[evilfantasy]

Open Malwarebytes' Anti-Malware.

* Click the Update tab.
* Click Check for Updates
* If an update is found, it will download and install.
* Click the Scanner tab.
* Select Perform Quick Scan, then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

----------

Before you begin the SDFix instructions you should copy these instructions in a Notepad file and save them to your desktop or print them for easy reference. Much of SDFix will be done in Safe mode and you will be unable to access this web page after booting into Safe mode.

Download SDFix by AndyManchesta and save it to your desktop.

When using this tool, you must use the Administrator's account or an account with Administrative rights

* Now, double-click on the SDFix icon that should now be residing on your desktop. If a Open File - Security Warning box opens, click on the Run button.
* A window will now open showing SDFix being extracted into the C:\SDFix folder.
* Once the installation program has finished extracting SDFix, it will open a Notepad with further instructions.
* DO NOT use it just yet.

Reboot your computer in Safe Mode using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

When your computer has started in safe mode, and you see the desktop, close all open Windows.

* Click on the Start button, click on the Run menu option, and type the following text from the Code Box into the Open: field then click the OK button.

Code:

C:\SDFix\RunThis.bat

* SDFix window will open containing some brief info and a disclaimer on the use of the tool.
* Type Y on your keyboard and then press Enter to begin the cleanup process.
* It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
* Copy and paste the contents of the results file Report.txt in your next reply along with a new HijackThis log (from normal boot mode).

[Mooseknuckle]

Evil....i followed the instructions that kano provided me...running ccleaner, superanti spyware, and malwarebytes and that has seemed to eliminate the problem...should i still do what you are recommending above to take car of/check for the behind the scenes issues?

[evilfantasy]

There are still major issues to be addressed. Yes you need to do the extra scans.

[Mooseknuckle]

Ok thank you...will do when i get home from work

[Mooseknuckle]

here are my scans now....

Malwarebytes' Anti-Malware 1.41
Database version: 2813
Windows 5.1.2600 Service Pack 3

9/16/2009 5:23:07 PM
mbam-log-2009-09-16 (17-23-07).txt

Scan type: Quick Scan
Objects scanned: 95978
Time elapsed: 8 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveDefense.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)






SDFix: Version 1.240
Run by Owner on Wed 09/16/2009 at 06:06 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-16 18:20:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe"="C:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe:*:Disabled:BackWeb-1940576"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.e xe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:E nabled:LimeWire swarmed installer"
"C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:M5Shell"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Documents and Settings\\All Users\\Application Data\\0d7ab44\\WI0d7a.exe"="C:\\Documents and Settings\\All Users\\Application Data\\0d7ab44\\WI0d7a.exe:*:Enabled:Windows Protection Suite"
"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"="C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :



Files with Hidden Attributes :

Mon 14 Jun 2004 196 A.SHR --- "C:\BOOT.BAK"
Sat 3 Jul 2004 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 23 Oct 2003 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.key.bak"
Sat 3 Jul 2004 4,348 ...H. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv1key.bak"
Sun 11 Jul 2004 20 A..H. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv1lic.bak"
Sat 3 Jul 2004 312 ...H. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2key.bak"
Sun 11 Jul 2004 7,680 A..H. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2lic.bak"

Finished!





will post hijack log next...thanks.

[Mooseknuckle]

here is my hijack log while scanning i got a message saying..."for some reason your system denied write access to the hosts file......"



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:08:07 PM, on 9/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 2.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 64.86.17.32 google.ae
O1 - Hosts: 64.86.17.32 google.as
O1 - Hosts: 64.86.17.32 google.at
O1 - Hosts: 64.86.17.32 google.az
O1 - Hosts: 64.86.17.32 google.ba
O1 - Hosts: 64.86.17.32 google.be
O1 - Hosts: 64.86.17.32 google.bg
O1 - Hosts: 64.86.17.32 google.bs
O1 - Hosts: 64.86.17.32 google.ca
O1 - Hosts: 64.86.17.32 google.cd
O1 - Hosts: 64.86.17.32 google.com.gh
O1 - Hosts: 64.86.17.32 google.com.hk
O1 - Hosts: 64.86.17.32 google.com.jm
O1 - Hosts: 64.86.17.32 google.com.mx
O1 - Hosts: 64.86.17.32 google.com.my
O1 - Hosts: 64.86.17.32 google.com.na
O1 - Hosts: 64.86.17.32 google.com.nf
O1 - Hosts: 64.86.17.32 google.com.ng
O1 - Hosts: 64.86.17.32 google.ch
O1 - Hosts: 64.86.17.32 google.com.np
O1 - Hosts: 64.86.17.32 google.com.pr
O1 - Hosts: 64.86.17.32 google.com.qa
O1 - Hosts: 64.86.17.32 google.com.sg
O1 - Hosts: 64.86.17.32 google.com.tj
O1 - Hosts: 64.86.17.32 google.com.tw
O1 - Hosts: 64.86.17.32 google.dj
O1 - Hosts: 64.86.17.32 google.de
O1 - Hosts: 64.86.17.32 google.dk
O1 - Hosts: 64.86.17.32 google.dm
O1 - Hosts: 64.86.17.32 google.ee
O1 - Hosts: 64.86.17.32 google.fi
O1 - Hosts: 64.86.17.32 google.fm
O1 - Hosts: 64.86.17.32 google.fr
O1 - Hosts: 64.86.17.32 google.ge
O1 - Hosts: 64.86.17.32 google.gg
O1 - Hosts: 64.86.17.32 google.gm
O1 - Hosts: 64.86.17.32 google.gr
O1 - Hosts: 64.86.17.32 google.ht
O1 - Hosts: 64.86.17.32 google.ie
O1 - Hosts: 64.86.17.32 google.im
O1 - Hosts: 64.86.17.32 google.in
O1 - Hosts: 64.86.17.32 google.it
O1 - Hosts: 64.86.17.32 google.ki
O1 - Hosts: 64.86.17.32 google.la
O1 - Hosts: 64.86.17.32 google.li
O1 - Hosts: 64.86.17.32 google.lv
O1 - Hosts: 64.86.17.32 google.ma
O1 - Hosts: 64.86.17.32 google.ms
O1 - Hosts: 64.86.17.32 google.mu
O1 - Hosts: 64.86.17.32 google.mw
O1 - Hosts: 64.86.17.32 google.nl
O1 - Hosts: 64.86.17.32 google.no
O1 - Hosts: 64.86.17.32 google.nr
O1 - Hosts: 64.86.17.32 google.nu
O1 - Hosts: 64.86.17.32 google.pl
O1 - Hosts: 64.86.17.32 google.pn
O1 - Hosts: 64.86.17.32 google.pt
O1 - Hosts: 64.86.17.32 google.ro
O1 - Hosts: 64.86.17.32 google.ru
O1 - Hosts: 64.86.17.32 google.rw
O1 - Hosts: 64.86.17.32 google.sc
O1 - Hosts: 64.86.17.32 google.se
O1 - Hosts: 64.86.17.32 google.sh
O1 - Hosts: 64.86.17.32 google.si
O1 - Hosts: 64.86.17.32 google.sm
O1 - Hosts: 64.86.17.32 google.sn
O1 - Hosts: 64.86.17.32 google.st
O1 - Hosts: 64.86.17.32 google.tl
O1 - Hosts: 64.86.17.32 google.tm
O1 - Hosts: 64.86.17.32 google.tt
O1 - Hosts: 64.86.17.32 google.us
O1 - Hosts: 64.86.17.32 google.vu
O1 - Hosts: 64.86.17.32 google.ws
O1 - Hosts: 64.86.17.32 google.co.ck
O1 - Hosts: 64.86.17.32 google.co.id
O1 - Hosts: 64.86.17.32 google.co.il
O1 - Hosts: 64.86.17.32 google.co.in
O1 - Hosts: 64.86.17.32 google.co.jp
O1 - Hosts: 64.86.17.32 google.co.kr
O1 - Hosts: 64.86.17.32 google.co.ls
O1 - Hosts: 64.86.17.32 google.co.ma
O1 - Hosts: 64.86.17.32 google.co.nz
O1 - Hosts: 64.86.17.32 google.co.tz
O1 - Hosts: 64.86.17.32 google.co.ug
O1 - Hosts: 64.86.17.32 google.co.uk
O1 - Hosts: 64.86.17.32 google.co.za
O1 - Hosts: 64.86.17.32 google.co.zm
O1 - Hosts: 64.86.17.32 google.com
O1 - Hosts: 64.86.17.32 google.com.af
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - https://activatemydsl.verizon.net/sd...ad/tgctlcm.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10692 bytes

[evilfantasy]

Download HostsXpert

• Unzip HostXpert to your Desktop
• Open up the HostXpert program.
• Make sure that the "Make Hosts Writable?" button in the upper right corner is enabled.
• Click Create Back Up
• Then click on Restore Microsoft's Host Files
• Close the HostXpert program

Note: if you use SpywareBlaster, Spybot and/or IE-SPYAD, it will be necessary to re-install the protection they afford. For SpywareBlaster, run the program and select Enable all protection. For Spybot run the program and select Immunize. For IE-SPYAD, run the batch file and reinstall the protection.

----------

Download DDS from |HERE| or |HERE| or |HERE| and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

[Mooseknuckle]

Make sure that the "Make Hosts Writable?" button in the upper right corner is enabled.



there is a closed lock beside this and when i click on it nothing happens.....
when opening hostsxpert i got a few messages saying hosts file is a system file and a hidden file click on to remove these properties and i clicked ok......

[evilfantasy]

Reset Hosts File:

* Go to Start > Run and type Notepad.exe then click OK
* Copy and Paste everything from the Code Box below into Notepad:

Code:

@Echo off
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1  localhost>HOSTS
attrib +r +h +s hosts
popd
del %0

* Go to File > Save As
* Save File name as "Reset.bat" <-- Make sure to include the quotes.
* Change Save as Type to All Files and save the file to your Desktop.

On the desktop double click the Reset.bat to run the batch file. It will self-delete when completed.

----------

Now continue with DDS.

[Mooseknuckle]

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 6/14/2004 4:00:56 AM
System Uptime: 9/16/2009 6:13:42 PM (1 hours ago)

Motherboard: ASUSTeK Computer INC. | | P4G533LA
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | PGA 478 | 2391/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 70 GiB total, 50.039 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 0.66 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1579: 6/19/2009 8:11:25 AM - System Checkpoint
RP1580: 6/20/2009 9:23:24 AM - System Checkpoint
RP1581: 6/21/2009 10:11:19 AM - System Checkpoint
RP1582: 6/22/2009 10:30:36 AM - System Checkpoint
RP1583: 6/23/2009 11:25:58 AM - System Checkpoint
RP1584: 6/24/2009 12:23:19 PM - System Checkpoint
RP1585: 6/25/2009 1:23:21 PM - System Checkpoint
RP1586: 6/26/2009 2:14:39 PM - System Checkpoint
RP1587: 6/27/2009 3:12:24 PM - System Checkpoint
RP1588: 6/28/2009 4:23:12 PM - System Checkpoint
RP1589: 6/29/2009 5:15:28 PM - System Checkpoint
RP1590: 6/30/2009 6:11:12 PM - System Checkpoint
RP1591: 7/1/2009 7:15:29 PM - System Checkpoint
RP1592: 7/2/2009 7:23:12 PM - System Checkpoint
RP1593: 7/3/2009 8:23:12 PM - System Checkpoint
RP1594: 7/4/2009 9:23:07 PM - System Checkpoint
RP1595: 7/5/2009 9:29:01 PM - System Checkpoint
RP1596: 7/6/2009 10:24:33 PM - System Checkpoint
RP1597: 7/7/2009 10:40:11 PM - System Checkpoint
RP1598: 7/8/2009 11:12:08 PM - System Checkpoint
RP1599: 7/10/2009 12:23:03 AM - System Checkpoint
RP1600: 7/11/2009 1:11:03 AM - System Checkpoint
RP1601: 7/12/2009 2:23:00 AM - System Checkpoint
RP1602: 7/13/2009 3:10:59 AM - System Checkpoint
RP1603: 7/14/2009 4:23:01 AM - System Checkpoint
RP1604: 7/15/2009 3:00:20 AM - Software Distribution Service 3.0
RP1605: 7/16/2009 3:14:09 AM - System Checkpoint
RP1606: 7/17/2009 3:26:07 AM - System Checkpoint
RP1607: 7/18/2009 4:14:07 AM - System Checkpoint
RP1608: 7/19/2009 4:34:05 AM - System Checkpoint
RP1609: 7/20/2009 5:34:04 AM - System Checkpoint
RP1610: 7/21/2009 6:34:05 AM - System Checkpoint
RP1611: 7/22/2009 7:05:59 AM - System Checkpoint
RP1612: 7/23/2009 7:17:58 AM - System Checkpoint
RP1613: 7/24/2009 8:29:55 AM - System Checkpoint
RP1614: 7/25/2009 10:25:47 AM - System Checkpoint
RP1615: 7/26/2009 11:17:58 AM - System Checkpoint
RP1616: 7/27/2009 11:41:58 AM - System Checkpoint
RP1617: 7/28/2009 12:07:03 PM - System Checkpoint
RP1618: 7/29/2009 3:00:19 AM - Software Distribution Service 3.0
RP1619: 7/30/2009 3:12:21 AM - System Checkpoint
RP1620: 7/31/2009 3:24:20 AM - System Checkpoint
RP1621: 8/1/2009 4:24:20 AM - System Checkpoint
RP1622: 8/2/2009 5:24:20 AM - System Checkpoint
RP1623: 8/3/2009 6:24:20 AM - System Checkpoint
RP1624: 8/4/2009 6:25:22 AM - System Checkpoint
RP1625: 8/5/2009 7:12:10 AM - System Checkpoint
RP1626: 8/6/2009 7:24:10 AM - System Checkpoint
RP1627: 8/7/2009 8:24:12 AM - System Checkpoint
RP1628: 8/8/2009 9:12:12 AM - System Checkpoint
RP1629: 8/9/2009 9:28:55 AM - System Checkpoint
RP1630: 8/10/2009 10:43:45 AM - System Checkpoint
RP1631: 8/11/2009 10:59:22 AM - System Checkpoint
RP1632: 8/12/2009 3:00:20 AM - Software Distribution Service 3.0
RP1633: 8/13/2009 3:15:09 AM - System Checkpoint
RP1634: 8/14/2009 4:27:09 AM - System Checkpoint
RP1635: 8/15/2009 5:04:21 AM - System Checkpoint
RP1636: 8/16/2009 5:16:22 AM - System Checkpoint
RP1637: 8/17/2009 6:30:50 AM - System Checkpoint
RP1638: 8/18/2009 7:16:19 AM - System Checkpoint
RP1639: 8/19/2009 8:04:15 AM - System Checkpoint
RP1640: 8/20/2009 8:11:47 AM - System Checkpoint
RP1641: 8/21/2009 8:14:58 AM - System Checkpoint
RP1642: 8/22/2009 9:16:00 AM - System Checkpoint
RP1643: 8/23/2009 10:16:16 AM - System Checkpoint
RP1644: 8/24/2009 11:07:50 AM - System Checkpoint
RP1645: 8/25/2009 12:40:15 PM - System Checkpoint
RP1646: 8/26/2009 1:18:33 PM - System Checkpoint
RP1647: 8/27/2009 3:00:19 AM - Software Distribution Service 3.0
RP1648: 8/28/2009 3:04:10 AM - System Checkpoint
RP1649: 8/29/2009 4:16:09 AM - System Checkpoint
RP1650: 8/30/2009 5:16:09 AM - System Checkpoint
RP1651: 8/31/2009 6:04:11 AM - System Checkpoint
RP1652: 9/1/2009 7:04:10 AM - System Checkpoint
RP1653: 9/2/2009 7:31:23 AM - System Checkpoint
RP1654: 9/3/2009 8:31:21 AM - System Checkpoint
RP1655: 9/4/2009 9:19:22 AM - System Checkpoint
RP1656: 9/5/2009 9:45:48 AM - System Checkpoint
RP1657: 9/6/2009 10:45:42 AM - System Checkpoint
RP1658: 9/7/2009 11:17:14 AM - System Checkpoint
RP1659: 9/8/2009 11:33:47 AM - System Checkpoint
RP1660: 9/9/2009 3:00:17 AM - Software Distribution Service 3.0
RP1661: 9/10/2009 3:00:19 AM - Software Distribution Service 3.0
RP1662: 9/11/2009 3:14:13 AM - System Checkpoint
RP1663: 9/12/2009 11:52:08 AM - System Checkpoint
RP1664: 9/13/2009 7:59:45 PM - System Checkpoint
RP1665: 9/14/2009 6:02:40 PM - Installed SUPERAntiSpyware Free Edition
RP1666: 9/14/2009 8:13:36 PM - Software Distribution Service 3.0
RP1667: 9/15/2009 9:13:09 PM - System Checkpoint
RP1668: 9/16/2009 3:00:18 AM - Software Distribution Service 3.0

==== Installed Programs ======================


1400
1400_Help
1400Trb
Ad-Aware 2007
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
AIM 6
AiO_Scan
AiOSoftware
AOL Instant Messenger
Apple Software Update
avast! Antivirus
Barbie(TM) Sparkling Ice Show(TM)
BufferChm
CardRd81
CCleaner (remove only)
CCScore
Compaq Connections
Compatibility Pack for the 2007 Office system
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CR2
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
DocProc
EAX Unified
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSEMAIL
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
ESSTUTOR
ESSvpaht
ESSvpot
eSupportQFolder
Fax
HijackThis 2.0.2
HLPIndex
HLPPDOCK
HLPSFO
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
hp deskjet 3420 series (Remove only)
HP Deskjet printer preloaded drivers
HP Extended Capabilities 5.3
HP Image Zone Express
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
HpSdpAppCoreApp
Instant Support
Intel(R) Extreme Graphics Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
iPod for Windows 2006-03-23
iTunes
J2SE Runtime Environment 5.0 Update 3
Java(TM) 6 Update 5
KBD
Kodak EasyShare software
KSU
Malwarebytes' Anti-Malware
MarketResearch
Medal of Honor Allied Assault(tm) Spearhead
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Data Access Components KB870669
Microsoft Learning and Research Plus Support Files
Microsoft Office XP Professional
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
Morpheus 5.5 (remove only)
Mozilla Firefox (2.0.0.20)
MSN Internet Software
MSN Messenger 5.0
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Musicmatch® Jukebox
NewCopy
Notifier
NVIDIA Drivers
OfotoXMI
OmniPass
OTtBP
OTtBPSDK
ProductContext
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
Quicken 2003 New User Edition
QuickTime
Readme
RecordNow
Ringtone Ripper
S3Display
S3Gamma2
S3Info2
S3Overlay
Scan
ScannerCopy
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SFR
SHASTA
Shockwave
SKIN0001
SKINXSDK
SolutionCenter
Sonic Update Manager
Status
SUPERAntiSpyware Free Edition
TrayApp
Unload
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VPRINTOL
WebFldrs XP
WebReg
WildTangent Web Driver
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Service Pack 3
WIRELESS
Wise Disk Cleaner 3.2

==== Event Viewer Messages From Past Week ========

9/16/2009 5:59:29 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
9/16/2009 5:59:29 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
9/16/2009 5:59:29 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/16/2009 5:59:29 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/16/2009 5:59:29 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
9/16/2009 5:59:15 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
9/16/2009 5:59:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/14/2009 6:56:51 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'WI0d7a.exe' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
9/14/2009 12:46:00 PM, error: SideBySide [61] - Syntax error in manifest or policy file "C:\Program Files\Apple Software Update\Plugins\MSIInstallPlugin.dll.Manifest" on line 2. The required attribute version is missing from element assemblyIdentity.
9/14/2009 12:46:00 PM, error: SideBySide [61] - Syntax error in manifest or policy file "C:\Program Files\Apple Software Update\Plugins\EXEInstallPlugin.dll.Manifest" on line 2. The required attribute version is missing from element assemblyIdentity.
9/14/2009 12:46:00 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Apple Software Update\Plugins\MSIInstallPlugin.dll.Manifest. Reference error message: The operation completed successfully. .
9/14/2009 12:46:00 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Apple Software Update\Plugins\EXEInstallPlugin.dll.Manifest. Reference error message: The operation completed successfully. .
9/14/2009 12:46:00 PM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\Program Files\Apple Software Update\Plugins\MSIInstallPlugin.dll.Manifest" on line 2.
9/14/2009 12:46:00 PM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\Program Files\Apple Software Update\Plugins\EXEInstallPlugin.dll.Manifest" on line 2.
9/12/2009 10:19:08 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the NVIDIA Display Driver Service service to connect.
9/12/2009 10:19:08 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! iAVS4 Control Service service to connect.
9/12/2009 10:19:08 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Antivirus service to connect.
9/12/2009 10:19:08 AM, error: Service Control Manager [7000] - The NVIDIA Display Driver Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/12/2009 10:19:08 AM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.
9/12/2009 10:19:08 AM, error: Service Control Manager [7000] - The avast! iAVS4 Control Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/12/2009 10:19:08 AM, error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/11/2009 9:17:53 PM, error: Print [19] - Sharing printer failed + 1722, Printer HP PSC 1400 series share name Printer.

==== End Of File ===========================







next post will have other log