Inactive No internet after getting rid of Windows Recovery/redirect virus

Status
Not open for further replies.
To get rid of the Malware on my computer I was able to run Malwarebytes which eliminated part of the virus. To fix the redirect however I was naive and ran the Combofix when I did just a little research. Combofix did seem to remove the rest of the virus but my 1394 Connection is not working.

You cannot repair the connection. Error message given when trying to repair:

Windows could not finish repairing the problem because the following action cannot be completed:
TCP/IP is not enabled for this connection. Cannot proceed.
For assistance, contact the person who manages your network.


When using Google Chrome and try to go to a website I get the following error:

This webpage is not available

Error 102 (net::ERR_CONNECTION_REFUSED): The server refused the connection.

Any help will be greatly appreciated. Thank you in advance.
 
When you did your 'research', guess you missed all the warnings about not running Combofix yourself, only if directed by your helper.

The error you site appears to be specific to Chrome. See if the following will resolve it:
  • Click on Start> Settings> Control Panel> Internet Options.
  • Choose the Connections tab>
  • Press the LAN settings button>
  • Uncheck 'Use a proxy server' in the LAN '>
  • Check 'Automatically detect settings>
  • Click on OK> Apply> OK
  • Reboot if needed.

If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
 
I have checked all browsers and still have the same problem.

Malwarebytes Log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6459

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

5/4/2011 7:57:14 PM
mbam-log-2011-05-04 (19-57-14).txt

Scan type: Quick scan
Objects scanned: 144456
Time elapsed: 6 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER Log

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit quick scan 2011-05-04 19:59:45
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\0000008d rev.
Running: 7ns7gycs.exe; Driver: C:\DOCUME~1\Sapp\LOCALS~1\Temp\pxtdrpog.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)

---- EOF - GMER 1.0.15 ----


DDS Log

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Sapp at 20:00:10.32 on Wed 05/04/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.959.449 [GMT -4:00]
.
AV: Norton Internet Security 2006 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Security 2006 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Wimba\Pronto\pronto.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Documents and Settings\Sapp\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CNavExtBho Class: {a8f38d8d-e480-4d52-b7a2-731bb6995fdd} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton AntiVirus: {c4069e3a-68f1-403e-b40e-20066696354b} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [pronto] "c:\program files\wimba\pronto\pronto.exe"
uRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup
mRun: [RUNFBI] c:\windows\regedit.exe -s c:\appl.zip\wxpetool\fpp_xp.reg
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] nwiz.exe /installquiet /nodetect
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0417.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone: bodoglife.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\sapp\applic~1\mozilla\firefox\profiles\4o40nvor.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - component: c:\documents and settings\sapp\application data\mozilla\firefox\profiles\4o40nvor.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\sapp\application data\mozilla\firefox\profiles\4o40nvor.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: AIM Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
FF - Ext: ChaCha Guide App Toolbar: chachaguidebar@chacha.com - %profile%\extensions\chachaguidebar@chacha.com
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-5-4 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-5-4 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-5-4 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-5-4 61960]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-9-17 192112]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2005-9-17 202352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-9-17 169584]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\navapsvc.exe [2005-10-7 133744]
R2 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2005-8-27 53896]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-1-1 1119888]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20060514.008\NAVENG.Sys [2006-1-1 77864]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20060514.008\NavEx15.Sys [2006-1-1 799208]
R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2005-8-27 334984]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-5 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-29 136176]
S2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
S3 cpuz132;cpuz132;\??\c:\docume~1\sapp\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\sapp\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S3 SAVScan;Symantec AVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2005-8-27 198368]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
=============== Created Last 30 ================
.
2011-05-04 23:50:56 -------- d-----w- c:\windows\system32\wbem\Logs
2011-05-04 23:47:37 -------- d-----w- c:\program files\Temp File Cleaner
2011-05-04 23:44:31 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-05-04 23:44:30 -------- d-----w- c:\program files\Avira
2011-05-04 23:44:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2011-05-04 02:17:14 51839 ----a-w- c:\windows\system32\tcpip.sys
2011-05-02 01:44:01 -------- d-s---w- C:\ComboFix
2011-05-02 01:36:26 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-05-02 01:36:22 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-05-02 01:36:17 17408 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-05-02 01:36:12 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-05-02 01:36:08 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-05-02 01:36:02 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2011-05-02 01:34:59 22271 ----a-w- c:\windows\system32\dllcache\watv06nt.sys
2011-05-02 01:33:56 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys
2011-05-02 01:32:59 50688 ----a-w- c:\windows\system32\dllcache\umaxscan.dll
2011-05-02 01:31:57 34375 ----a-w- c:\windows\system32\dllcache\tpro4.sys
2011-05-02 01:30:58 7040 ----a-w- c:\windows\system32\dllcache\tandqic.sys
2011-05-02 01:29:57 48736 ----a-w- c:\windows\system32\dllcache\srwlnd5.sys
2011-05-02 01:28:59 236544 ----a-w- c:\windows\system32\dllcache\smi2smir.exe
2011-05-02 01:27:59 50432 ----a-w- c:\windows\system32\dllcache\sisv.sys
2011-05-02 01:26:56 6912 ----a-w- c:\windows\system32\dllcache\seaddsmc.sys
2011-05-02 01:25:59 210496 ----a-w- c:\windows\system32\dllcache\s3mvirge.dll
2011-05-02 01:24:58 37563 ----a-w- c:\windows\system32\dllcache\rlnet5.sys
2011-05-02 01:23:58 16128 ----a-w- c:\windows\system32\dllcache\pscr.sys
2011-05-02 01:22:58 29769 ----a-w- c:\windows\system32\dllcache\pcntn5m.sys
2011-05-02 01:21:56 43689 ----a-w- c:\windows\system32\dllcache\otceth5.sys
2011-05-02 01:20:57 39264 ----a-w- c:\windows\system32\dllcache\neo20xx.sys
2011-05-02 01:19:56 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys
2011-05-02 01:18:59 7680 ----a-w- c:\windows\system32\dllcache\migregdb.exe
2011-05-02 01:17:56 70730 ----a-w- c:\windows\system32\dllcache\lne100tx.sys
2011-05-02 01:16:57 6144 ----a-w- c:\windows\system32\dllcache\kbd101b.dll
2011-05-02 01:15:58 154496 ----a-w- c:\windows\system32\dllcache\icam4usb.sys
2011-05-02 01:14:57 542879 ----a-w- c:\windows\system32\dllcache\hsf_msft.sys
2011-05-02 01:13:58 123392 ----a-w- c:\windows\system32\dllcache\hpgt21tk.dll
2011-05-02 01:12:59 455680 ----a-w- c:\windows\system32\dllcache\fus2base.sys
2011-05-02 01:11:59 174464 ----a-w- c:\windows\system32\dllcache\es198x.sys
2011-05-02 01:10:57 334208 ----a-w- c:\windows\system32\dllcache\ds1wdm.sys
2011-05-02 01:09:59 86016 ----a-w- c:\windows\system32\dllcache\dc240usd.dll
2011-05-02 01:08:59 27164 ----a-w- c:\windows\system32\dllcache\ce3n5.sys
2011-05-02 01:07:59 11359 ----a-w- c:\windows\system32\dllcache\atv02nt5.dll
2011-05-02 01:06:59 38400 ----a-w- c:\windows\system32\dllcache\8514a.dll
2011-05-01 22:31:51 -------- d-----w- c:\docume~1\sapp\applic~1\PriceGong
2011-04-29 01:40:21 98816 ----a-w- c:\windows\sed.exe
2011-04-29 01:40:21 89088 ----a-w- c:\windows\MBR.exe
2011-04-29 01:40:21 256512 ----a-w- c:\windows\PEV.exe
2011-04-29 01:40:21 161792 ----a-w- c:\windows\SWREG.exe
2011-04-23 13:26:50 -------- d-----w- c:\program files\common files\Software Update Utility
2011-04-06 22:31:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\Splashtop
2011-04-06 22:25:57 -------- d-----w- c:\program files\Splashtop
2011-04-06 22:25:30 -------- d-----w- c:\program files\Downloaded Installations
.
==================== Find3M ====================
.
2011-04-03 20:48:45 2516 -csha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2011-04-03 20:48:34 88 -csh--r- c:\docume~1\alluse~1\applic~1\6423D1186D.sys
2011-03-27 23:20:40 398760 ----a-r- c:\windows\system32\cpnprt2.cid
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
c:\windows\system32\drivers\nvata.sys NVIDIA Corporation NVIDIA nForce(TM) IDE Driver
1 ntkrnlpa!IofCallDriver[0x804EF1A0] -> \Device\Harddisk0\DR0[0x86532AB8]
3 CLASSPNP[0xF755105B] -> ntkrnlpa!IofCallDriver[0x804EF1A0] -> \Device\0000008e[0x86531AC0]
5 ACPI[0xF73C7620] -> ntkrnlpa!IofCallDriver[0x804EF1A0] -> \Device\0000008d[0x8653F030]
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x7a; }
user != kernel MBR !!!
.
============= FINISH: 20:01:30.06 ===============


Attach Log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 1/1/2006 10:29:03 AM
System Uptime: 5/4/2011 6:40:05 PM (2 hours ago)
.
Motherboard: Quanta | | 30B7
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-50 | Socket S1 | 1607/200mhz
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-50 | Socket S1 | 1607/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 30.387 GiB free.
D: is FIXED (NTFS) - 1 GiB total, 0.995 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP276: 1/30/2011 10:25:38 AM - System Checkpoint
RP277: 2/1/2011 1:43:57 AM - System Checkpoint
RP278: 2/2/2011 8:24:21 AM - System Checkpoint
RP279: 2/7/2011 12:54:37 AM - System Checkpoint
RP280: 2/8/2011 9:27:03 PM - System Checkpoint
RP281: 2/9/2011 3:00:23 AM - Software Distribution Service 3.0
RP282: 2/10/2011 7:12:08 PM - System Checkpoint
RP283: 2/11/2011 9:55:00 PM - System Checkpoint
RP284: 2/14/2011 7:25:52 AM - System Checkpoint
RP285: 2/17/2011 7:07:33 AM - Software Distribution Service 3.0
RP286: 2/20/2011 10:47:40 AM - System Checkpoint
RP287: 2/21/2011 9:35:32 PM - System Checkpoint
RP288: 2/23/2011 9:08:13 PM - System Checkpoint
RP289: 2/25/2011 7:31:13 AM - System Checkpoint
RP290: 2/26/2011 4:10:40 PM - System Checkpoint
RP291: 2/28/2011 7:20:34 AM - System Checkpoint
RP292: 3/1/2011 9:40:16 PM - System Checkpoint
RP293: 3/5/2011 8:52:16 AM - System Checkpoint
RP294: 3/6/2011 1:33:19 PM - System Checkpoint
RP295: 3/7/2011 8:14:17 PM - System Checkpoint
RP296: 3/9/2011 6:21:05 AM - Software Distribution Service 3.0
RP297: 3/10/2011 11:21:32 PM - System Checkpoint
RP298: 3/12/2011 8:49:04 AM - System Checkpoint
RP299: 3/13/2011 12:16:39 PM - System Checkpoint
RP300: 3/15/2011 6:44:10 PM - System Checkpoint
RP301: 3/17/2011 9:33:31 PM - System Checkpoint
RP302: 3/18/2011 10:28:16 PM - System Checkpoint
RP303: 3/20/2011 10:41:09 AM - System Checkpoint
RP304: 3/22/2011 8:36:43 AM - System Checkpoint
RP305: 3/23/2011 12:52:42 PM - System Checkpoint
RP306: 3/27/2011 10:11:34 AM - System Checkpoint
RP307: 3/28/2011 10:00:46 PM - System Checkpoint
RP308: 3/30/2011 8:31:04 PM - Removed Apple Application Support
RP309: 3/30/2011 8:33:52 PM - Removed Apple Mobile Device Support
RP310: 3/30/2011 8:38:45 PM - Installed iTunes
RP311: 4/3/2011 5:24:28 PM - System Checkpoint
RP312: 4/4/2011 6:16:20 PM - System Checkpoint
RP313: 4/6/2011 5:18:42 PM - System Checkpoint
RP314: 4/6/2011 6:25:55 PM - Installed Splashtop Remote
RP315: 4/27/2011 3:42:58 PM - Removed Vongo
RP316: 4/27/2011 3:44:45 PM - Removed Vegas Pro 9.0e
RP317: 4/27/2011 3:55:44 PM - Removed Safari
RP318: 4/28/2011 10:23:01 PM - System Checkpoint
RP319: 4/29/2011 6:20:55 AM - Software Distribution Service 3.0
RP320: 5/2/2011 7:02:26 AM - System Checkpoint
RP321: 5/3/2011 11:05:33 PM - System Checkpoint
.
==== Installed Programs ======================
.
µTorrent
100% Free Spades 7.30
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Adobe Shockwave Player 11.5
Age of Empires III
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Auto Care
Avira AntiVir Personal - Free Antivirus
Battlefield 2142
Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only)
Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only)
Blasterball 2 from Hewlett-Packard Laptops (remove only)
Bodog Casino
Bodog Poker
Bonjour
Bookworm Deluxe from Hewlett-Packard Laptops (remove only)
Bounce Symphony from Hewlett-Packard Laptops (remove only)
BufferChm
Cain & Abel v4.9.36
CC_ccProxyExt
ccCommon
ccPxyCore
Compatibility Pack for the 2007 Office system
Conduit Engine
Conexant HD Audio
Corel PaintShop Photo Pro X3
Coupon Printer for Windows
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
Crystal Maze from Hewlett-Packard Laptops (remove only)
CueTour
Customer Experience Enhancement
Debut Video Capture Software
Destinations
DeviceManagementQFolder
DivX Setup
Download Updater (AOL LLC)
Driver Detective
Easy Internet Sign-up
FATE from Hewlett-Packard Laptops (remove only)
Final Drive Nitro from Hewlett-Packard Laptops (remove only)
FullDPAppQFolder
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB912436)
Hotfix for Windows XP (KB915326)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp deskjet 3320 series (Remove only)
HP Help and Support
HP Imaging Device Functions 6.0
HP Photosmart Premier Software 6.0
HP Quick Launch Buttons 6.00 E3
HP QuickPlay 2.1
HP Rhapsody
HP Software Update
HP User Guides 0031
HP Wireless Assistant 2.00 G2
HpSdpAppCoreApp
ICA
Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only)
InstantShareDevices
IPM_PSP_CL
IPM_PSP_COM
iTunes
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 20
Lexibox Deluxe from Hewlett-Packard Laptops (remove only)
LightScribe 1.4.84.1
LimeWire 5.5.16
LiveUpdate 2.7 (Symantec Corporation)
Macromedia Flash Player 8
Magic DVD Ripper V5.4.2
Mah Jong Quest from Hewlett-Packard Laptops (remove only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Default Manager
Microsoft Money 2006
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007 Trial
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word Viewer 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MobileMe Control Panel
Mozilla Firefox (3.5.16)
MSN Toolbar
MSN Toolbar Platform
MSRedist
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
muvee autoProducer 4.5
Netscape Browser (remove only)
NetWaiting
No-IP DUC
Norton AntiSpam
Norton AntiVirus 2006
Norton Internet Security
Norton Internet Security 2006 (Symantec Corporation)
Norton Protection Center
Norton WMI Update
NVIDIA Drivers
Oasis from Hewlett-Packard Laptops (remove only)
Octoshape add-in for Adobe Flash Player
Office 2003 Trial Assistant
OptionalContentQFolder
PhotoGallery
Polar Bowler from Hewlett-Packard Laptops (remove only)
Polar Golfer from Hewlett-Packard Laptops (remove only)
Prism Video Converter
Pronto 3.0.1-B
PSPPContent
PSPPRO_DCRAW
Quicken 2006
QuickTime
RandMap
SCRABBLE from Hewlett-Packard Laptops (remove only)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Setup
SkinsHP1
Skype™ 4.2
Slyder from Hewlett-Packard Laptops (remove only)
SmartAudio
Snowboard SuperJam
Soft Data Fax Modem with SmartCP
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
Sonic_PrimoSDK
SPBBC
Splashtop Remote
Super Granny from Hewlett-Packard Laptops (remove only)
SymNet
Synaptics Pointing Device Driver
Temp File Cleaner
TourSetup
Tradewinds from Hewlett-Packard Laptops (remove only)
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Outlook 2007 Junk Email Filter (KB2522999)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB912945)
Update for Windows XP (KB925720)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
uTorrentBar Toolbar
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.18
VideoPad Video Editor
vShare Plugin
WebFldrs XP
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)
Windows Genuine Advantage Validation Tool
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885464
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888402
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892559
WinPcap 4.1.1
Wireless Home Network Setup
Zuma Deluxe from Hewlett-Packard Laptops (remove only)
.
==== Event Viewer Messages From Past Week ========
.
5/2/2011 6:40:35 AM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
5/1/2011 9:36:28 PM, information: Windows File Protection [64017] - Windows File Protection file scan completed successfully.
5/1/2011 9:06:17 PM, information: Windows File Protection [64016] - Windows File Protection file scan was started.
4/28/2011 6:05:20 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0016367D7806. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
4/27/2011 3:45:48 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
4/27/2011 3:44:58 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
4/27/2011 3:43:32 PM, error: Service Control Manager [7034] - The Vongo Service service terminated unexpectedly. It has done this 1 time(s).
4/27/2011 3:40:18 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AliIde IntelIde Pcmcia SBRE TfFsMon TfSysMon ViaIde
4/27/2011 3:40:18 PM, error: Service Control Manager [7023] - The Akamai NetSession Interface service terminated with the following error: The specified module could not be found.
4/27/2011 3:40:18 PM, error: Service Control Manager [7000] - The ThreatFire service failed to start due to the following error: The system cannot find the file specified.
4/27/2011 3:40:18 PM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The system cannot find the file specified.
4/27/2011 3:16:07 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
4/27/2011 3:16:07 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE TfFsMon TfSysMon
.
==== End Of File ===========================
 
You are running 3 antivirus programs Please remove 2 of them:
Norton Internet Security 2006
Avira AntiVir Desktop
ThreatFire

Here are tools to help:
Norton Removal Tool
To uninstall Avira:
  • Start> Settings> Control Panel> Add or Remove Programs (Windows 2000/ XP) or Start - Control Panel - Uninstall a program (Windows Vista / 7)
  • Wait for the list of installed programs to load, then click the name of the Avira program.
  • Click Remove next to the program's name (Windows 2000 / XP) or in the menu above the list (Windows Vista / 7).
  • Press Yes, to confirm the removal and then OK.
  • . Click Next until Finish. The software is removed.
Please reboot the computer when finished.
===========================================
Bootkit Remover:

Download bootkitremover.rar and save to your desktop.
  1. Extract the remover.exe file from the RAR using a program capable of extracting RAR compressed files. (Use 7-Zip if you don't have an extraction program, )
  2. Double-click on the remover.exe file to run the program.
    NOTE: The tool should be run from a command line with Administrator privileges.
  3. Scanning should be completed quickly
  4. Paste the output in your next reply.
==============================================
Please uninstall or disable the uTorrentBar Toolbar Don't use it or any file sharing programs while I'm helping you.
=========================================
Please uninstall the Combofix on the desktop already, Then download the current version and do the scan:
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
-------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 
Everything has been resolved. Internet now working flawlessly, redirect virus removed and initial virus removed.

I tested the browser after removing Norton and Threatfire, Utorrent toolbar, and Combofix

I would bet that removing Combofix was what did the trick.

Thank you so much for your help. You guys are great!!
 
We're not finished yet!
1. Please run the Bootkit Remover so I can set up the removal for that.
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
2. Please note: If you have Combofix on the desktop already, please uninstall it. The download the current version and do the scan: Uninstall directions
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

3.Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
=====================================
4. Then Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.com/us/online-scanner#
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Please Uncheck "Remove found threats" (I will remove them, if any, in a programs that will also remove related files)
  7. Check "Scan unwanted applications"
  8. Click Scan
  9. Wait for the scan to finish
  10. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
  11. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
  12. Re-enable your Antivirus software.
    NOTE: If you forget to copy to the clipboard you can find the log here:
    C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
===========================================
I can say with some certainty that if you don't finish the job, you're going to have problems again- as to what cost- that's the unknown.
 
Status
Not open for further replies.
Back