Block Google-Analytics (follow on)

Hi All, ................. The subject matter of this post originally was posted in the General Internet forum. While Google-Analytics is used here, the hangups can result from many forms of "Transferring data from somename.com." The Administrator has directed me to move to this forum and post two logs generated by running the DDS scanning tool created by sUBs. The logs are pasted below.


DDS (Ver_09-02-01.01) - NTFSx86
Run by Derf at 12:55:32.29 on Wed 02/18/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.627 [GMT -5:00]

AV: avast! antivirus 4.8.1335 [VPS 090217-0] *On-access scanning enabled* (Updated)
FW: COMODO Firewall Pro *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\StartupMonitor.exe
D:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
D:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\LogMeIn\x86\RaMaint.exe
D:\Program Files\LogMeIn\x86\LogMeIn.exe
D:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\UPHClean\uphclean.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Derf\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\progra~2\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
uRun: [WinPatrol System Monitor] d:\program files\billp studios\winpatrol\WinPatrol.exe
mRun: [Run StartupMonitor] StartupMonitor.exe
mRun: [avast!] d:\progra~2\alwils~1\avast4\ashDisp.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
dRun: [Picasa Media Detector] d:\program files\picasa2\PicasaMediaDetector.exe
StartupFolder: c:\docume~1\derf\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
uPolicies-explorer: NoActiveDesktop = 00000000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\progra~2\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
AppInit_DLLs:
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\derf\applic~1\mozilla\firefox\profiles\nt1usq4b.willfred\
FF - plugin: d:\program files\adobe\reader 8.0\reader\browser\nppdf32.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-6-25 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-6-25 20560]
R2 avast! Antivirus;avast! Antivirus;d:\program files\alwil software\avast4\ashServ.exe [2008-6-25 138680]
R2 LMIInfo;LogMeIn Kernel Information Provider;d:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-11-8 47640]
R2 MaxSch2Svc;Maxtor Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2008-6-24 431384]
R3 avast! Web Scanner;avast! Web Scanner;d:\program files\alwil software\avast4\ashWebSv.exe [2008-6-25 352920]
S2 CmdAgent;CmdAgent; [x]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2008-6-24 431384]
S3 avast! Mail Scanner;avast! Mail Scanner;d:\program files\alwil software\avast4\ashMaiSv.exe [2008-6-25 254040]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2008-10-28 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2008-10-28 3072]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-02-15 14:10 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-02-15 14:10 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-02-15 14:10 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-02-15 14:10 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-02-15 14:10 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-02-15 14:10 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-02-14 14:43 4,886,528 a------- C:\My Money.mny
2009-02-11 11:55 249,592 a------- c:\windows\system32\cssdll32.dll
2009-02-11 11:41 120 a------- c:\windows\CIS_Setup_3.5.57173.439_XP_Vista_x32.INI
2009-02-06 21:16 <DIR> --d----- c:\windows\system32\drivers\New Folder
2009-02-04 13:32 <DIR> --d----- c:\docume~1\derf\applic~1\Malwarebytes
2009-02-04 13:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-04 13:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-04 13:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-31 13:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-01-31 11:54 989,720 a----r-- c:\windows\system32\igxpun.exe
2009-01-31 11:54 <DIR> --d----- c:\windows\system32\x64
2009-01-31 11:54 319,456 a----r-- c:\windows\system32\difxapi.dll
2009-01-31 11:54 147,456 a----r-- c:\windows\system32\igfxCoIn_v4969.dll
2009-01-31 11:54 258,048 a----r-- c:\windows\system32\igfxrsky.lrc
2009-01-31 11:54 253,952 a----r-- c:\windows\system32\igfxrslv.lrc
2009-01-31 11:54 6,043,040 a----r-- c:\windows\system32\drivers\igxpmp32.sys
2009-01-31 11:54 3,275,776 a----r-- c:\windows\system32\igxpdx32.dll
2009-01-31 11:54 2,295,296 a----r-- c:\windows\system32\igxpdv32.dll
2009-01-31 11:54 152,064 a----r-- c:\windows\system32\igxpgd32.dll
2009-01-31 11:54 57,344 a----r-- c:\windows\system32\igxprd32.dll
2009-01-31 11:52 105,856 a----r-- c:\windows\system32\drivers\Rtenicxp.sys
2009-01-30 12:46 146,650 a------- c:\windows\system32\BuzzingBee.wav
2009-01-30 12:46 940,794 a------- c:\windows\system32\LoopyMusic.wav
2009-01-30 12:45 <DIR> --d----- c:\windows\system32\Lang
2009-01-29 11:08 45 a------- c:\windows\system32\initdebug.nfo
2009-01-27 18:24 553 -----r-- c:\windows\USetup.iss
2009-01-27 18:23 49,152 -----r-- c:\windows\system32\ChCfg.exe
2009-01-27 18:23 <DIR> --d----- c:\windows\system32\RTCOM
2009-01-27 18:23 1,826,816 -----r-- c:\windows\SkyTel.exe
2009-01-27 18:23 77,824 -----r-- c:\windows\SoundMan.exe
2009-01-27 18:23 1,196,032 -----r-- c:\windows\RtlUpd.exe
2009-01-27 18:23 266,240 -----r-- c:\windows\system32\RTSndMgr.cpl
2009-01-27 18:23 9,715,200 -----r-- c:\windows\RTLCPL.exe
2009-01-27 18:23 4,745,216 -----r-- c:\windows\system32\drivers\RtkHDAud.sys
2009-01-27 18:22 16,876,032 -----r-- c:\windows\RTHDCPL.exe
2009-01-27 18:22 2,165,760 -----r-- c:\windows\MicCal.exe
2009-01-27 18:22 57,344 -----r-- c:\windows\Alcmtr.exe
2009-01-27 18:22 <DIR> --d----- c:\program files\Realtek
2009-01-27 18:22 2,808,832 -----r-- c:\windows\alcwzrd.exe
2009-01-27 18:22 278,528 -----r-- c:\windows\system32\ALSndMgr.cpl
2009-01-27 18:21 315,392 a------- c:\windows\HideWin.exe
2009-01-27 18:21 520,192 -----r-- c:\windows\RtlExUpd.dll
2009-01-27 18:01 53,248 a------- c:\windows\system32\CSVer.dll
2009-01-27 17:26 <DIR> --d----- C:\Intel

==================== Find3M ====================

2009-02-15 14:09 23,392 a------- c:\windows\system32\emptyregdb.dat
2008-12-29 14:47 1,885,464 a------- c:\windows\system32\AutoPartNt.exe
2008-07-23 14:33 61,224 ac------ c:\documents and settings\derf\GoToAssistDownloadHelper.exe

============= FINISH: 12:56:00.79 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/15/2009 2:12:59 PM
System Uptime: 2/18/2009 10:31:11 AM (2 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | MS-7529
Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz | CPU 1 | 1869/267mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 12 GiB total, 2.791 GiB free.
D: is FIXED (NTFS) - 38 GiB total, 37.538 GiB free.
E: is FIXED (NTFS) - 26 GiB total, 22.408 GiB free.
F: is CDROM ()
I: is CDROM (CDFS)
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_529C1462&REV_01\4&38D2602C&0&00E1
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_529C1462&REV_01\4&38D2602C&0&00E1
Service: RTLE8023xp

==== System Restore Points ===================

RP1: 2/15/2009 2:17:10 PM - System Checkpoint

==== Installed Programs ======================

1Click Clocksync 2.0
Adobe Flash Player Plugin
Adobe Reader 8
AusLogics Disk Defrag
avast! Antivirus
Belarc Advisor 7.2
CCleaner (remove only)
Driver Detective
EASEUS Partition Manager 2.1 Home Edition
Eraser
ERUNT 1.1j
EVEREST Home Edition v2.20
Font Xplorer 1.2.2
GiPo@MoveOnBoot 1.9.5
ImgBurn
Intel(R) Graphics Media Accelerator Driver
IrfanView (remove only)
Jarte 3.3
Java(TM) 6 Update 7
Lexmark Printer Software Uninstall
LogMeIn
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Money 2000 Standard Edition
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 2000
Microsoft Works 2000 Setup Launcher
Mozilla Firefox (3.0.6)
Mozilla Thunderbird (2.0.0.19)
MSN
OpenOffice.org 2.2
PC Wizard 2008.1.87
PE Builder 3.1.10a
Picasa 2
Realtek High Definition Audio Driver
RegScrubXP 3.25
Revo Uninstaller 1.80
Seagate*DiscWizard
SeaTools for Windows
SoundMAX
Spybot - Search & Destroy
StartupMonitor
Tweak UI
Unlocker 1.8.7
User Profile Hive Cleanup Service
WebFldrs XP
Winamp
Windows Media Format Runtime
WinPatrol
WinPatrol 2007 Restore/Remove First
XXClone ver 0.58.0

==== Event Viewer Messages From Past Week ========

2/16/2009 3:54:37 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Inspect
2/16/2009 3:54:36 PM, error: Service Control Manager [7023] - The Seagate Scheduler2 Service service terminated with the following error: The endpoint is a duplicate.
2/16/2009 3:54:36 PM, error: Service Control Manager [7000] - The CmdAgent service failed to start due to the following error: The system cannot find the path specified.
2/15/2009 2:13:46 PM, error: Setup [60055] - Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information.
2/15/2009 2:11:05 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SENS with arguments " " in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
2/18/2009 12:18:06 PM, error: Service Control Manager [7000] - The MSICPL service failed to start due to the following error: The system cannot find the file specified.
2/18/2009 12:20:13 PM, error: PlugPlayManager [11] - The device Root\LEGACY_SETUPNTGLM7X\0000 disappeared from the system without first being prepared for removal.

==== End Of File ===========================