Active Something is shutting down my services..

[Active] Something is shutting down my services..

These are the logs you required from me regarding this problem:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/17/2009 6:07:45 PM
System Uptime: 7/6/2009 12:00:07 AM (14 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5K
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | LGA775 | 2405/266mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 256.555 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 233 GiB total, 212.853 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP61: 4/7/2009 4:10:22 PM - Spyware Doctor: Cleaning Threats
RP62: 4/7/2009 4:29:17 PM - Restore Operation
RP63: 4/8/2009 1:40:09 AM - Made by Registry Mechanic O
RP64: 4/9/2009 1:02:08 AM - Spyware Doctor: Cleaning Threats
RP65: 4/9/2009 11:26:02 AM - Installed NHL® 08
RP66: 4/10/2009 1:15:08 PM - System Checkpoint
RP67: 4/11/2009 1:33:52 PM - System Checkpoint
RP68: 4/12/2009 3:42:48 AM - Spyware Doctor: Cleaning Threats
RP69: 4/13/2009 3:54:33 AM - System Checkpoint
RP70: 4/14/2009 1:48:16 AM - Spyware Doctor: Cleaning Threats
RP71: 4/14/2009 12:43:35 PM - Made by Registry Mechanic O
RP72: 4/15/2009 3:38:33 AM - Spyware Doctor: Cleaning Threats
RP73: 4/16/2009 3:00:14 AM - Software Distribution Service 3.0
RP74: 4/17/2009 3:43:31 AM - System Checkpoint
RP75: 4/17/2009 12:57:40 PM - Software Distribution Service 3.0
RP76: 4/17/2009 4:26:32 PM - Spyware Doctor: Cleaning Threats
RP77: 4/18/2009 6:28:15 PM - System Checkpoint
RP78: 4/19/2009 8:06:49 PM - System Checkpoint
RP79: 4/20/2009 1:19:25 AM - Spyware Doctor: Cleaning Threats
RP80: 4/21/2009 1:05:39 AM - Spyware Doctor: Cleaning Threats
RP81: 4/22/2009 3:12:25 AM - Restore Operation
RP82: 4/22/2009 3:18:06 AM - Tues. April 21, 2009 11:30 p.m.
RP83: 4/22/2009 3:18:36 AM - Restore Operation
RP84: 4/22/2009 3:29:59 AM - Spyware Doctor: Cleaning Threats
RP85: 4/22/2009 12:41:08 PM - Restore Operation
RP86: 4/22/2009 12:43:16 PM - 9;00 P.M. Tuesday, April 21, 2009
RP87: 4/22/2009 12:44:38 PM - Restore Operation
RP88: 4/22/2009 8:50:01 PM - Spyware Doctor: Cleaning Threats
RP89: 4/22/2009 9:43:52 PM - Made by Registry Mechanic O
RP90: 4/23/2009 11:09:15 PM - System Checkpoint
RP91: 4/24/2009 1:56:26 AM - Spyware Doctor: Cleaning Threats
RP92: 4/25/2009 2:01:37 AM - Spyware Doctor: Cleaning Threats
RP93: 4/26/2009 11:25:48 AM - System Checkpoint
RP94: 4/26/2009 3:00:24 PM - Spyware Doctor: Cleaning Threats
RP95: 4/27/2009 1:17:36 AM - Spyware Doctor: Cleaning Threats
RP96: 4/27/2009 2:53:11 PM - Spyware Doctor: Cleaning Threats
RP97: 4/28/2009 1:49:08 AM - Spyware Doctor: Cleaning Threats
RP98: 4/29/2009 3:17:43 AM - Spyware Doctor: Cleaning Threats
RP99: 4/29/2009 12:25:54 PM - Made by Registry Mechanic O
RP100: 4/29/2009 11:37:58 PM - Spyware Doctor: Cleaning Threats
RP101: 5/1/2009 9:32:41 AM - System Checkpoint
RP102: 5/1/2009 6:20:21 PM - Spyware Doctor: Cleaning Threats
RP103: 5/2/2009 11:37:28 AM - Made by Registry Mechanic O
RP104: 5/3/2009 12:26:56 AM - Spyware Doctor: Cleaning Threats
RP105: 5/4/2009 3:45:38 AM - System Checkpoint
RP106: 5/5/2009 1:34:52 AM - Spyware Doctor: Cleaning Threats
RP107: 5/5/2009 4:23:02 PM - Tues. May 5, 2009 3:00 a.m.
RP108: 5/5/2009 4:23:50 PM - Restore Operation
RP109: 5/5/2009 4:32:43 PM - Restore Operation
RP110: 5/5/2009 4:42:03 PM - Restore Operation
RP111: 5/5/2009 11:36:05 PM - Spyware Doctor: Cleaning Threats
RP112: 5/6/2009 3:00:14 AM - Software Distribution Service 3.0
RP113: 5/6/2009 4:00:07 PM - Restore Operation
RP114: 5/6/2009 4:01:27 PM - Installed Windows XP WgaNotify.
RP115: 5/7/2009 2:09:06 AM - Spyware Doctor: Cleaning Threats
RP116: 5/8/2009 2:19:34 AM - Spyware Doctor: Cleaning Threats
RP117: 5/9/2009 1:52:08 AM - Spyware Doctor: Cleaning Threats
RP118: 5/10/2009 2:56:20 AM - System Checkpoint
RP119: 5/10/2009 12:31:06 PM - Restore Operation
RP120: 5/10/2009 12:32:55 PM - 9 a.m. May 10, 2009
RP121: 5/10/2009 12:36:56 PM - Restore Operation
RP122: 5/10/2009 1:53:24 PM - Restore Operation
RP123: 5/10/2009 4:57:26 PM - Made by Registry Mechanic O
RP124: 5/11/2009 6:31:46 PM - System Checkpoint
RP125: 5/12/2009 12:31:14 AM - Spyware Doctor: Cleaning Threats
RP126: 5/12/2009 3:00:17 AM - Software Distribution Service 3.0
RP127: 5/12/2009 11:59:22 PM - Spyware Doctor: Cleaning Threats
RP128: 5/13/2009 3:00:15 AM - Software Distribution Service 3.0
RP129: 5/13/2009 2:30:08 PM - Removed SPAMfighter.
RP130: 5/13/2009 2:30:33 PM - Installed SPAMfighter.
RP131: 5/13/2009 5:40:18 PM - 3:30 p.m. Wednesday, May 13, 2009
RP132: 5/13/2009 5:40:46 PM - Restore Operation
RP133: 5/14/2009 1:40:30 AM - Spyware Doctor: Cleaning Threats
RP134: 5/15/2009 1:32:58 AM - Spyware Doctor: Cleaning Threats
RP135: 5/16/2009 3:31:18 AM - System Checkpoint
RP136: 5/16/2009 6:48:09 PM - Spyware Doctor: Cleaning Threats
RP137: 5/17/2009 1:25:30 PM - Restore Operation
RP138: 5/17/2009 1:28:06 PM - Sunday, May 17, 2009 10:30 A.M.
RP139: 5/17/2009 1:28:49 PM - Restore Operation
RP140: 5/17/2009 6:02:44 PM - Spyware Doctor: Cleaning Threats
RP141: 5/18/2009 6:28:46 PM - Spyware Doctor: Cleaning Threats
RP142: 5/19/2009 6:39:15 PM - System Checkpoint
RP143: 5/21/2009 2:15:13 AM - System Checkpoint
RP144: 5/21/2009 9:51:25 AM - Restore Operation
RP145: 5/21/2009 9:53:32 AM - Thurs. May 21, 2009 9 A.M.
RP146: 5/21/2009 9:54:03 AM - Restore Operation
RP147: 5/21/2009 10:15:34 AM - Made by Registry Mechanic O
RP148: 5/22/2009 1:47:47 AM - Spyware Doctor: Cleaning Threats
RP149: 5/22/2009 6:17:08 PM - Spyware Doctor: Cleaning Threats
RP150: 5/23/2009 7:48:02 PM - System Checkpoint
RP151: 5/24/2009 2:11:52 AM - Spyware Doctor: Cleaning Threats
RP152: 5/25/2009 1:26:46 AM - Spyware Doctor: Cleaning Threats
RP153: 5/26/2009 1:33:18 AM - System Checkpoint
RP154: 5/26/2009 2:58:08 AM - Spyware Doctor: Cleaning Threats
RP155: 5/27/2009 3:15:45 AM - System Checkpoint
RP156: 5/28/2009 4:04:55 AM - System Checkpoint
RP157: 5/29/2009 1:17:04 AM - Spyware Doctor: Cleaning Threats
RP158: 5/29/2009 6:27:02 PM - Spyware Doctor: Cleaning Threats
RP159: 5/30/2009 2:13:36 PM - Saturday, May 20, 2009 4 A.M.
RP160: 5/30/2009 2:14:51 PM - Saturday May 30, 2009 4 A.M.
RP161: 5/30/2009 2:15:17 PM - Restore Operation
RP162: 5/31/2009 2:41:57 PM - System Checkpoint
RP163: 6/1/2009 3:10:36 AM - Spyware Doctor: Cleaning Threats
RP164: 6/2/2009 2:00:57 AM - Spyware Doctor: Cleaning Threats
RP165: 6/3/2009 2:33:26 AM - Spyware Doctor: Cleaning Threats
RP166: 6/3/2009 11:18:24 AM - Restore Operation
RP167: 6/4/2009 11:48:11 AM - System Checkpoint
RP168: 6/4/2009 12:22:58 PM - Spyware Doctor: Cleaning Threats
RP169: 6/5/2009 1:08:01 AM - Spyware Doctor: Cleaning Threats
RP170: 6/5/2009 11:18:13 AM - Made by Registry Mechanic O
RP171: 6/6/2009 11:38:38 AM - System Checkpoint
RP172: 6/7/2009 11:57:50 AM - System Checkpoint
RP173: 6/8/2009 1:02:48 PM - System Checkpoint
RP174: 6/8/2009 10:39:49 PM - Spyware Doctor: Cleaning Threats
RP175: 6/9/2009 11:11:05 PM - System Checkpoint
RP176: 6/10/2009 11:45:15 PM - System Checkpoint
RP177: 6/11/2009 12:53:25 AM - Spyware Doctor: Cleaning Threats
RP178: 6/11/2009 3:00:15 AM - Software Distribution Service 3.0
RP179: 6/12/2009 3:48:53 AM - System Checkpoint
RP180: 6/12/2009 1:42:56 PM - Made by Registry Mechanic O
RP181: 6/12/2009 5:25:21 PM - Spyware Doctor: Cleaning Threats
RP182: 6/13/2009 5:39:19 PM - System Checkpoint
RP183: 6/14/2009 2:15:39 AM - Spyware Doctor: Cleaning Threats
RP184: 6/14/2009 10:56:30 AM - Sunday, June 14, 2009 2:30 a.m.
RP185: 6/14/2009 10:57:01 AM - Restore Operation
RP186: 6/15/2009 12:10:57 PM - System Checkpoint
RP187: 6/16/2009 1:23:48 AM - Spyware Doctor: Cleaning Threats
RP188: 6/16/2009 1:33:16 AM - Spyware Doctor: Cleaning Threats
RP189: 6/16/2009 1:34:49 AM - Made by Registry Mechanic O
RP190: 6/17/2009 12:17:39 AM - Spyware Doctor: Cleaning Threats
RP191: 6/18/2009 1:40:58 AM - Spyware Doctor: Cleaning Threats
RP192: 6/18/2009 6:08:41 PM - Spyware Doctor: Cleaning Threats
RP193: 6/19/2009 6:14:32 PM - System Checkpoint
RP194: 6/20/2009 7:04:52 PM - System Checkpoint
RP195: 6/21/2009 12:22:56 AM - Spyware Doctor: Cleaning Threats
RP196: 6/21/2009 6:05:02 PM - Spyware Doctor: Cleaning Threats
RP197: 6/22/2009 6:22:13 PM - System Checkpoint
RP198: 6/23/2009 12:06:54 AM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP199: 6/23/2009 2:15:44 AM - Spyware Doctor: Cleaning Threats
RP200: 6/24/2009 2:12:48 AM - Spyware Doctor: Cleaning Threats
RP201: 6/25/2009 2:04:30 AM - Spyware Doctor: Cleaning Threats
RP202: 6/26/2009 1:38:04 AM - Spyware Doctor: Cleaning Threats
RP203: 6/26/2009 12:46:29 PM - Spyware Doctor: Cleaning Threats
RP204: 6/27/2009 2:04:49 AM - Spyware Doctor: Cleaning Threats
RP205: 6/28/2009 12:32:21 AM - Made by Registry Mechanic O
RP206: 6/28/2009 1:58:15 AM - Spyware Doctor: Cleaning Threats
RP207: 6/28/2009 3:07:39 PM - 3 p.m. Sunday, June 28, 2009
RP208: 6/28/2009 3:08:33 PM - Restore Operation
RP209: 6/29/2009 1:17:53 AM - Spyware Doctor: Cleaning Threats
RP210: 6/30/2009 2:22:19 AM - Spyware Doctor: Cleaning Threats
RP211: 7/1/2009 2:36:04 AM - Spyware Doctor: Cleaning Threats
RP212: 7/2/2009 1:08:19 AM - Software Distribution Service 3.0
RP213: 7/2/2009 3:21:14 AM - Spyware Doctor: Cleaning Threats
RP214: 7/2/2009 3:42:49 AM - Spyware Doctor: Cleaning Threats
RP215: 7/3/2009 4:15:04 AM - System Checkpoint
RP216: 7/3/2009 1:25:33 PM - Spyware Doctor: Cleaning Threats
RP217: 7/4/2009 12:21:58 AM - Made by Registry Mechanic O
RP218: 7/4/2009 6:04:48 PM - Spyware Doctor: Cleaning Threats
RP219: 7/5/2009 12:40:03 AM - Spyware Doctor: Cleaning Threats
RP220: 7/5/2009 10:55:15 PM - Installed Adobe Reader 9.1.
RP221: 7/6/2009 12:07:16 AM - Spyware Doctor: Cleaning Threats

==== Installed Programs ======================

3D Live Snooker
Acrobat.com
Adobe Acrobat 8 Professional - English, Français, Deutsch
Adobe Acrobat 8.1.6 - CPSID_49167
Adobe Acrobat 8.1.6 Professional
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 9.1
Adobe Shockwave Player 11
Adobe Stock Photos 1.0
AnyDVD
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
ATI Parental Control & Encoder
ATI Problem Report Wizard
Attansic Ethernet Utility
AVIVO
Bonjour
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
CyberLink InstantBurn
dBpowerAMP Music Converter
Diskeeper Professional Edition
Driver Updater Pro
DVD Suite
EA SPORTS online 2008
EPSON Printer Software
Express Burn
Google Earth
Google Updater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
iTunes
Java(TM) 6 Update 12
Java(TM) 6 Update 5
JMB36X Raid Configurer
LabelPrint 2.0
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes' Anti-Malware
MediaShow 3.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Mozilla Firefox (3.0.11)
Mozilla Thunderbird (2.0.0.14)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
NHL® 08
Perfect Uninstaller v4.2
PhotoNow! 1.0
Pop-Up Stopper Free Edition
Power2Go 5.0
PowerBackup 2.5
PowerDirector Express
PowerDVD
PowerDVD Copy 1.0
PowerProducer
QuickTime
QuickTime Alternative 2.5.1
RealPlayer
Realtek High Definition Audio Driver
Recover Files 2.0
Recuva (remove only)
Registry Mechanic 8.0
Revo Uninstaller 1.75
Safari
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Skins
Sony Sound Forge 8.0d
SPAMfighter
Spybot - Search & Destroy
Spyware Doctor 6.0
SPYWAREfighter
STOPzilla
StumbleUpon IE Toolbar
SUPERAntiSpyware Free Edition
Symantec Endpoint Protection
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
USB File Transfer 1.11A
VC 9.0 Runtime
WavePad Uninstall
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Installer Clean Up
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
ZoneAlarm
ZoneAlarm Spy Blocker

==== Event Viewer Messages From Past Week ========

7/4/2009 10:59:52 AM, error: RemoteAccess [20106] - Unable to add the interface {C5CD7335-53F4-419D-A748-57A75A29DB1F} with the Router Manager for the IP protocol. The following error occurred: Cannot complete this function.
7/4/2009 10:59:19 AM, error: Service Control Manager [7000] - The GeneLink File Transfer Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/4/2009 10:58:22 AM, error: Dhcp [1002] - The IP address lease 192.168.2.10 for the Network Card with network address 001D60EA7AC1 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
7/3/2009 6:16:09 PM, error: NetDDE [206] - Listen failed: 15:
7/3/2009 6:15:25 PM, error: NetDDE [206] - Listen failed: 23: The ncb_lana_num member did not specify a valid network number.

==== End Of File ===========================


DDS (Ver_09-06-26.01) - NTFSx86
Run by Bert Bell at 14:07:40.06 on Mon 07/06/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2238 [GMT -4:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bert Bell\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: StumbleUpon Launcher: {145b29f4-a56b-4b90-bbac-45784ebebbb7} - c:\program files\stumbleupon\StumbleUponIEBar.dll
BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program files\stopzilla!\SZSG.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - c:\program files\stumbleupon\StumbleUponIEBar.dll
TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files\stopzilla!\SZSG.dll
TB: {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe "
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
mRun: [<NO NAME>]
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe "
mRun: [SPAMfighter Agent] "c:\program files\spamfighter\SFAgent.exe" update delay 60
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {75C9223A-409A-4795-A3CA-08DE6B075B4B} - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - c:\program files\stumbleupon\StumbleUponIEBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\common files\is3\anti-spyware\iS3lsp.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9}
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://go.microsoft.com/fwlink/?LinkId=82580
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} - hxxps://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208827930718
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211716978937
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://www.wasillachamber.org/webcams/cgi-bin/AxisCamControl.ocx
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - Eudora's Shell Extension
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
LSA: Notification Packages = :\windows\system32\srrstr.dll cecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bertbe~1\applic~1\mozilla\firefox\profiles\arsjh0a8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-cclean&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-cclean&p=
FF - plugin: c:\documents and settings\bert bell\application data\mozilla\firefox\profiles\arsjh0a8.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin2.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin3.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin4.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin5.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin6.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin7.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [2008-5-11 10368]
R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-3-30 40840]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-5-26 130936]
R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [2009-5-12 61328]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-3-30 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-3-30 81288]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-2-29 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-29 55024]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-4-22 353672]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-8-6 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-8-6 108392]
R2 CLBUDF;CyberLink UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [2008-5-24 182272]
R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\system32\drivers\nxsIO32.sys [2008-6-29 2208]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-3-30 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-3-30 1095560]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\spamfighter\sfus.exe [2009-3-12 184968]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2007-9-6 2177464]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2008-4-21 38656]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-7-3 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090705.003\NAVENG.SYS [2009-7-5 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090705.003\NAVEX15.SYS [2009-7-5 876144]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S2 USBHSB;GeneLink File Transfer Driver;c:\windows\system32\drivers\usbhsb.sys [2008-5-26 18690]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-7-5 66048]

============== File Associations ===============

regfile=regedit.exe "%1" %*

=============== Created Last 30 ================

2009-07-05 23:26 <DIR> --d----- c:\docume~1\bertbe~1\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-06-28 15:09 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-06-27 18:33 <DIR> --d----- c:\program files\common files\xing shared
2009-06-24 21:04 53 a------- c:\windows\mvPCinfo.ini
2009-06-23 00:07 <DIR> --d----- c:\program files\STOPzilla!

==================== Find3M ====================

2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-28 14:16 17,408 a----r-- c:\windows\system32\SZIO5.dll
2009-05-28 14:15 294,912 a----r-- c:\windows\system32\SZBase5.dll
2009-05-28 14:14 540,672 a----r-- c:\windows\system32\SZComp5.dll
2009-05-12 14:13 61,328 a----r-- c:\windows\system32\drivers\SZKG.sys
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-29 00:46 666,624 a------- c:\windows\system32\wininet.dll
2009-04-29 00:46 81,920 a------- c:\windows\system32\ieencode.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-09 11:39 107,888 a------- c:\windows\system32\CmdLineExt.dll
2006-06-23 18:48 32,768 a----r-- c:\windows\inf\UpdateUSB.exe

============= FINISH: 14:08:30.78 ===============

 

Hi
Could you give some more information.

What services are you speaking of?

Thanks
Geri

 

Hi Geri,
Yes, as I posted earlier, the services that something is shutting down every so often are mainly SpywareDoctor and all it's components, Symantec Endpoint Protection and all it's components, Defragmenter, Windows Media Player, Zone Alarm, Cyberlink, and some others. I always first notice it when my Symantec icon is missing from the systray or when I am unable to get updates for SpywareDoctor. My worry is that if I were not to notice it I could be unprotected for some time.

These are the logs I posted also:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/17/2009 6:07:45 PM
System Uptime: 7/6/2009 12:00:07 AM (14 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5K
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | LGA775 | 2405/266mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 256.555 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 233 GiB total, 212.853 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP61: 4/7/2009 4:10:22 PM - Spyware Doctor: Cleaning Threats
RP62: 4/7/2009 4:29:17 PM - Restore Operation
RP63: 4/8/2009 1:40:09 AM - Made by Registry Mechanic O
RP64: 4/9/2009 1:02:08 AM - Spyware Doctor: Cleaning Threats
RP65: 4/9/2009 11:26:02 AM - Installed NHL® 08
RP66: 4/10/2009 1:15:08 PM - System Checkpoint
RP67: 4/11/2009 1:33:52 PM - System Checkpoint
RP68: 4/12/2009 3:42:48 AM - Spyware Doctor: Cleaning Threats
RP69: 4/13/2009 3:54:33 AM - System Checkpoint
RP70: 4/14/2009 1:48:16 AM - Spyware Doctor: Cleaning Threats
RP71: 4/14/2009 12:43:35 PM - Made by Registry Mechanic O
RP72: 4/15/2009 3:38:33 AM - Spyware Doctor: Cleaning Threats
RP73: 4/16/2009 3:00:14 AM - Software Distribution Service 3.0
RP74: 4/17/2009 3:43:31 AM - System Checkpoint
RP75: 4/17/2009 12:57:40 PM - Software Distribution Service 3.0
RP76: 4/17/2009 4:26:32 PM - Spyware Doctor: Cleaning Threats
RP77: 4/18/2009 6:28:15 PM - System Checkpoint
RP78: 4/19/2009 8:06:49 PM - System Checkpoint
RP79: 4/20/2009 1:19:25 AM - Spyware Doctor: Cleaning Threats
RP80: 4/21/2009 1:05:39 AM - Spyware Doctor: Cleaning Threats
RP81: 4/22/2009 3:12:25 AM - Restore Operation
RP82: 4/22/2009 3:18:06 AM - Tues. April 21, 2009 11:30 p.m.
RP83: 4/22/2009 3:18:36 AM - Restore Operation
RP84: 4/22/2009 3:29:59 AM - Spyware Doctor: Cleaning Threats
RP85: 4/22/2009 12:41:08 PM - Restore Operation
RP86: 4/22/2009 12:43:16 PM - 9;00 P.M. Tuesday, April 21, 2009
RP87: 4/22/2009 12:44:38 PM - Restore Operation
RP88: 4/22/2009 8:50:01 PM - Spyware Doctor: Cleaning Threats
RP89: 4/22/2009 9:43:52 PM - Made by Registry Mechanic O
RP90: 4/23/2009 11:09:15 PM - System Checkpoint
RP91: 4/24/2009 1:56:26 AM - Spyware Doctor: Cleaning Threats
RP92: 4/25/2009 2:01:37 AM - Spyware Doctor: Cleaning Threats
RP93: 4/26/2009 11:25:48 AM - System Checkpoint
RP94: 4/26/2009 3:00:24 PM - Spyware Doctor: Cleaning Threats
RP95: 4/27/2009 1:17:36 AM - Spyware Doctor: Cleaning Threats
RP96: 4/27/2009 2:53:11 PM - Spyware Doctor: Cleaning Threats
RP97: 4/28/2009 1:49:08 AM - Spyware Doctor: Cleaning Threats
RP98: 4/29/2009 3:17:43 AM - Spyware Doctor: Cleaning Threats
RP99: 4/29/2009 12:25:54 PM - Made by Registry Mechanic O
RP100: 4/29/2009 11:37:58 PM - Spyware Doctor: Cleaning Threats
RP101: 5/1/2009 9:32:41 AM - System Checkpoint
RP102: 5/1/2009 6:20:21 PM - Spyware Doctor: Cleaning Threats
RP103: 5/2/2009 11:37:28 AM - Made by Registry Mechanic O
RP104: 5/3/2009 12:26:56 AM - Spyware Doctor: Cleaning Threats
RP105: 5/4/2009 3:45:38 AM - System Checkpoint
RP106: 5/5/2009 1:34:52 AM - Spyware Doctor: Cleaning Threats
RP107: 5/5/2009 4:23:02 PM - Tues. May 5, 2009 3:00 a.m.
RP108: 5/5/2009 4:23:50 PM - Restore Operation
RP109: 5/5/2009 4:32:43 PM - Restore Operation
RP110: 5/5/2009 4:42:03 PM - Restore Operation
RP111: 5/5/2009 11:36:05 PM - Spyware Doctor: Cleaning Threats
RP112: 5/6/2009 3:00:14 AM - Software Distribution Service 3.0
RP113: 5/6/2009 4:00:07 PM - Restore Operation
RP114: 5/6/2009 4:01:27 PM - Installed Windows XP WgaNotify.
RP115: 5/7/2009 2:09:06 AM - Spyware Doctor: Cleaning Threats
RP116: 5/8/2009 2:19:34 AM - Spyware Doctor: Cleaning Threats
RP117: 5/9/2009 1:52:08 AM - Spyware Doctor: Cleaning Threats
RP118: 5/10/2009 2:56:20 AM - System Checkpoint
RP119: 5/10/2009 12:31:06 PM - Restore Operation
RP120: 5/10/2009 12:32:55 PM - 9 a.m. May 10, 2009
RP121: 5/10/2009 12:36:56 PM - Restore Operation
RP122: 5/10/2009 1:53:24 PM - Restore Operation
RP123: 5/10/2009 4:57:26 PM - Made by Registry Mechanic O
RP124: 5/11/2009 6:31:46 PM - System Checkpoint
RP125: 5/12/2009 12:31:14 AM - Spyware Doctor: Cleaning Threats
RP126: 5/12/2009 3:00:17 AM - Software Distribution Service 3.0
RP127: 5/12/2009 11:59:22 PM - Spyware Doctor: Cleaning Threats
RP128: 5/13/2009 3:00:15 AM - Software Distribution Service 3.0
RP129: 5/13/2009 2:30:08 PM - Removed SPAMfighter.
RP130: 5/13/2009 2:30:33 PM - Installed SPAMfighter.
RP131: 5/13/2009 5:40:18 PM - 3:30 p.m. Wednesday, May 13, 2009
RP132: 5/13/2009 5:40:46 PM - Restore Operation
RP133: 5/14/2009 1:40:30 AM - Spyware Doctor: Cleaning Threats
RP134: 5/15/2009 1:32:58 AM - Spyware Doctor: Cleaning Threats
RP135: 5/16/2009 3:31:18 AM - System Checkpoint
RP136: 5/16/2009 6:48:09 PM - Spyware Doctor: Cleaning Threats
RP137: 5/17/2009 1:25:30 PM - Restore Operation
RP138: 5/17/2009 1:28:06 PM - Sunday, May 17, 2009 10:30 A.M.
RP139: 5/17/2009 1:28:49 PM - Restore Operation
RP140: 5/17/2009 6:02:44 PM - Spyware Doctor: Cleaning Threats
RP141: 5/18/2009 6:28:46 PM - Spyware Doctor: Cleaning Threats
RP142: 5/19/2009 6:39:15 PM - System Checkpoint
RP143: 5/21/2009 2:15:13 AM - System Checkpoint
RP144: 5/21/2009 9:51:25 AM - Restore Operation
RP145: 5/21/2009 9:53:32 AM - Thurs. May 21, 2009 9 A.M.
RP146: 5/21/2009 9:54:03 AM - Restore Operation
RP147: 5/21/2009 10:15:34 AM - Made by Registry Mechanic O
RP148: 5/22/2009 1:47:47 AM - Spyware Doctor: Cleaning Threats
RP149: 5/22/2009 6:17:08 PM - Spyware Doctor: Cleaning Threats
RP150: 5/23/2009 7:48:02 PM - System Checkpoint
RP151: 5/24/2009 2:11:52 AM - Spyware Doctor: Cleaning Threats
RP152: 5/25/2009 1:26:46 AM - Spyware Doctor: Cleaning Threats
RP153: 5/26/2009 1:33:18 AM - System Checkpoint
RP154: 5/26/2009 2:58:08 AM - Spyware Doctor: Cleaning Threats
RP155: 5/27/2009 3:15:45 AM - System Checkpoint
RP156: 5/28/2009 4:04:55 AM - System Checkpoint
RP157: 5/29/2009 1:17:04 AM - Spyware Doctor: Cleaning Threats
RP158: 5/29/2009 6:27:02 PM - Spyware Doctor: Cleaning Threats
RP159: 5/30/2009 2:13:36 PM - Saturday, May 20, 2009 4 A.M.
RP160: 5/30/2009 2:14:51 PM - Saturday May 30, 2009 4 A.M.
RP161: 5/30/2009 2:15:17 PM - Restore Operation
RP162: 5/31/2009 2:41:57 PM - System Checkpoint
RP163: 6/1/2009 3:10:36 AM - Spyware Doctor: Cleaning Threats
RP164: 6/2/2009 2:00:57 AM - Spyware Doctor: Cleaning Threats
RP165: 6/3/2009 2:33:26 AM - Spyware Doctor: Cleaning Threats
RP166: 6/3/2009 11:18:24 AM - Restore Operation
RP167: 6/4/2009 11:48:11 AM - System Checkpoint
RP168: 6/4/2009 12:22:58 PM - Spyware Doctor: Cleaning Threats
RP169: 6/5/2009 1:08:01 AM - Spyware Doctor: Cleaning Threats
RP170: 6/5/2009 11:18:13 AM - Made by Registry Mechanic O
RP171: 6/6/2009 11:38:38 AM - System Checkpoint
RP172: 6/7/2009 11:57:50 AM - System Checkpoint
RP173: 6/8/2009 1:02:48 PM - System Checkpoint
RP174: 6/8/2009 10:39:49 PM - Spyware Doctor: Cleaning Threats
RP175: 6/9/2009 11:11:05 PM - System Checkpoint
RP176: 6/10/2009 11:45:15 PM - System Checkpoint
RP177: 6/11/2009 12:53:25 AM - Spyware Doctor: Cleaning Threats
RP178: 6/11/2009 3:00:15 AM - Software Distribution Service 3.0
RP179: 6/12/2009 3:48:53 AM - System Checkpoint
RP180: 6/12/2009 1:42:56 PM - Made by Registry Mechanic O
RP181: 6/12/2009 5:25:21 PM - Spyware Doctor: Cleaning Threats
RP182: 6/13/2009 5:39:19 PM - System Checkpoint
RP183: 6/14/2009 2:15:39 AM - Spyware Doctor: Cleaning Threats
RP184: 6/14/2009 10:56:30 AM - Sunday, June 14, 2009 2:30 a.m.
RP185: 6/14/2009 10:57:01 AM - Restore Operation
RP186: 6/15/2009 12:10:57 PM - System Checkpoint
RP187: 6/16/2009 1:23:48 AM - Spyware Doctor: Cleaning Threats
RP188: 6/16/2009 1:33:16 AM - Spyware Doctor: Cleaning Threats
RP189: 6/16/2009 1:34:49 AM - Made by Registry Mechanic O
RP190: 6/17/2009 12:17:39 AM - Spyware Doctor: Cleaning Threats
RP191: 6/18/2009 1:40:58 AM - Spyware Doctor: Cleaning Threats
RP192: 6/18/2009 6:08:41 PM - Spyware Doctor: Cleaning Threats
RP193: 6/19/2009 6:14:32 PM - System Checkpoint
RP194: 6/20/2009 7:04:52 PM - System Checkpoint
RP195: 6/21/2009 12:22:56 AM - Spyware Doctor: Cleaning Threats
RP196: 6/21/2009 6:05:02 PM - Spyware Doctor: Cleaning Threats
RP197: 6/22/2009 6:22:13 PM - System Checkpoint
RP198: 6/23/2009 12:06:54 AM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP199: 6/23/2009 2:15:44 AM - Spyware Doctor: Cleaning Threats
RP200: 6/24/2009 2:12:48 AM - Spyware Doctor: Cleaning Threats
RP201: 6/25/2009 2:04:30 AM - Spyware Doctor: Cleaning Threats
RP202: 6/26/2009 1:38:04 AM - Spyware Doctor: Cleaning Threats
RP203: 6/26/2009 12:46:29 PM - Spyware Doctor: Cleaning Threats
RP204: 6/27/2009 2:04:49 AM - Spyware Doctor: Cleaning Threats
RP205: 6/28/2009 12:32:21 AM - Made by Registry Mechanic O
RP206: 6/28/2009 1:58:15 AM - Spyware Doctor: Cleaning Threats
RP207: 6/28/2009 3:07:39 PM - 3 p.m. Sunday, June 28, 2009
RP208: 6/28/2009 3:08:33 PM - Restore Operation
RP209: 6/29/2009 1:17:53 AM - Spyware Doctor: Cleaning Threats
RP210: 6/30/2009 2:22:19 AM - Spyware Doctor: Cleaning Threats
RP211: 7/1/2009 2:36:04 AM - Spyware Doctor: Cleaning Threats
RP212: 7/2/2009 1:08:19 AM - Software Distribution Service 3.0
RP213: 7/2/2009 3:21:14 AM - Spyware Doctor: Cleaning Threats
RP214: 7/2/2009 3:42:49 AM - Spyware Doctor: Cleaning Threats
RP215: 7/3/2009 4:15:04 AM - System Checkpoint
RP216: 7/3/2009 1:25:33 PM - Spyware Doctor: Cleaning Threats
RP217: 7/4/2009 12:21:58 AM - Made by Registry Mechanic O
RP218: 7/4/2009 6:04:48 PM - Spyware Doctor: Cleaning Threats
RP219: 7/5/2009 12:40:03 AM - Spyware Doctor: Cleaning Threats
RP220: 7/5/2009 10:55:15 PM - Installed Adobe Reader 9.1.
RP221: 7/6/2009 12:07:16 AM - Spyware Doctor: Cleaning Threats

==== Installed Programs ======================

3D Live Snooker
Acrobat.com
Adobe Acrobat 8 Professional - English, Français, Deutsch
Adobe Acrobat 8.1.6 - CPSID_49167
Adobe Acrobat 8.1.6 Professional
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 9.1
Adobe Shockwave Player 11
Adobe Stock Photos 1.0
AnyDVD
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
ATI Parental Control & Encoder
ATI Problem Report Wizard
Attansic Ethernet Utility
AVIVO
Bonjour
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
CyberLink InstantBurn
dBpowerAMP Music Converter
Diskeeper Professional Edition
Driver Updater Pro
DVD Suite
EA SPORTS online 2008
EPSON Printer Software
Express Burn
Google Earth
Google Updater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
iTunes
Java(TM) 6 Update 12
Java(TM) 6 Update 5
JMB36X Raid Configurer
LabelPrint 2.0
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes' Anti-Malware
MediaShow 3.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Mozilla Firefox (3.0.11)
Mozilla Thunderbird (2.0.0.14)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
NHL® 08
Perfect Uninstaller v4.2
PhotoNow! 1.0
Pop-Up Stopper Free Edition
Power2Go 5.0
PowerBackup 2.5
PowerDirector Express
PowerDVD
PowerDVD Copy 1.0
PowerProducer
QuickTime
QuickTime Alternative 2.5.1
RealPlayer
Realtek High Definition Audio Driver
Recover Files 2.0
Recuva (remove only)
Registry Mechanic 8.0
Revo Uninstaller 1.75
Safari
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Skins
Sony Sound Forge 8.0d
SPAMfighter
Spybot - Search & Destroy
Spyware Doctor 6.0
SPYWAREfighter
STOPzilla
StumbleUpon IE Toolbar
SUPERAntiSpyware Free Edition
Symantec Endpoint Protection
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
USB File Transfer 1.11A
VC 9.0 Runtime
WavePad Uninstall
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Installer Clean Up
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
ZoneAlarm
ZoneAlarm Spy Blocker

==== Event Viewer Messages From Past Week ========

7/4/2009 10:59:52 AM, error: RemoteAccess [20106] - Unable to add the interface {C5CD7335-53F4-419D-A748-57A75A29DB1F} with the Router Manager for the IP protocol. The following error occurred: Cannot complete this function.
7/4/2009 10:59:19 AM, error: Service Control Manager [7000] - The GeneLink File Transfer Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/4/2009 10:58:22 AM, error: Dhcp [1002] - The IP address lease 192.168.2.10 for the Network Card with network address 001D60EA7AC1 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
7/3/2009 6:16:09 PM, error: NetDDE [206] - Listen failed: 15:
7/3/2009 6:15:25 PM, error: NetDDE [206] - Listen failed: 23: The ncb_lana_num member did not specify a valid network number.

==== End Of File ===========================

DDS (Ver_09-06-26.01) - NTFSx86
Run by Bert Bell at 14:07:40.06 on Mon 07/06/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2238 [GMT -4:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bert Bell\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: StumbleUpon Launcher: {145b29f4-a56b-4b90-bbac-45784ebebbb7} - c:\program files\stumbleupon\StumbleUponIEBar.dll
BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program files\stopzilla!\SZSG.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - c:\program files\stumbleupon\StumbleUponIEBar.dll
TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files\stopzilla!\SZSG.dll
TB: {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe "
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
mRun: [<NO NAME>]
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe "
mRun: [SPAMfighter Agent] "c:\program files\spamfighter\SFAgent.exe" update delay 60
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {75C9223A-409A-4795-A3CA-08DE6B075B4B} - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - c:\program files\stumbleupon\StumbleUponIEBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\common files\is3\anti-spyware\iS3lsp.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9}
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://go.microsoft.com/fwlink/?LinkId=82580
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} - hxxps://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208827930718
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211716978937
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://www.wasillachamber.org/webcams/cgi-bin/AxisCamControl.ocx
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - Eudora's Shell Extension
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
LSA: Notification Packages = :\windows\system32\srrstr.dll cecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bertbe~1\applic~1\mozilla\firefox\profiles\arsjh0a8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-cclean&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-cclean&p=
FF - plugin: c:\documents and settings\bert bell\application data\mozilla\firefox\profiles\arsjh0a8.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin2.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin3.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin4.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin5.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin6.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin7.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [2008-5-11 10368]
R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-3-30 40840]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-5-26 130936]
R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [2009-5-12 61328]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-3-30 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-3-30 81288]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-2-29 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-29 55024]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-4-22 353672]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-8-6 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-8-6 108392]
R2 CLBUDF;CyberLink UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [2008-5-24 182272]
R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\system32\drivers\nxsIO32.sys [2008-6-29 2208]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-3-30 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-3-30 1095560]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\spamfighter\sfus.exe [2009-3-12 184968]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2007-9-6 2177464]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2008-4-21 38656]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-7-3 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090705.003\NAVENG.SYS [2009-7-5 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090705.003\NAVEX15.SYS [2009-7-5 876144]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S2 USBHSB;GeneLink File Transfer Driver;c:\windows\system32\drivers\usbhsb.sys [2008-5-26 18690]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-7-5 66048]

============== File Associations ===============

regfile=regedit.exe "%1" %*

=============== Created Last 30 ================

2009-07-05 23:26 <DIR> --d----- c:\docume~1\bertbe~1\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-06-28 15:09 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-06-27 18:33 <DIR> --d----- c:\program files\common files\xing shared
2009-06-24 21:04 53 a------- c:\windows\mvPCinfo.ini
2009-06-23 00:07 <DIR> --d----- c:\program files\STOPzilla!

==================== Find3M ====================

2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-28 14:16 17,408 a----r-- c:\windows\system32\SZIO5.dll
2009-05-28 14:15 294,912 a----r-- c:\windows\system32\SZBase5.dll
2009-05-28 14:14 540,672 a----r-- c:\windows\system32\SZComp5.dll
2009-05-12 14:13 61,328 a----r-- c:\windows\system32\drivers\SZKG.sys
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-29 00:46 666,624 a------- c:\windows\system32\wininet.dll
2009-04-29 00:46 81,920 a------- c:\windows\system32\ieencode.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-09 11:39 107,888 a------- c:\windows\system32\CmdLineExt.dll
2006-06-23 18:48 32,768 a----r-- c:\windows\inf\UpdateUSB.exe

============= FINISH: 14:08:30.78 ===============

 

Hi
OK please do this.

Download ComboFix from Here to your Desktop.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• Vista users right click Combofix.exe and select Run As Administrator.
• When finished, it shall produce a log for you. Post the Combofix log

Note: Do not mouse click combofix's window while its running. That may cause it to stall

If you are prompted to install the Recovery Console, Please do so.

Thanks
Geri

 

Something shutting down my services

Hi Geri,

Thank you. I downloaded and installed combofix and ran it. When it was finished it gave me a printout of the log, which of course is all Greek to me.
Should I send the log to you? If so, please tell me by email exactly where to send it.
Thanks you so much for your trouble and help. I don't know if the problem has been solved since it only shuts down my services once every few weeks.

Thanks again,

Bert Bell

 

Hi
OK I don't need a print out. It should have opened in "Note Pad ", you need to copy and paste it in a reply here in this thread.

The log can be found here.

C:\combofix.txt

Please open it and copy and paste it here.

Thanks
Geri

 

Hi Geri,

Here is the combofix log as requested:

ComboFix 09-07-09.01 - Bert Bell 07/09/2009 13:13.1.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2413 [GMT -4:00]
Running from: c:\documents and settings\Bert Bell\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\108ef03.msi
c:\windows\Installer\2908200.msp
c:\windows\Installer\2ea19.msi
c:\windows\Installer\4c544f.msi
c:\windows\Installer\9d6d78.msi
c:\windows\Installer\aa1de.msi
c:\windows\Installer\b39c8b.msi

.
((((((((((((((((((((((((( Files Created from 2009-06-09 to 2009-07-09 )))))))))))))))))))))))))))))))
.

2009-07-06 03:26 . 2009-07-06 03:26 -------- d-----w- c:\documents and settings\Bert Bell\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-07-06 02:54 . 2009-02-12 09:35 38208 ----a-w- c:\documents and settings\Bert Bell\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-07-06 02:54 . 2009-07-06 02:54 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-07-06 02:53 . 2009-07-06 02:53 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-07-06 02:53 . 2009-07-06 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-06 02:53 . 2009-07-06 02:53 -------- d-----w- c:\program files\NOS
2009-07-06 02:53 . 2009-06-04 14:53 31944 ----a-w- c:\documents and settings\Bert Bell\Application Data\Mozilla\Firefox\Profiles\arsjh0a8.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2009-07-06 02:53 . 2009-06-04 14:53 22848 ----a-w- c:\documents and settings\Bert Bell\Application Data\Mozilla\Firefox\Profiles\arsjh0a8.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe
2009-07-06 02:53 . 2009-06-04 14:53 18776 ----a-w- c:\documents and settings\Bert Bell\Application Data\Mozilla\Firefox\Profiles\arsjh0a8.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2009-06-28 19:09 . 2009-06-28 19:09 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-28 04:40 . 2009-06-28 04:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-06-27 22:34 . 2009-06-27 22:34 -------- d-----w- c:\documents and settings\Bert Bell\Local Settings\Application Data\Real
2009-06-27 22:33 . 2009-06-27 22:33 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-26 21:23 . 2009-06-26 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-06-26 21:22 . 2009-06-26 21:22 -------- d-----w- c:\documents and settings\LocalService\Application Data\StumbleUpon
2009-06-23 04:07 . 2009-06-23 04:07 -------- d-----w- c:\program files\STOPzilla!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-09 17:22 . 2008-08-13 03:57 -------- d-----w- c:\program files\SPAMfighter
2009-07-09 17:22 . 2009-03-18 06:21 117760 ----a-w- c:\documents and settings\Bert Bell\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-09 17:07 . 2008-04-21 22:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-09 10:49 . 2009-03-30 05:23 -------- d-----w- c:\program files\Spyware Doctor
2009-07-09 03:33 . 2008-04-21 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-09 02:35 . 2008-06-10 02:45 49729065 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-07-06 02:55 . 2008-04-21 21:29 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-03 22:25 . 2009-07-03 22:26 3391488 ----a-w- c:\windows\Internet Logs\xDB14.tmp
2009-06-30 06:22 . 2008-08-14 20:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-30 06:22 . 2008-08-25 22:19 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-30 06:16 . 2008-07-01 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-06-29 17:33 . 2008-04-21 22:40 -------- d-----w- c:\program files\Google
2009-06-27 22:33 . 2008-06-01 00:40 -------- d-----w- c:\program files\Common Files\Real
2009-06-26 22:58 . 2009-06-26 22:59 3351040 ----a-w- c:\windows\Internet Logs\xDB13.tmp
2009-06-25 06:12 . 2008-07-01 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-06-25 06:03 . 2008-04-21 22:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-17 15:27 . 2008-08-14 20:13 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2008-08-14 20:13 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-12 23:14 . 2009-06-12 23:16 3309056 ----a-w- c:\windows\Internet Logs\xDB12.tmp
2009-06-12 17:05 . 2008-10-17 19:06 -------- d-----w- c:\program files\Safari
2009-06-12 17:03 . 2008-10-11 01:56 -------- d-----w- c:\program files\iTunes
2009-06-12 17:03 . 2008-10-11 01:56 -------- d-----w- c:\program files\iPod
2009-06-12 17:03 . 2008-09-27 06:20 -------- d-----w- c:\program files\Common Files\Apple
2009-06-05 22:29 . 2009-06-05 22:30 3287552 ----a-w- c:\windows\Internet Logs\xDB11.tmp
2009-06-05 18:38 . 2008-04-27 21:34 -------- d-----w- c:\program files\QuickTime Alternative
2009-06-05 18:34 . 2009-06-05 18:34 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-28 18:16 . 2009-05-28 18:16 17408 ----a-r- c:\windows\system32\SZIO5.dll
2009-05-28 18:15 . 2009-05-28 18:15 294912 ----a-r- c:\windows\system32\SZBase5.dll
2009-05-28 18:14 . 2009-05-28 18:14 540672 ----a-r- c:\windows\system32\SZComp5.dll
2009-05-26 09:45 . 2009-05-26 09:45 -------- d-----w- c:\program files\Common Files\PC Tools
2009-05-26 09:45 . 2009-05-26 09:45 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\PC Tools
2009-05-26 09:45 . 2009-05-26 09:45 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-05-21 04:36 . 2009-05-21 04:37 3218944 ----a-w- c:\windows\Internet Logs\xDB10.tmp
2009-05-16 17:23 . 2009-05-16 17:23 125752 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-13 18:30 . 2009-05-13 18:30 -------- d-----w- c:\program files\Common Files\Application
2009-05-12 18:13 . 2009-05-12 18:13 61328 ----a-r- c:\windows\system32\drivers\SZKG.sys
2009-05-12 13:06 . 2009-05-12 13:08 3201536 ----a-w- c:\windows\Internet Logs\xDBF.tmp
2009-05-07 15:32 . 2008-04-14 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 20:22 . 2009-05-05 20:26 3180544 ----a-w- c:\windows\Internet Logs\xDBE.tmp
2009-04-29 04:46 . 2008-04-14 12:00 666624 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:46 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-21 02:12 . 2007-06-19 22:08 149768 ----a-w- c:\windows\system32\drivers\WpsHelper.sys
2009-04-17 12:26 . 2008-04-14 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2008-04-14 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-10 20:34 . 2009-04-11 00:15 3116544 ----a-w- c:\windows\Internet Logs\xDBD.tmp
2008-05-21 05:53 . 2008-05-21 05:51 24 --sha-w- c:\windows\S72529D67.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-25 1830128]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-21 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client "= "c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-08-06 115560]
"SPAMfighter Agent "= "c:\program files\SPAMfighter\SFAgent.exe" [2009-03-12 326792]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-21 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-31 16:55 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@= "Service "

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Bert Bell^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memory Savior
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spywarefighterguard

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc "=2 (0x2)
"vsmon "=2 (0x2)
"Symantec AntiVirus "=2 (0x2)
"SPAMfighter Update Service "=2 (0x2)
"SNAC "=3 (0x3)
"SmcService "=2 (0x2)
"sdCoreService "=2 (0x2)
"sdAuxService "=2 (0x2)
"RichVideo "=2 (0x2)
"ose "=2 (0x2)
"LiveUpdate "=3 (0x3)
"gusvc "=2 (0x2)
"FLEXnet Licensing Service "=3 (0x3)
"Diskeeper "=2 (0x2)
"ccSetMgr "=2 (0x2)
"ccEvtMgr "=2 (0x2)
"ATI Smart "=2 (0x2)
"Ati HotKey Poller "=3 (0x3)
"Adobe LM Service "=3 (0x3)
"aawservice "=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe "=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE "=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"94:TCP "= 94:TCP:VRS Recording System Web Control Panel
"8000:UDP "= 8000:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8001:UDP "= 8001:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8002:UDP "= 8002:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8003:UDP "= 8003:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8004:UDP "= 8004:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8005:UDP "= 8005:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8006:UDP "= 8006:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8007:UDP "= 8007:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8008:UDP "= 8008:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8009:UDP "= 8009:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"5060:UDP "= 5060:UDP:Axon Virtual PBX Sip Incoming Calls (UDP)
"81:TCP "= 81:TCP:Axon Virtual PBX Web Server

R0 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [5/11/2008 9:46 PM 10368]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/26/2009 5:45 AM 130936]
R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [5/12/2009 2:13 PM 61328]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/29/2008 5:03 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/29/2008 5:03 PM 55024]
R2 CLBUDF;CyberLink UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [5/24/2008 8:07 AM 182272]
R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\system32\drivers\nxsIO32.sys [6/29/2008 5:52 PM 2208]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [3/12/2009 10:44 AM 184968]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [4/21/2008 5:50 PM 38656]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/3/2009 5:00 PM 101936]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 5:51 PM 4096]
S2 USBHSB;GeneLink File Transfer Driver;c:\windows\system32\drivers\usbhsb.sys [5/26/2008 4:01 AM 18690]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/29/2007 2:55 PM 23888]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [7/5/2009 10:53 PM 66048]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [3/30/2009 1:23 AM 348752]
.
Contents of the 'Scheduled Tasks' folder

2009-07-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-07-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-21 21:56]
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - (no file)
SafeBoot-Symantec Antvirus


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
LSP: c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} - hxxps://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
FF - ProfilePath - c:\documents and settings\Bert Bell\Application Data\Mozilla\Firefox\Profiles\arsjh0a8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-cclean&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-cclean&p=
FF - plugin: c:\documents and settings\Bert Bell\Application Data\Mozilla\Firefox\Profiles\arsjh0a8.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin7.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-09 13:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1064)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
c:\program files\Symantec\Symantec Endpoint Protection\SnacNp.dll

- - - - - - - > 'lsass.exe'(1120)
c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll

- - - - - - - > 'explorer.exe'(3288)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\windows\system32\ZoneLabs\vsmon.exe
c:\windows\system32\netdde.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Executive Software\Diskeeper\DkService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\tlntsvr.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\msiexec.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-07-09 13:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-09 17:31

Pre-Run: 279,416,356,864 bytes free
Post-Run: 282,062,966,784 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

293 --- E O F --- 2009-07-02 05:08

 

Hi
OK please do this.

Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Now lets get a on line scan.

Please do an online scan with Kaspersky WebScanner

It's best to disable real time protection applications as they sometimes interfere with the scan.
Check this link for any applicable programs you may have.

Click on “Accept” If your pop –up blocker blocks any windows from opening.

Click Run on the window that opens.
Windows Vista users you must open the web browser using the Run as Administrator command.

• The program will launch and then begin downloading the latest definition files:
• Under Scan on the left side.Click on My Computer
• This will start the program and scan your system.
• Click the “Scan Report” On the left side.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
• Save the text file to your desktop.
• Copy and paste that information in your next post.

Please post the Kaspersky results.

Let me know if any of your services have stopped.
Thanks
Geri