No internet after getting rid of Windows Recovery/redirect virus

Inactive
By sappr07
May 3, 2011
Topic Status:
Not open for further replies.
  1. To get rid of the Malware on my computer I was able to run Malwarebytes which eliminated part of the virus. To fix the redirect however I was naive and ran the Combofix when I did just a little research. Combofix did seem to remove the rest of the virus but my 1394 Connection is not working.

    You cannot repair the connection. Error message given when trying to repair:

    Windows could not finish repairing the problem because the following action cannot be completed:
    TCP/IP is not enabled for this connection. Cannot proceed.
    For assistance, contact the person who manages your network.


    When using Google Chrome and try to go to a website I get the following error:

    This webpage is not available

    Error 102 (net::ERR_CONNECTION_REFUSED): The server refused the connection.

    Any help will be greatly appreciated. Thank you in advance.
  2. sappr07

    sappr07 Newcomer, in training Topic Starter

    And by the way my wireless connection does not work so I cannot test that.
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    When you did your 'research', guess you missed all the warnings about not running Combofix yourself, only if directed by your helper.

    The error you site appears to be specific to Chrome. See if the following will resolve it:
    • Click on Start> Settings> Control Panel> Internet Options.
    • Choose the Connections tab>
    • Press the LAN settings button>
    • Uncheck 'Use a proxy server' in the LAN '>
    • Check 'Automatically detect settings>
    • Click on OK> Apply> OK
    • Reboot if needed.

    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
  4. sappr07

    sappr07 Newcomer, in training Topic Starter

    I have checked all browsers and still have the same problem.

    Malwarebytes Log

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6459

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 8.0.6001.18702

    5/4/2011 7:57:14 PM
    mbam-log-2011-05-04 (19-57-14).txt

    Scan type: Quick scan
    Objects scanned: 144456
    Time elapsed: 6 minute(s), 18 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    GMER Log

    GMER 1.0.15.15627 - http://www.gmer.net
    Rootkit quick scan 2011-05-04 19:59:45
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\0000008d rev.
    Running: 7ns7gycs.exe; Driver: C:\DOCUME~1\Sapp\LOCALS~1\Temp\pxtdrpog.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)

    ---- EOF - GMER 1.0.15 ----


    DDS Log

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Sapp at 20:00:10.32 on Wed 05/04/2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.959.449 [GMT -4:00]
    .
    AV: Norton Internet Security 2006 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: Norton Internet Security 2006 *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Wimba\Pronto\pronto.exe
    C:\WINDOWS\system32\ctfmon.exe
    svchost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Documents and Settings\Sapp\Desktop\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: CNavExtBho Class: {a8f38d8d-e480-4d52-b7a2-731bb6995fdd} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
    BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
    BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Norton AntiVirus: {c4069e3a-68f1-403e-b40e-20066696354b} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
    TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll
    TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [pronto] "c:\program files\wimba\pronto\pronto.exe"
    uRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup
    mRun: [RUNFBI] c:\windows\regedit.exe -s c:\appl.zip\wxpetool\fpp_xp.reg
    mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [nwiz] nwiz.exe /installquiet /nodetect
    mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0417.0\mswinext.exe"
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    Trusted Zone: bodoglife.com\www
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\docume~1\sapp\applic~1\mozilla\firefox\profiles\4o40nvor.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
    FF - prefs.js: browser.startup.homepage - google.com
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
    FF - component: c:\documents and settings\sapp\application data\mozilla\firefox\profiles\4o40nvor.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
    FF - component: c:\documents and settings\sapp\application data\mozilla\firefox\profiles\4o40nvor.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: AIM Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
    FF - Ext: ChaCha Guide App Toolbar: chachaguidebar@chacha.com - %profile%\extensions\chachaguidebar@chacha.com
    FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
    FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
    FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-5-4 11608]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-5-4 136360]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-5-4 269480]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-5-4 61960]
    R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-9-17 192112]
    R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2005-9-17 202352]
    R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-9-17 169584]
    R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\navapsvc.exe [2005-10-7 133744]
    R2 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2005-8-27 53896]
    R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-1-1 1119888]
    R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20060514.008\NAVENG.Sys [2006-1-1 77864]
    R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20060514.008\NavEx15.Sys [2006-1-1 799208]
    R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2005-8-27 334984]
    S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
    S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
    S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
    S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-5 14336]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-29 136176]
    S2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
    S3 cpuz132;cpuz132;\??\c:\docume~1\sapp\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\sapp\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
    S3 SAVScan;Symantec AVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2005-8-27 198368]
    S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-05-04 23:50:56 -------- d-----w- c:\windows\system32\wbem\Logs
    2011-05-04 23:47:37 -------- d-----w- c:\program files\Temp File Cleaner
    2011-05-04 23:44:31 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-05-04 23:44:30 -------- d-----w- c:\program files\Avira
    2011-05-04 23:44:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
    2011-05-04 02:17:14 51839 ----a-w- c:\windows\system32\tcpip.sys
    2011-05-02 01:44:01 -------- d-s---w- C:\ComboFix
    2011-05-02 01:36:26 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
    2011-05-02 01:36:22 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
    2011-05-02 01:36:17 17408 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
    2011-05-02 01:36:12 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
    2011-05-02 01:36:08 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
    2011-05-02 01:36:02 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
    2011-05-02 01:34:59 22271 ----a-w- c:\windows\system32\dllcache\watv06nt.sys
    2011-05-02 01:33:56 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys
    2011-05-02 01:32:59 50688 ----a-w- c:\windows\system32\dllcache\umaxscan.dll
    2011-05-02 01:31:57 34375 ----a-w- c:\windows\system32\dllcache\tpro4.sys
    2011-05-02 01:30:58 7040 ----a-w- c:\windows\system32\dllcache\tandqic.sys
    2011-05-02 01:29:57 48736 ----a-w- c:\windows\system32\dllcache\srwlnd5.sys
    2011-05-02 01:28:59 236544 ----a-w- c:\windows\system32\dllcache\smi2smir.exe
    2011-05-02 01:27:59 50432 ----a-w- c:\windows\system32\dllcache\sisv.sys
    2011-05-02 01:26:56 6912 ----a-w- c:\windows\system32\dllcache\seaddsmc.sys
    2011-05-02 01:25:59 210496 ----a-w- c:\windows\system32\dllcache\s3mvirge.dll
    2011-05-02 01:24:58 37563 ----a-w- c:\windows\system32\dllcache\rlnet5.sys
    2011-05-02 01:23:58 16128 ----a-w- c:\windows\system32\dllcache\pscr.sys
    2011-05-02 01:22:58 29769 ----a-w- c:\windows\system32\dllcache\pcntn5m.sys
    2011-05-02 01:21:56 43689 ----a-w- c:\windows\system32\dllcache\otceth5.sys
    2011-05-02 01:20:57 39264 ----a-w- c:\windows\system32\dllcache\neo20xx.sys
    2011-05-02 01:19:56 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys
    2011-05-02 01:18:59 7680 ----a-w- c:\windows\system32\dllcache\migregdb.exe
    2011-05-02 01:17:56 70730 ----a-w- c:\windows\system32\dllcache\lne100tx.sys
    2011-05-02 01:16:57 6144 ----a-w- c:\windows\system32\dllcache\kbd101b.dll
    2011-05-02 01:15:58 154496 ----a-w- c:\windows\system32\dllcache\icam4usb.sys
    2011-05-02 01:14:57 542879 ----a-w- c:\windows\system32\dllcache\hsf_msft.sys
    2011-05-02 01:13:58 123392 ----a-w- c:\windows\system32\dllcache\hpgt21tk.dll
    2011-05-02 01:12:59 455680 ----a-w- c:\windows\system32\dllcache\fus2base.sys
    2011-05-02 01:11:59 174464 ----a-w- c:\windows\system32\dllcache\es198x.sys
    2011-05-02 01:10:57 334208 ----a-w- c:\windows\system32\dllcache\ds1wdm.sys
    2011-05-02 01:09:59 86016 ----a-w- c:\windows\system32\dllcache\dc240usd.dll
    2011-05-02 01:08:59 27164 ----a-w- c:\windows\system32\dllcache\ce3n5.sys
    2011-05-02 01:07:59 11359 ----a-w- c:\windows\system32\dllcache\atv02nt5.dll
    2011-05-02 01:06:59 38400 ----a-w- c:\windows\system32\dllcache\8514a.dll
    2011-05-01 22:31:51 -------- d-----w- c:\docume~1\sapp\applic~1\PriceGong
    2011-04-29 01:40:21 98816 ----a-w- c:\windows\sed.exe
    2011-04-29 01:40:21 89088 ----a-w- c:\windows\MBR.exe
    2011-04-29 01:40:21 256512 ----a-w- c:\windows\PEV.exe
    2011-04-29 01:40:21 161792 ----a-w- c:\windows\SWREG.exe
    2011-04-23 13:26:50 -------- d-----w- c:\program files\common files\Software Update Utility
    2011-04-06 22:31:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\Splashtop
    2011-04-06 22:25:57 -------- d-----w- c:\program files\Splashtop
    2011-04-06 22:25:30 -------- d-----w- c:\program files\Downloaded Installations
    .
    ==================== Find3M ====================
    .
    2011-04-03 20:48:45 2516 -csha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
    2011-04-03 20:48:34 88 -csh--r- c:\docume~1\alluse~1\applic~1\6423D1186D.sys
    2011-03-27 23:20:40 398760 ----a-r- c:\windows\system32\cpnprt2.cid
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600
    .
    CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
    device: opened successfully
    user: error reading MBR
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
    c:\windows\system32\drivers\nvata.sys NVIDIA Corporation NVIDIA nForce(TM) IDE Driver
    1 ntkrnlpa!IofCallDriver[0x804EF1A0] -> \Device\Harddisk0\DR0[0x86532AB8]
    3 CLASSPNP[0xF755105B] -> ntkrnlpa!IofCallDriver[0x804EF1A0] -> \Device\0000008e[0x86531AC0]
    5 ACPI[0xF73C7620] -> ntkrnlpa!IofCallDriver[0x804EF1A0] -> \Device\0000008d[0x8653F030]
    kernel: MBR read successfully
    _asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x7a; }
    user != kernel MBR !!!
    .
    ============= FINISH: 20:01:30.06 ===============


    Attach Log

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/1/2006 10:29:03 AM
    System Uptime: 5/4/2011 6:40:05 PM (2 hours ago)
    .
    Motherboard: Quanta | | 30B7
    Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-50 | Socket S1 | 1607/200mhz
    Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-50 | Socket S1 | 1607/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 74 GiB total, 30.387 GiB free.
    D: is FIXED (NTFS) - 1 GiB total, 0.995 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP276: 1/30/2011 10:25:38 AM - System Checkpoint
    RP277: 2/1/2011 1:43:57 AM - System Checkpoint
    RP278: 2/2/2011 8:24:21 AM - System Checkpoint
    RP279: 2/7/2011 12:54:37 AM - System Checkpoint
    RP280: 2/8/2011 9:27:03 PM - System Checkpoint
    RP281: 2/9/2011 3:00:23 AM - Software Distribution Service 3.0
    RP282: 2/10/2011 7:12:08 PM - System Checkpoint
    RP283: 2/11/2011 9:55:00 PM - System Checkpoint
    RP284: 2/14/2011 7:25:52 AM - System Checkpoint
    RP285: 2/17/2011 7:07:33 AM - Software Distribution Service 3.0
    RP286: 2/20/2011 10:47:40 AM - System Checkpoint
    RP287: 2/21/2011 9:35:32 PM - System Checkpoint
    RP288: 2/23/2011 9:08:13 PM - System Checkpoint
    RP289: 2/25/2011 7:31:13 AM - System Checkpoint
    RP290: 2/26/2011 4:10:40 PM - System Checkpoint
    RP291: 2/28/2011 7:20:34 AM - System Checkpoint
    RP292: 3/1/2011 9:40:16 PM - System Checkpoint
    RP293: 3/5/2011 8:52:16 AM - System Checkpoint
    RP294: 3/6/2011 1:33:19 PM - System Checkpoint
    RP295: 3/7/2011 8:14:17 PM - System Checkpoint
    RP296: 3/9/2011 6:21:05 AM - Software Distribution Service 3.0
    RP297: 3/10/2011 11:21:32 PM - System Checkpoint
    RP298: 3/12/2011 8:49:04 AM - System Checkpoint
    RP299: 3/13/2011 12:16:39 PM - System Checkpoint
    RP300: 3/15/2011 6:44:10 PM - System Checkpoint
    RP301: 3/17/2011 9:33:31 PM - System Checkpoint
    RP302: 3/18/2011 10:28:16 PM - System Checkpoint
    RP303: 3/20/2011 10:41:09 AM - System Checkpoint
    RP304: 3/22/2011 8:36:43 AM - System Checkpoint
    RP305: 3/23/2011 12:52:42 PM - System Checkpoint
    RP306: 3/27/2011 10:11:34 AM - System Checkpoint
    RP307: 3/28/2011 10:00:46 PM - System Checkpoint
    RP308: 3/30/2011 8:31:04 PM - Removed Apple Application Support
    RP309: 3/30/2011 8:33:52 PM - Removed Apple Mobile Device Support
    RP310: 3/30/2011 8:38:45 PM - Installed iTunes
    RP311: 4/3/2011 5:24:28 PM - System Checkpoint
    RP312: 4/4/2011 6:16:20 PM - System Checkpoint
    RP313: 4/6/2011 5:18:42 PM - System Checkpoint
    RP314: 4/6/2011 6:25:55 PM - Installed Splashtop Remote
    RP315: 4/27/2011 3:42:58 PM - Removed Vongo
    RP316: 4/27/2011 3:44:45 PM - Removed Vegas Pro 9.0e
    RP317: 4/27/2011 3:55:44 PM - Removed Safari
    RP318: 4/28/2011 10:23:01 PM - System Checkpoint
    RP319: 4/29/2011 6:20:55 AM - Software Distribution Service 3.0
    RP320: 5/2/2011 7:02:26 AM - System Checkpoint
    RP321: 5/3/2011 11:05:33 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    µTorrent
    100% Free Spades 7.30
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3.2
    Adobe Shockwave Player 11.5
    Age of Empires III
    Akamai NetSession Interface
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Auto Care
    Avira AntiVir Personal - Free Antivirus
    Battlefield 2142
    Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only)
    Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only)
    Blasterball 2 from Hewlett-Packard Laptops (remove only)
    Bodog Casino
    Bodog Poker
    Bonjour
    Bookworm Deluxe from Hewlett-Packard Laptops (remove only)
    Bounce Symphony from Hewlett-Packard Laptops (remove only)
    BufferChm
    Cain & Abel v4.9.36
    CC_ccProxyExt
    ccCommon
    ccPxyCore
    Compatibility Pack for the 2007 Office system
    Conduit Engine
    Conexant HD Audio
    Corel PaintShop Photo Pro X3
    Coupon Printer for Windows
    CP_AtenaShokunin1Config
    CP_CalendarTemplates1
    cp_LightScribeConfig
    cp_OnlineProjectsConfig
    CP_Package_Basic1
    CP_Package_Variety1
    CP_Package_Variety2
    CP_Package_Variety3
    CP_Panorama1Config
    cp_PosterPrintConfig
    cp_UpdateProjectsConfig
    Crystal Maze from Hewlett-Packard Laptops (remove only)
    CueTour
    Customer Experience Enhancement
    Debut Video Capture Software
    Destinations
    DeviceManagementQFolder
    DivX Setup
    Download Updater (AOL LLC)
    Driver Detective
    Easy Internet Sign-up
    FATE from Hewlett-Packard Laptops (remove only)
    Final Drive Nitro from Hewlett-Packard Laptops (remove only)
    FullDPAppQFolder
    Google Chrome
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows XP (KB896256)
    Hotfix for Windows XP (KB909095)
    Hotfix for Windows XP (KB910728)
    Hotfix for Windows XP (KB912436)
    Hotfix for Windows XP (KB915326)
    Hotfix for Windows XP (KB926239)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    hp deskjet 3320 series (Remove only)
    HP Help and Support
    HP Imaging Device Functions 6.0
    HP Photosmart Premier Software 6.0
    HP Quick Launch Buttons 6.00 E3
    HP QuickPlay 2.1
    HP Rhapsody
    HP Software Update
    HP User Guides 0031
    HP Wireless Assistant 2.00 G2
    HpSdpAppCoreApp
    ICA
    Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only)
    InstantShareDevices
    IPM_PSP_CL
    IPM_PSP_COM
    iTunes
    J2SE Runtime Environment 5.0 Update 6
    Java Auto Updater
    Java(TM) 6 Update 20
    Lexibox Deluxe from Hewlett-Packard Laptops (remove only)
    LightScribe 1.4.84.1
    LimeWire 5.5.16
    LiveUpdate 2.7 (Symantec Corporation)
    Macromedia Flash Player 8
    Magic DVD Ripper V5.4.2
    Mah Jong Quest from Hewlett-Packard Laptops (remove only)
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Default Manager
    Microsoft Money 2006
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office Home and Student 2007 Trial
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Office Word Viewer 2003
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    MobileMe Control Panel
    Mozilla Firefox (3.5.16)
    MSN Toolbar
    MSN Toolbar Platform
    MSRedist
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    muvee autoProducer 4.5
    Netscape Browser (remove only)
    NetWaiting
    No-IP DUC
    Norton AntiSpam
    Norton AntiVirus 2006
    Norton Internet Security
    Norton Internet Security 2006 (Symantec Corporation)
    Norton Protection Center
    Norton WMI Update
    NVIDIA Drivers
    Oasis from Hewlett-Packard Laptops (remove only)
    Octoshape add-in for Adobe Flash Player
    Office 2003 Trial Assistant
    OptionalContentQFolder
    PhotoGallery
    Polar Bowler from Hewlett-Packard Laptops (remove only)
    Polar Golfer from Hewlett-Packard Laptops (remove only)
    Prism Video Converter
    Pronto 3.0.1-B
    PSPPContent
    PSPPRO_DCRAW
    Quicken 2006
    QuickTime
    RandMap
    SCRABBLE from Hewlett-Packard Laptops (remove only)
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2466156)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2464583)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 9 (KB911565)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB893066)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB901190)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB903235)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913446)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB944338-v2)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958470)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Setup
    SkinsHP1
    Skype™ 4.2
    Slyder from Hewlett-Packard Laptops (remove only)
    SmartAudio
    Snowboard SuperJam
    Soft Data Fax Modem with SmartCP
    Sonic Audio Module
    Sonic Copy Module
    Sonic Data Module
    Sonic Express Labeler
    Sonic MyDVD Plus
    Sonic Update Manager
    Sonic_PrimoSDK
    SPBBC
    Splashtop Remote
    Super Granny from Hewlett-Packard Laptops (remove only)
    SymNet
    Synaptics Pointing Device Driver
    Temp File Cleaner
    TourSetup
    Tradewinds from Hewlett-Packard Laptops (remove only)
    Unload
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Outlook 2007 Junk Email Filter (KB2522999)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Internet Explorer 8 (KB980302)
    Update for Windows XP (KB894391)
    Update for Windows XP (KB896727)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB912945)
    Update for Windows XP (KB925720)
    Update for Windows XP (KB932823-v3)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB978207)
    Update for Windows XP (KB980182)
    uTorrentBar Toolbar
    VC80CRTRedist - 8.0.50727.4053
    Veetle TV 0.9.18
    VideoPad Video Editor
    vShare Plugin
    WebFldrs XP
    Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)
    Windows Genuine Advantage Validation Tool
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 8
    Windows Live ID Sign-in Assistant
    Windows Media Connect
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB883667
    Windows XP Hotfix - KB884575
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885464
    Windows XP Hotfix - KB885855
    Windows XP Hotfix - KB885884
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888239
    Windows XP Hotfix - KB888402
    Windows XP Hotfix - KB889673
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB892559
    WinPcap 4.1.1
    Wireless Home Network Setup
    Zuma Deluxe from Hewlett-Packard Laptops (remove only)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/2/2011 6:40:35 AM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
    5/1/2011 9:36:28 PM, information: Windows File Protection [64017] - Windows File Protection file scan completed successfully.
    5/1/2011 9:06:17 PM, information: Windows File Protection [64016] - Windows File Protection file scan was started.
    4/28/2011 6:05:20 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0016367D7806. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    4/27/2011 3:45:48 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
    4/27/2011 3:44:58 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
    4/27/2011 3:43:32 PM, error: Service Control Manager [7034] - The Vongo Service service terminated unexpectedly. It has done this 1 time(s).
    4/27/2011 3:40:18 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AliIde IntelIde Pcmcia SBRE TfFsMon TfSysMon ViaIde
    4/27/2011 3:40:18 PM, error: Service Control Manager [7023] - The Akamai NetSession Interface service terminated with the following error: The specified module could not be found.
    4/27/2011 3:40:18 PM, error: Service Control Manager [7000] - The ThreatFire service failed to start due to the following error: The system cannot find the file specified.
    4/27/2011 3:40:18 PM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The system cannot find the file specified.
    4/27/2011 3:16:07 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    4/27/2011 3:16:07 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE TfFsMon TfSysMon
    .
    ==== End Of File ===========================
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    You are running 3 antivirus programs Please remove 2 of them:
    Norton Internet Security 2006
    Avira AntiVir Desktop
    ThreatFire

    Here are tools to help:
    Norton Removal Tool
    To uninstall Avira:
    • Start> Settings> Control Panel> Add or Remove Programs (Windows 2000/ XP) or Start - Control Panel - Uninstall a program (Windows Vista / 7)
    • Wait for the list of installed programs to load, then click the name of the Avira program.
    • Click Remove next to the program's name (Windows 2000 / XP) or in the menu above the list (Windows Vista / 7).
    • Press Yes, to confirm the removal and then OK.
    • . Click Next until Finish. The software is removed.
    Please reboot the computer when finished.
    ===========================================
    Bootkit Remover:

    Download bootkitremover.rar and save to your desktop.
    1. Extract the remover.exe file from the RAR using a program capable of extracting RAR compressed files. (Use 7-Zip if you don't have an extraction program, )
    2. Double-click on the remover.exe file to run the program.
      NOTE: The tool should be run from a command line with Administrator privileges.
    3. Scanning should be completed quickly
    4. Paste the output in your next reply.
    ==============================================
    Please uninstall or disable the uTorrentBar Toolbar Don't use it or any file sharing programs while I'm helping you.
    =========================================
    Please uninstall the Combofix on the desktop already, Then download the current version and do the scan:
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    -------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
  6. sappr07

    sappr07 Newcomer, in training Topic Starter

    Everything has been resolved. Internet now working flawlessly, redirect virus removed and initial virus removed.

    I tested the browser after removing Norton and Threatfire, Utorrent toolbar, and Combofix

    I would bet that removing Combofix was what did the trick.

    Thank you so much for your help. You guys are great!!
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    We're not finished yet!
    1. Please run the Bootkit Remover so I can set up the removal for that.
    2. Please note: If you have Combofix on the desktop already, please uninstall it. The download the current version and do the scan: Uninstall directions
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

    3.Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    =====================================
    4. Then Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Please Uncheck "Remove found threats" (I will remove them, if any, in a programs that will also remove related files)
    7. Check "Scan unwanted applications"
    8. Click Scan
    9. Wait for the scan to finish
    10. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
    11. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
    12. Re-enable your Antivirus software.
      NOTE: If you forget to copy to the clipboard you can find the log here:
      C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    ===========================================
    I can say with some certainty that if you don't finish the job, you're going to have problems again- as to what cost- that's the unknown.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.