hmm

I dont know if there is something there but it seems like there is if you can see something ty in advance.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:06:03 AM, on 3/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\Program Files\Common Files\AOL\1172830934\ee\AOLSoftware.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Seagate\SeagateManager\Sync\MaxSync.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wwSecure.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\program files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\AOL\1172830934\EE\AOLDesktop.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\My Documents\hijackgpthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: (no name) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1172830934\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\Content.IE5\LBCFVC94\HTH_SH~1.SH! C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\Content.IE5\LBCFVC94\HTH_TA~1.SH! C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\Content.IE5\IH8KUKEM\HTH_BA~1.SH! C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\Content.IE5\LBCFVC94\HTH_OU~1.SH! C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\Content.IE5\O6MGPWDW\HTH_ST~1.SH!
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; AOL 10.1; AOLBuild 2.1.84.1; brand=aol; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; Media Center PC 2.8; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648)" -"http://mplayer19.slingo.com/client/shockscreen8.asp?shost=mplayer19.slingo.com&sport=15013&susername=eric3926&spassword=eeicky&sroomname=Bishop%20Chads%20Room&sgameskin=bishops1&gameid=100"
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O4 - Startup: AutorunsDisabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Addiction by pogo - http://game3.pogo.com/v/9.1.7.20/applet/addiction/addiction-en_US.cab
O16 - DPF: Bingo Luau by pogo - http://game3.pogo.com/v/9.1.6.34/applet/freebingo/freebingo-en_US.cab
O16 - DPF: Blackjack by pogo - http://game3.pogo.com/v/9.1.6.34/applet/blackjack/blackjack-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game3.pogo.com/v/9.1.6.34/applet/ytz/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game3.pogo.com/v/9.1.6.34/applet/checkeredflag/checkeredflag-en_US.cab
O16 - DPF: Euchre by pogo - http://game3.pogo.com/v/9.0.8.2/applet/euchre/euchre-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game3.pogo.com/v/9.0.8.20/applet/greenback/greenback-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game3.pogo.com/v/9.1.3.19/applet/gin2/gin2-en_US.cab
O16 - DPF: Lottso by pogo - http://game3.pogo.com/v/9.1.6.34/applet/lottso/lottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game3.pogo.com/v/9.1.7.20/applet/mahjong2/mahjong2-en_US.cab
O16 - DPF: Phlinx by pogo - http://game3.pogo.com/v/9.0.8.20/applet/flinger/flinger-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game3.pogo.com/v/9.1.6.34/applet/hotstreak/hotstreak-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game3.pogo.com/v/9.0.9.8/applet/puck/puck-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game3.pogo.com/v/9.1.5.8/applet/holdem/holdem-en_US.cab
O16 - DPF: Thousand Island Solitaire by pogo - http://game3.pogo.com/v/9.0.9.8/applet/millbrae/millbrae-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game3.pogo.com/v/9.1.7.20/applet/turbo22/turbo22-en_US.cab
O16 - DPF: Word Craft by pogo - http://game3.pogo.com/v/9.0.9.8/applet/babble/babble-en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game3.pogo.com/v/9.1.1.1/applet/whackdown/whackdown-en_US.cab
O16 - DPF: Yahoo! Pool 2 - http://origin.games.yahoo.net/games/clients/y/poti_x.cab
O16 - DPF: Yahoo! Tic-Tac-Toe - http://origin.games.yahoo.net/games/clients/y/ft3_x.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200970453109
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203182381187
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v57/wof/wof.cab
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.6.0_10) -
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

Hello.

I strongly recommend you to remove Ask from your computer because it's:

• Promoting its toolbars on sites targeted to kids.
  
• Promoting its toolbars through ads that appear to be part of other companies' sites.
  
• Promoting its toolbars through other companies' spyware.
  
• Installing without any disclosure whatsoever and without any consent whatsoever.
  
• Soliciting installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
  
• Making confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.
  

See Here for more info.

If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

• AskBarDis
  

Then please find and delete this folder in bold (if present):
C:\Program Files\AskBarDis

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  Link 3
  
• Double click DDS.scr to run
  
• When complete, DDS.txt will open.
  
• Save the report to your Desktop.
  
• Copy and paste DDS.txt back here, I don't need to see attach.txt.
  

DDS (Ver_09-02-01.01) - NTFSx86
Run by Administrator at 11:07:43.29 on Sun 03/15/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1394 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\AOL\1172830934\ee\AOLSoftware.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Seagate\SeagateManager\Sync\MaxSync.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wwSecure.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\AOL\1172830934\EE\AOLDesktop.exe
C:\WINDOWS\Explorer.EXE
C:\program files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\FWFCGKEF\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: []
uRunOnce: [DelayShred] c:\progra~1\mcafee\mshr\shrcl.exe /p7 /q c:\docume~1\admini~1\locals~1\tempor~1\content.ie5\lbcfvc94\hth_sh~1.sh! c:\docume~1\admini~1\locals~1\tempor~1\content.ie5\lbcfvc94\hth_ta~1.sh! c:\docume~1\admini~1\locals~1\tempor~1\content.ie5\ih8kukem\hth_ba~1.sh! c:\docume~1\admini~1\locals~1\tempor~1\content.ie5\lbcfvc94\hth_ou~1.sh! c:\docume~1\admini~1\locals~1\tempor~1\content.ie5\o6mgpwdw\HTH_ST~1.SH!
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~3.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; AOL 10.1; AOLBuild 2.1.84.1; brand=aol; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; Media Center PC 2.8; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648)" -"http://mplayer19.slingo.com/client/shockscreen8.asp?shost=mplayer19.slingo.com&sport=15013&susername=eric3926&spassword=eeicky&sroomname=Bishop%20Chads%20Room&sgameskin=bishops1&gameid=100"
mRun: [SBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [HostManager] c:\program files\common files\aol\1172830934\ee\AOLSoftware.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRunOnce: [SetDefaultMidi] MIDIDEF.EXE
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\autoru~1\boincm~1.lnk - c:\program files\boinc\boincmgr.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: Addiction by pogo - hxxp://game3.pogo.com/v/9.1.7.20/applet/addiction/addiction-en_US.cab
DPF: Bingo Luau by pogo - hxxp://game3.pogo.com/v/9.1.6.34/applet/freebingo/freebingo-en_US.cab
DPF: Blackjack by pogo - hxxp://game3.pogo.com/v/9.1.6.34/applet/blackjack/blackjack-en_US.cab
DPF: Dice City Roller by pogo - hxxp://game3.pogo.com/v/9.1.6.34/applet/ytz/ytz-en_US.cab
DPF: Dice Derby by pogo - hxxp://game3.pogo.com/v/9.1.6.34/applet/checkeredflag/checkeredflag-en_US.cab
DPF: Euchre by pogo - hxxp://game3.pogo.com/v/9.0.8.2/applet/euchre/euchre-en_US.cab
DPF: Greenback Bayou by pogo - hxxp://game3.pogo.com/v/9.0.8.20/applet/greenback/greenback-en_US.cab
DPF: Jungle Gin by pogo - hxxp://game3.pogo.com/v/9.1.3.19/applet/gin2/gin2-en_US.cab
DPF: Lottso by pogo - hxxp://game3.pogo.com/v/9.1.6.34/applet/lottso/lottso-en_US.cab
DPF: Mah Jong Garden by pogo - hxxp://game3.pogo.com/v/9.1.7.20/applet/mahjong2/mahjong2-en_US.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: Phlinx by pogo - hxxp://game3.pogo.com/v/9.0.8.20/applet/flinger/flinger-en_US.cab
DPF: Quick Quack by pogo - hxxp://game3.pogo.com/v/9.1.6.34/applet/hotstreak/hotstreak-en_US.cab
DPF: Shuffle Bump by pogo - hxxp://game3.pogo.com/v/9.0.9.8/applet/puck/puck-en_US.cab
DPF: Texas Hold'em Poker by pogo - hxxp://game3.pogo.com/v/9.1.5.8/applet/holdem/holdem-en_US.cab
DPF: Thousand Island Solitaire by pogo - hxxp://game3.pogo.com/v/9.0.9.8/applet/millbrae/millbrae-en_US.cab
DPF: Turbo 21 v2 by pogo - hxxp://game3.pogo.com/v/9.1.7.20/applet/turbo22/turbo22-en_US.cab
DPF: Word Craft by pogo - hxxp://game3.pogo.com/v/9.0.9.8/applet/babble/babble-en_US.cab
DPF: Word Whomp Whackdown by pogo - hxxp://game3.pogo.com/v/9.1.1.1/applet/whackdown/whackdown-en_US.cab
DPF: Yahoo! Pool 2 - hxxp://origin.games.yahoo.net/games/clients/y/poti_x.cab
DPF: Yahoo! Tic-Tac-Toe - hxxp://origin.games.yahoo.net/games/clients/y/ft3_x.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200970453109
DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v4.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203182381187
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
Notify: AtiExtEvent - Ati2evxx.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-1-1 201320]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-1-1 359248]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-1-1 144704]
R3 MauiIIIG;Emuzed Maui III-G Device;c:\windows\system32\drivers\MauiIIIG.sys [2007-3-1 175232]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-1-1 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-1-1 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-1-1 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-1-1 40488]
S3 cpuz129;cpuz129;\??\c:\docume~1\admini~1\locals~1\temp\cpuz_x32.sys --> c:\docume~1\admini~1\locals~1\temp\cpuz_x32.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-1-1 33832]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-3-12 24652]

=============== Created Last 30 ================

2009-03-15 09:29 593,920 -------- c:\windows\system32\ati2sgag.exe
2009-03-06 23:01 2,839,290 a------- c:\windows\system32\GameMon.des

==================== Find3M ====================

2009-03-15 09:17 47,360 ac------ c:\docume~1\admini~1\applic~1\pcouffin.sys
2009-03-15 09:17 87,608 a------- c:\docume~1\admini~1\applic~1\inst.exe
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-04 17:15 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-02-04 02:27 3,488,768 a------- c:\windows\system32\drivers\ati2mtag.sys
2009-02-04 00:57 11,702,272 a------- c:\windows\system32\atioglxx.dll
2009-02-04 00:03 290,816 a------- c:\windows\system32\atiok3x2.dll
2009-02-03 23:56 442,368 a------- c:\windows\system32\ATIDEMGX.dll
2009-02-03 23:55 324,096 a------- c:\windows\system32\ati2dvag.dll
2009-02-03 23:44 196,608 a------- c:\windows\system32\atipdlxx.dll
2009-02-03 23:44 155,648 a------- c:\windows\system32\Oemdspif.dll
2009-02-03 23:43 26,112 a------- c:\windows\system32\Ati2mdxx.exe
2009-02-03 23:43 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-02-03 23:43 155,648 a------- c:\windows\system32\ati2evxx.dll
2009-02-03 23:41 602,112 a------- c:\windows\system32\ati2evxx.exe
2009-02-03 23:40 53,248 a------- c:\windows\system32\ATIDDC.DLL
2009-02-03 23:30 3,884,768 a------- c:\windows\system32\ati3duag.dll
2009-02-03 23:14 2,645,504 a------- c:\windows\system32\ativvaxx.dll
2009-02-03 23:13 3,107,788 a------- c:\windows\system32\ativva5x.dat
2009-02-03 23:13 887,724 a------- c:\windows\system32\ativva6x.dat
2009-02-03 22:58 49,664 a------- c:\windows\system32\amdpcom32.dll
2009-02-03 22:54 471,040 a------- c:\windows\system32\atikvmag.dll
2009-02-03 22:53 122,880 a------- c:\windows\system32\atiadlxx.dll
2009-02-03 22:52 17,408 a------- c:\windows\system32\atitvo32.dll
2009-02-03 22:52 53,248 a------- c:\windows\system32\drivers\ati2erec.dll
2009-02-03 22:46 626,688 a------- c:\windows\system32\ati2cqag.dll
2009-02-03 22:44 307,200 a------- c:\windows\system32\atiiiexx.dll
2009-02-03 21:43 45,056 a------- c:\windows\system32\aticalrt.dll
2009-02-03 21:42 45,056 a------- c:\windows\system32\aticalcl.dll
2009-02-03 21:40 3,244,032 a------- c:\windows\system32\aticaldd.dll
2009-01-30 21:37 2,592 a------- c:\docume~1\admini~1\applic~1\wklnhst.dat
2008-12-20 18:15 826,368 a------- c:\windows\system32\wininet.dll
2008-07-07 17:51 59,839,784 ac------ c:\program files\iTunesSetup.exe
2008-06-29 12:16 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008062920080630\index.dat

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

• Viewpoint
  
• Viewpoint Manager
  
• Viewpoint Media Player
  
• Viewpoint Toolbar
  

Please download the OTMoveIt3 by OldTimer from here:

• Save it to your desktop.
  
• Please double-click OTMoveIt3.exe to run it.
  
• Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :services
  npggsvc
  cpuz129
  Viewpoint Manager Service
  
  :files
  c:\windows\system32\gamemon.des
  c:\windows\system32\gamemon.des.exe
  c:\program files\viewpoint
  
  :reg
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
  "NoViewOnDrive"=-
  
  :commands
  [emptytemp]
  [reboot]
  
  
  
• Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt3
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

========== SERVICES/DRIVERS ==========
Service npggsvc stopped successfully.
Service npggsvc deleted successfully.
Service cpuz129 stopped successfully.
Service cpuz129 deleted successfully.
Unable to stop service Viewpoint Manager Service .
========== FILES ==========
c:\windows\system32\GameMon.des moved successfully.
File/Folder c:\windows\system32\gamemon.des.exe not found.
c:\program files\Viewpoint\Viewpoint Toolbar\del9B.tmp moved successfully.
c:\program files\Viewpoint\Viewpoint Toolbar moved successfully.
c:\program files\Viewpoint\Common moved successfully.
c:\program files\Viewpoint moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CMLS--2009-03-15--10-35-00.log scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\mcafee_nuoo1JfifWG5v3D scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_a8HLLq7xV1qw5GT scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_bQ71uiyaKMLw5PO scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_Qv9pqUH5euEOU4q scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_rSoqUcWm3XOl0LN scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_ZyWSwVZtmXTnsvn scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5d4.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\WFV5.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03152009_112943

Files moved on Reboot...
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CMLS--2009-03-15--10-35-00.log moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\mcafee_nuoo1JfifWG5v3D not found!
File C:\WINDOWS\temp\mcmsc_a8HLLq7xV1qw5GT not found!
File C:\WINDOWS\temp\mcmsc_bQ71uiyaKMLw5PO not found!
File C:\WINDOWS\temp\mcmsc_Qv9pqUH5euEOU4q not found!
File C:\WINDOWS\temp\mcmsc_rSoqUcWm3XOl0LN not found!
File C:\WINDOWS\temp\mcmsc_ZyWSwVZtmXTnsvn not found!
File C:\WINDOWS\temp\Perflib_Perfdata_5d4.dat not found!
File C:\WINDOWS\temp\WFV5.tmp not found!

Hello.
How's the machine now?

Better then it was Thank you.

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck.