Scans continued....
DDS (Ver_09-07-30.01) - NTFSx86
Run by Robert Hoagland at 11:25:26.56 on Tue 09/15/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3061.2616 [GMT -4:00]
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
svchost.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ATTToolbar\FDServer.exe
C:\Documents and Settings\Robert Hoagland\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page =
hxxp://www.att.netmStart Page =
hxxp://www.google.comBHO: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
TB: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
dRunOnce: [RunNarrator] Narrator.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: doccentral.com
Trusted Zone: fnismls.com
Trusted Zone: getmedianow.com
Trusted Zone: live.com
Trusted Zone: motive.com\patttbc.att
Trusted Zone: rdesk.com
Trusted Zone: rexplorer.net
Trusted Zone: showingtime.com
Trusted Zone: sitexdata.com
Trusted Zone: spellchecker.net
Trusted Zone: transactionpoint.com
Trusted Zone: trpoint.com
Trusted Zone: virtualearth.net
Trusted Zone: xmlsweb.com
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {4E330863-6A11-11D0-BFD8-006097237877} -
hxxp://support.rexplorer.net/iftw_install//iftwclix.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabNotify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
============= SERVICES / DRIVERS ===============
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-9-6 130936]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2009-4-16 24064]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-4-23 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-4-23 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-4-23 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-4-23 55656]
R3 k57w2k;Broadcom NetLink (TM) Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [2009-4-16 176640]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-9-6 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-9-6 1097096]
=============== Created Last 30 ================
2009-09-15 11:21 50,176 ac------ c:\windows\system32\dllcache\proquota.exe
2009-09-15 11:21 50,176 a------- c:\windows\system32\proquota.exe
2009-09-15 11:03 <DIR> a-dshr-- C:\cmdcons
2009-09-15 11:03 <DIR> --ds---- C:\Combo-Fix
2009-09-14 22:36 <DIR> --d----- c:\program files\ATTToolbar
2009-09-14 22:36 <DIR> --d----- c:\docume~1\robert~1\applic~1\ATTToolbar
2009-09-14 22:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ATTToolbar
2009-09-14 22:35 <DIR> --d----- c:\program files\ATT-SST
2009-09-14 22:28 153,088 -c------ c:\windows\system32\dllcache\triedit.dll
2009-09-14 22:26 <DIR> --d----- c:\program files\ATT-HSI
2009-09-14 22:25 <DIR> --d----- c:\program files\common files\Motive
2009-09-14 21:53 229,888 a------- c:\windows\PEV.exe
2009-09-14 21:53 161,792 a------- c:\windows\SWREG.exe
2009-09-14 21:53 98,816 a------- c:\windows\sed.exe
2009-09-07 13:25 15,191 a------- c:\docume~1\robert~1\applic~1\gago.dat
2009-09-07 13:25 13,123 a------- c:\windows\fybig._sy
2009-09-06 03:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\gra
2009-09-06 01:17 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-09-06 01:17 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-09-06 01:17 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-06 01:17 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-09-06 01:17 <DIR> --d----- c:\program files\common files\PC Tools
2009-09-06 01:17 <DIR> --d----- c:\program files\Spyware Doctor
2009-09-06 01:17 <DIR> --d----- c:\docume~1\robert~1\applic~1\PC Tools
2009-09-06 01:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-09-06 01:16 <DIR> --d----- c:\docume~1\robert~1\applic~1\GetRightToGo
2009-09-06 01:13 19,638 a------- c:\program files\common files\sonop.dat
2009-09-06 01:13 12,620 a------- c:\windows\ydivyhoj.dat
2009-09-06 01:13 12,180 a------- c:\windows\haxus.com
==================== Find3M ====================
2009-09-07 13:25 10,826 a------- c:\program files\common files\tosy.lib
2009-08-05 22:22 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-12 12:21 233,472 a------- c:\windows\system32\wmpdxm.dll
2009-07-03 13:09 915,456 -------- c:\windows\system32\wininet.dll
2009-06-25 04:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 04:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 04:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 04:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 04:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 04:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-04-29 14:28 2,172,080 a------- c:\program files\ptreplicator-setup.exe
============= FINISH: 11:25:36.23 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-07-30.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 4/23/2009 2:33:22 PM
System Uptime: 9/15/2009 10:18:13 AM (1 hours ago)
Motherboard: Dell Inc. | | 0T656F
Processor: Intel(R) Core(TM)2 Duo CPU E7300 @ 2.66GHz | CPU | 2659/1066mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 298 GiB total, 278.956 GiB free.
D: is CDROM ()
J: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1: 9/15/2009 10:51:32 AM - System Checkpoint
==== Installed Programs ======================
32 Bit HP CIO Components Installer
7500_7600_7700_Help
ACI Collection 32
ACI Desktop Additional Components
Adobe Flash Player 10 ActiveX
Adobe Photoshop Elements 3.0
Adobe Reader 6.0.1
Alarm Clock v1.0
AT&T Self Support Tool
AT&T Toolbar
Avira AntiVir Personal - Free Antivirus
BPD_HPSU
BPD_Scan
BPDfax
BPDSoftware
BPDSoftware_Ini
Broadcom Management Programs
BufferChm
Choice Guard
CleanUp!
Computer Alarm Clock
CP_CalendarTemplates1
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Panorama1Config
cp_PosterPrintConfig
CueTour
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
DocumentViewer
DocumentViewerQFolder
eSupportQFolder
FullDPAppQFolder
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954434)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB958347)
Hotfix for Windows XP (KB959252)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Customer Participation Program 7.0
HP Document Viewer 7.0
HP Imaging Device Functions 7.0
HP Officejet Pro All-In-One Series
HP Photosmart Essential
HP Photosmart Premier Software 6.5
HP Product Assistant
HP Solution Center 7.0
HP Update
HPPhotoSmartExpress
HPProductAssistant
InstantShareDevices
InstantShareDevicesMFC
Intel(R) Graphics Media Accelerator Driver
Java(TM) 6 Update 11
Karen's Replicator
L7500
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Small Business
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MPM
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB927977)
OCR Software by I.R.I.S 7.0
PanoStandAlone
PC Access for Windows
PhotoGallery
PowerDVD
ProductContext
RandMap
REXplorer Component Upgrade
Scan
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SkinsHP1
SlideShow
SolutionCenter
Sonic CinePlayer Decoder Pack
Sonic_PrimoSDK
Spyware Doctor 6.1
Status
SUPERAntiSpyware Free Edition
Toolbox
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB898461)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Live Sync
Windows Live Upload Tool
Windows Presentation Foundation
Windows Search 4.0
XML Paper Specification Shared Components Pack 1.0
==== Event Viewer Messages From Past Week ========
9/9/2009 8:10:29 AM, error: Print [19] - Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer.
9/14/2009 9:56:58 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
9/14/2009 9:56:40 PM, error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/14/2009 9:54:04 PM, error: Service Control Manager [7034] - The Photoshop Elements Device Connect service terminated unexpectedly. It has done this 1 time(s).
9/14/2009 9:54:04 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
9/14/2009 9:53:52 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the AntiVirSchedulerService service.
9/14/2009 9:53:52 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Adobe Active File Monitor service to connect.
9/14/2009 9:53:52 PM, error: Service Control Manager [7001] - The Windows Firewall/Internet Connection Sharing (ICS) service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/14/2009 9:53:52 PM, error: Service Control Manager [7001] - The Fax service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/14/2009 9:53:52 PM, error: Service Control Manager [7000] - The Adobe Active File Monitor service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/14/2009 9:53:40 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
9/14/2009 9:46:40 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/14/2009 9:46:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/14/2009 9:46:12 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
9/14/2009 10:07:52 PM, error: PlugPlayManager [11] - The device Root\LEGACY_ROOTREPEAL\0000 disappeared from the system without first being prepared for removal.
9/14/2009 10:07:42 PM, information: Windows File Protection [64004] - The protected system file beep.sys could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0x00000000 [The operation completed successfully. ].
9/14/2009 10:07:42 PM, information: Windows File Protection [64003] - File replacement was attempted on the protected system file beep.sys. This file was restored to the original version to maintain system stability. The file version of the bad file is unknown.
9/14/2009 10:07:36 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file beep.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
9/14/2009 10:05:06 PM, error: Service Control Manager [7034] - The Adobe Active File Monitor service terminated unexpectedly. It has done this 1 time(s).
9/14/2009 10:05:06 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
9/14/2009 10:03:20 PM, error: SRService [104] - The System Restore initialization process failed.
9/13/2009 11:50:03 AM, error: Dhcp [1002] - The IP address lease 192.168.0.4 for the Network Card with network address 0023AE84BA0C has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
9/13/2009 10:36:00 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
9/13/2009 10:36:00 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
==== End Of File ===========================