Solved possible virus

[Resolved] possible virus

I have a desktop computer that is connected to the internet. As of today i cannot go to any webpages. IE starts to go to the page then, then it goes to a blank page. Please help.
Gary

 

Welcome to WindowsBBS Garyogle

You will need to transfer some files to and from the computer until we can get the computer's internet working again. Please download DDS and save it to your desktop.

• Disable any script blocking protection
• Double click dds.scr to run the tool.
• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt
• Save both reports to your desktop.

Please include the contents of both logs in your next reply. The scan will instruct you to post the attach log as an attachment. No need for that though ..... just post it as you would any other log.

 

DDS (Version 1.1.0) - NTFSx86
Run by SAHAI at 23:05:01.03 on Mon 12/22/2008
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.291 [GMT -3:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\UPSMON\UPSMON_Service.Exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\UPSMON\UPSUSBInt2.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\UPSMON\UPSMON.exe
C:\Program Files\Snappy Fax Version 4\sfpagent.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Desktop Calendar\Desktop Calendar.exe
C:\Program Files\Snappy Fax Version 4\sf4.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\SAHAI\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: AmskerBar: {B05D1A1E-9F4C-4CCE-91AD-DB5CFF9796DD} - c:\windows\system32\hozr.dll
BHO: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - c:\program files\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Free Download Manager] "c:\program files\free download manager\fdm.exe" -autorun
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Desktop Calendar] c:\program files\desktop calendar\Desktop Calendar.exe
uRun: [Snappy Fax] c:\program files\snappy fax version 4\sf4.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [VTTimer] VTTimer.exe
mRun: [VTTrayp] VTtrayp.exe
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [NWEReboot]
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [UPSMON] c:\program files\upsmon\UPSMON.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Snappy Fax Printer Agent] "c:\program files\snappy fax version 4\sfpagent.exe "
mRun: [LiveMonitor] c:\program files\msi\live update 3\LMonitor.exe
mRun: [Snappy Fax Printer virtual printer agent] "c:\program files\snappy fax version 4\sfpagent.exe "
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\audiod~1.lnk - c:\program files\via technologies, inc\via audio driver setup program\audiodeck\AudioDeck.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\windows\installer\{0cd3bb5c-bbca-11d2-8c20-00c04fbbcff9}\A94AAB13.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pcaler~1.lnk - c:\program files\msi\pc alert 4\PCAlert4.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2007-7-11 17920]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-23 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-7-11 26824]
R2 a2free;a-squared Free Service; "c:\program files\a-squared free\a2service.exe" [2008-12-22 419448]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-6 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-6 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-23 76040]
R3 PCAlertDriver;PCAlertDriver;\??\c:\program files\msi\pc alert 4\NTGLM7X.sys [2007-8-4 28160]
S1 ITE8872;ITE8872 PCI Super IO Driver;c:\windows\system32\drivers\ITE8872.sys [2007-7-12 50636]
S2 ITE8872par;ITE8872 Parallel Driver;c:\windows\system32\drivers\ITE8872par.sys [2007-7-12 54528]
S2 ITE8872ser;ITE8872 Serial Driver;c:\windows\system32\drivers\ITE8872ser.sys [2007-7-12 79176]
S3 Vsp;Vsp;\??\c:\windows\system32\drivers\Vsp.sys [2008-8-17 3351]

=============== Created Last 30 ================

2008-12-22 22:13 <DIR> --d----- c:\program files\a-squared Free
2008-12-21 07:34 21,446 a------- c:\windows\system32\sf.ico
2008-12-21 07:34 13,942 a------- c:\windows\system32\m3.ico
2008-12-21 07:34 13,942 a------- c:\windows\system32\c.ico
2008-12-21 07:34 11,062 a------- c:\windows\system32\p.ico
2008-12-21 07:34 7,662 a------- c:\windows\system32\m.ico
2008-12-21 07:34 4,286 a------- c:\windows\system32\s.ico
2008-12-21 07:34 3,095 a------- c:\windows\ios.dat
2008-12-21 07:34 106,496 a------- c:\windows\system32\hozr.dll
2008-12-20 17:22 186,500 a------- c:\windows\system32\nvapps.xml
2008-12-20 17:22 <DIR> --d----- c:\windows\nview
2008-12-20 17:22 446,464 a------- c:\windows\system32\nvudisp.exe
2008-12-20 17:22 18,070 a------- c:\windows\system32\nvdisp.nvu
2008-12-20 17:21 446,464 a------- c:\windows\system32\NVUNINST.EXE
2008-12-20 17:21 <DIR> --d----- C:\NVIDIA
2008-12-20 16:31 <DIR> --d----- c:\program files\SystemRequirementsLab
2008-12-14 12:56 <DIR> --d-h--- c:\windows\PIF
2008-12-14 08:42 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-13 07:16 23,680 a------- c:\windows\system32\drivers\motmodem.sys

==================== Find3M ====================

2008-11-11 09:26 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2008-10-24 08:21 455,296 a------- c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 09:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-16 17:38 826,368 a------- c:\windows\system32\wininet.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-03 07:02 247,326 a------- c:\windows\system32\strmdll.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-28 15:38 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-04-11 10:46 92,064 a------- c:\documents and settings\sahai\mqdmmdm.sys
2008-04-11 10:46 79,328 a------- c:\documents and settings\sahai\mqdmserd.sys
2008-04-11 10:46 66,656 a------- c:\documents and settings\sahai\mqdmbus.sys
2008-04-11 10:46 25,600 a------- c:\documents and settings\sahai\usbsermptxp.sys
2008-04-11 10:46 22,768 a------- c:\documents and settings\sahai\usbsermpt.sys
2008-04-11 10:46 9,232 a------- c:\documents and settings\sahai\mqdmmdfl.sys
2008-04-11 10:46 6,208 a------- c:\documents and settings\sahai\mqdmcmnt.sys
2008-04-11 10:46 5,936 a------- c:\documents and settings\sahai\mqdmwhnt.sys
2008-04-11 10:46 4,048 a------- c:\documents and settings\sahai\mqdmcr.sys
2007-04-06 06:40 118,784 a----r-- c:\program files\MSP_Uninstall.exe
2007-04-04 12:24 90,112 a----r-- c:\program files\axesstel.dll

============= FINISH: 23:05:32.60 ===============

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Version 1.0)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 7/11/2007 5:37:12 PM
System Uptime: 12/22/2008 10:03:39 PM (1 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7312
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket AM2 | 1999/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 98 GiB total, 46.291 GiB free.
D: is FIXED (NTFS) - 51 GiB total, 29.579 GiB free.
E: is CDROM ()
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 12/22/2008 10:07:07 PM - System Checkpoint

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
a-squared Free 4.0
Acrobat.com
Adobe AIR
Adobe Flash Player ActiveX
Adobe Reader 9
ArcGIS Explorer
AutoUpdate
Avanquest update
AVG Free 8.0
Calculator Powertoy for Windows XP
CCScore
ClearType Tuning Control Panel Applet
Desktop Calendar 0.42b
DivX Codec
DivX Converter
DivX Player
DivX Web Player
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Free Download Manager 2.5
Google Earth
Google Toolbar for Internet Explorer
Google Updater
GPS Database Loader
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP PrecisionScan LTX
ITE887x Uninstall
iTunes
Java(TM) 6 Update 11
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 6
kgcbase
Kodak EasyShare software
KSU
Magnifier Powertoy for Windows XP
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Flight Simulator X
Microsoft Flight Simulator X Service Pack 1
Microsoft Home Publishing 2000
Microsoft Home Publishing 2000: Additional Art
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Motorola Driver Installation 3.4.0
Motorola Phone Tools
MSI Live Update 3
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Nero 7 Essentials
netbrdg
Notifier
NVIDIA Drivers
OfotoXMI
OpenOffice.org 2.4
PC Alert 4
Platform
Power CD+G Burner
QuickTime
Ralink Wireless LAN Card
Realtek AC'97 Audio
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
S3 S3TrayPlus
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
SFR
SHASTA
skin0001
SKINXSDK
Skype™ 3.8
Snappy Fax Version 4
Spelling Dictionaries Support For Adobe Reader 8
SpywareBlaster v3.5.1
staticcr
System Requirements Lab
tooltips
Tweak UI
Ulead VideoStudio 8.0 SE Basic
UniChrome Pro IGP Display Driver and Utilities
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb958619)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
UPSMON Plus for Windows
VIA Audio Driver Setup Program
VIA Platform Device Manager
VIA Rhine-Family Fast-Ethernet Adapter
VIA/S3G Display Driver
Virtual Desktop Manager Powertoy for Windows XP
VPRINTOL
WebFldrs XP
Windows Communication Foundation
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Service Pack 3
WIRELESS
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

12/18/2008 9:45:15 AM, error: ipnathlp [30013] - The DHCP allocator has disabled itself on IP address 10.10.0.37, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, please change the scope to include the IP address, or change the IP address to fall within the scope.
12/18/2008 9:41:22 AM, error: ipnathlp [30013] - The DHCP allocator has disabled itself on IP address 10.10.2.213, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, please change the scope to include the IP address, or change the IP address to fall within the scope.
12/18/2008 9:40:46 AM, error: ipnathlp [30013] - The DHCP allocator has disabled itself on IP address 10.5.10.213, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, please change the scope to include the IP address, or change the IP address to fall within the scope.
12/18/2008 9:36:25 AM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 0019DBA1DF63 has been denied by the DHCP server 10.10.1.1 (The DHCP Server sent a DHCPNACK message).
12/17/2008 6:13:48 PM, error: ipnathlp [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.100, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, please change the scope to include the IP address, or change the IP address to fall within the scope.
12/17/2008 6:13:44 PM, error: Dhcp [1002] - The IP address lease 10.10.0.75 for the Network Card with network address 0019DBA1DF63 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
12/17/2008 5:51:50 PM, error: ipnathlp [30013] - The DHCP allocator has disabled itself on IP address 10.10.0.75, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, please change the scope to include the IP address, or change the IP address to fall within the scope.
12/17/2008 5:51:46 PM, error: Dhcp [1002] - The IP address lease 0.0.0.0 for the Network Card with network address 0019DBA1DF63 has been denied by the DHCP server 66.178.39.121 (The DHCP Server sent a DHCPNACK message).
12/17/2008 5:36:15 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 0019DBA1DF63 has been denied by the DHCP server 66.178.39.121 (The DHCP Server sent a DHCPNACK message).
12/17/2008 5:22:18 PM, error: Parallel [3] -
12/16/2008 9:32:45 PM, error: ipnathlp [30013] - The DHCP allocator has disabled itself on IP address 10.0.5.164, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, please change the scope to include the IP address, or change the IP address to fall within the scope.
12/16/2008 9:28:20 PM, error: ipnathlp [30013] - The DHCP allocator has disabled itself on IP address 10.0.1.160, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, please change the scope to include the IP address, or change the IP address to fall within the scope.
12/16/2008 9:10:09 PM, error: NetBT [4321] - The name "MSHOME :1d" could not be registered on the Interface with IP address 10.10.0.49. The machine with the IP address 10.10.0.12 did not allow the name to be claimed by this machine.
12/16/2008 8:39:58 PM, error: Dhcp [1002] - The IP address lease 10.10.0.49 for the Network Card with network address 0019DBA1DF63 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/16/2008 8:38:39 PM, error: ipnathlp [30013] - The DHCP allocator has disabled itself on IP address 10.10.0.49, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, please change the scope to include the IP address, or change the IP address to fall within the scope.
12/16/2008 8:38:31 PM, error: ipnathlp [30013] - The DHCP allocator has disabled itself on IP address 169.254.4.108, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, please change the scope to include the IP address, or change the IP address to fall within the scope.
12/16/2008 6:40:15 PM, error: ipnathlp [31008] - The DNS proxy agent was unable to read the local list of name-resolution servers from the registry. The data is the error code.
12/16/2008 6:11:11 PM, error: Dhcp [1002] - The IP address lease 10.10.0.49 for the Network Card with network address 0019DBA1DF63 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
12/16/2008 6:05:30 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 0019DBA1DF63 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/18/2008 10:30:55 AM, error: Dhcp [1002] - The IP address lease 10.10.0.37 for the Network Card with network address 0019DBA1DF63 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
12/18/2008 10:50:26 AM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.101 with the system having network hardware address 00:19:7E:0B:A4:61. Network operations on this system may be disrupted as a result.
12/22/2008 8:30:35 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/22/2008 8:31:18 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
12/22/2008 8:31:18 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/22/2008 8:31:18 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
12/22/2008 8:31:18 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/22/2008 8:31:18 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 AvgLdx86 AvgMfx86 Fips IPSec MRxSmb NetBIOS NetBT Parport RasAcd Rdbss Tcpip
12/22/2008 8:31:30 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

==== End Of File ===========================

 

Download ComboFix by sUBs from here, saving the file to your desktop.


Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

File::
c:\windows\system32\sf.ico
c:\windows\system32\m3.ico
c:\windows\system32\c.ico
c:\windows\system32\p.ico
c:\windows\system32\m.ico
c:\windows\system32\s.ico
c:\windows\ios.dat
c:\windows\system32\hozr.dll

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log here.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

**NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.


Let me know if the computer is now able to connect.

 

ComboFix 08-12-21.04 - SAHAI 2008-12-23 0:26:07.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.504 [GMT -3:00]
Running from: c:\documents and settings\SAHAI\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\SAHAI\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\ios.dat
c:\windows\system32\c.ico
c:\windows\system32\hozr.dll
c:\windows\system32\m.ico
c:\windows\system32\m3.ico
c:\windows\system32\p.ico
c:\windows\system32\s.ico
c:\windows\system32\sf.ico
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\SAHAI\Favorites\Cheap Pharmacy Online.url
c:\documents and settings\SAHAI\Favorites\Error Cleaner.url
c:\documents and settings\SAHAI\Favorites\Privacy Protector.url
c:\documents and settings\SAHAI\Favorites\Search Online.url
c:\documents and settings\SAHAI\Favorites\SMS TRAP.url
c:\documents and settings\SAHAI\Favorites\Spyware&Malware Protection.url
c:\documents and settings\SAHAI\Favorites\VIP Casino.url
c:\documents and settings\SAHAI\Start Menu\Cheap Pharmacy Online.url
c:\documents and settings\SAHAI\Start Menu\Search Online.url
c:\documents and settings\SAHAI\Start Menu\SMS TRAP.url
c:\documents and settings\SAHAI\Start Menu\VIP Casino.url
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\dat.txt
c:\windows\ios.dat
c:\windows\privacy_danger
c:\windows\privacy_danger\images\spacer.gif
c:\windows\system32\c.ico
c:\windows\system32\hozr.dll
c:\windows\system32\m.ico
c:\windows\system32\m3.ico
c:\windows\system32\p.ico
c:\windows\system32\s.ico
c:\windows\system32\sf.ico

.
((((((((((((((((((((((((( Files Created from 2008-11-23 to 2008-12-23 )))))))))))))))))))))))))))))))
.

2008-12-22 23:41 . 2008-12-22 23:41 <DIR> d-------- c:\program files\Trend Micro
2008-12-22 22:13 . 2008-12-22 23:22 <DIR> d-------- c:\program files\a-squared Free
2008-12-20 17:36 . 2008-12-20 17:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\nView_Profiles
2008-12-20 17:22 . 2008-12-20 17:22 <DIR> d-------- c:\windows\nview
2008-12-20 17:22 . 2008-05-16 14:01 446,464 --a------ c:\windows\system32\nvudisp.exe
2008-12-20 17:22 . 2008-12-22 22:04 186,500 --a------ c:\windows\system32\nvapps.xml
2008-12-20 17:22 . 2008-05-16 14:01 18,070 --a------ c:\windows\system32\nvdisp.nvu
2008-12-20 17:21 . 2008-12-20 17:21 <DIR> d-------- C:\NVIDIA
2008-12-20 17:21 . 2008-05-16 11:48 446,464 --a------ c:\windows\system32\NVUNINST.EXE
2008-12-20 16:31 . 2008-12-20 16:31 <DIR> d-------- c:\program files\SystemRequirementsLab
2008-12-18 11:25 . 2008-12-18 11:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2008-12-14 12:56 . 2008-12-14 12:56 <DIR> d--h----- c:\windows\PIF
2008-12-14 12:54 . 2008-12-14 12:54 <DIR> d-------- c:\documents and settings\Administrator
2008-12-14 08:42 . 2008-12-14 08:41 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-13 07:16 . 2007-06-18 14:18 23,680 --a------ c:\windows\system32\drivers\motmodem.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-23 03:10 --------- d-----w c:\documents and settings\SAHAI\Application Data\Snappy Fax
2008-12-23 03:09 --------- d-----w c:\documents and settings\SAHAI\Application Data\Skype
2008-12-23 03:09 --------- d-----w c:\documents and settings\SAHAI\Application Data\Free Download Manager
2008-12-23 03:05 --------- d-----w c:\documents and settings\SAHAI\Application Data\skypePM
2008-12-23 01:11 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-23 01:10 --------- d-----w c:\program files\SpywareBlaster
2008-12-21 16:44 --------- d-----w c:\program files\Microsoft Home Publishing 2000
2008-12-14 15:52 --------- d-----w c:\program files\Setup Files
2008-12-14 11:41 --------- d-----w c:\program files\Java
2008-12-13 10:17 --------- d-----w c:\program files\Motorola Phone Tools
2008-12-13 10:15 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-12 20:12 --------- d-----w c:\program files\LiveUpdate
2008-12-11 01:04 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-30 22:50 --------- d-----w c:\program files\Snappy Fax Version 4
2008-11-17 18:58 --------- d-----w c:\program files\MSI
2008-11-15 13:14 --------- d-----w c:\program files\Common Files\Skype
2008-11-11 12:26 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-11-11 11:30 --------- d-----w c:\program files\Skype
2008-11-11 11:30 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-11-05 23:08 --------- d-----w c:\documents and settings\SAHAI\Application Data\Snappy Fax Archives
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 17:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 17:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 17:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 17:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 17:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 17:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 17:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 17:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 17:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 17:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 19:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-04-11 13:46 92,064 ----a-w c:\documents and settings\SAHAI\mqdmmdm.sys
2008-04-11 13:46 9,232 ----a-w c:\documents and settings\SAHAI\mqdmmdfl.sys
2008-04-11 13:46 79,328 ----a-w c:\documents and settings\SAHAI\mqdmserd.sys
2008-04-11 13:46 66,656 ----a-w c:\documents and settings\SAHAI\mqdmbus.sys
2008-04-11 13:46 6,208 ----a-w c:\documents and settings\SAHAI\mqdmcmnt.sys
2008-04-11 13:46 5,936 ----a-w c:\documents and settings\SAHAI\mqdmwhnt.sys
2008-04-11 13:46 4,048 ----a-w c:\documents and settings\SAHAI\mqdmcr.sys
2008-04-11 13:46 25,600 ----a-w c:\documents and settings\SAHAI\usbsermptxp.sys
2008-04-11 13:46 22,768 ----a-w c:\documents and settings\SAHAI\usbsermpt.sys
2007-04-06 09:40 118,784 ----a-r c:\program files\MSP_Uninstall.exe
2007-04-04 15:24 90,112 ----a-r c:\program files\axesstel.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-11 68856]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Free Download Manager "= "c:\program files\Free Download Manager\fdm.exe" [2008-02-25 2465839]
"Messenger (Yahoo!) "= "c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-05-27 4269296]
"Desktop Calendar "= "c:\program files\Desktop Calendar\Desktop Calendar.exe" [2003-10-31 442368]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1 "= "c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"MSPY2002 "= "c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2006-02-23 278528]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2007-07-11 155648]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]
"NeroFilterCheck "= "c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"InCD "= "c:\program files\Nero\Nero 7\InCD\InCD.exe" [2006-05-30 542208]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"UPSMON "= "c:\program files\UPSMON\UPSMON.exe" [2007-12-05 433664]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Snappy Fax Printer Agent "= "c:\program files\Snappy Fax Version 4\sfpagent.exe" [2007-07-19 94208]
"LiveMonitor "= "c:\program files\MSI\Live Update 3\LMonitor.exe" [2008-04-30 498176]
"Snappy Fax Printer virtual printer agent "= "c:\program files\Snappy Fax Version 4\sfpagent.exe" [2007-07-19 94208]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"VTTimer "= "VTTimer.exe" [2005-03-07 c:\windows\system32\VTTimer.exe]
"VTTrayp "= "VTtrayp.exe" [2006-03-23 c:\windows\system32\VTTrayp.exe]
"SoundMan "= "SOUNDMAN.EXE" [2006-11-17 c:\windows\soundman.exe]
"nwiz "= "nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AudioDeck.lnk - c:\program files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe [2008-08-17 581632]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 282624]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 16423]
Microsoft Works Calendar Reminders.lnk - c:\windows\Installer\{0CD3BB5C-BBCA-11D2-8C20-00C04FBBCFF9}\A94AAB13.exe [2007-07-10 30720]
PC Alert 4.lnk - c:\program files\MSI\PC Alert 4\PCAlert4.exe [2007-08-04 552960]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2007-07-11 602112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm "= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe "=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe "=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\DRIVERS\xfilt.sys [2007-07-11 17920]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-23 97928]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-06 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-06 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-05-23 76040]
S1 ITE8872;ITE8872 PCI Super IO Driver;c:\windows\system32\drivers\ITE8872.sys [2007-07-12 50636]
S2 ITE8872par;ITE8872 Parallel Driver;c:\windows\system32\drivers\ITE8872par.sys [2007-07-12 54528]
S2 ITE8872ser;ITE8872 Serial Driver;c:\windows\system32\drivers\ITE8872ser.sys [2007-07-12 79176]
S3 Vsp;Vsp;\??\c:\windows\system32\drivers\Vsp.sys [2008-08-17 3351]

*Newly Created Service* - A2FREE
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-12-18 c:\windows\Tasks\dfrg.job
- c:\windows\system32\dfrg.msc [2004-08-04 09:00]

2008-12-17 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2008-04-13 21:12]
.
- - - - ORPHANS REMOVED - - - -

BHO-{B05D1A1E-9F4C-4CCE-91AD-DB5CFF9796DD} - c:\windows\system32\hozr.dll
HKLM-Run-NWEReboot - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\sysreqlab_srl.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
c:\windows\Downloaded Program Files\sysreqlab.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-23 00:27:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\SAHAI\LOCALS~1\Temp\838B79.dmp 26824 bytes
c:\docume~1\SAHAI\LOCALS~1\Temp\8b64_appcompat.txt 33048 bytes

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\avgrsstx.dll

- - - - - - - > 'lsass.exe'(748)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2008-12-23 0:28:36
ComboFix-quarantined-files.txt 2008-12-23 03:27:32

Pre-Run: 50,097,594,368 bytes free
Post-Run: 50,685,771,776 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

236 --- E O F --- 2008-12-19 01:00:57

 

I can now connect to the net. Am i all fixed?

 

Lets see if there's anything else hanging around. Please do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


Post the Kaspersky log here.

 

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, December 23, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, December 23, 2008 02:47:04
Records in database: 1502880
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 238250
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 02:44:24

No malware has been detected. The scan area is clean.

The selected area was scanned.

 

I am running the kaspersky scanner on my other computers if i find any thing i will ask your help again.
If i am all fixed Thank you very much for all your help.
Merry Christmas and a Happy New Year.
Regards
Gary

 

I got this report from my laptop running windows vista home. Again help would be appreciated

Gary

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, December 23, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, December 23, 2008 12:56:30
Records in database: 1504613
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 102634
Threat name: 1
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 02:36:44


File name / Threat name / Threats count
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report1ede5660\Report.cab Infected: Trojan.Win32.Buzus.utb 1
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe Infected: Trojan.Win32.Buzus.utb 1
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\Report1ede5660\Report.cab Infected: Trojan.Win32.Buzus.utb 1

The selected area was scanned.

 

I find it hard to swallow that those report.cab files are actually infected. They are created by the system. Suggest you inquire about those at the Kaspersky forums. They might direct you to a place to submit the files for analysis.
The other is in the recycle bin, so emptying it will remove the infected file. Recommend you clear the system restore points as well.

Vista System Restore guide - http://www.bleepingcomputer.com/tutorials/tutorial143.html

On your desktop, click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing any infected files there as well.
Verify the C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file.
You can delete any other logs that were created/saved too.

That should wrap things up.

 

Ok thanks again

 

You're most welcome. Happy Holidays!

Geri has posted some very helpful information and recommendations regarding future protection in the following link.

http://www.windowsbbs.com/showthread.php?t=67958

Surf safe!