PDA

View Full Version : Search Engine Redirecting Problem


bellagiobob
2010-06-18, 06:22
Hi, have been having a problem for a few weeks with google and other search engines redirecting to various spam websites. Also have a problem clicking on parts of websites. Those parts that should be openable by clicking the mouse are not able to be opened. For example, on the Spybot homepage, I was not able to select any of the languages. I had to copy the logs onto another computer to access your website. Have run Malwarebytes, and it showed that it found a Trojan Horse Dropper, but it didn't appear to be able to clean it. Also the bootup time for my computer seems to be extremely long now. Sometimes up to 10 minutes or so. Here are my Logs. Thank you in advance for your assistance.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Randy at 21:05:34.14 on Thu 06/17/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2471 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Randy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: CAB Class: {c6a91056-83e0-4c6e-8dcc-43fc0dfe7a0a} - c:\windows\system32\Cw0gu7Xp.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [VistaStartMenu] "c:\program files\vista start menu\VistaStartMenu.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [WinSys2] c:\windows\system32\winsys2.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [GEST] =
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] nwiz.exe /install
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [SecurDisc] c:\program files\nero\nero 7\incd\NBHGui.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-14 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-14 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-14 242896]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-15 308064]
S0 nanpq;nanpq; [x]
S2 gupdate1c9ff5981596924;Google Update Service (gupdate1c9ff5981596924);c:\program files\google\update\GoogleUpdate.exe [2009-7-7 133104]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\nero\nero 7\incd\nbhregincdsrv.exe --> c:\program files\nero\nero 7\incd\NBHRegInCDSrv.exe [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

=============== Created Last 30 ================

2010-06-17 16:19:16 45056 ----a-w- c:\windows\system32\Cw0gu7Xp.dll
2010-06-17 16:19:16 112 ----a-w- c:\docume~1\alluse~1\applic~1\o83LNCR3.dat
2010-06-16 05:18:29 0 d--h--w- C:\$AVG
2010-06-16 05:16:29 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-06-16 05:16:03 0 d-----w- c:\windows\SxsCaPendDel
2010-06-16 04:03:12 0 d-----w- c:\docume~1\randy\applic~1\Vista Start Menu
2010-06-16 04:02:50 0 d-----w- c:\program files\Tidy Favorites Buttons
2010-06-16 04:02:47 0 d-----w- c:\program files\Vista Start Menu
2010-06-16 03:15:43 0 d-----w- c:\windows\pss
2010-06-10 22:28:15 0 d-----w- c:\program files\LimeWire
2010-05-26 07:53:21 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-05-23 11:31:37 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-21 22:50:39 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-21 22:02:22 0 d-----w- c:\docume~1\randy\applic~1\Malwarebytes
2010-05-21 22:02:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-21 22:02:16 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-21 22:02:16 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-21 22:02:16 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-20 02:20:44 0 d-----w- c:\docume~1\randy\applic~1\718F4F8D657334431329513DC8D63DC3

==================== Find3M ====================

2010-06-16 05:33:11 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-16 05:18:19 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-16 05:18:12 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-26 02:59:56 47012 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-27 22:06:32 75 ----a-w- c:\documents and settings\randy\jagex_runescape_preferences2.dat
2010-04-27 21:54:29 41 ----a-w- c:\documents and settings\randy\jagex_runescape_preferences.dat
2010-04-27 21:30:21 0 ----a-w- c:\documents and settings\randy\jagex__preferences3.dat

============= FINISH: 21:06:27.03 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 5/13/2009 11:38:46 AM
System Uptime: 6/16/2010 5:22:48 PM (28 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | EP43-UD3L
Processor: Intel Pentium III Xeon processor | Socket 775 | 2999/333mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 298 GiB total, 213.526 GiB free.
D: is CDROM ()
E: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP313: 3/18/2010 8:57:12 AM - System Checkpoint
RP314: 3/18/2010 10:19:05 AM - Avg8 Update
RP315: 3/18/2010 10:19:31 AM - Avg8 Update
RP316: 3/19/2010 10:57:12 AM - System Checkpoint
RP317: 3/20/2010 11:33:12 AM - System Checkpoint
RP318: 3/21/2010 12:21:12 PM - System Checkpoint
RP319: 3/22/2010 12:57:12 PM - System Checkpoint
RP320: 3/23/2010 1:57:13 PM - System Checkpoint
RP321: 3/24/2010 2:43:45 PM - System Checkpoint
RP322: 3/25/2010 2:55:28 PM - System Checkpoint
RP323: 3/26/2010 3:18:23 PM - System Checkpoint
RP324: 3/27/2010 3:54:23 PM - System Checkpoint
RP325: 3/28/2010 4:54:23 PM - System Checkpoint
RP326: 3/29/2010 5:58:32 PM - System Checkpoint
RP327: 3/30/2010 6:30:23 PM - System Checkpoint
RP328: 3/31/2010 3:00:13 AM - Software Distribution Service 3.0
RP329: 4/1/2010 4:04:18 AM - System Checkpoint
RP330: 4/2/2010 5:16:18 AM - System Checkpoint
RP331: 4/3/2010 5:52:18 AM - System Checkpoint
RP332: 4/4/2010 8:24:04 AM - System Checkpoint
RP333: 4/5/2010 8:42:12 AM - System Checkpoint
RP334: 4/6/2010 11:09:43 AM - System Checkpoint
RP335: 4/7/2010 11:28:18 AM - System Checkpoint
RP336: 4/8/2010 12:08:35 PM - System Checkpoint
RP337: 4/9/2010 1:04:18 PM - System Checkpoint
RP338: 4/10/2010 2:04:18 PM - System Checkpoint
RP339: 4/11/2010 3:15:12 PM - System Checkpoint
RP340: 4/12/2010 3:29:23 PM - System Checkpoint
RP341: 4/13/2010 5:10:39 PM - System Checkpoint
RP342: 4/14/2010 3:00:13 AM - Software Distribution Service 3.0
RP343: 4/15/2010 3:00:16 AM - Software Distribution Service 3.0
RP344: 4/16/2010 3:24:51 AM - System Checkpoint
RP345: 4/17/2010 3:48:52 AM - System Checkpoint
RP346: 4/18/2010 3:57:50 AM - System Checkpoint
RP347: 4/19/2010 4:24:51 AM - System Checkpoint
RP348: 4/20/2010 5:12:52 AM - System Checkpoint
RP349: 4/21/2010 6:01:02 AM - System Checkpoint
RP350: 4/22/2010 6:49:02 AM - System Checkpoint
RP351: 4/23/2010 7:26:07 AM - System Checkpoint
RP352: 4/24/2010 8:26:07 AM - System Checkpoint
RP353: 4/25/2010 9:01:02 AM - System Checkpoint
RP354: 4/26/2010 10:13:02 AM - System Checkpoint
RP355: 4/27/2010 10:49:02 AM - System Checkpoint
RP356: 4/28/2010 11:37:17 AM - System Checkpoint
RP357: 4/29/2010 12:37:20 PM - System Checkpoint
RP358: 4/30/2010 1:25:20 PM - System Checkpoint
RP359: 5/1/2010 1:37:21 PM - System Checkpoint
RP360: 5/2/2010 3:04:15 PM - System Checkpoint
RP361: 5/3/2010 3:06:59 PM - System Checkpoint
RP362: 5/4/2010 3:40:51 PM - Installed Compatibility Pack for the 2007 Office system
RP363: 5/5/2010 4:05:54 PM - System Checkpoint
RP364: 5/6/2010 3:00:13 AM - Software Distribution Service 3.0
RP365: 5/7/2010 3:17:54 AM - System Checkpoint
RP366: 5/8/2010 4:05:54 AM - System Checkpoint
RP367: 5/9/2010 5:05:54 AM - System Checkpoint
RP368: 5/10/2010 6:05:54 AM - System Checkpoint
RP369: 5/11/2010 6:41:54 AM - System Checkpoint
RP370: 5/12/2010 3:00:16 AM - Software Distribution Service 3.0
RP371: 5/13/2010 3:06:09 AM - System Checkpoint
RP372: 5/14/2010 4:54:57 AM - System Checkpoint
RP373: 5/15/2010 5:23:40 AM - System Checkpoint
RP374: 5/16/2010 6:30:09 AM - System Checkpoint
RP375: 5/17/2010 7:16:14 AM - System Checkpoint
RP376: 5/18/2010 8:23:24 AM - System Checkpoint
RP377: 5/19/2010 8:57:26 AM - System Checkpoint
RP378: 5/21/2010 4:45:47 PM - Removed Stronghold Legends
RP379: 5/21/2010 4:50:16 PM - Installed Java(TM) 6 Update 20
RP380: 5/22/2010 5:54:15 PM - System Checkpoint
RP381: 5/23/2010 6:04:20 PM - System Checkpoint
RP382: 5/24/2010 7:04:20 PM - System Checkpoint
RP383: 5/25/2010 7:07:31 PM - System Checkpoint
RP384: 6/1/2010 7:17:27 AM - System Checkpoint
RP385: 6/2/2010 8:22:33 AM - System Checkpoint
RP386: 6/3/2010 8:47:51 AM - System Checkpoint
RP387: 6/4/2010 9:37:41 AM - System Checkpoint
RP388: 6/5/2010 10:13:41 AM - System Checkpoint
RP389: 6/6/2010 11:01:41 AM - System Checkpoint
RP390: 6/7/2010 11:02:46 AM - System Checkpoint
RP391: 6/14/2010 8:06:36 AM - System Checkpoint
RP392: 6/15/2010 8:27:51 AM - System Checkpoint
RP393: 6/15/2010 11:16:15 PM - Installed AVG Free 9.0

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
AIO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG Free 9.0
Bonjour
BufferChm
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Copy
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
DVD Suite
eSupportQFolder
F2100
F2100_Help
Google Earth
Google Update Helper
Google Updater
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Customer Participation Program 8.0
HP Deskjet All-In-One Software 8.0
HP Imaging Device Functions 8.0
HP Photosmart Essential
HP Product Assistant
HP Solution Center 8.0
HP Update
HPProductAssistant
HPSSupply
iTunes
Java Auto Updater
Java(TM) 6 Update 20
Malwarebytes' Anti-Malware
MarketResearch
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 6-9 Converter
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Essentials
neroxml
NVIDIA Drivers
PokerStars
PowerDVD
PowerProducer
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Scan
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 9
Status
Text-To-Speech-Runtime
Tidy Favorites Buttons 6.23
Toolbox
TrayApp
UnloadSupport
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Vista Start Menu 3.67
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format Runtime

==== Event Viewer Messages From Past Week ========

6/15/2010 11:29:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Workstation service to connect.
6/15/2010 11:29:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Time service to connect.
6/15/2010 11:29:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Management Instrumentation service to connect.
6/15/2010 11:29:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Audio service to connect.
6/15/2010 11:29:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Telephony service to connect.
6/15/2010 11:29:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the System Restore Service service to connect.
6/15/2010 11:29:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Server service to connect.
6/15/2010 11:29:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Secondary Logon service to connect.
6/15/2010 11:29:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Network Connections service to connect.
6/15/2010 11:29:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Help and Support service to connect.
6/15/2010 11:29:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Fast User Switching Compatibility service to connect.
6/15/2010 11:29:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Error Reporting Service service to connect.
6/15/2010 11:29:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Distributed Link Tracking Client service to connect.
6/15/2010 11:29:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Cryptographic Services service to connect.
6/15/2010 11:29:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the COM+ Event System service to connect.
6/15/2010 11:29:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Background Intelligent Transfer Service service to connect.
6/15/2010 11:29:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Automatic Updates service to connect.
6/15/2010 11:29:32 PM, error: Service Control Manager [7001] - The Windows Firewall/Internet Connection Sharing (ICS) service depends on the Network Connections service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
6/15/2010 11:29:32 PM, error: Service Control Manager [7001] - The System Event Notification service depends on the COM+ Event System service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
6/15/2010 11:29:32 PM, error: Service Control Manager [7001] - The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
6/15/2010 11:29:32 PM, error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
6/15/2010 11:29:32 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
6/15/2010 11:29:32 PM, error: Service Control Manager [7000] - The Workstation service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/15/2010 11:29:32 PM, error: Service Control Manager [7000] - The Windows Time service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/15/2010 11:29:32 PM, error: Service Control Manager [7000] - The Windows Audio service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/15/2010 11:29:32 PM, error: Service Control Manager [7000] - The Telephony service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/15/2010 11:29:32 PM, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/15/2010 11:29:32 PM, error: Service Control Manager [7000] - The Server service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/15/2010 11:29:32 PM, error: Service Control Manager [7000] - The Network Connections service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/15/2010 11:29:32 PM, error: Service Control Manager [7000] - The Help and Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/15/2010 11:29:32 PM, error: Service Control Manager [7000] - The Fast User Switching Compatibility service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/15/2010 11:29:32 PM, error: Service Control Manager [7000] - The Distributed Link Tracking Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/15/2010 11:29:32 PM, error: Service Control Manager [7000] - The Cryptographic Services service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/15/2010 11:29:32 PM, error: Service Control Manager [7000] - The COM+ Event System service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/15/2010 11:29:32 PM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/15/2010 11:29:32 PM, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/15/2010 11:26:03 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
6/15/2010 11:25:58 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
6/15/2010 11:25:55 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
6/15/2010 11:25:55 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/15/2010 11:25:55 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
6/15/2010 10:13:16 PM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
6/15/2010 10:13:14 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
6/15/2010 10:11:54 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Wireless Zero Configuration service to connect.
6/15/2010 10:11:54 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Themes service to connect.
6/15/2010 10:11:54 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Task Scheduler service to connect.
6/15/2010 10:11:54 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Shell Hardware Detection service to connect.
6/15/2010 10:11:54 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the DHCP Client service to connect.
6/15/2010 10:11:54 PM, error: Service Control Manager [7000] - The Wireless Zero Configuration service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/15/2010 10:11:54 PM, error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/15/2010 10:11:54 PM, error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/15/2010 10:11:54 PM, error: Service Control Manager [7000] - The Nero Registry InCD Service service failed to start due to the following error: The system cannot find the file specified.
6/15/2010 10:11:54 PM, error: Service Control Manager [7000] - The DHCP Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/15/2010 10:09:29 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
6/15/2010 10:09:29 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
6/15/2010 10:09:29 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
6/15/2010 10:09:29 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.

==== End Of File ===========================
Blade81
2010-06-22, 19:04
Hi,

Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab, uncheck all but sections option and then click scan.
When scanning is ready, click Copy.
This copies log to clipboard
Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.
bellagiobob
2010-06-22, 21:11
Thank you for taking the time to help me. I have had to transfer the log from the infected computer to a diferent one, as was having too many system freezes, etc on the infected computer. FYI, after every reboot, the computer is not connecting to the internet. It is searching for a connection. In run, I type in services.msc, and DHCP Client status is blank. So I start it and it then connects to the internet. But after each reboot, it is the same problem. And the startup type is set to automatic. Another problem is for example when I go to the spybot.com website. I wasn't able to click anything with my mouse. No left click options available. I right clicked, went to encoding changed to Western European (Windows) and it worked. But had to do that with every page. Chose the autoselect, but each time I went to the internet, it was the same. Not sure if these are related, but thought I would pass that info onto you.

Here is the log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-22 12:04:40
Windows 5.1.2600 Service Pack 3
Running: uqtdmer5.exe; Driver: C:\DOCUME~1\Randy\LOCALS~1\Temp\fxtdrpob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9EC6380, 0x346307, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[124] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[124] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C1000A
.text C:\WINDOWS\Explorer.EXE[124] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C
.text C:\WINDOWS\System32\svchost.exe[2044] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009A000A
.text C:\WINDOWS\System32\svchost.exe[2044] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009B000A
.text C:\WINDOWS\System32\svchost.exe[2044] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0099000C
.text C:\WINDOWS\System32\svchost.exe[2044] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00B7000A
.text C:\WINDOWS\system32\wuauclt.exe[2644] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009A000A
.text C:\WINDOWS\system32\wuauclt.exe[2644] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009B000A
.text C:\WINDOWS\system32\wuauclt.exe[2644] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0099000C

---- EOF - GMER 1.0.15 ----
Blade81
2010-06-23, 07:37
Hi again,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
bellagiobob
2010-06-23, 21:54
Here are the logs:

ComboFix 10-06-23.01 - Randy 06/23/2010 12:41:46.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2794 [GMT -6:00]
Running from: c:\documents and settings\Randy\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-05-23 to 2010-06-23 )))))))))))))))))))))))))))))))
.

2010-06-22 17:53 . 2010-06-22 17:53 -------- d-----w- c:\windows\system32\LogFiles
2010-06-22 03:12 . 2010-06-22 03:12 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-06-19 01:16 . 2010-06-19 01:20 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-06-19 01:13 . 2010-06-19 01:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-06-19 01:13 . 2010-06-19 01:13 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-06-19 01:05 . 2010-06-19 01:05 -------- d-----w- c:\documents and settings\Randy\Application Data\AVG9
2010-06-19 00:11 . 2010-06-19 00:11 -------- d-----w- c:\documents and settings\Randy\Application Data\Auslogics
2010-06-19 00:06 . 2010-06-19 00:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-19 00:05 . 2010-06-19 00:05 -------- d-----w- c:\program files\Auslogics
2010-06-17 16:19 . 2010-06-17 16:19 45056 ----a-w- c:\windows\system32\Cw0gu7Xp.dll
2010-06-16 05:33 . 2010-06-16 05:33 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-06-16 05:33 . 2010-06-16 05:33 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-06-16 05:18 . 2010-06-16 05:18 -------- d-----w- C:\$AVG
2010-06-16 05:16 . 2010-06-16 05:16 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-06-16 05:16 . 2010-06-16 05:23 -------- d-----w- c:\windows\SxsCaPendDel
2010-06-16 04:03 . 2010-06-23 18:37 -------- d-----w- c:\documents and settings\Randy\Application Data\Vista Start Menu
2010-06-16 04:02 . 2010-06-16 04:03 -------- d-----w- c:\program files\Vista Start Menu
2010-06-16 03:23 . 2008-04-14 12:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-06-10 22:28 . 2010-06-15 00:42 -------- d-----w- c:\program files\LimeWire
2010-05-27 17:45 . 2010-05-27 17:45 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple
2010-05-26 07:53 . 2010-05-26 07:53 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-05-25 10:21 . 2010-05-25 10:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-22 03:12 . 2010-05-23 11:31 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-18 23:16 . 2009-05-21 00:39 -------- d-----w- c:\program files\Common Files\HP
2010-06-18 23:16 . 2009-05-21 00:38 -------- d-----w- c:\program files\HP
2010-06-18 23:15 . 2009-05-21 00:40 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-06-18 05:28 . 2009-10-18 15:51 -------- d-----w- c:\program files\iTunes
2010-06-18 02:59 . 2009-10-18 15:50 -------- d-----w- c:\program files\QuickTime
2010-06-17 16:25 . 2010-06-17 16:19 112 ----a-w- c:\documents and settings\All Users\Application Data\o83LNCR3.dat
2010-06-16 05:33 . 2009-05-14 19:33 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-16 05:33 . 2009-05-14 19:33 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-16 05:18 . 2009-05-14 19:33 -------- d-----w- c:\program files\AVG
2010-06-16 05:18 . 2009-05-14 19:33 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-16 05:18 . 2009-05-14 19:33 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-26 02:59 . 2009-10-19 23:53 47012 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-22 00:02 . 2009-05-21 14:07 60184 ----a-w- c:\documents and settings\Randy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-21 22:50 . 2010-05-21 22:50 -------- d-----w- c:\program files\Common Files\Java
2010-05-21 22:50 . 2010-05-21 22:50 503808 ----a-w- c:\documents and settings\Randy\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-197b92b3-n\msvcp71.dll
2010-05-21 22:50 . 2010-05-21 22:50 499712 ----a-w- c:\documents and settings\Randy\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-197b92b3-n\jmc.dll
2010-05-21 22:50 . 2010-05-21 22:50 348160 ----a-w- c:\documents and settings\Randy\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-197b92b3-n\msvcr71.dll
2010-05-21 22:50 . 2010-05-21 22:50 61440 ----a-w- c:\documents and settings\Randy\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-54ad6228-n\decora-sse.dll
2010-05-21 22:50 . 2010-05-21 22:50 12800 ----a-w- c:\documents and settings\Randy\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-54ad6228-n\decora-d3d.dll
2010-05-21 22:50 . 2009-05-25 02:42 -------- d-----w- c:\program files\Java
2010-05-21 22:48 . 2009-07-07 23:19 -------- d-----w- c:\program files\Google
2010-05-21 22:46 . 2009-05-13 17:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-21 22:45 . 2009-07-22 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Firefly Studios
2010-05-21 22:43 . 2009-07-25 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\MAGIX
2010-05-21 22:02 . 2010-05-21 22:02 -------- d-----w- c:\documents and settings\Randy\Application Data\Malwarebytes
2010-05-21 22:02 . 2010-05-21 22:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-21 22:02 . 2010-05-21 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-13 00:59 . 2009-06-11 09:09 -------- d-----w- c:\documents and settings\Randy\Application Data\HP
2010-05-04 21:40 . 2010-05-04 21:40 -------- d-----w- c:\program files\MSECache
2010-04-29 21:39 . 2010-05-21 22:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 21:39 . 2010-05-21 22:02 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-25 20:49 . 2009-08-17 06:28 -------- d-----w- c:\program files\PokerStars
2010-04-14 09:25 . 2009-11-26 06:38 79488 ----a-w- c:\documents and settings\Randy\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-04-12 23:29 . 2010-05-21 22:50 411368 ----a-w- c:\windows\system32\deployJava1.dll
.

<pre>
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\Ahead\Lib\NeroCheck .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\CyberLink\PowerDVD\PDVDServ .exe
c:\program files\CyberLink\PowerDVD\Language\Language .exe
c:\program files\HP\HP Software Update\HPWuSchd2 .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Nero\Nero 7\InCD\InCD .exe
c:\program files\Nero\Nero 7\InCD\NBHGui .exe
c:\program files\QuickTime\qttask .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6A91056-83E0-4C6E-8DCC-43FC0DFE7A0A}]
2010-06-17 16:19 45056 ----a-w- c:\windows\system32\Cw0gu7Xp.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaStartMenu"="c:\program files\Vista Start Menu\VistaStartMenu.exe" [2010-06-16 2780016]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-07 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"WinSys2"="c:\windows\system32\winsys2.exe" [2007-10-30 208896]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"nwiz"="nwiz.exe" [2007-12-05 1626112]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-16 05:18 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/14/2009 1:33 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/14/2009 1:33 PM 242896]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [6/15/2010 11:17 PM 308064]
S0 nanpq;nanpq; [x]
S2 gupdate1c9ff5981596924;Google Update Service (gupdate1c9ff5981596924);c:\program files\Google\Update\GoogleUpdate.exe [7/7/2009 5:20 PM 133104]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-06-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-06-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-07 23:19]

2010-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb0d613078d96a.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 23:20]

2010-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 23:20]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-23 12:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(852)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(912)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(568)
c:\windows\system32\WININET.dll
c:\program files\Vista Start Menu\VistaStartMenu.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-06-23 12:48:37
ComboFix-quarantined-files.txt 2010-06-23 18:48
ComboFix2.txt 2010-06-18 03:46

Pre-Run: 296,522,985,472 bytes free
Post-Run: 296,526,168,064 bytes free

- - End Of File - - 86A99775613FF3B346D35378D5EA6AC3


DDS (Ver_10-03-17.01) - NTFSx86
Run by Randy at 12:52:11.62 on Wed 06/23/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2639 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\AVG\AVG9\avgui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Randy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: CAB Class: {c6a91056-83e0-4c6e-8dcc-43fc0dfe7a0a} - c:\windows\system32\Cw0gu7Xp.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [VistaStartMenu] "c:\program files\vista start menu\VistaStartMenu.exe"
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [WinSys2] c:\windows\system32\winsys2.exe
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] nwiz.exe /install
mRun: [SoundMan] SOUNDMAN.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-14 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-14 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-14 242896]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-15 308064]
S0 nanpq;nanpq; [x]
S2 gupdate1c9ff5981596924;Google Update Service (gupdate1c9ff5981596924);c:\program files\google\update\GoogleUpdate.exe [2009-7-7 133104]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\nero\nero 7\incd\nbhregincdsrv.exe --> c:\program files\nero\nero 7\incd\NBHRegInCDSrv.exe [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

=============== Created Last 30 ================

2010-06-23 18:39:54 98816 ----a-w- c:\windows\sed.exe
2010-06-23 18:39:54 77312 ----a-w- c:\windows\MBR.exe
2010-06-23 18:39:54 256512 ----a-w- c:\windows\PEV.exe
2010-06-23 18:39:54 161792 ----a-w- c:\windows\SWREG.exe
2010-06-22 17:53:32 0 d-----w- c:\windows\system32\LogFiles
2010-06-19 01:16:16 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-06-19 01:13:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-06-19 01:13:44 0 d-----w- c:\program files\Hitman Pro 3.5
2010-06-19 01:05:38 0 d-----w- c:\docume~1\randy\applic~1\AVG9
2010-06-19 00:11:59 0 d-----w- c:\docume~1\randy\applic~1\Auslogics
2010-06-19 00:05:52 0 d-----w- c:\program files\Auslogics
2010-06-18 03:38:17 0 d-sha-r- C:\cmdcons
2010-06-17 16:19:16 45056 ----a-w- c:\windows\system32\Cw0gu7Xp.dll
2010-06-17 16:19:16 112 ----a-w- c:\docume~1\alluse~1\applic~1\o83LNCR3.dat
2010-06-16 05:18:29 0 d-----w- C:\$AVG
2010-06-16 05:16:29 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-06-16 05:16:03 0 d-----w- c:\windows\SxsCaPendDel
2010-06-16 04:03:12 0 d-----w- c:\docume~1\randy\applic~1\Vista Start Menu
2010-06-16 04:02:47 0 d-----w- c:\program files\Vista Start Menu
2010-06-16 03:15:43 0 d-----w- c:\windows\pss
2010-06-10 22:28:15 0 d-----w- c:\program files\LimeWire
2010-05-26 07:53:21 552 ----a-w- c:\windows\system32\d3d8caps.dat

==================== Find3M ====================

2010-06-16 05:33:11 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-16 05:18:19 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-16 05:18:12 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-26 02:59:56 47012 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-29 21:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 21:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-12 23:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll

============= FINISH: 12:52:52.39 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 5/13/2009 11:38:46 AM
System Uptime: 6/23/2010 12:29:51 PM (0 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | EP43-UD3L
Processor: Intel Pentium III Xeon processor | Socket 775 | 2999/333mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 298 GiB total, 276.181 GiB free.
D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 6/23/2010 12:39:53 PM - System Checkpoint

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
AIO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Auslogics BoostSpeed
AVG Free 9.0
Bonjour
BufferChm
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
DVD Suite
F2100
F2100_Help
Google Earth
Google Update Helper
Google Updater
Hitman Pro 3.5
HP Deskjet All-In-One Software 8.0
iTunes
Java Auto Updater
Java(TM) 6 Update 20
Malwarebytes' Anti-Malware
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 6-9 Converter
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Essentials
neroxml
NVIDIA Drivers
PokerStars
PowerDVD
PowerProducer
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Scan
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows XP (KB923789)
Spelling Dictionaries Support For Adobe Reader 9
Text-To-Speech-Runtime
Toolbox
UnloadSupport
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Vista Start Menu 3.67
WebFldrs XP
WebReg
Windows Internet Explorer 8
Windows Media Format Runtime

==== Event Viewer Messages From Past Week ========

6/22/2010 6:31:41 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the W32Time service.
6/22/2010 6:29:32 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the PolicyAgent service.
6/22/2010 6:29:29 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the JavaQuickStarterService service.
6/22/2010 12:07:00 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avg9wd service.
6/22/2010 10:38:44 PM, error: W32Time [46] - The time service encountered an error and was forced to shut down. The error was: 0x800706BB
6/21/2010 12:45:21 PM, error: atapi [9] - The device, \Device\Ide\IdePort3, did not respond within the timeout period.
6/18/2010 7:46:51 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer SHEILA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{380F6794-1644-4BFD. The master browser is stopping or an election is being forced.
6/18/2010 7:28:17 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Background Intelligent Transfer Service service to connect.
6/18/2010 7:28:17 PM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2010 7:28:07 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/18/2010 7:28:06 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
6/18/2010 7:28:06 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
6/18/2010 7:26:22 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
6/18/2010 7:01:56 PM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
6/18/2010 7:01:54 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
6/18/2010 7:00:33 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Wireless Zero Configuration service to connect.
6/18/2010 7:00:33 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Themes service to connect.
6/18/2010 7:00:33 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Shell Hardware Detection service to connect.
6/18/2010 7:00:33 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the DHCP Client service to connect.
6/18/2010 7:00:33 PM, error: Service Control Manager [7000] - The Wireless Zero Configuration service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2010 7:00:33 PM, error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2010 7:00:33 PM, error: Service Control Manager [7000] - The Nero Registry InCD Service service failed to start due to the following error: The system cannot find the file specified.
6/18/2010 7:00:33 PM, error: Service Control Manager [7000] - The DHCP Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2010 6:58:08 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
6/18/2010 6:58:08 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
6/18/2010 6:58:08 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
6/18/2010 5:50:48 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Task Scheduler service to connect.
6/18/2010 5:50:48 PM, error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2010 5:48:23 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
6/18/2010 5:22:58 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Workstation service to connect.
6/18/2010 5:22:58 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Audio service to connect.
6/18/2010 5:22:58 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the System Restore Service service to connect.
6/18/2010 5:22:58 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Server service to connect.
6/18/2010 5:22:58 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Secondary Logon service to connect.
6/18/2010 5:22:58 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Network Connections service to connect.
6/18/2010 5:22:58 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Help and Support service to connect.
6/18/2010 5:22:58 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Error Reporting Service service to connect.
6/18/2010 5:22:58 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the CryptSvc service to connect.
6/18/2010 5:22:58 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the COM+ Event System service to connect.
6/18/2010 5:22:58 PM, error: Service Control Manager [7001] - The Windows Firewall/Internet Connection Sharing (ICS) service depends on the Network Connections service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2010 5:22:58 PM, error: Service Control Manager [7001] - The System Event Notification service depends on the COM+ Event System service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2010 5:22:58 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2010 5:22:58 PM, error: Service Control Manager [7000] - The Workstation service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2010 5:22:58 PM, error: Service Control Manager [7000] - The Windows Audio service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2010 5:22:58 PM, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2010 5:22:58 PM, error: Service Control Manager [7000] - The Server service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2010 5:22:58 PM, error: Service Control Manager [7000] - The Network Connections service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2010 5:22:58 PM, error: Service Control Manager [7000] - The Help and Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2010 5:22:58 PM, error: Service Control Manager [7000] - The CryptSvc service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2010 5:22:58 PM, error: Service Control Manager [7000] - The COM+ Event System service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2010 4:29:00 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Time service to connect.
6/18/2010 4:29:00 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Management Instrumentation service to connect.
6/18/2010 4:29:00 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Telephony service to connect.
6/18/2010 4:29:00 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Fast User Switching Compatibility service to connect.
6/18/2010 4:29:00 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Distributed Link Tracking Client service to connect.
6/18/2010 4:29:00 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Automatic Updates service to connect.
6/18/2010 4:29:00 PM, error: Service Control Manager [7001] - The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2010 4:29:00 PM, error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2010 4:29:00 PM, error: Service Control Manager [7000] - The Windows Time service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2010 4:29:00 PM, error: Service Control Manager [7000] - The Telephony service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2010 4:29:00 PM, error: Service Control Manager [7000] - The Fast User Switching Compatibility service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2010 4:29:00 PM, error: Service Control Manager [7000] - The Distributed Link Tracking Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2010 4:29:00 PM, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================
Blade81
2010-06-24, 07:41
Hi again,


Open notepad and copy/paste the text in the quotebox below into it:



http://forums.spybot.info/showthread.php?p=375273#post375273
Driver::
nanpq
Collect::
c:\windows\system32\Cw0gu7Xp.dll
c:\documents and settings\All Users\Application Data\o83LNCR3.dat
Folder::
c:\program files\LimeWire
RenV::
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\Ahead\Lib\NeroCheck .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\CyberLink\PowerDVD\PDVDServ .exe
c:\program files\CyberLink\PowerDVD\Language\Language .exe
c:\program files\HP\HP Software Update\HPWuSchd2 .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Nero\Nero 7\InCD\InCD .exe
c:\program files\Nero\Nero 7\InCD\NBHGui .exe
c:\program files\QuickTime\qttask .exe
DDS::
uInternet Settings,ProxyOverride = <local>



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (both 9.3 and update 9.3.2) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).


Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
bellagiobob
2010-06-25, 01:30
Here is the combofix log. The other two logs will follow.

ComboFix 10-06-23.05 - Randy 06/24/2010 16:13:24.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2542 [GMT -6:00]
Running from: c:\documents and settings\Randy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Randy\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

file zipped: c:\documents and settings\All Users\Application Data\o83LNCR3.dat
file zipped: c:\windows\system32\Cw0gu7Xp.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\o83LNCR3.dat
c:\program files\LimeWire
c:\program files\LimeWire\toolbarResult
c:\windows\system32\Cw0gu7Xp.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_nanpq


((((((((((((((((((((((((( Files Created from 2010-05-24 to 2010-06-24 )))))))))))))))))))))))))))))))
.

2010-06-22 17:53 . 2010-06-22 17:53 -------- d-----w- c:\windows\system32\LogFiles
2010-06-22 03:12 . 2010-06-22 03:12 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-06-19 01:16 . 2010-06-19 01:20 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-06-19 01:13 . 2010-06-19 01:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-06-19 01:13 . 2010-06-19 01:13 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-06-19 01:05 . 2010-06-19 01:05 -------- d-----w- c:\documents and settings\Randy\Application Data\AVG9
2010-06-19 00:11 . 2010-06-19 00:11 -------- d-----w- c:\documents and settings\Randy\Application Data\Auslogics
2010-06-19 00:06 . 2010-06-19 00:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-19 00:05 . 2010-06-19 00:05 -------- d-----w- c:\program files\Auslogics
2010-06-16 05:33 . 2010-06-16 05:33 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-06-16 05:33 . 2010-06-16 05:33 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-06-16 05:18 . 2010-06-16 05:18 -------- d-----w- C:\$AVG
2010-06-16 05:16 . 2010-06-16 05:16 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-06-16 05:16 . 2010-06-16 05:23 -------- d-----w- c:\windows\SxsCaPendDel
2010-06-16 04:03 . 2010-06-24 22:06 -------- d-----w- c:\documents and settings\Randy\Application Data\Vista Start Menu
2010-06-16 04:02 . 2010-06-16 04:03 -------- d-----w- c:\program files\Vista Start Menu
2010-06-16 03:23 . 2008-04-14 12:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-05-27 17:45 . 2010-05-27 17:45 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple
2010-05-26 07:53 . 2010-05-26 07:53 552 ----a-w- c:\windows\system32\d3d8caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-24 22:13 . 2009-10-18 15:51 -------- d-----w- c:\program files\iTunes
2010-06-24 22:13 . 2009-10-18 15:50 -------- d-----w- c:\program files\QuickTime
2010-06-22 03:12 . 2010-05-23 11:31 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-18 23:16 . 2009-05-21 00:39 -------- d-----w- c:\program files\Common Files\HP
2010-06-18 23:16 . 2009-05-21 00:38 -------- d-----w- c:\program files\HP
2010-06-18 23:15 . 2009-05-21 00:40 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-06-16 05:33 . 2009-05-14 19:33 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-16 05:33 . 2009-05-14 19:33 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-16 05:18 . 2009-05-14 19:33 -------- d-----w- c:\program files\AVG
2010-06-16 05:18 . 2009-05-14 19:33 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-16 05:18 . 2009-05-14 19:33 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-26 02:59 . 2009-10-19 23:53 47012 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-22 00:02 . 2009-05-21 14:07 60184 ----a-w- c:\documents and settings\Randy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-21 22:50 . 2010-05-21 22:50 -------- d-----w- c:\program files\Common Files\Java
2010-05-21 22:50 . 2010-05-21 22:50 503808 ----a-w- c:\documents and settings\Randy\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-197b92b3-n\msvcp71.dll
2010-05-21 22:50 . 2010-05-21 22:50 499712 ----a-w- c:\documents and settings\Randy\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-197b92b3-n\jmc.dll
2010-05-21 22:50 . 2010-05-21 22:50 348160 ----a-w- c:\documents and settings\Randy\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-197b92b3-n\msvcr71.dll
2010-05-21 22:50 . 2010-05-21 22:50 61440 ----a-w- c:\documents and settings\Randy\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-54ad6228-n\decora-sse.dll
2010-05-21 22:50 . 2010-05-21 22:50 12800 ----a-w- c:\documents and settings\Randy\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-54ad6228-n\decora-d3d.dll
2010-05-21 22:50 . 2009-05-25 02:42 -------- d-----w- c:\program files\Java
2010-05-21 22:48 . 2009-07-07 23:19 -------- d-----w- c:\program files\Google
2010-05-21 22:46 . 2009-05-13 17:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-21 22:45 . 2009-07-22 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Firefly Studios
2010-05-21 22:43 . 2009-07-25 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\MAGIX
2010-05-21 22:02 . 2010-05-21 22:02 -------- d-----w- c:\documents and settings\Randy\Application Data\Malwarebytes
2010-05-21 22:02 . 2010-05-21 22:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-21 22:02 . 2010-05-21 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-13 00:59 . 2009-06-11 09:09 -------- d-----w- c:\documents and settings\Randy\Application Data\HP
2010-05-04 21:40 . 2010-05-04 21:40 -------- d-----w- c:\program files\MSECache
2010-04-29 21:39 . 2010-05-21 22:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 21:39 . 2010-05-21 22:02 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-14 09:25 . 2009-11-26 06:38 79488 ----a-w- c:\documents and settings\Randy\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-04-12 23:29 . 2010-05-21 22:50 411368 ----a-w- c:\windows\system32\deployJava1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaStartMenu"="c:\program files\Vista Start Menu\VistaStartMenu.exe" [2010-06-16 2780016]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-07 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"WinSys2"="c:\windows\system32\winsys2.exe" [2007-10-30 208896]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"nwiz"="nwiz.exe" [2007-12-05 1626112]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-16 05:18 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/14/2009 1:33 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/14/2009 1:33 PM 242896]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [6/15/2010 11:17 PM 308064]
R2 gupdate1c9ff5981596924;Google Update Service (gupdate1c9ff5981596924);c:\program files\Google\Update\GoogleUpdate.exe [7/7/2009 5:20 PM 133104]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-06-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-06-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-07 23:19]

2010-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb0d613078d96a.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 23:20]

2010-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 23:20]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

BHO-{C6A91056-83E0-4C6E-8DCC-43FC0DFE7A0A} - c:\windows\system32\Cw0gu7Xp.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-24 16:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(848)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(924)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3812)
c:\windows\system32\WININET.dll
c:\program files\Vista Start Menu\VistaStartMenu.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\SOUNDMAN.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\imapi.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-06-24 16:27:05 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-24 22:27
ComboFix2.txt 2010-06-23 18:48
ComboFix3.txt 2010-06-18 03:46

Pre-Run: 296,628,985,856 bytes free
Post-Run: 296,582,311,936 bytes free

- - End Of File - - E87BC4C54E425C1673227C61E4EFEFB5
Blade81
2010-06-25, 01:51
Hi,

In addition to those instructed steps, look also for a zip file named like [4]-Submit in c:\qoobox\quarantine folder. Please upload it to this website (http://www.bleepingcomputer.com/submit-malware.php?channel=4).

Kindly include a link to this topic in the message.
bellagiobob
2010-06-25, 02:09
File sent as requested. Still waiting on Kapersky. Will post when done. FYI, still taking up to 10 minutes to reboot, and the DHCP client status is not starting by itself.
bellagiobob
2010-06-25, 03:23
Here are the other logs as requested.

KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, June 24, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, June 24, 2010 14:01:27
Records in database: 4308930


Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes

Scan area My Computer
C:\
D:\

Scan statistics
Objects scanned 42767
Threats found 0
Infected objects found 0
Suspicious objects found 0
Scan duration 00:37:59

No threats found. Scanned area is clean.
Selected area has been scanned.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Randy at 18:21:21.01 on Thu 06/24/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2344 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Randy\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [VistaStartMenu] "c:\program files\vista start menu\VistaStartMenu.exe"
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [WinSys2] c:\windows\system32\winsys2.exe
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] nwiz.exe /install
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-14 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-14 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-14 242896]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-15 308064]
S2 gupdate1c9ff5981596924;Google Update Service (gupdate1c9ff5981596924);c:\program files\google\update\GoogleUpdate.exe [2009-7-7 133104]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\nero\nero 7\incd\nbhregincdsrv.exe --> c:\program files\nero\nero 7\incd\NBHRegInCDSrv.exe [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

=============== Created Last 30 ================

2010-06-23 18:39:54 98816 ----a-w- c:\windows\sed.exe
2010-06-23 18:39:54 77312 ----a-w- c:\windows\MBR.exe
2010-06-23 18:39:54 256512 ----a-w- c:\windows\PEV.exe
2010-06-23 18:39:54 161792 ----a-w- c:\windows\SWREG.exe
2010-06-22 17:53:32 0 d-----w- c:\windows\system32\LogFiles
2010-06-19 01:16:16 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-06-19 01:13:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-06-19 01:13:44 0 d-----w- c:\program files\Hitman Pro 3.5
2010-06-19 01:05:38 0 d-----w- c:\docume~1\randy\applic~1\AVG9
2010-06-19 00:11:59 0 d-----w- c:\docume~1\randy\applic~1\Auslogics
2010-06-19 00:05:52 0 d-----w- c:\program files\Auslogics
2010-06-18 03:38:17 0 d-sha-r- C:\cmdcons
2010-06-16 05:18:29 0 d-----w- C:\$AVG
2010-06-16 05:16:29 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-06-16 05:16:03 0 d-----w- c:\windows\SxsCaPendDel
2010-06-16 04:03:12 0 d-----w- c:\docume~1\randy\applic~1\Vista Start Menu
2010-06-16 04:02:47 0 d-----w- c:\program files\Vista Start Menu
2010-06-16 03:15:43 0 d-----w- c:\windows\pss
2010-05-26 07:53:21 552 ----a-w- c:\windows\system32\d3d8caps.dat

==================== Find3M ====================

2010-06-16 05:33:11 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-16 05:18:19 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-16 05:18:12 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-26 02:59:56 47012 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-29 21:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 21:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-12 23:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll

============= FINISH: 18:22:13.03 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 5/13/2009 11:38:46 AM
System Uptime: 6/24/2010 4:48:33 PM (2 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | EP43-UD3L
Processor: Intel Pentium III Xeon processor | Socket 775 | 2999/333mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 298 GiB total, 275.769 GiB free.
D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 6/23/2010 12:39:53 PM - System Checkpoint
RP2: 6/24/2010 9:11:43 AM - Avg Update
RP3: 6/24/2010 4:31:17 PM - Removed Adobe Reader 9.1.3.
RP4: 6/24/2010 4:44:10 PM - Installed Adobe Reader 9.3.

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
AIO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Auslogics BoostSpeed
AVG Free 9.0
Bonjour
BufferChm
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
DVD Suite
F2100
F2100_Help
Google Earth
Google Update Helper
Google Updater
Hitman Pro 3.5
HP Deskjet All-In-One Software 8.0
iTunes
Java Auto Updater
Java(TM) 6 Update 20
Malwarebytes' Anti-Malware
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 6-9 Converter
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Essentials
neroxml
NVIDIA Drivers
PokerStars
PowerDVD
PowerProducer
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Scan
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows XP (KB923789)
Spelling Dictionaries Support For Adobe Reader 9
Text-To-Speech-Runtime
Toolbox
UnloadSupport
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Vista Start Menu 3.67
WebFldrs XP
WebReg
Windows Internet Explorer 8
Windows Media Format Runtime

==== Event Viewer Messages From Past Week ========

6/24/2010 5:23:30 PM, information: Windows File Protection [64021] - The system file c:\program files\common files\microsoft shared\web server extensions\40\servsupp\fp4anscp.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
6/24/2010 5:23:30 PM, information: Windows File Protection [64018] - Windows File Protection file scan was cancelled by user interaction, user name is Randy.
6/24/2010 5:22:41 PM, information: Windows File Protection [64021] - The system file c:\program files\common files\microsoft shared\web server extensions\40\servsupp\fp4amsft.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
6/24/2010 5:22:35 PM, information: Windows File Protection [64021] - The system file c:\program files\common files\microsoft shared\web server extensions\40\bin\cfgwiz.exe could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
6/24/2010 5:21:42 PM, information: Windows File Protection [64021] - The system file c:\program files\common files\microsoft shared\web server extensions\40\_vti_bin\_vti_aut\author.exe could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
6/24/2010 5:21:37 PM, information: Windows File Protection [64021] - The system file c:\program files\common files\microsoft shared\web server extensions\40\isapi\_vti_aut\author.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
6/24/2010 5:21:25 PM, information: Windows File Protection [64021] - The system file c:\program files\common files\microsoft shared\web server extensions\40\_vti_bin\_vti_adm\admin.exe could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
6/24/2010 5:21:19 PM, information: Windows File Protection [64021] - The system file c:\program files\common files\microsoft shared\web server extensions\40\isapi\_vti_adm\admin.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
6/24/2010 5:20:40 PM, information: Windows File Protection [64016] - Windows File Protection file scan was started.
6/22/2010 6:31:41 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the W32Time service.
6/22/2010 6:29:32 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the PolicyAgent service.
6/22/2010 6:29:29 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the JavaQuickStarterService service.
6/22/2010 12:07:00 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avg9wd service.
6/22/2010 10:38:44 PM, error: W32Time [46] - The time service encountered an error and was forced to shut down. The error was: 0x800706BB
6/21/2010 12:45:21 PM, error: atapi [9] - The device, \Device\Ide\IdePort3, did not respond within the timeout period.
6/18/2010 7:46:51 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer SHEILA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{380F6794-1644-4BFD. The master browser is stopping or an election is being forced.
6/18/2010 7:44:36 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
6/18/2010 7:43:15 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Wireless Zero Configuration service to connect.
6/18/2010 7:43:15 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Themes service to connect.
6/18/2010 7:43:15 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the DHCP Client service to connect.
6/18/2010 7:43:15 PM, error: Service Control Manager [7000] - The Wireless Zero Configuration service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2010 7:43:15 PM, error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2010 7:43:15 PM, error: Service Control Manager [7000] - The Nero Registry InCD Service service failed to start due to the following error: The system cannot find the file specified.
6/18/2010 7:43:15 PM, error: Service Control Manager [7000] - The DHCP Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2010 7:40:52 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
6/18/2010 7:40:52 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
6/18/2010 7:40:52 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
6/18/2010 7:40:52 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
6/18/2010 7:28:17 PM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
6/18/2010 7:28:17 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Workstation service to connect.
6/18/2010 7:28:17 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Time service to connect.
6/18/2010 7:28:17 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Management Instrumentation service to connect.
6/18/2010 7:28:17 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Audio service to connect.
6/18/2010 7:28:17 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Task Scheduler service to connect.
6/18/2010 7:28:17 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the System Restore Service service to connect.
6/18/2010 7:28:17 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Shell Hardware Detection service to connect.
6/18/2010 7:28:17 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Server service to connect.
6/18/2010 7:28:17 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Network Connections service to connect.
6/18/2010 7:28:17 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Help and Support service to connect.
6/18/2010 7:28:17 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Fast User Switching Compatibility service to connect.
6/18/2010 7:28:17 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Error Reporting Service service to connect.
6/18/2010 7:28:17 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Distributed Link Tracking Client service to connect.
6/18/2010 7:28:17 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the CryptSvc service to connect.
6/18/2010 7:28:17 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the COM+ Event System service to connect.
6/18/2010 7:28:17 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Background Intelligent Transfer Service service to connect.
6/18/2010 7:28:17 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Automatic Updates service to connect.
6/18/2010 7:28:17 PM, error: Service Control Manager [7001] - The Windows Firewall/Internet Connection Sharing (ICS) service depends on the Network Connections service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2010 7:28:17 PM, error: Service Control Manager [7001] - The System Event Notification service depends on the COM+ Event System service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2010 7:28:17 PM, error: Service Control Manager [7001] - The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2010 7:28:17 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2010 7:28:17 PM, error: Service Control Manager [7000] - The Workstation service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2010 7:28:17 PM, error: Service Control Manager [7000] - The Windows Time service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2010 7:28:17 PM, error: Service Control Manager [7000] - The Windows Audio service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2010 7:28:17 PM, error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2010 7:28:17 PM, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2010 7:28:17 PM, error: Service Control Manager [7000] - The Server service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2010 7:28:17 PM, error: Service Control Manager [7000] - The Network Connections service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2010 7:28:17 PM, error: Service Control Manager [7000] - The Help and Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2010 7:28:17 PM, error: Service Control Manager [7000] - The Fast User Switching Compatibility service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2010 7:28:17 PM, error: Service Control Manager [7000] - The Distributed Link Tracking Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2010 7:28:17 PM, error: Service Control Manager [7000] - The CryptSvc service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2010 7:28:17 PM, error: Service Control Manager [7000] - The COM+ Event System service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2010 7:28:17 PM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2010 7:28:17 PM, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2010 7:28:07 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/18/2010 7:28:06 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
6/18/2010 7:28:06 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
6/18/2010 5:48:23 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
6/18/2010 5:22:58 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Secondary Logon service to connect.
6/18/2010 4:29:00 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Telephony service to connect.
6/18/2010 4:29:00 PM, error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2010 4:29:00 PM, error: Service Control Manager [7000] - The Telephony service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================
Blade81
2010-06-25, 15:33
Good. How's the system running now? Still symptoms left after those latest logs?
bellagiobob
2010-06-25, 17:20
Hi, still takes a long, long time to reboot. Sometimes close to 10 minutes. After reboot, the computer is trying to connect to the internet, but it can't unless I run services.msc and change the DHCP status to start. Not sure why this keeps happening, as I have it set for automatic. Once up and running, things seem to be somewhat better. Still will be reading a certain website, when out of the blue another random site will open up in a new tab. Just curious of what you have seen so far, if I had some kind of malware and what the infected file was? Thanks again.
Blade81
2010-06-25, 19:04
Hi,

1. Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe and wait for the process to finish.
3. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)
Blade81
2010-07-01, 10:36
Still there?
bellagiobob
2010-07-01, 13:21
Hi there, sorry for the delay. Away for the weekend, and now having further issues with the computer. Problem with booting. May need to take it back to the place where we bought it for them to have a look at it. Will advise shortly if need to continue. Thanks.
Blade81
2010-07-01, 16:17
Ok. Shall wait for status update :)
Blade81
2010-07-06, 10:09
Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.