System restore software

[bluesstrummer24]

should i reboot before i do the malware scan?

[evilfantasy]

OK waiting on the MBAM scan.

[bluesstrummer24]

malware scan still scaning

[bluesstrummer24]

I'm afraid that whenever i restart. It's not going to restart. Lol

[bluesstrummer24]

Malwarebytes' Anti-Malware 1.36
Database version: 1962
Windows 5.1.2600 Service Pack 3

4/10/2009 1:48:09 PM
mbam-log-2009-04-10 (13-48-09).txt

Scan type: Full Scan (C:\|)
Objects scanned: 148991
Time elapsed: 34 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[evilfantasy]

Download DDS by sUBs and save it to your Desktop. Alternate DDS download link

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or forewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs:

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please include the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

[bluesstrummer24]

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/9/2007 10:20:37 PM
System Uptime: 4/10/2009 8:09:20 AM (5 hours ago)

Motherboard: ASUSTek Computer INC. |  | NODUSM3
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket AM2  | 2204/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 224 GiB total, 206.475 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 0.557 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM (CDFS)
K: is FIXED (FAT32) - 112 GiB total, 111.694 GiB free.
L: is Removable
M: is FIXED (NTFS) - 466 GiB total, 417.383 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Serial
Device ID: ROOT\LEGACY_SERIAL\0000
Manufacturer:
Name: Serial
PNP Device ID: ROOT\LEGACY_SERIAL\0000
Service: Serial

==== System Restore Points ===================

RP18: 4/8/2009 4:30:21 PM - System Checkpoint
RP19: 4/8/2009 4:31:26 PM - fold
RP20: 4/8/2009 4:38:50 PM - Restore Operation
RP21: 4/8/2009 4:44:36 PM - cleanest
RP22: 4/9/2009 5:48:09 PM - AFTER NEW BACKUP PROGRAM
RP23: 4/9/2009 5:57:09 PM - Removed Citrix XenApp Web Plugin
RP24: 4/9/2009 8:17:35 PM - Installed Citrix XenApp Web Plugin

==== Installed Programs ======================

Adaptec UDF Reader
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 10 ActiveX
Adobe Reader 7.1.0
AnswerWorks 4.0 Runtime - English
AT&T Yahoo! Applications
AT&T Yahoo! DSL Activation
AVG 8.5
Browser Mouse
CCleaner (remove only)
CCScore
CDDRV_Installer
Citrix XenApp Web Plugin
Compatibility Pack for the 2007 Office system
Data Fax SoftModem with SmartCP
Destinations
DeviceManagementQFolder
EPSON Printer Software
EPSON Scan
erLT
ERUNT 1.1j
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
fflink
Free Password Manager Plus
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
HP Boot Optimizer
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Photosmart for Media Center PC
HP Product Detection
HP Update
HP Web Helper
HPPhotoSmartExpress
HpSdpAppCoreApp
Idlebackup 1.16
Instant Housecall - Specialist Sign-in
Java(TM) 6 Update 13
kgcbase
kgcmove
kgcvday
KhalInstallWrapper
Kodak EasyShare software
LightScribe  1.4.105.1
LimeWire 4.16.6
Logitech Communications Manager
Logitech Desktop Messenger
Logitech SetPoint
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
muvee autoProducer 5.0
muvee autoProducer unPlugged 2.0
My HP Games
netbrdg
NVIDIA Drivers
OfotoXMI
Paltalk Messenger Interop
PaltalkScene
PC-Doctor 5 for Windows
Picasa 2
QuickBooks Pro 2008
Quicken 2007
Realtek High Definition Audio Driver
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
SFR
SHASTA
skin0001
SKINXSDK
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
staticcr
Super GameHouse Solitaire Vol. 1
SUPERAntiSpyware Free Edition
tooltips
Unload
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Updates from HP (remove only)
VC 9.0 Runtime
Viewpoint Media Player
VPRINTOL
WD Diagnostics
WebFldrs XP
WexTech AnswerWorks
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WIRELESS
ZoneAlarm
ZoneAlarm Spy Blocker Toolbar

==== Event Viewer Messages From Past Week ========

4/5/2009 7:34:04 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  ftsata2 szkg
4/5/2009 7:33:53 AM, error: Service Control Manager [7000]  - The ucyvusjw service failed to start due to the following error:  The system cannot find the file specified.
4/5/2009 7:33:53 AM, error: Service Control Manager [7000]  - The mrtRate service failed to start due to the following error:  The system cannot find the file specified.
4/3/2009 10:32:17 AM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
4/5/2009 4:25:26 PM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC000003A' while processing the file '_filelst.cfg' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume.
4/5/2009 4:31:55 PM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000034' while processing the file '_filelst.cfg' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume.
4/6/2009 6:56:09 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/6/2009 6:56:49 AM, error: Service Control Manager [7001]  - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:  A device attached to the system is not functioning.
4/6/2009 6:56:49 AM, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
4/6/2009 6:56:49 AM, error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.
4/6/2009 6:56:49 AM, error: Service Control Manager [7001]  - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error:  A device attached to the system is not functioning.
4/6/2009 6:56:49 AM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  A device attached to the system is not functioning.
4/6/2009 6:56:49 AM, error: Service Control Manager [7001]  - The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin service which failed to start because of the following error:  The dependency service or group failed to start.
4/6/2009 6:56:49 AM, error: Service Control Manager [7001]  - The World Wide Web Publishing service depends on the IIS Admin service which failed to start because of the following error:  The dependency service or group failed to start.
4/6/2009 6:56:49 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD AmdK8 AvgLdx86 AvgMfx86 AvgTdiX Fips ftsata2 IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL szkg Tcpip vsdatant
4/6/2009 6:57:26 AM, error: DCOM [10005]  - DCOM got error "%1068" attempting to start the service IISADMIN with arguments "" in order to run the server: {A9E69610-B80D-11D0-B9B9-00A0C922E750}
4/7/2009 10:13:50 AM, error: System Error [1003]  - Error code 100000be, parameter1 f39bef08, parameter2 11a81121, parameter3 f2378708, parameter4 0000000b.
4/7/2009 9:17:38 PM, error: Service Control Manager [7034]  - The Media Center Scheduler Service service terminated unexpectedly.  It has done this 1 time(s).
4/7/2009 9:17:39 PM, error: Service Control Manager [7031]  - The COM+ System Application service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
4/7/2009 9:17:39 PM, error: Service Control Manager [7031]  - The Media Center Extender Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
4/7/2009 9:17:42 PM, error: Service Control Manager [7034]  - The AVG8 E-mail Scanner service terminated unexpectedly.  It has done this 1 time(s).
4/7/2009 9:17:42 PM, error: Service Control Manager [7034]  - The QBCFMonitorService service terminated unexpectedly.  It has done this 1 time(s).
4/7/2009 9:17:42 PM, error: Service Control Manager [7034]  - The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).
4/7/2009 9:17:44 PM, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).
4/7/2009 9:17:44 PM, error: Service Control Manager [7031]  - The IIS Admin service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1 milliseconds: Run the configured recovery program.
4/7/2009 9:17:44 PM, error: Service Control Manager [7034]  - The Simple Mail Transfer Protocol (SMTP) service terminated unexpectedly.  It has done this 1 time(s).
4/7/2009 9:17:44 PM, error: Service Control Manager [7034]  - The World Wide Web Publishing service terminated unexpectedly.  It has done this 1 time(s).
4/7/2009 9:17:47 PM, error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/7/2009 9:17:47 PM, error: Service Control Manager [7031]  - The AVG8 WatchDog service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
4/7/2009 9:17:47 PM, error: Service Control Manager [7031]  - The Media Center Receiver Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
4/9/2009 9:00:19 AM, error: Dhcp [1002]  - The IP address lease 192.168.1.4 for the Network Card with network address 0018F394550F has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
4/10/2009 9:17:56 AM, information: Windows File Protection [64016]  - Windows File Protection file scan was started.
4/10/2009 9:20:25 AM, information: Windows File Protection [64021]  - The system file c:\program files\windows media player\mplayer2.exe could not be copied into the DLL cache.  The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
4/10/2009 9:20:26 AM, information: Windows File Protection [64018]  - Windows File Protection file scan was cancelled by user interaction, user name is HP_Administrator.

==== End Of File ===========================

[bluesstrummer24]

DDS (Ver_09-03-16.01) - NTFSx86 
Run by HP_Administrator at 13:58:04.43 on Fri 04/10/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.958.386 [GMT -7:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\magicJack.exe
C:\WINDOWS\system32\rsmsink.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
c:\program files\billeo\billeo.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.pif

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Billeo: {465e08e7-f005-4389-980f-1d8764b3486c} - c:\program files\billeo\billeo.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Billeo: {6adb0f93-1aa5-4bcf-9df4-cea689a3c111} - c:\program files\billeo\billeo.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
EB: Billeo: {6576ebaa-b570-4345-98e4-96153c77cf24} - c:\program files\billeo\billeo.dll
uRun: [EPSON Stylus CX3800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /M "Stylus CX3800" /EF "HKCU"
uRun: [cdloader] "c:\documents and settings\hp_administrator\application data\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\shortc~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\billeo.lnk - c:\program files\billeo\billeo.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: cgini.com\citrix
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-2-26 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-26 325640]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-26 27656]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-26 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-3-30 353672]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-2-26 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-26 298264]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]

=============== Created Last 30 ================

2009-04-10 12:09   <DIR>   --d-h---   c:\program files\WindowsUpdate
2009-04-10 09:18   66,048   ac------   c:\windows\system32\dllcache\OLD26.tmp
2009-04-10 09:18   2,189,184   ac------   c:\windows\system32\dllcache\OLD22.tmp
2009-04-09 20:17   <DIR>   --d-----   c:\program files\Citrix
2009-04-09 17:49   <DIR>   --d-----   c:\docume~1\hp_adm~1\applic~1\Instant Housecall
2009-04-09 14:57   <DIR>   --d-----   c:\program files\Idlebackup
2009-04-08 10:14   104   a-------   c:\windows\Internet Explorer.lnk
2009-04-07 10:03   30,136   a-------   c:\windows\system32\drivers\rspSanity32.sys
2009-04-05 15:56   <DIR>   --d-----   c:\program files\CCleaner
2009-04-03 09:32   <DIR>   --d-----   c:\program files\Belarc
2009-04-02 13:54   <DIR>   --d-----   c:\program files\Trend Micro
2009-04-02 13:06   <DIR>   --d-----   c:\docume~1\hp_adm~1\applic~1\Malwarebytes
2009-04-02 13:06   15,504   a-------   c:\windows\system32\drivers\mbam.sys
2009-04-02 13:06   38,496   a-------   c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-02 13:05   <DIR>   --d-----   c:\program files\Malwarebytes' Anti-Malware
2009-04-02 13:05   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-02 12:01   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-04-02 12:01   <DIR>   --d-----   c:\program files\SUPERAntiSpyware
2009-04-02 12:01   <DIR>   --d-----   c:\docume~1\hp_adm~1\applic~1\SUPERAntiSpyware.com
2009-04-02 11:57   <DIR>   --d-----   c:\program files\common files\Wise Installation Wizard
2009-03-30 18:43   1,221,512   a-------   c:\windows\system32\zpeng25.dll
2009-03-30 18:43   <DIR>   --d-----   c:\windows\system32\ZoneLabs
2009-03-30 18:43   <DIR>   --d-----   c:\program files\Zone Labs
2009-03-30 18:43   350,192   a-------   c:\windows\system32\vsconfig.xml
2009-03-30 10:21   <DIR>   --d-----   c:\program files\AskBarDis
2009-03-17 02:30   <DIR>   --d-----   c:\program files\Jetico
2009-03-15 14:40   <DIR>   --d-----   c:\windows\system32\IOSUBSYS

==================== Find3M  ====================

2009-03-30 18:44   4,212   a---h---   c:\windows\system32\zllictbl.dat
2009-03-24 09:39   108,552   a-------   c:\windows\system32\drivers\avgtdix.sys
2009-03-13 08:05   325,640   a-------   c:\windows\system32\drivers\avgldx86.sys
2009-03-13 08:05   10,520   a-------   c:\windows\system32\avgrsstx.dll
2009-03-09 05:19   410,984   a-------   c:\windows\system32\deploytk.dll
2009-03-03 00:03   208,896   --------   c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
2009-03-03 00:03   45,056   -c------   c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\uninstallui\eHelpSetup.exe
2009-03-03 00:03   341,048   -c------   c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\HPBasicDetection3.dll
2009-03-03 00:03   44,032   -c------   c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\scripts\devcon.exe
2009-03-03 00:03   163,840   --------   c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemcheck.dll
2009-03-03 00:03   61,440   --------   c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemutil.dll
2009-03-03 00:03   40,960   --------   c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\ScDmi.dll
2009-03-03 00:03   32,768   --------   c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\uploadHSC.dll
2009-03-03 00:03   32,768   --------   c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\Scom.dll
2009-02-26 09:16   12,552   --------   c:\windows\system32\drivers\avgrkx86.sys
2009-02-09 04:13   1,846,784   a-------   c:\windows\system32\win32k.sys
2009-02-09 04:13   1,846,784   --------   c:\windows\system32\dllcache\win32k.sys
2009-01-16 22:35   3,594,752   --------   c:\windows\system32\dllcache\mshtml.dll
2007-01-31 21:24   22   -c-sh---   c:\windows\sminst\HPCD.sys

============= FINISH: 13:58:24.49 ===============

[evilfantasy]

Can you get to Windows Updates run them? www.windowsupdate.microsoft.com.com (you need to use IE)

[bluesstrummer24]

install any windows updates?

[bluesstrummer24]

no critical updates.  just some software & hardware updates.  Should i install these?

[evilfantasy]

Yes and then try to set a restore point to see if it is working now.

[bluesstrummer24]

updates done. asking me to reboot.  should i?

[bluesstrummer24]

ok, i updated and rebooted and my screen is really messed up. i think one of the updates was a video driver update ndiv? grr

[evilfantasy]

Can you do a system restore?