1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Possible email-worm.zhelatin.vy

Discussion in 'Virus & Other Malware Removal' started by lisaa7002, Jan 26, 2011.

Thread Status:
Not open for further replies.
  1. lisaa7002

    lisaa7002 Thread Starter

    Joined:
    Jul 14, 2003
    Messages:
    1,258
    Friend's computer. dell dim 2350. pent 4 1.80GHz 1.79GHZ, 512MB ram. Continual popups. They didn't have any antivirus. Avg wouldn't install. I found Anivirus8 (which I found out is the carrier) but it pointed to the email-worm.zhelatin.vy. Have run ad aware (with 1612 old definitions- wouldn't update) and spybot. Both cleared a lot, but haven't fixed the problem. I Did a system restore, Which did nothing I can see. & Check disk, which did a lot, but still hasn't fixed the problem/ problems. I finally shut down almost all of the start up things & have been able to get here to post.

    HJT log
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:50:32 PM, on 1/26/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD .exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop .exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper .exe
    C:\Program Files\DellSupport\DSAgnt .exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
    C:\Program Files\Common Files\Oberon Media\Parts\1.0.0.11\OberonParts.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
    R3 - URLSearchHook: (no name) - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - (no file)
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: ALOT Toolbar Helper - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\BHO\alotBHO.dll
    O2 - BHO: Freecause Shopping BHO - {20FEC4E7-F7B7-438B-8191-33D2EFC5EBEA} - C:\Program Files\Shop to Win 2\ShoppingBHO.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
    O2 - BHO: IE BHO Utility - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll
    O2 - BHO: TV Bar 1.2 Toolbar - {70a38074-97a6-45da-b1a1-34b0a34dc3ff} - C:\Program Files\TV_Bar_1.2\tbTV_1.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    O2 - BHO: GamesBarBHO Class - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\2.0.1.55\oberontb.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O2 - BHO: NetZero Toolbar Helper - {FE3098B0-04A3-41fd-8CA9-BEA39CB14C87} - C:\Program Files\NetZero\ucreg.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: TV Bar 1.2 Toolbar - {70a38074-97a6-45da-b1a1-34b0a34dc3ff} - C:\Program Files\TV_Bar_1.2\tbTV_1.dll
    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
    O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\2.0.1.55\oberontb.dll
    O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe -update activex
    O4 - HKUS\S-1-5-19\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" (User 'Default user')
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\2.0.1.55\oberontb.dll
    O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\2.0.1.55\oberontb.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/download/tgctlcm.cab
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {197AB1D7-A7DD-4C86-A938-1FCC0DB21B85} - http://dm.cometsystems.com/dm/dm_286.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://zone.msn.com/bingame/trbo/default/ActiveLauncher.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133030976796
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133030959468
    O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
    O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://sympatico.zone.msn.com/bingame/luxr/default/mjolauncher.cab
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
    O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v46/wwspades/wwspades.cab
    O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/spsp29953.01noopt/spyspottercabinstall.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: SNMP Service (SNMP) - Unknown owner - C:\WINDOWS\System32\snmp.exe (file missing)
    O23 - Service: SNMP Trap Service (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)

    --
    End of file - 12006 bytes


    DDS


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Jenelle at 13:07:25.92 on Wed 01/26/2011
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.144 [GMT -5:00]


    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD .exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop .exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper .exe
    C:\Program Files\DellSupport\DSAgnt .exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
    C:\Program Files\Common Files\Oberon Media\Parts\1.0.0.11\OberonParts.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\WINDOWS\SYSTEM32\notepad.exe
    C:\Documents and Settings\Jenelle\Local Settings\Temporary Internet Files\Content.IE5\PB1EYM5D\dds[1].scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.yahoo.com/?ilc=1
    uSearch Page = hxxp://my.netzero.net/s/search?r=minisearch
    uSearch Bar = hxxp://my.netzero.net/s/search?r=minisearch
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mDefault_Search_URL = hxxp://my.netzero.net/s/search?r=minisearch
    mSearch Page = hxxp://my.netzero.net/s/search?r=minisearch
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
    mSearchAssistant = hxxp://my.netzero.net/s/search?r=minisearch
    uURLSearchHooks: H - No File
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
    BHO: ALOT Toolbar Helper: {14ceeaff-96dd-4101-ae37-d5ecdc23c3f6} - c:\program files\alot\bin\bho\alotBHO.dll
    BHO: Shop to Win 2: {20fec4e7-f7b7-438b-8191-33d2efc5ebea} - c:\program files\shop to win 2\ShoppingBHO.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll
    BHO: Surf Canyon Search Engine Assistant: {5ab7104a-b71f-49ad-9154-f7f8806ae848} - c:\program files\surf canyon\surfcanyon.dll
    BHO: TV Bar 1.2 Toolbar: {70a38074-97a6-45da-b1a1-34b0a34dc3ff} - c:\program files\tv_bar_1.2\tbTV_1.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
    BHO: GamesBarBHO Class: {cb0d163c-e9f4-4236-9496-0597e24b23a5} - c:\program files\gamesbar\2.0.1.55\oberontb.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
    BHO: NetZero Toolbar Helper: {fe3098b0-04a3-41fd-8ca9-bea39cb14c87} - c:\program files\netzero\ucreg.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: TV Bar 1.2 Toolbar: {70a38074-97a6-45da-b1a1-34b0a34dc3ff} - c:\program files\tv_bar_1.2\tbTV_1.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll
    TB: GamesBar: {6f282b65-56bf-4bd1-a8b2-a4449a05863d} - c:\program files\gamesbar\2.0.1.55\oberontb.dll
    TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
    TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
    TB: {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No File
    EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10i_ActiveX.exe -update activex
    mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
    mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
    dRun: [Exetender] "c:\program files\free ride games\GPlayer.exe /runonstartup"
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {1A93C934-025B-4c3a-B38E-9654A7003239} - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - c:\program files\gamesbar\2.0.1.55\oberontb.dll
    Trusted Zone: yahoo.com\clientapps
    Trusted Zone: yahoo.com\yahoomail
    DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://activation.rr.com/install/download/tgctlcm.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - hxxps://signup.msn.com/pages/MsnInstC.cab
    DPF: {197AB1D7-A7DD-4C86-A938-1FCC0DB21B85} - hxxp://dm.cometsystems.com/dm/dm_286.cab
    DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} - hxxp://protect.microsoft.com/security/protect/wsa/shared/CAB/x86/msSecAdv.cab?1133029946890
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - hxxp://zone.msn.com/bingame/trbo/default/ActiveLauncher.cab
    DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
    DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab
    DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - hxxp://zone.msn.com/bingame/rock/default/popcaploader1.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133030976796
    DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133030959468
    DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
    DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
    DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://sympatico.zone.msn.com/bingame/luxr/default/mjolauncher.cab
    DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://download.yahoo.com/dl/installs/yab_af.cab
    DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - hxxp://www.live365.com/players/play365.cab
    DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - hxxp://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
    DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - hxxp://www.worldwinner.com/games/v46/wwspades/wwspades.cab
    DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - hxxp://download.spyspotter.com/spyspotter/spsp29953.01noopt/spyspottercabinstall.cab
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
    Notify: igfxcui - igfxsrvc.dll
    AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 127.0.0.1 www.spywareinfo.com

    ============= SERVICES / DRIVERS ===============

    R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2002-8-29 14336]
    R2 X4HSX32Ex;X4HSX32Ex;c:\program files\free ride games\X4HSX32Ex.sys [2008-10-18 29856]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-9 136176]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-1-4 37380]

    =============== Created Last 30 ================

    2011-01-26 15:50:58 1409 ----a-w- c:\windows\QTFont.for
    2011-01-26 14:51:30 -------- d-sh--w- C:\found.000
    2011-01-26 14:30:43 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-01-26 14:30:43 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-01-26 01:33:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-01-26 01:33:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2011-01-26 01:06:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
    2011-01-26 00:11:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
    2011-01-26 00:06:16 -------- d-----w- c:\program files\Trend Micro
    2011-01-25 23:11:36 -------- d-----w- c:\program files\common files\Wise Installation Wizard
    2011-01-25 22:12:07 82434 ----a-w- c:\docume~1\alluse~1\applic~1\MmiHAUB1.exe
    2011-01-25 22:00:53 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
    2011-01-25 22:00:53 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
    2011-01-02 18:40:45 -------- d-----w- c:\docume~1\alluse~1\applic~1\Leapfrog
    2011-01-02 18:40:44 -------- d-----w- c:\program files\LeapFrog
    2011-01-02 01:15:21 -------- d-----w- c:\docume~1\jenelle\applic~1\whitesmoketoolbar
    2011-01-02 00:33:17 -------- d-----w- c:\windows\system32\%APPDATA%
    2011-01-02 00:32:46 -------- d-----w- c:\program files\whitesmoketoolbar
    2011-01-02 00:31:17 53248 ----a-w- c:\windows\system32\Iasv32.dll
    2010-12-31 22:29:04 -------- d-sh--w- c:\windows\ftpcache
    2010-12-31 22:17:56 -------- d-----w- c:\program files\Dora's World Adventure
    2010-12-30 00:04:16 -------- d--h--w- C:\BJPrinter
    2010-12-29 23:17:29 -------- d-----w- c:\program files\AV8
    2010-12-27 23:56:31 -------- d-----w- c:\program files\Microsoft
    2010-12-27 23:56:28 -------- d-----w- c:\program files\MSN Toolbar
    2010-12-27 23:55:23 -------- d-----w- c:\program files\HP Photo Creations
    2010-12-27 23:55:23 -------- d-----w- c:\docume~1\alluse~1\applic~1\HP Photo Creations
    2010-12-27 23:55:21 -------- d-----w- c:\windows\Cache
    2010-12-27 23:55:20 -------- d-----w- c:\program files\Coupons
    2010-12-27 23:53:55 1907560 ----a-w- c:\windows\system32\HPScanMiniDrv_DJ1050_J410.dll
    2010-12-27 23:53:50 264552 ----a-w- c:\windows\system32\hpinksts8911LM.dll
    2010-12-27 23:53:50 232296 ----a-w- c:\windows\system32\hpinksts8911.dll
    2010-12-27 23:53:50 213352 ----a-w- c:\windows\system32\hpinkcoi8911.dll
    2010-12-27 23:53:07 -------- d-----w- c:\program files\HP

    ==================== Find3M ====================

    2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
    2005-10-03 01:43:15 774144 -c--a-w- c:\program files\RngInterstitial.dll

    =================== ROOTKIT ====================

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: WDC_WD300BB-75DEA0 rev.05.03E05 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8330B735]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x83311990]; MOV EAX, [0x83311a0c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x83379AB8]
    3 CLASSPNP[0xF87B7FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\00000061[0x833522A0]
    5 ACPI[0xF872E620] -> nt!IofCallDriver[0x804E37D5] -> [0x83382940]
    \Driver\atapi[0x8334FD10] -> IRP_MJ_CREATE -> 0x8330B735
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    detected disk devices:
    \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD300BB-75DEA0______________________05.03E05#4457572d414d3144373533343133_037_0_0_0_0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x8330B57B
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !

    ============= FINISH: 13:10:27.14 ===============


    Attach (dds)


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 1/27/2003 10:37:09 PM
    System Uptime: 1/26/2011 12:17:46 PM (1 hours ago)

    Motherboard: Dell Computer Corporation | | 07W080
    Processor: Intel(R) Pentium(R) 4 CPU 1.80GHz | Socket 478 | 1794/400mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 28 GiB total, 6.828 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1874: 11/18/2010 9:38:36 AM - System Checkpoint
    RP1875: 11/19/2010 10:38:38 AM - System Checkpoint
    RP1876: 11/20/2010 11:39:42 AM - System Checkpoint
    RP1877: 11/21/2010 12:38:41 PM - System Checkpoint
    RP1878: 11/22/2010 1:38:42 PM - System Checkpoint
    RP1879: 11/23/2010 2:38:42 PM - System Checkpoint
    RP1880: 11/24/2010 3:50:39 PM - System Checkpoint
    RP1881: 11/25/2010 4:38:41 PM - System Checkpoint
    RP1882: 11/26/2010 6:36:05 PM - System Checkpoint
    RP1883: 11/27/2010 6:38:34 PM - System Checkpoint
    RP1884: 11/28/2010 8:14:20 PM - System Checkpoint
    RP1885: 11/29/2010 8:39:46 PM - System Checkpoint
    RP1886: 11/30/2010 9:38:34 PM - System Checkpoint
    RP1887: 12/1/2010 10:38:42 PM - System Checkpoint
    RP1888: 12/3/2010 12:07:40 AM - System Checkpoint
    RP1889: 12/4/2010 12:38:38 AM - System Checkpoint
    RP1890: 12/5/2010 1:38:46 AM - System Checkpoint
    RP1891: 12/6/2010 2:38:46 AM - System Checkpoint
    RP1892: 12/7/2010 3:38:38 AM - System Checkpoint
    RP1893: 12/8/2010 1:35:34 PM - System Checkpoint
    RP1894: 12/9/2010 2:20:27 PM - System Checkpoint
    RP1895: 12/10/2010 3:21:07 PM - System Checkpoint
    RP1896: 12/11/2010 4:20:31 PM - System Checkpoint
    RP1897: 12/12/2010 5:20:25 PM - System Checkpoint
    RP1898: 12/13/2010 5:21:29 PM - System Checkpoint
    RP1899: 12/14/2010 6:20:23 PM - System Checkpoint
    RP1900: 12/15/2010 7:21:30 PM - System Checkpoint
    RP1901: 12/16/2010 8:20:26 PM - System Checkpoint
    RP1902: 12/17/2010 5:00:19 AM - Software Distribution Service 3.0
    RP1903: 12/18/2010 5:30:40 AM - System Checkpoint
    RP1904: 12/19/2010 6:13:35 AM - System Checkpoint
    RP1905: 12/20/2010 6:34:09 AM - System Checkpoint
    RP1906: 12/21/2010 12:46:09 PM - System Checkpoint
    RP1907: 12/22/2010 6:34:03 PM - System Checkpoint
    RP1908: 12/25/2010 10:57:30 AM - System Checkpoint
    RP1909: 12/26/2010 3:26:34 PM - System Checkpoint
    RP1910: 12/27/2010 8:31:43 PM - System Checkpoint
    RP1911: 12/28/2010 11:58:22 PM - System Checkpoint
    RP1912: 12/29/2010 6:45:50 PM - Configured Finding Nemo: Nemo's Underwater World of Fun Special 
    RP1913: 12/31/2010 1:07:19 AM - System Checkpoint
    RP1914: 12/31/2010 5:00:23 AM - Software Distribution Service 3.0
    RP1915: 12/31/2010 5:17:52 PM - Installed Dora's World Adventure.
    RP1916: 12/31/2010 5:24:06 PM - Installed Adobe Reader 9.2.
    RP1917: 1/2/2011 12:11:11 AM - System Checkpoint
    RP1918: 1/22/2011 9:01:53 PM - System Checkpoint
    RP1919: 1/23/2011 9:48:50 PM - System Checkpoint
    RP1920: 1/25/2011 7:06:06 PM - Installed HiJackThis
    RP1921: 1/25/2011 8:03:24 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    RP1922: 1/25/2011 8:03:49 PM - Installed AVG 2011
    RP1923: 1/25/2011 8:10:22 PM - Installed AVG 2011
    RP1924: 1/25/2011 8:10:36 PM - Removed AVG 2011
    RP1925: 1/26/2011 9:27:21 AM - Restore Operation

    ==== Installed Programs ======================

    Acrobat.com
    Ad-Aware SE Personal
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Shockwave Player 11.5
    ALOT Toolbar
    Alphabet Express
    AOL Uninstaller (Choose which Products to Remove)
    BACS
    Britannica Ready Reference
    Broadcom Advanced Control Suite
    BroadJump Client Foundation
    Canon BJC-2100 Printer
    Canon Creative 3
    Canon i550
    Canon PhotoRecord
    Canon Utilities Easy-PhotoPrint
    Canon Utilities PhotoStitch 3.1
    Canon Utilities ZoomBrowser EX
    CardRd81
    CCScore
    ColorDesk Photo
    Conduit Engine
    Conexant HSF V92 56K Data Fax PCI Modem
    CR2
    Critical Update for Windows Media Player 11 (KB959772)
    Dell Digital Jukebox Driver
    Dell Modem-On-Hold
    Dell Picture Studio - Dell Image Expert
    Dell Solution Center
    DellSupport
    Digital Line Detect
    Easy CD Creator 5 Basic
    ESSBrwr
    ESSCDBK
    ESScore
    ESSgui
    ESSini
    ESSPCD
    ESSPDock
    ESSSONIC
    ESSTOOLS
    essvatgt
    Finding Nemo: Nemo's Underwater World of Fun Special Edition
    FMS
    Free Ride Games Player
    GamesBar 2.0.1.55
    Google Desktop
    Google Toolbar for Firefox
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    Help and Support Customization
    Hot Rod Garage to Glory
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    kgcbase
    KODAK EASYSHARE Gallery Upload ActiveX Control
    LiveUpdate 3.0 (Symantec Corporation)
    Logitech Desktop Messenger
    Logitech QuickCam
    Logitech QuickCam Driver Package
    Marine Sharpshooter
    Microsoft .NET Framework (English)
    Microsoft .NET Framework (English) v1.0.3705
    Microsoft .NET Framework 1.0 Hotfix (KB928367)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Modem Helper
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    netbrdg
    Norton Security Scan
    OfotoXMI
    Paint Shop Pro 7
    Picasa 3
    Picture Package Music Transfer
    QuickTime
    RealArcade
    RealPlayer
    RealUpgrade 1.0
    Roll
    Scrabble
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SFR
    SFR2
    SHASTA
    Shockwave
    Shop to Win 2
    skin0001
    SKINXSDK
    Sony Picture Utility
    staticcr
    Stronghold Crusader
    Surf Canyon Search Engine Assistant
    The Sims Superstar
    The Weather Channel Desktop 6
    tooltips
    TV Bar 1.2 Toolbar
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Viewpoint Media Player
    VPRINTOL
    WebFldrs XP
    WildTangent Web Driver
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage v1.3.0254.0
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WIRELESS
    WordPerfect Office 2002
    Yahoo! Install Manager
    Yahoo! Messenger
    Yahoo! Toolbar

    ==== Event Viewer Messages From Past Week ========

    1/26/2011 9:32:27 AM, error: Service Control Manager [7000] - The SNMP Service service failed to start due to the following error: The system cannot find the file specified.
    1/26/2011 9:16:27 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.
    1/26/2011 9:16:27 AM, error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/26/2011 9:16:27 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
    1/26/2011 9:00:00 AM, error: Schedule [7901] - The At14.job command failed to start due to the following error: General access denied error
    1/26/2011 11:52:31 AM, error: Service Control Manager [7001] - The Simple TCP/IP Services service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
    1/26/2011 11:49:42 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll. Reference error message: The operation completed successfully. .
    1/26/2011 11:49:04 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\SHELL32.dll. Reference error message: The operation completed successfully. .
    1/26/2011 11:09:52 AM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202.Manifest" on line 11.
    1/26/2011 11:09:52 AM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202.Manifest" on line 0.
    1/26/2011 11:00:00 AM, error: Schedule [7901] - The At16.job command failed to start due to the following error: General access denied error
    1/26/2011 1:00:00 PM, error: Schedule [7901] - The At18.job command failed to start due to the following error: General access denied error
    1/25/2011 9:00:00 PM, error: Schedule [7901] - The At26.job command failed to start due to the following error: General access denied error
    1/25/2011 8:40:00 PM, error: Schedule [7901] - The At2.job command failed to start due to the following error: General access denied error
    1/25/2011 8:09:21 PM, error: Service Control Manager [7000] - The AVG AVI Loader Driver service failed to start due to the following error: The system cannot find message text for message number 0x%1 in the message file for %2.
    1/25/2011 8:00:00 PM, error: Schedule [7901] - The At25.job command failed to start due to the following error: General access denied error
    1/25/2011 7:00:00 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: General access denied error
    1/25/2011 6:54:00 PM, error: Schedule [7901] - The At3.job command failed to start due to the following error: General access denied error
    1/25/2011 6:49:13 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
    1/25/2011 6:25:56 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    1/25/2011 6:25:45 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    1/25/2011 6:25:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    1/25/2011 6:24:54 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdudf_xp Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip Tcpip6 WS2IFSL
    1/25/2011 6:24:54 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
    1/25/2011 6:24:54 PM, error: Service Control Manager [7001] - The IPv6 Helper Service service depends on the Microsoft IPv6 Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/25/2011 6:24:54 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/25/2011 6:24:54 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/25/2011 6:24:54 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    1/25/2011 6:24:49 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/25/2011 6:19:12 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
    1/25/2011 6:19:12 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/25/2011 6:08:58 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
    1/25/2011 6:00:00 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: General access denied error
    1/25/2011 5:43:25 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\spoolsv.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.6024.
    1/25/2011 5:27:09 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    1/25/2011 5:18:26 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\comctl32.dll. Reference error message: Error Message is unavailable .
    1/25/2011 5:18:23 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls. Reference error message: Error Message is unavailable .
    1/25/2011 5:18:23 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\WindowsShell.Manifest. Reference error message: Error Message is unavailable .
    1/25/2011 5:18:23 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\WININET.dll. Reference error message: Error Message is unavailable .
    1/25/2011 5:18:23 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\urlmon.dll. Reference error message: Error Message is unavailable .
    1/25/2011 5:18:23 PM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.6028.Policy" on line 0.
    1/25/2011 5:18:23 PM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\WINDOWS\system32\WININET.dll" on line 0.
    1/25/2011 5:18:23 PM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\WINDOWS\system32\urlmon.dll" on line 0.
    1/25/2011 5:18:22 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\urlmon.dll. Reference error message: The operation completed successfully. .
    1/25/2011 5:18:21 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\TEMP\logishrd\LVPrcInj05.dll. Reference error message: Error Message is unavailable .
    1/25/2011 5:10:43 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls. Reference error message: Not enough storage is available to complete this operation. .
    1/25/2011 5:10:37 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\COMCTL32.DLL. Reference error message: The operation completed successfully. .
    1/25/2011 5:10:24 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\WININET.dll. Reference error message: The operation completed successfully. .
    1/25/2011 5:10:14 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\TEMP\logishrd\LVPrcInj05.dll. Reference error message: The operation completed successfully. .
    1/24/2011 2:00:00 PM, error: Schedule [7901] - The At4.job command failed to start due to the following error: General access denied error
    1/24/2011 10:10:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: General access denied error
    1/22/2011 8:46:37 PM, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 000874BF8C08 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    1/22/2011 8:45:08 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

    ==== End Of File ===========================


    The third program wouldn't load, page just kept showing "cannot display" message.

    Appreciate your time & expertise! Lisa
     
  2. lisaa7002

    lisaa7002 Thread Starter

    Joined:
    Jul 14, 2003
    Messages:
    1,258
    After further research I see that the problem is ALL the Antivirus 8. Looking to get rid of it- What removal site can I trust? (Besides you of course) It has really chewed things up. Now have Iplay search, and ALOT, wont let me change home page. Etc.

    Got Avast to load, but I don't think it is running correctly, will update later on that.
     
  3. lisaa7002

    lisaa7002 Thread Starter

    Joined:
    Jul 14, 2003
    Messages:
    1,258
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/977146

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice