Inactive [InActive] Virus or Malware causing a loss of internet connection

OK, here is the brief history on this machine. A buddy of mine got it from his cousin and tried to run every kind of spyware/virus remover he could on it. Each one seemed to find and remove something different but the machine still can't connect to the internet. The connection just sits at aquiring network address and never connects. I tried installing a new NIC card to see if it just might be bad hardware and the new (to the machine) NIC card does the same thing. Here is the current HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:10:55 AM, on 4/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dllhost.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Dhcp - Unknown owner - C:\WINDOWS\TEMP\125859.exe (file missing)
O23 - Service: dmadmin - Unknown owner - C:\WINDOWS\TEMP\125796.exe (file missing)
O23 - Service: ehRecvr - Unknown owner - C:\WINDOWS\TEMP\125750.exe (file missing)
O23 - Service: IDriverT - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVSvc - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)

--
End of file - 6961 bytes

 

Sorry for not using DDS in my first post, here are the 2 files from DDS.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Compaq_Administrator at 17:06:20.26 on Fri 04/24/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446.98 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
IE: &Search -
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\compaq_administrator\start menu\programs\imvu\Run IMVU.lnk
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} - hxxp://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-23 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-21 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-21 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-21 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-4-21 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-21 298264]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 951632]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 tmcfw;tmcfw;c:\windows\system32\drivers\TM_CFW.sys [2007-9-18 333328]
S1 kcp;kcp;\??\c:\windows\system32\drivers\kcp.sys --> c:\windows\system32\drivers\kcp.sys [?]
S2 Arp1349;Arp1349; [x]
S4 Microsoft Inet Servicea;Microsoft Inet Servicea;c:\windows\system32\_svchosta.exe -a --> c:\windows\system32\_svchosta.exe -A [?]
S4 TmPfw;TmPfw;c:\progra~1\trendm~1\intern~1\tmpfw.exe --> c:\progra~1\trendm~1\intern~1\TmPfw.exe [?]

=============== Created Last 30 ================

2009-04-23 19:03 15,688 a------- c:\windows\system32\lsdelete.exe
2009-04-23 18:57 <DIR> --d----- c:\program files\a-squared Free
2009-04-23 18:55 <DIR> --d----- c:\program files\Trend Micro
2009-04-23 18:47 <DIR> --d----- c:\program files\Ashampoo
2009-04-23 18:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sunbelt
2009-04-23 18:43 <DIR> --d----- c:\program files\Sunbelt Software
2009-04-23 18:43 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-04-23 18:42 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-23 18:42 <DIR> --d----- c:\program files\Lavasoft
2009-04-23 18:06 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-04-23 18:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-04-22 09:14 <DIR> --d----- C:\softpaq
2009-04-21 21:56 <DIR> --d----- c:\windows\system32\appmgmt
2009-04-21 20:26 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-04-21 20:25 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Malwarebytes
2009-04-21 20:25 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-21 20:25 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-21 20:25 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-21 20:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-21 20:18 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-21 20:18 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-04-21 20:18 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-04-21 20:18 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-04-21 20:18 <DIR> --d----- c:\docume~1\compaq~1\applic~1\AVGTOOLBAR
2009-04-21 20:18 <DIR> --d----- c:\program files\AVG
2009-04-21 20:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-04-21 20:03 <DIR> --d----- c:\windows\pss
2009-04-21 19:52 0 a------- C:\7B.tmp
2009-04-21 19:52 0 a------- C:\7A.tmp
2009-04-21 19:52 0 a------- C:\79.tmp
2009-04-21 19:52 0 a------- C:\78.tmp
2009-04-21 19:52 0 a------- C:\77.tmp
2009-04-21 19:52 0 a------- C:\76.tmp
2009-04-21 19:52 0 a------- C:\75.tmp
2009-04-21 19:52 0 a------- C:\74.tmp
2009-04-21 19:50 0 a------- C:\44.tmp
2009-04-21 19:50 0 a------- C:\43.tmp
2009-04-21 19:50 0 a------- C:\42.tmp
2009-04-21 19:50 0 a------- C:\41.tmp
2009-04-21 19:50 0 a------- C:\40.tmp
2009-04-21 19:50 0 a------- C:\3F.tmp
2009-04-21 19:49 0 a------- C:\3E.tmp
2009-04-21 19:49 0 a------- C:\3D.tmp
2009-04-21 19:40 0 a------- C:\12.tmp
2009-04-21 19:40 0 a------- C:\11.tmp
2009-04-21 19:40 0 a------- C:\10.tmp
2009-04-21 19:40 0 a------- C:\F.tmp
2009-04-21 19:40 0 a------- C:\E.tmp
2009-04-21 19:40 0 a------- C:\D.tmp
2009-04-21 19:40 0 a------- C:\C.tmp
2009-04-21 19:40 0 a------- C:\B.tmp
2009-04-21 19:00 161,792 a------- c:\windows\SWREG.exe
2009-04-21 19:00 98,816 a------- c:\windows\sed.exe

==================== Find3M ====================

2008-12-23 15:21 1,260 a------- c:\docume~1\compaq~1\applic~1\wklnhst.dat

============= FINISH: 17:07:00.09 ===============

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/25/2006 9:59:40 AM
System Uptime: 4/24/2009 8:38:47 AM (9 hours ago)

Motherboard: ASUSTek Computer INC. | | NAOS
Processor: AMD Athlon(tm) 64 Processor 3500+ | Socket AM2 | 2204/199mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 178 GiB total, 169.149 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 0.561 GiB free.
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP3: 4/23/2009 6:43:57 PM - Installed CounterSpy.
RP4: 4/23/2009 7:46:29 PM - Removed CounterSpy.

==== Installed Programs ======================

Ad-Aware
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.5
Adobe Shockwave Player
AVG 8.5
BufferChm
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CueTour
Data Fax SoftModem with SmartCP
Destinations
DeviceManagementQFolder
FullDPAppQFolder
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB935448)
HP Boot Optimizer
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Software Update
HP Support Overview
HP Web Helper
HPPhotoSmartExpress
HpSdpAppCoreApp
InstantShareDevices
J2SE Runtime Environment 5.0 Update 6
LightScribe 1.4.105.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Away Mode
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSXML 4.0 SP2 (KB936181)
NVIDIA Drivers
OptionalContentQFolder
PhotoGallery
Quicken 2006
RandMap
RealPlayer
Realtek High Definition Audio Driver
Rhapsody
Rhapsody Player Engine
RollerCoaster Tycoon
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB943460)
SkinsHP1
SlideShow
SlideShowMusic
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Spybot - Search & Destroy
Unload
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update Rollup 2 for Windows XP Media Center Edition 2005
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067

==== Event Viewer Messages From Past Week ========

4/23/2009 7:03:29 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\msdtc.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 2001.12.4414.258.
4/23/2009 7:03:29 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\locator.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.2180.
4/21/2009 8:59:28 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep IntelIde ViaIde
4/21/2009 8:53:33 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file beep.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
4/21/2009 8:38:48 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\mnmsrvc.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.2180.
4/21/2009 8:26:43 PM, error: Service Control Manager [7034] - The Microsoft Inet Servicea service terminated unexpectedly. It has done this 1 time(s).
4/21/2009 8:13:03 PM, error: Service Control Manager [7000] - The RasMan service failed to start due to the following error: The system cannot find the file specified.
4/21/2009 8:12:58 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
4/21/2009 8:12:58 PM, error: Service Control Manager [7000] - The NVSvc service failed to start due to the following error: The system cannot find the file specified.
4/21/2009 8:12:58 PM, error: Service Control Manager [7000] - The Dhcp service failed to start due to the following error: The system cannot find the file specified.
4/21/2009 8:12:58 PM, error: Service Control Manager [7000] - The AudioSrv service failed to start due to the following error: The system cannot find the file specified.
4/21/2009 8:12:58 PM, error: Service Control Manager [7000] - The ARSVC service failed to start due to the following error: The system cannot find the file specified.
4/21/2009 7:50:23 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\imapi.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.2180.
4/21/2009 7:50:07 PM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service ehRecvr with arguments "-Service" in order to run the server: {F4396DC6-E851-4D3A-8D01-34E6949F3500}
4/21/2009 7:50:06 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ImapiService service to connect.
4/21/2009 7:50:06 PM, error: Service Control Manager [7000] - The ImapiService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/21/2009 7:49:51 PM, error: Service Control Manager [7022] - The SharedAccess service hung on starting.
4/21/2009 7:49:51 PM, error: Service Control Manager [7000] - The SfCtlCom service failed to start due to the following error: The system cannot find the file specified.
4/21/2009 7:49:51 PM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service SfCtlCom with arguments " " in order to run the server: {1A65BAB7-30B1-4FB7-BC13-D00C28FCF605}
4/21/2009 7:43:23 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\drivers\ip6fw.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.2180.
4/21/2009 7:41:57 PM, error: Service Control Manager [7034] - The Microsoft Inet Service service terminated unexpectedly. It has done this 1 time(s).
4/21/2009 7:41:41 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\ehome\ehsched.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2710.2732.
4/21/2009 7:41:36 PM, information: Windows File Protection [64021] - The system file c:\windows\ehome\ehsched.exe could not be copied into the DLL cache. The specific error code is 0x00000000 [The operation completed successfully. ]. This file is necessary to maintain system stability.
4/21/2009 7:41:32 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep ctl_w32 IntelIde ViaIde
4/21/2009 7:41:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SfCtlCom service to connect.
4/21/2009 7:41:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the NVSvc service to connect.
4/21/2009 7:41:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ehSched service to connect.
4/21/2009 7:41:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ehRecvr service to connect.
4/21/2009 7:41:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ARSVC service to connect.
4/21/2009 7:41:32 PM, error: Service Control Manager [7000] - The SfCtlCom service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/21/2009 7:41:32 PM, error: Service Control Manager [7000] - The NVSvc service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/21/2009 7:41:32 PM, error: Service Control Manager [7000] - The ehSched service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/21/2009 7:41:32 PM, error: Service Control Manager [7000] - The ARSVC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/21/2009 7:12:13 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service ehSched with arguments "-Service" in order to run the server: {4B635ECB-0887-4015-8CA6-D621362F98D1}
4/21/2009 6:39:07 PM, error: Service Control Manager [7023] - The Browser service terminated with the following error: This operation returned because the timeout period expired.
4/21/2009 6:34:42 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service SfCtlCom with arguments " " in order to run the server: {1A65BAB7-30B1-4FB7-BC13-D00C28FCF605}
4/21/2009 10:04:43 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\ups.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.2180.
4/21/2009 10:04:43 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\tlntsvr.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.2180.
4/21/2009 10:04:31 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\smlogsvc.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.2180.
4/21/2009 10:04:31 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\sessmgr.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.2180.
4/21/2009 10:04:25 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\scardsvr.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.2180.
4/21/2009 10:04:25 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\rsvp.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
4/21/2009 10:03:47 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\netdde.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.2180.

==== End Of File ===========================

 

Hi and welcome.

If this computer cannot connect to the internet download and transfer by USB/Flash drive or other removable media.


Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3





--------------------------------------------------------------------
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

(Click on this link to see a list of programs that should be disabled.)
http://www.bleepingcomputer.com/forums/topic114351.html

Please leave the flash drive plugged in while completing the following.

Double click on Combo-Fix.exe & follow the prompts.

Please allow ComboFix to install, if needed, Windows Recovery Console. It is a simple procedure that will only take a few moments of your time.

No Validation is Required.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.



** Please Note:
At times ComboFix may appear to stall, please be patient.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

Please only run the tool once, ty.

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

You may need several replies to post the requested logs, otherwise they might get cut off.