Inactive Computer accessing Internet on its own

[MelissaP]

this is the second pc.

logs attached...
_________________________________________________________
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

2010/05/12 04:28:29 PM
mbam-log-2010-05-12 (16-28-29).txt

Scan type: Quick scan
Objects scanned: 104368
Time elapsed: 6 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

__________________________________________________

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-12 16:56:48
Windows 6.0.6002 Service Pack 2
Running: jk7yo365.exe; Driver: C:\Users\User\AppData\Local\Temp\agldqpod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8B40A340, 0x3D94C7, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[612] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00130002
IAT C:\Windows\system32\services.exe[612] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00130000
IAT C:\Windows\Explorer.EXE[1904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [100027E0] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[1904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001B60] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[1904] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002B60] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[1904] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs OsaFsLoc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs eLock2FSCTLDriver.sys (ELock File System Filter Driver/Acer, Inc.)

Device \Driver\netbt \Device\NetBT_Tcpip_{01E6DA7C-B433-4D34-9EC1-326B840DFCD8} netlock.sys

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Tcp netlimiter.sys
AttachedDevice \Driver\tdx \Device\Tcp netlock.sys

Device \Driver\netbt \Device\NetBt_Wins_Export netlock.sys

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp netlimiter.sys
AttachedDevice \Driver\tdx \Device\Udp netlock.sys

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@LogName C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy167.gthr

---- Files - GMER 1.0.15 ----

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0CCE0.log 131072 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0CCE1.log 0 bytes

---- EOF - GMER 1.0.15 ----

____________________________________________________

DDS (Ver_10-03-17.01) - NTFSx86
Run by User at 16:22:47.06 on 2010/05/13
Internet Explorer: 8.0.6001.18904
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.27.1033.18.1791.963 [GMT 2:00]

AV: avast! antivirus 4.8.1169 [VPS 100128-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: avast! antivirus 4.8.1169 [VPS 100128-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eLock\autolockprocess\AutoLockProcess.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\System32\rundll32.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\HP2014MC.EXE
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\Acer\eProtection\Service\eProtectionServ.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Users\User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = Preserve
uStart Page = hxxp://www.google.co.za/
mStart Page = hxxp://en.za.acer.yahoo.com
mDefault_Page_URL = hxxp://en.za.acer.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Acer Empowering Technology Monitor] c:\acer\empowering technology\SysMonitor.exe
mRun: [AutoLockProcess] c:\acer\empowering technology\elock\autolockprocess\autolockprocess.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [WarReg_PopUp] c:\acer\wr_popup\WarReg_PopUp.exe
mRun: [AdminWorks Tray] "c:\acer\lanscope agent\awtray.exe"
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [eRecoveryService]
mRun: [<NO NAME>]
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: unisa.ac.za\my
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 eLock2BurnerLockDriver;Disk Performance Monitor Filter Driver;c:\windows\system32\drivers\eLock2burnerlockdriver.sys [2002-4-11 22048]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-1-28 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-28 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-1-28 53328]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2010-1-28 138680]
R2 eLock2FSCTLDriver;eLock2FSCTLDriver;c:\windows\system32\drivers\eLock2FSCTLDriver.sys [2002-4-11 86048]
R2 eProtection;eProtection Service;c:\program files\acer\eprotection\service\eProtectionServ.exe [2002-4-11 24576]
R2 netlimiter;netlimiter;c:\windows\system32\drivers\NetLimiter.sys [2006-10-3 18072]
R2 netlock;netlock;c:\windows\system32\drivers\NetLock.sys [2007-5-31 14616]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-4-21 1153368]
S2 gupdate1ca2c968d5b1939;Google Update Service (gupdate1ca2c968d5b1939);c:\program files\google\update\GoogleUpdate.exe [2009-9-3 133104]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2010-1-28 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-1-28 352920]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

=============== Created Last 30 ================

2010-05-10 05:41:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-05-10 05:41:06 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-05-10 05:41:06 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-05-10 05:40:45 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-05-10 05:40:34 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-05-10 05:40:34 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-05-10 05:40:30 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-05-10 05:40:29 98304 ----a-w- c:\windows\system32\cabview.dll
2010-05-10 05:40:27 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-05-10 05:40:26 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-05-10 05:40:26 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-05-10 05:40:24 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-05-10 05:40:23 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-04-21 10:17:19 0 d-----w- c:\program files\Trend Micro
2010-04-21 07:59:54 0 d-----w- c:\windows\Internet Logs
2010-04-21 06:15:56 144 ----a-w- c:\windows\system32\lkfl.dat
2010-04-21 06:15:47 0 d-----w- c:\program files\CheckPoint
2010-04-21 06:12:47 0 d-----w- c:\programdata\CheckPoint
2010-04-21 05:35:16 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-21 05:35:16 0 d-----w- c:\program files\Spybot - Search & Destroy

==================== Find3M ====================

2010-05-06 08:36:38 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-21 06:30:18 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-04-21 06:30:18 86016 ----a-w- c:\windows\inf\infstor.dat
2010-04-21 06:30:18 51200 ----a-w- c:\windows\inf\infpub.dat
2010-03-29 22:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06:41 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05:14 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-04 05:37:32 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:58 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-10-15 05:19:25 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 16:24:15.90 ===============
_______________________________________________________________

 

[MelissaP]

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume2
Install Date: 2008/06/29 12:17:15 AM
System Uptime: 2010/05/13 04:14:32 PM (0 hours ago)

Motherboard: ACER | | MCP73VE
Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz | SOCKET775 M/B | 1203/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 70 GiB total, 36.401 GiB free.
D: is Removable
E: is Removable
F: is Removable
G: is Removable
H: is FIXED (NTFS) - 70 GiB total, 69.384 GiB free.
I: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&8CB234F&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&8CB234F&0
Service: i8042prt

==== System Restore Points ===================

RP449: 2010/04/23 08:49:31 AM - Windows Update
RP450: 2010/04/26 12:27:12 PM - Scheduled Checkpoint
RP451: 2010/04/29 08:45:17 AM - Windows Update
RP452: 2010/04/30 08:45:34 AM - Windows Update
RP453: 2010/05/04 08:45:18 AM - Windows Update
RP454: 2010/05/07 08:45:37 AM - Windows Update
RP455: 2010/05/10 07:44:10 AM - Windows Update
RP456: 2010/05/11 08:45:39 AM - Windows Update
RP457: 2010/05/13 12:27:15 PM - Scheduled Checkpoint

==== Installed Programs ======================

2007 Microsoft Office system
Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology
Acer ePerformance Management
Acer eSettings Management
Acer LANScope Agent
Acer ScreenSaver
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Reader 9.2
Adobe® Photoshop® Album Starter Edition 3.2
ATI Catalyst Install Manager
avast! Antivirus
Business Contact Manager for Outlook 2007 SP2
CCleaner
eProtection
eSobi v2
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Google Toolbar for Internet Explorer
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP LaserJet P2010 Series
hppMSRedist
hppusgP2010Series
HPSSupply
Java Auto Updater
Java(TM) 6 Update 18
LightScribe 1.4.142.1
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MrvlUsgTracking
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Opera 10.51
PhotoScape
PowerDVD
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Spybot - Search & Destroy
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb981433)

==== Event Viewer Messages From Past Week ========

2010/05/12 07:42:04 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 001D929B01B3 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
2010/05/12 04:15:34 PM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

 

[Broni]

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!


Download HijackThis:
http://free.antivirus.com/hijackthis/
by clicking on Installer under Version 2.0.4
Install, and run it.
Post HijackTHis log.
Do NOT attempt to fix anything!

NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator

 

[MelissaP]

please help. after disabling avast, windows firewall and windows defender combofix still says that avast and defender are enabled. it still ran the program and now microsoft word won't open.

 

[Broni]

Disregard warnings and run Combofix anyway.