Thanks in advance. This has always been an endlessly fantastic resource!

Not sure what I did because I'm usually careful and very virus-free. I think a trial version of some audio software was the culprit.

Regardless, my browser will steer away from common help sites, (like this one!) and i get warnings and odd errors from XP, as well as from Zone Alarm (which notified me of this "jdstart.exe" file--which I did NOT allow to access the trusted zone). Computer will not hibernate.

AVG hasn't caught anything yet, but I'm currently scanning.

I disabled Zone Alarm and AVG by exiting both from the tray before running DDS.

Here's the info:

ROOTREPEAL

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/06 12:00
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA8302000 Size: 49152 File Visible: No Signed: -
Status: -

Name: srescan.sys
Image Path: srescan.sys
Address: 0xB9D02000 Size: 81920 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c69fc0

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c66c80

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c81170

#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c6a580

#: 047 Function Name: NtCreateProcess
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c7e900

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c7eb10

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c82b10

#: 056 Function Name: NtCreateWaitablePort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c6a670

#: 062 Function Name: NtDeleteFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c67210

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c819f0

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c817a0

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c7e280

#: 098 Function Name: NtLoadKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c81f10

#: 099 Function Name: NtLoadKey2
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c81f90

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c67070

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c80180

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c7ff40

#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c826f0

#: 193 Function Name: NtReplaceKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c82150

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c69be0

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c82540

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c6a190

#: 224 Function Name: NtSetInformationFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c67440

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c814e0

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c7f200

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c7f080

==EOF==


DDS

DDS (Ver_09-06-26.01) - NTFSx86
Run by Shrews at 11:56:21.34 on Fri 11/06/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2038.1247 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Internet\xampp\apache\bin\httpd.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
D:\Internet\xampp\apache\bin\httpd.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
D:\Internet\xampp\mysql\bin\mysqld.exe
D:\System\Norton\Agent\VProSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\wuauclt.exe
D:\System\Norton\Agent\GhostTray.exe
D:\Internet\skype\MorEmoticons\MorEmoticons.exe
C:\Documents and Settings\Shrews\Local Settings\Temp\JDstart.exe
D:\Internet\Mozilla_Firefox\firefox.exe
D:\Internet\avg\avgwdsvc.exe
D:\Internet\avg\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Shrews\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0071211
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0071211
uSearch Bar =
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - d:\internet\avg\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {7CE67716-5803-4FB7-B344-0C7A17F93B5D} - No File
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - d:\text\acrobat_6_prof\acrobat\AcroIEFavClient.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.4.2\gears.dll
BHO: ZoneAlarm Spy Blocker BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - d:\text\acrobat_6_prof\acrobat\AcroIEFavClient.dll
TB: ZoneAlarm Spy Blocker: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - d:\text\acrobat_6_prof\acrobat\AcroIEFavClient.dll
uRun: [MorEmoticons] d:\internet\skype\moremoticons\MorEmoticons.exe /Minimize
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [<NO NAME>]
mRun: [AVG8_TRAY] d:\internet\avg\avgtray.exe
mRun: [{B179023B-6238-4499-8F26-CD73E9D90E0A}] "c:\program files\mediafour\macdrive 7\MacDrive.exe"
mRun: [MDGetStarted.exe] "c:\program files\mediafour\macdrive 7\MDGetStarted.exe" /auto
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Norton Ghost 10.0] "d:\system\norton\agent\GhostTray.exe"
mRun: [ZoneAlarm Client] "d:\internet\zonealarm\zonealarm\zlclient.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x092f -f video -m logitech -d 11.70.1193.0
StartupFolder: c:\docume~1\shrews\startm~1\programs\startup\window~1.lnk - c:\documents and settings\shrews\local settings\temp\JDstart.exe
IE: Download all with Free Download Manager - file://d:\internet\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://d:\internet\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://d:\internet\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://d:\internet\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - d:\micros~1\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.4.2\gears.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\micros~1\office11\REFIEBAR.DLL
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\internet\avg\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: fccaBQJC - fccaBQJC.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {7CE67716-5803-4FB7-B344-0C7A17F93B5D} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\shrews\applic~1\mozilla\firefox\profiles\ma0zn774.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.newperspectivefilms.org
FF - component: c:\program files\google\google gears\firefox\components\gears.dll
FF - component: d:\internet\avg\firefox\components\avgssff.dll
FF - component: d:\internet\free download manager\firefox\extension\components\vmsfdmff.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: d:\internet\mozilla_firefox\plugins\NPZoneSB.dll
FF - plugin: d:\players\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\players\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\players\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\players\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\players\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\players\quicktime\plugins\npqtplugin6.dll
FF - plugin: d:\players\quicktime\plugins\npqtplugin7.dll
FF - HiddenExtension: Java Console: No Registry Reference - d:\internet\mozilla_firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2007-9-5 277888]
R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.sys [2007-2-28 19072]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-28 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-28 27784]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-10-20 353672]
R2 Apache2.2;Apache2.2;d:\internet\xampp\apache\bin\httpd.exe [2008-12-9 24636]
R2 avg8wd;AVG8 WatchDog;d:\internet\avg\avgwdsvc.exe [2009-8-17 297752]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-12-13 198256]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-12-13 165488]
R2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\drivers\datunidr.sys [2007-8-23 5376]
R2 MacDriveService;MacDriveService;c:\program files\mediafour\macdrive 7\MacDriveService.exe [2007-5-1 143360]
S2 LicCtrlService;LicCtrl Service;rundll32.exe c:\windows\mmfs.dll,service --> rundll32.exe c:\windows\mmfs.dll,Service [?]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 .paros08;.paros08; [x]
S3 aawservice;Lavasoft Ad-Aware Service;d:\internet\adaware\aawservice.exe [2008-5-12 611664]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-12-13 79472]
S3 gupdate1c93d85b83e6994;Google Update Service (gupdate1c93d85b83e6994);c:\program files\google\update\GoogleUpdate.exe [2008-11-3 133104]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2007-4-19 99200]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-3-7 29824]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-3-7 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-3-7 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-3-7 59776]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2009-5-9 822424]

=============== Created Last 30 ================

2009-11-06 11:05 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-11-06 11:05 <DIR> --d----- c:\program files\Skype
2009-11-05 23:08 <DIR> --d----- c:\program files\Skype(2)
2009-11-05 22:44 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-11-04 12:39 <DIR> a-d----- C:\gamma

==================== Find3M ====================

2009-11-02 22:37 175,104 a------- c:\windows\system32\RemoteControl.dll
2009-08-17 12:30 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-01-19 19:16 57,344 a------- c:\docume~1\shrews\applic~1\GDIPFONTCACHEV1.DAT
2008-03-23 21:51 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2006-05-03 04:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 05:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2007-12-17 07:43 27,648 ---sh--- c:\windows\system32\Smab0.dll

============= FINISH: 11:57:59.22 ===============

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.