Not sure what I did because I'm usually careful and very virus-free. I think a trial version of some audio software was the culprit.
Regardless, my browser will steer away from common help sites, (like this one!) and i get warnings and odd errors from XP, as well as from Zone Alarm (which notified me of this "jdstart.exe" file--which I did NOT allow to access the trusted zone). Computer will not hibernate.
AVG hasn't caught anything yet, but I'm currently scanning.
I disabled Zone Alarm and AVG by exiting both from the tray before running DDS.
Here's the info:
ROOTREPEAL
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/06 12:00
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================
Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA8302000 Size: 49152 File Visible: No Signed: -
Status: -
Name: srescan.sys
Image Path: srescan.sys
Address: 0xB9D02000 Size: 81920 File Visible: No Signed: -
Status: -
SSDT
-------------------
#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c69fc0
#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c66c80
#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c81170
#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c6a580
#: 047 Function Name: NtCreateProcess
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c7e900
#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c7eb10
#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c82b10
#: 056 Function Name: NtCreateWaitablePort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c6a670
#: 062 Function Name: NtDeleteFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c67210
#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c819f0
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c817a0
#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c7e280
#: 098 Function Name: NtLoadKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c81f10
#: 099 Function Name: NtLoadKey2
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c81f90
#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c67070
#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c80180
#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c7ff40
#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c826f0
#: 193 Function Name: NtReplaceKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c82150
#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c69be0
#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c82540
#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c6a190
#: 224 Function Name: NtSetInformationFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c67440
#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c814e0
#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c7f200
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8c7f080
==EOF==
DDS
DDS (Ver_09-06-26.01) - NTFSx86
Run by Shrews at 11:56:21.34 on Fri 11/06/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2038.1247 [GMT -5:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Internet\xampp\apache\bin\httpd.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
D:\Internet\xampp\apache\bin\httpd.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
D:\Internet\xampp\mysql\bin\mysqld.exe
D:\System\Norton\Agent\VProSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\wuauclt.exe
D:\System\Norton\Agent\GhostTray.exe
D:\Internet\skype\MorEmoticons\MorEmoticons.exe
C:\Documents and Settings\Shrews\Local Settings\Temp\JDstart.exe
D:\Internet\Mozilla_Firefox\firefox.exe
D:\Internet\avg\avgwdsvc.exe
D:\Internet\avg\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Shrews\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0071211
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0071211
uSearch Bar =
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - d:\internet\avg\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {7CE67716-5803-4FB7-B344-0C7A17F93B5D} - No File
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - d:\text\acrobat_6_prof\acrobat\AcroIEFavClient.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.4.2\gears.dll
BHO: ZoneAlarm Spy Blocker BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - d:\text\acrobat_6_prof\acrobat\AcroIEFavClient.dll
TB: ZoneAlarm Spy Blocker: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - d:\text\acrobat_6_prof\acrobat\AcroIEFavClient.dll
uRun: [MorEmoticons] d:\internet\skype\moremoticons\MorEmoticons.exe /Minimize
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [<NO NAME>]
mRun: [AVG8_TRAY] d:\internet\avg\avgtray.exe
mRun: [{B179023B-6238-4499-8F26-CD73E9D90E0A}] "c:\program files\mediafour\macdrive 7\MacDrive.exe"
mRun: [MDGetStarted.exe] "c:\program files\mediafour\macdrive 7\MDGetStarted.exe" /auto
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Norton Ghost 10.0] "d:\system\norton\agent\GhostTray.exe"
mRun: [ZoneAlarm Client] "d:\internet\zonealarm\zonealarm\zlclient.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x092f -f video -m logitech -d 11.70.1193.0
StartupFolder: c:\docume~1\shrews\startm~1\programs\startup\window~1.lnk - c:\documents and settings\shrews\local settings\temp\JDstart.exe
IE: Download all with Free Download Manager - file://d:\internet\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://d:\internet\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://d:\internet\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://d:\internet\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - d:\micros~1\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.4.2\gears.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\micros~1\office11\REFIEBAR.DLL
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\internet\avg\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: fccaBQJC - fccaBQJC.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {7CE67716-5803-4FB7-B344-0C7A17F93B5D} - No File
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\shrews\applic~1\mozilla\firefox\profiles\ma0zn774.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.newperspectivefilms.org
FF - component: c:\program files\google\google gears\firefox\components\gears.dll
FF - component: d:\internet\avg\firefox\components\avgssff.dll
FF - component: d:\internet\free download manager\firefox\extension\components\vmsfdmff.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: d:\internet\mozilla_firefox\plugins\NPZoneSB.dll
FF - plugin: d:\players\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\players\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\players\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\players\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\players\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\players\quicktime\plugins\npqtplugin6.dll
FF - plugin: d:\players\quicktime\plugins\npqtplugin7.dll
FF - HiddenExtension: Java Console: No Registry Reference - d:\internet\mozilla_firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2007-9-5 277888]
R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.sys [2007-2-28 19072]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-28 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-28 27784]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-10-20 353672]
R2 Apache2.2;Apache2.2;d:\internet\xampp\apache\bin\httpd.exe [2008-12-9 24636]
R2 avg8wd;AVG8 WatchDog;d:\internet\avg\avgwdsvc.exe [2009-8-17 297752]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-12-13 198256]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-12-13 165488]
R2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\drivers\datunidr.sys [2007-8-23 5376]
R2 MacDriveService;MacDriveService;c:\program files\mediafour\macdrive 7\MacDriveService.exe [2007-5-1 143360]
S2 LicCtrlService;LicCtrl Service;rundll32.exe c:\windows\mmfs.dll,service --> rundll32.exe c:\windows\mmfs.dll,Service [?]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 .paros08;.paros08; [x]
S3 aawservice;Lavasoft Ad-Aware Service;d:\internet\adaware\aawservice.exe [2008-5-12 611664]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-12-13 79472]
S3 gupdate1c93d85b83e6994;Google Update Service (gupdate1c93d85b83e6994);c:\program files\google\update\GoogleUpdate.exe [2008-11-3 133104]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2007-4-19 99200]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-3-7 29824]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-3-7 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-3-7 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-3-7 59776]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2009-5-9 822424]
=============== Created Last 30 ================
2009-11-06 11:05 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-11-06 11:05 <DIR> --d----- c:\program files\Skype
2009-11-05 23:08 <DIR> --d----- c:\program files\Skype(2)
2009-11-05 22:44 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-11-04 12:39 <DIR> a-d----- C:\gamma
==================== Find3M ====================
2009-11-02 22:37 175,104 a------- c:\windows\system32\RemoteControl.dll
2009-08-17 12:30 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-01-19 19:16 57,344 a------- c:\docume~1\shrews\applic~1\GDIPFONTCACHEV1.DAT
2008-03-23 21:51 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2006-05-03 04:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 05:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2007-12-17 07:43 27,648 ---sh--- c:\windows\system32\Smab0.dll
============= FINISH: 11:57:59.22 ===============