass Line 2 (remove only)
AVG 8.5
BigSeq VST plug-in
BitTorrent
BlackBerry Desktop Software 4.7
Bonjour
Choice Guard
Critical Update for Windows Media Player 11 (KB959772)
Dell Media Experience
Dell ResourceCD
Discord 2 VST plug-in
Free FTP
FreeStar Free Video MP3 Converter 1.0.1
Gadwin PrintScreen
GIMP 2.4.6
Google Chrome
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Inkscape 0.46
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
iTunes
iZotope Ozone 3
iZotope Ozone 4
iZotope Trash
Java™ 6 Update 13
Jing
KORG Legacy Collection v1.1.3
Lexicon PSP42 1.5.0
Logitech Desktop Messenger
Logitech Print Service
Logitech QuickCam
Malwarebytes' Anti-Malware
Media Library Management Wizard
Media Player Codec Pack 1.1.0
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft PowerPoint Viewer 97
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
Mozilla Firefox (3.0.10)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Native Instruments - Audio Kontrol 1 Driver
Native Instruments Audio Kontrol 1
Native Instruments Battery 3
Native Instruments Vokator
NI Service Center
Ohm Force - Ohmicide VST
Ohm Force - Quad Frohmage VST2
Ohmforce Ohmboyz PRO VST v1.42
OhmForce Ohmboyz VST2
Opera 9.64
Personal License Update Wizard for Windows Media Player
Philips Intelligent Agent
Picasa 3
PicoZip Recovery Tool 1.02
Plus! MP3 Audio Converter LE
PowerISO
PSP 608 MultiDelay 1.1.2
PSP 84 1.5.2
PSP Nitro 1.1.0
QuickTime
RealPlayer
REAPER
reFX Vanguard 1.7.2
reFX Vanguard Demo
reFX Vanguard VSTi RTAS v1.8.0
Replicant VST plug-in
Roxio Media Manager
Safari
Sandboxie 3.32
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Segoe UI
Skype™ 3.8
Sonalksis Plug-Ins for Windows 3.00
Sonic Charge µTonic VST
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Spybot - Search & Destroy
T-RackS 3 Deluxe
Tweak UI
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Voxengo Elephant VST 2.6
WebCam for MSN Messenger
WebFldrs XP
Windows Communication Foundation
Windows Essentials Media Codec Pack 1.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Bonus Pack for Windows XP
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Service Pack 3
WinZip
WOW
XML Paper Specification Shared Components Pack 1.0
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

5/15/2009 1:31:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.

==== End Of File ===========================

Edited by Maurice Naggar, 16 May 2009 - 07:20 AM.


#4 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:17 PM

Posted 16 May 2009 - 07:33 AM

Hello bonedoggy and welcome to BC forums.

Your logs showed some peer-to-peer filesharing apps, BitTorrent. While we attempt to remove malware, please un-install it !
I do not recommend their use since such filesharing/downloading from unknown sources is one of the leading causes of transmission of malware.
"File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

Good & bad P2P Programs
http://www.malwareremoval.com/p2pindex.php

After un-install, logoff and restart the system.

Please advise what else is not right besides not being able to get to Task Manager. Some more details would help.

Keep Spybot's Tea Timer off while we try to resolve your issues; otherwise, it blocks updates to the registry.
Right click the Spybot Icon in the system tray (notification area).
  • If you have the new version 1.5, click once on Resident Protection and make sure it is Unchecked.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident

    If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
    Exit Spybot S&D when done and reboot the system so the changes are in effect.
=

Set Windows to show all files and all folders.
On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.
Next, un-check Hide extensions for known file types.
Next un-check Hide protected operating system files.

Next, Take out the trash (temporary files & temporary internet files)
Please download ATF Cleaner by Atribune, saving it to your desktop. It is used to cleanout temporary files & temp areas used by internet browsers.
Start ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:
Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
ATF-Cleaner should be run per the above in every user-login account {User Profile}

=
Download to your Desktop FixPolicies.exe, by Bill Castner, MS-MVP, a self-extracting ZIP archive from
>>> here <<<
  • Double-click FixPolicies.exe.
  • Click the "Install" button on the bottom toolbar of the box that will open.
  • The program will create a new Folder called FixPolicies.
  • Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
  • A black box will briefly appear and then close.
  • This fix may prove temporary. Active malware may revert these changes at your next startup. You can safely run the utility again.
This system already has MBAM. Let's have you get it updated, run a new scan, and post that log.

Start your MBAM.
Click the Settings Tab. Make sure all option lines have a checkmark.
Click the Update tab. Press the "Check for Updates" button.
At this time, the current definitions are # 2139 or later. The latest program version is 1.36 (released April 6)

When done, click the Scanner tab.
Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Confirm for me you have removed BitTorrent and
put a inline copy of the new MBAM log
and describe your current major issues.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#5 bonedoggy

bonedoggy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 18 May 2009 - 05:11 PM

Did everything you said, Task Manager still not working, here is the report...

Malwarebytes' Anti-Malware 1.36
Database version: 2147
Windows 5.1.2600 Service Pack 3

5/18/2009 6:07:19 PM
mbam-log-2009-05-18 (18-07-19).txt

Scan type: Quick Scan
Objects scanned: 96583
Time elapsed: 9 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:17 PM

Posted 19 May 2009 - 06:06 PM

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

If you have a prior copy of Combofix, delete it now !

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image


* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop
If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on Combo-Fix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

IF you should see a message like this:
Posted Image
then, be sure to write down fully and also copy that into your next reply here and then await for my response.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
-------------------------------------------------------

A caution - Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.
If this occurs, please reboot to restore the desktop.
Even when ComboFix appears to be doing nothing, look at your Drive light.
If it is flashing, Combofix is still at work.
=

RE-Enable your AntiVirus and AntiSpyware applications.
Reply with a copy of C:\Combofix.txt
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#7 bonedoggy

bonedoggy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 20 May 2009 - 04:12 PM

Fixed! Combo-Fix did the job (or installing the Microsoft Windows Recovery Console), thanks everyone :thumbup2:

#8 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:17 PM

Posted 20 May 2009 - 08:22 PM

That's good news; but I still need a copy of C:\Combofix.txt in your next reply, so it can be reviewed.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#9 bonedoggy

bonedoggy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 21 May 2009 - 09:47 PM

That's good news; but I still need a copy of C:\Combofix.txt in your next reply, so it can be reviewed.

Combofix.txt did not show up on my desktop after i ran the program.

#10 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:17 PM

Posted 22 May 2009 - 10:23 AM

From the Start menu, RUN option, start Notepad.
File > Open
then open C:\Combofix.txt

The file is in the root of the C drive {as noted above). Open the file, copy all contents, and paste into a reply here.

Next, Please download and run the Trend Micro Sysclean Package on your computer.
NOTE! This scan will probably take a long time to run on your computer so be patient and don't use it while it's scanning.
  • Create a brand new folder to copy these files to.
  • As an example: C:\DCE
  • Then open each of the zipped archive files and copy their contents to C:\DCE
  • Copy the file sysclean.com to the new folder C:\DCE as well.
  • Double-click on the file sysclean.com that is in the C:\DCE folder and follow the on-screen instructions.

    After doing all of this, please post back your results, including the log file sysclean.log that will be left behind by sysclean.
How To Use Compressed (Zipped) Folders in Windows XP
Compress and uncompress files (zip files) in Vista

I'll need a copy of C:\Combofix.txt
and sysclean.log
and tell me, How is your system now?

We need to see what those reports show, and if there's more that needs follow-up. And afterwards, we need to remove the tools I had you use.

Edited by Maurice Naggar, 22 May 2009 - 10:27 AM.

~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#11 bonedoggy

bonedoggy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 23 May 2009 - 06:44 PM

That's good news; but I still need a copy of C:\Combofix.txt in your next reply, so it can be reviewed.

Combofix.txt did not show up on my desktop after i ran the program.

Still cant find combofix.txt, did a search and nothing came up.

#12 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:17 PM

Posted 23 May 2009 - 07:10 PM

Proceed forward to get and run the TrendMicro Sysclean.
We need to run it and see what it finds. Reply back with the Sysclean log
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users