Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

the infamous search bar redirect


  • This topic is locked This topic is locked
5 replies to this topic

#1 squashkin10

squashkin10

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 07 June 2010 - 06:06 PM

I've tried malwarebytes, mcafee, spybot S&D, spyware doctor, and many other scans but none of these pick up what is causing my searches to be redirected.
Please help ASAP


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:22:09 PM, on 6/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\sony\usbsircs\usbsircs.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\hijackthis-trend-micro\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://musicstore.connect.com/assets/11ENotification.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 127.0.1.11 nmcsd-medweb
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo RX595 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICLA.EXE /FU "C:\WINDOWS\TEMP\E_S1C8.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
O4 - Global Startup: Remocon Driver.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/ht...ALStreaming.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SeaPort - Unknown owner - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (file missing)
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11973 bytes


BC AdBot (Login to Remove)

 


#2 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:02:23 AM

Posted 07 June 2010 - 06:13 PM

Greetings squashkin10 and Welcome to the Forums,
Please read through This Thread, do what it recommends, and post THOSE logs. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#3 squashkin10

squashkin10
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 08 June 2010 - 09:04 PM

the computer keeps freezing up and restarting on its own so I will have to try to run the gmer in safe mode I hope that is okay


DDS (Ver_10-03-17.01) - NTFSx86
Run by JohnShammas123456789 at 23:18:49.48 on Mon 06/07/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.105 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\sony\usbsircs\usbsircs.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Documents and Settings\JohnShammas123456789.533034B8A6DF4D9\Local Settings\Temporary Internet Files\Content.IE5\WN0MIMAS\dds[1].scr
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uSearch Page =
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Connection Wizard,ShellNext = hxxp://musicstore.connect.com/assets/11ENotification.html
uSearchAssistant =
mSearchAssistant =
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: {FE54FA40-D68C-11D2-98FA-00C0F0318AFE} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SsAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe
uRun: [EPSON Stylus Photo RX595 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticla.exe /fu "c:\windows\temp\E_S1C8.tmp" /EF "HKCU"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [CreateCD_Reminder] c:\windows\sonysys\vaio recovery\reminder.exe
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
StartupFolder: c:\docume~1\johnsh~1.533\startm~1\programs\startup\virtua~1.lnk - c:\windows\system32\virtualexpander\VirtualExpander.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\remoco~1.lnk - c:\program files\sony\usbsircs\usbsircs.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} - hxxp://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} - hxxp://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 127.0.1.11 nmcsd-medweb

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-6-7 207792]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2010-6-5 186128]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-6-7 112592]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2010-6-7 67584]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-6-7 359624]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-6-7 1141712]
R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\common files\sony shared\vaio entertainment\vzcdb\VzFw.exe [2004-10-29 118877]
S3 BEFCMV3XP;Linksys BEFCMU10 EtherFast Cable Modem;c:\windows\system32\drivers\BEFCM3XP.sys [2004-11-27 14336]
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\common files\sony shared\vaio entertainment\vcsw\vcsw.exe -runbyscm --> c:\program files\common files\sony shared\vaio entertainment\vcsw\VCSW.exe -RunBySCM [?]

=============== Created Last 30 ================

2010-06-08 02:13:33 0 ----a-w- c:\documents and settings\johnshammas123456789.533034b8a6df4d9\defogger_reenable
2010-06-08 00:45:59 0 d-----w- c:\program files\Cobian Backup 8
2010-06-08 00:37:40 0 d-----w- c:\program files\Cobian Backup 10
2010-06-07 22:16:55 0 d-----w- c:\program files\hijackthis-trend-micro
2010-06-07 18:59:55 0 d-----w- c:\program files\Trend Micro
2010-06-07 13:21:02 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-06-07 13:21:02 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-06-07 13:20:55 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-06-07 13:20:55 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-06-07 13:20:55 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-06-07 13:20:55 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-06-07 13:20:41 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-06-07 13:20:41 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-06-07 13:19:39 0 d-----w- c:\docume~1\johnsh~1.533\applic~1\PC Tools
2010-06-07 13:19:39 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-06-07 13:01:23 145521 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-06-07 12:56:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Comodo Downloader
2010-06-07 05:50:41 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2010-06-06 23:06:30 0 d-----w- c:\program files\common files\Mcafee
2010-06-06 17:00:40 0 d-----w- c:\docume~1\alluse~1\applic~1\{AB6CE1F0-3238-4D64-BD20-24AED0B2196F}
2010-06-06 13:34:08 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-06-06 13:34:08 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-06-05 21:23:01 1608 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-06-05 20:40:51 61440 ---ha-w- C:\SZKGFS.dat
2010-06-05 20:37:03 0 d-----w- c:\docume~1\alluse~1\applic~1\SITEguard
2010-06-05 20:35:34 0 d-----w- c:\program files\common files\iS3
2010-06-05 20:35:33 0 d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2010-06-05 20:06:40 61952 ----a-w- c:\windows\system32\PxSecure.dll-1397531
2010-06-05 13:35:57 554784 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-06-05 13:35:57 51716 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-06-05 13:35:57 22749472 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-06-05 13:35:57 154508 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-06-05 13:35:13 1374 ----a-w- C:\rollback.ini
2010-06-05 13:27:15 0 d-----w- c:\program files\common files\ParetoLogic
2010-06-05 13:27:15 0 d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic
2010-06-05 05:46:58 0 d-----w- c:\program files\common files\PC Tools
2010-06-05 05:46:57 0 d-----w- c:\program files\Spyware Doctor
2010-06-05 04:35:59 0 d-----w- c:\windows\system32\wbem\Repository
2010-06-05 04:32:38 0 d-----w- c:\program files\AVG
2010-06-05 04:18:48 0 d-----w- c:\windows\system32\QuickTime
2010-06-05 03:23:50 0 d--h--w- c:\windows\PIF
2010-06-05 03:22:15 0 d-----w- c:\program files\common files\xing shared
2010-06-03 03:19:29 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-31 14:58:10 0 d-----w- c:\docume~1\alluse~1\applic~1\A1D4
2010-05-26 22:36:56 0 d-----w- c:\program files\iMesh Applications
2010-05-26 22:16:18 0 d-----w- c:\docume~1\johnsh~1.533\applic~1\FrostWire
2010-05-26 22:15:41 0 d-----w- c:\program files\FrostWire

==================== Find3M ====================

2010-04-18 16:33:18 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-04-12 21:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2005-05-12 16:38:27 167936 -c----w- c:\program files\GoHomePortal.exe
2005-05-12 16:37:53 294912 -c----w- c:\program files\Uninstaller.exe
2005-05-12 16:37:39 180224 -c----w- c:\program files\WCAG.exe
2005-05-12 16:37:33 167936 -c----w- c:\program files\WirelessConsoleApp.exe
2005-05-12 16:37:28 622592 -c----w- c:\program files\WebWorks.exe
2005-05-12 16:36:25 135168 -c----w- c:\program files\WebSec.dll
2005-05-12 16:36:16 364544 -c----w- c:\program files\RGWProv.dll
2005-05-12 16:34:58 266240 -c----w- c:\program files\NetAPI.dll
2005-05-12 16:34:05 139264 -c----w- c:\program files\Endec.dll
2005-05-12 16:26:20 368726 -c----w- c:\program files\PRISMAPI.dll
2005-05-12 16:26:20 208993 -c----w- c:\program files\CardPres.exe
2005-05-12 16:25:51 81920 -c----w- c:\program files\xmltok.dll
2005-05-12 16:25:51 53248 -c----w- c:\program files\zlib.dll
2005-05-12 16:25:51 53248 -c----w- c:\program files\xmlparse.dll
2005-05-12 16:25:50 872448 -c----w- c:\program files\libeay32.dll
2005-05-12 16:25:50 395264 -c----w- c:\program files\shlwapi.dll
2005-05-12 16:25:50 159744 -c----w- c:\program files\ssleay32.dll
2009-04-14 22:09:46 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009041420090415\index.dat

============= FINISH: 23:21:19.17 ===============




Here is the rest


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 11/27/2004 1:39:40 AM
System Uptime: 6/7/2010 11:32:19 AM (12 hours ago)

Motherboard: ASUSTeK Computer INC. | | PTGD2-VX
Processor: Intel® Pentium® 4 CPU 3.00GHz | CPU 1 | 2992/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 180 GiB total, 155.495 GiB free.
D: is Removable
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMSONY_DVD_RW_DW-D22A_____________________BFS1____\5&34B6C6BD&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: SONY DVD RW DW-D22A
PNP Device ID: IDE\CDROMSONY_DVD_RW_DW-D22A_____________________BFS1____\5&34B6C6BD&0&0.0.0
Service: cdrom

==== System Restore Points ===================

RP1244: 3/10/2010 8:06:17 AM - Software Distribution Service 3.0
RP1245: 3/11/2010 4:39:05 PM - System Checkpoint
RP1246: 3/12/2010 7:30:35 PM - System Checkpoint
RP1247: 3/13/2010 7:47:14 PM - System Checkpoint
RP1248: 3/15/2010 3:24:06 AM - System Checkpoint
RP1249: 3/16/2010 10:56:37 PM - System Checkpoint
RP1250: 3/17/2010 10:58:46 PM - System Checkpoint
RP1251: 3/19/2010 2:06:32 AM - System Checkpoint
RP1252: 3/20/2010 1:01:27 PM - System Checkpoint
RP1253: 3/21/2010 3:38:04 PM - System Checkpoint
RP1254: 3/22/2010 5:21:24 PM - System Checkpoint
RP1255: 3/23/2010 7:13:45 PM - System Checkpoint
RP1256: 3/24/2010 9:20:56 PM - System Checkpoint
RP1257: 3/25/2010 10:29:10 PM - System Checkpoint
RP1258: 3/26/2010 10:49:43 PM - System Checkpoint
RP1259: 3/28/2010 9:55:51 AM - System Checkpoint
RP1260: 3/29/2010 7:25:32 PM - System Checkpoint
RP1261: 3/31/2010 12:17:37 AM - System Checkpoint
RP1262: 3/31/2010 8:20:47 AM - Software Distribution Service 3.0
RP1263: 4/1/2010 3:28:30 PM - System Checkpoint
RP1264: 4/2/2010 5:36:23 PM - System Checkpoint
RP1265: 4/3/2010 8:57:33 PM - System Checkpoint
RP1266: 4/4/2010 10:50:14 PM - System Checkpoint
RP1267: 4/6/2010 12:57:59 AM - System Checkpoint
RP1268: 4/7/2010 2:07:09 AM - System Checkpoint
RP1269: 4/8/2010 4:35:11 AM - System Checkpoint
RP1270: 4/9/2010 8:50:28 AM - System Checkpoint
RP1271: 4/10/2010 11:01:55 AM - System Checkpoint
RP1272: 4/10/2010 3:06:50 PM - Restore Operation
RP1273: 4/11/2010 2:46:25 PM - Restore Operation
RP1274: 4/11/2010 4:20:22 PM - Restore Operation
RP1275: 4/11/2010 4:49:01 PM - Installed Java™ 6 Update 19
RP1276: 4/11/2010 5:44:57 PM - Software Distribution Service 3.0
RP1277: 4/12/2010 7:58:02 PM - System Checkpoint
RP1278: 4/14/2010 7:56:02 AM - Software Distribution Service 3.0
RP1279: 4/15/2010 8:44:27 AM - Software Distribution Service 3.0
RP1280: 4/16/2010 10:16:39 PM - System Checkpoint
RP1281: 4/17/2010 8:57:31 PM - Installed Java™ 6 Update 20
RP1282: 4/19/2010 8:00:51 PM - System Checkpoint
RP1283: 4/20/2010 8:35:09 PM - System Checkpoint
RP1284: 4/21/2010 8:46:17 PM - System Checkpoint
RP1285: 4/22/2010 9:19:54 PM - System Checkpoint
RP1286: 4/23/2010 9:55:50 PM - System Checkpoint
RP1287: 4/24/2010 10:53:43 PM - System Checkpoint
RP1288: 4/26/2010 12:17:33 AM - System Checkpoint
RP1289: 4/27/2010 12:20:40 AM - System Checkpoint
RP1290: 4/28/2010 12:43:55 AM - System Checkpoint
RP1291: 4/29/2010 8:33:29 AM - System Checkpoint
RP1292: 4/30/2010 4:41:14 PM - System Checkpoint
RP1293: 5/1/2010 2:46:59 AM - Restore Operation
RP1294: 5/1/2010 3:21:00 AM - Installed AVG 9.0
RP1295: 5/1/2010 3:43:39 AM - Avg Update
RP1296: 5/1/2010 10:54:29 AM - Removed AVG Free 9.0
RP1297: 5/1/2010 11:00:39 AM - Installed AVG 9.0
RP1298: 5/1/2010 11:05:39 AM - Restore Operation
RP1299: 5/2/2010 11:36:29 AM - System Checkpoint
RP1300: 5/3/2010 12:29:35 PM - System Checkpoint
RP1301: 5/4/2010 2:57:18 PM - System Checkpoint
RP1302: 5/5/2010 6:39:51 PM - System Checkpoint
RP1303: 5/6/2010 6:53:12 PM - System Checkpoint
RP1304: 5/8/2010 10:22:27 AM - System Checkpoint
RP1305: 5/9/2010 1:58:27 PM - System Checkpoint
RP1306: 5/10/2010 6:05:24 PM - System Checkpoint
RP1307: 5/11/2010 7:17:07 PM - System Checkpoint
RP1308: 5/12/2010 5:20:07 PM - Software Distribution Service 3.0
RP1309: 5/13/2010 5:49:24 PM - System Checkpoint
RP1310: 5/14/2010 9:59:57 PM - System Checkpoint
RP1311: 5/15/2010 10:22:02 PM - System Checkpoint
RP1312: 5/16/2010 10:34:33 PM - System Checkpoint
RP1313: 5/18/2010 10:31:26 AM - System Checkpoint
RP1314: 5/19/2010 12:15:06 PM - System Checkpoint
RP1315: 5/20/2010 2:30:44 PM - System Checkpoint
RP1316: 5/21/2010 6:12:36 PM - System Checkpoint
RP1317: 5/22/2010 6:40:07 PM - System Checkpoint
RP1318: 5/23/2010 7:50:23 PM - System Checkpoint
RP1319: 5/24/2010 9:17:25 PM - System Checkpoint
RP1320: 5/25/2010 11:31:07 PM - System Checkpoint
RP1321: 5/25/2010 11:55:31 PM - Software Distribution Service 3.0
RP1322: 5/27/2010 4:01:25 PM - System Checkpoint
RP1323: 5/28/2010 4:55:42 PM - System Checkpoint
RP1324: 5/29/2010 6:09:37 PM - System Checkpoint
RP1325: 5/30/2010 9:12:19 PM - System Checkpoint
RP1326: 5/30/2010 10:34:24 PM - Installed Windows Media Player 11
RP1327: 5/30/2010 10:37:16 PM - Installed Windows XP MSCompPackV1.
RP1328: 5/31/2010 11:44:15 PM - System Checkpoint
RP1329: 6/2/2010 1:31:20 AM - System Checkpoint
RP1330: 6/2/2010 11:19:17 PM - Installed iTunes
RP1331: 6/3/2010 11:20:50 PM - System Checkpoint
RP1332: 6/4/2010 12:18:20 AM - Removed iTunes
RP1333: 6/4/2010 12:31:31 AM - Removed QuickTime
RP1334: 6/4/2010 12:33:39 AM - Removed Apple Application Support
RP1335: 6/4/2010 12:34:17 AM - Removed Apple Mobile Device Support
RP1336: 6/4/2010 12:35:02 AM - Removed Apple Software Update
RP1337: 6/4/2010 12:35:39 AM - Removed Bonjour
RP1338: 6/4/2010 10:18:20 PM - Restore Operation
RP1339: 6/5/2010 12:08:11 AM - Restore Operation
RP1340: 6/5/2010 9:27:09 AM - Installed ParetoLogic Anti-Virus PLUS.
RP1341: 6/5/2010 10:06:55 AM - Removed ParetoLogic Anti-Virus PLUS.
RP1342: 6/5/2010 4:35:22 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP1343: 6/5/2010 5:34:18 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP1344: 6/5/2010 8:09:55 PM - Restore Operation
RP1345: 6/6/2010 1:03:27 PM - Restore Operation
RP1346: 6/6/2010 2:34:56 PM - Removed MSN Toolbar
RP1347: 6/6/2010 2:35:31 PM - Removed Microsoft Search Enhancement Pack
RP1348: 6/6/2010 2:35:46 PM - Removed Microsoft Default Manager
RP1349: 6/7/2010 8:58:15 AM - Installed COMODO Internet Security
RP1350: 6/7/2010 9:07:23 AM - Removed COMODO Internet Security
RP1351: 6/7/2010 10:52:12 AM - Spyware Doctor: Cleaning Threats
RP1352: 6/7/2010 1:44:03 PM - Spyware Doctor: Cleaning Threats
RP1353: 6/7/2010 6:16:51 PM - Installed HiJackThis

==== Installed Programs ======================


2Wire Wireless Client
Adobe Acrobat 5.0
Adobe Acrobat Reader 3.01
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.3
Adobe Shockwave Player 11
ArcSoft PhotoImpression 6
ArcSoft Print Creations
AT&T Yahoo! High Speed Internet Home Networking Installer
Browser Defender 2.0.6.15
Canon i850
CDRWIN
Click to DVD 2.0 Menu Data
Click to DVD 2.1.10
CLIE MS SCSI Driver
ClueFinders® 3rd Grade Adventures
Cobian Backup 10
CONNECT
Critical Update for Windows Media Player 11 (KB959772)
DVgate Plus
EPSON Print CD
EPSON Printer Software
EPSON RX595 User's Guide
EPSON Scan
EPSON Stylus Photo RX595 Series Scanner Driver Update
Giga Pocket 5.5
Giga Pocket Demo Movie
Giga Pocket Hardware Library 5.5
Google Updater
HDAUDIO SoftV92 Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB835221
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Intel® Graphics Media Accelerator Driver
Intel® Network Connections Drivers
InterActual Player
InterVideo WinDVD 5 for VAIO
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_05
Java Auto Updater
Java™ 6 Update 20
Kid Pix
Linksys BEFCMU10 EtherFast Cable Modem
Logitech Desktop Messenger
Macromedia Shockwave Player
Math Blaster Ages 9-12 Demo
Matrox Imaging Products
MediaLife
Memory Stick Formatter
Merriam-Webster 3.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft IntelliPoint 5.4
Microsoft IntelliType Pro 5.4
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MoodLogic
MS Export
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
MUSICMATCH® Jukebox
Netscape (7.02)
Network Magic
OpenMG AAC Add-on Module 1.0.00
OpenMG Limited Patch 4.5-06-05-12-01
OpenMG Secure Module 4.5.01
Palm Desktop
PictureGear Studio 2.0
Pure Networks Platform
Quicken 2005
QuickTime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
Replicant 2
Rhapsody
Rhapsody Player Engine
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Sonic RecordNow!
SonicStage 4.0
Sony Certificate PCH
Sony Video Shared Library
SpongeBob SquarePants - Battle for Bikini Bottom DEMO
Spyware Doctor 7.0
TP Preview Exclusive Broadside Blast
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VAIO Entertainment Platform
VAIO Help and Support
VAIO Media 3.1
VAIO Media Integrated Server 3.1
VAIO Media Redistribution 3.1
VAIO Registration
VAIO Remote Commander Utility 6.2
VAIO SLIT-C Screen Saver
VAIO SLIT Pattern Wallpaper
VAIO Survey Standalone
VAIO System Information
VAIO Update 2
VCDEasy
Viewpoint Media Player
WebFldrs XP
Welcome to VAIO life
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
Yahoo! Photos Print-at-Home Tool
Yahoo! Software Update

==== Event Viewer Messages From Past Week ========

6/7/2010 1:01:09 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
6/6/2010 9:18:53 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
6/6/2010 3:39:07 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
6/6/2010 3:39:07 PM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/6/2010 2:43:43 PM, error: Service Control Manager [7000] - The SeaPort service failed to start due to the following error: The system cannot find the path specified.
6/5/2010 8:58:20 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
6/5/2010 8:55:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McShield with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
6/5/2010 8:51:10 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
6/5/2010 4:03:24 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: DMICall Fips Imapi intelppm KLIF
6/5/2010 3:59:14 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
6/5/2010 3:54:33 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: DMICall Fips Imapi IntelIde intelppm KLIF ohci1394
6/5/2010 3:53:06 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
6/5/2010 2:44:23 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DMICall Fips Imapi intelppm IPSec KLIF MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
6/5/2010 2:20:09 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Imapi IntelIde
6/5/2010 2:17:13 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
6/5/2010 12:41:32 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
6/5/2010 12:41:32 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
6/5/2010 12:41:18 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Imapi
6/5/2010 12:08:14 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/5/2010 12:05:10 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
6/5/2010 12:05:06 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
6/4/2010 12:35:53 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
6/4/2010 11:47:44 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 ccHP DMICall eeCtrl Fips IDSxpx86 Imapi intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SRTSP SRTSPX SYMTDI Tcpip
6/4/2010 11:47:44 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
6/4/2010 11:47:44 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/4/2010 11:47:44 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/4/2010 11:47:44 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
6/4/2010 11:42:41 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Imapi SRTSP
6/4/2010 11:41:19 PM, error: SRTSP [5] -
6/4/2010 10:10:53 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Imapi IntelIde SRTSP

==== End Of File ===========================


#4 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:02:23 AM

Posted 09 June 2010 - 10:13 AM

Please uninstall the following software:
Adobe Acrobat Reader 3.01
Adobe Reader 8.1.3
These two Adobe products are out dated and exploited. You only need one anyway...we will download the latest version when the system is cleaned.
Browser Defender 2.0.6.15 <--Junkware
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_05
...and these two java installations are out dated and exploited. You also only need one version installed and you already have that.
Viewpoint Media Player <--Foistware

Next, please download combofix from This Webpage...and read through the instructions there for running the tool.

***Important Note***
Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.

If you have Windows Vista, you can skip the recovery console step...in Vista it's in the System Recovery Options menu. The System Recovery Options menu is on the Windows Vista installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.


The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a simple procedure that will only take a few moments.

Once installed, a blue screen prompt should appear that reads as follows:

The Recovery Console was successfully installed.

When you see that screen, please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a log file for you. Please post that log back here on your next reply. Thanks!

Note:
Do not mouseclick combofix's window while it's running....that may cause the scan to stall




Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#5 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:02:23 AM

Posted 12 June 2010 - 08:36 PM

Still with us squashkin10?

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#6 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:02:23 AM

Posted 15 June 2010 - 09:39 AM

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to anyone of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic
in a new thread. Thanks!


The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users