0

Performed an XP system repair due to the Administrator Account having an unknown password
along with Windows Explorer having multiple issues:
Open Containing Folder - not working
Find Target - not working
Explorer columns random view changes.

These all seem to be repaired and working fine.

Now Windows Updates are all returning as failed.

A program named FileAlyzer is also not working properly even after re installation.
I feel/fear the problem is deeper than it first appeared.
Any Help is greatly appreciated. Thank YOU!

==

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3555 (20081025)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=9ef4f4ab36fa664eb867b1462d9d6763
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-10-25 10:36:58
# local_time=2008-10-25 03:36:58 (-0700, US Mountain Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=1278697
# found=6
# scan_time=39104
D:\1downLOADS\corsair\DELL\registryWorkshp.rar  Win32/Agent.OBH trojan  9DBC6E4A3042679CA2EC847E008AEF1F
D:\1downLOADS\corsair\DELL\registryWorkshp.rar »RAR »registry.workshop.v3.1.0.patch.exe Win32/Agent.OBH trojan  00000000000000000000000000000000
D:\ADOBE\ADOBEkeys2008.rar  probably a variant of Win32/IRCBot trojan   2698C816923FB3F5642CE12B3351BB06
D:\ADOBE\ADOBEkeys2008.rar »RAR »Photoshop Extended CS3 Keygen.exe  probably a variant of Win32/IRCBot trojan   00000000000000000000000000000000
D:\CORSAIR\03_2008\registryWorkshp.rar  Win32/Agent.OBH trojan  9DBC6E4A3042679CA2EC847E008AEF1F
D:\CORSAIR\03_2008\registryWorkshp.rar »RAR »registry.workshop.v3.1.0.patch.exe Win32/Agent.OBH trojan  00000000000000000000000000000000

==

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:56:00 PM, on 10/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ZoneAlarm\zlclient.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\HJT\HijackThis.exe /startupscan
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - [url]http://www.pcpitstop.com/betapit/PCPitStop.CAB[/url]
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - [url]http://www.eset.eu/buxus/docs/OnlineScanner.cab[/url]
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - [url]http://support.f-secure.com/ols/fscax.cab[/url]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url]
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BDXGFUPNQQ - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\BDXGFUPNQQ.exe (file missing)
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: BUXODPXTQ - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\BUXODPXTQ.exe (file missing)
O23 - Service: BZJPK - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\BZJPK.exe (file missing)
O23 - Service: CE - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\CE.exe (file missing)
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: ERQ - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\ERQ.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: GRTBECJBMJHD - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\GRTBECJBMJHD.exe (file missing)
O23 - Service: IDQDCN - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\IDQDCN.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IKGV - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\IKGV.exe (file missing)
O23 - Service: MZ - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\MZ.exe (file missing)
O23 - Service: NDHADWU - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\NDHADWU.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: UIZRHZSE - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\UIZRHZSE.exe (file missing)
O23 - Service: UWNBSAORUC - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\UWNBSAORUC.exe (file missing)
O23 - Service: VKCMBC - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\VKCMBC.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: XJYQNQLPYGIDLF - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\XJYQNQLPYGIDLF.exe (file missing)
O23 - Service: YMXVTZERQ - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\YMXVTZERQ.exe (file missing)

--
End of file - 6209 bytes

Edited by mike_2000_17: Fixed formatting

Attachments
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:56:00 PM, on 10/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ZoneAlarm\zlclient.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\HJT\HijackThis.exe /startupscan
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BDXGFUPNQQ - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\BDXGFUPNQQ.exe (file missing)
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: BUXODPXTQ - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\BUXODPXTQ.exe (file missing)
O23 - Service: BZJPK - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\BZJPK.exe (file missing)
O23 - Service: CE - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\CE.exe (file missing)
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: ERQ - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\ERQ.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: GRTBECJBMJHD - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\GRTBECJBMJHD.exe (file missing)
O23 - Service: IDQDCN - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\IDQDCN.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IKGV - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\IKGV.exe (file missing)
O23 - Service: MZ - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\MZ.exe (file missing)
O23 - Service: NDHADWU - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\NDHADWU.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: UIZRHZSE - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\UIZRHZSE.exe (file missing)
O23 - Service: UWNBSAORUC - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\UWNBSAORUC.exe (file missing)
O23 - Service: VKCMBC - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\VKCMBC.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: XJYQNQLPYGIDLF - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\XJYQNQLPYGIDLF.exe (file missing)
O23 - Service: YMXVTZERQ - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\YMXVTZERQ.exe (file missing)

--
End of file - 6209 bytes
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3555 (20081025)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=9ef4f4ab36fa664eb867b1462d9d6763
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-10-25 10:36:58
# local_time=2008-10-25 03:36:58 (-0700, US Mountain Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=1278697
# found=6
# scan_time=39104
D:\1downLOADS\corsair\DELL\registryWorkshp.rar	Win32/Agent.OBH trojan	9DBC6E4A3042679CA2EC847E008AEF1F
D:\1downLOADS\corsair\DELL\registryWorkshp.rar RAR registry.workshop.v3.1.0.patch.exe	Win32/Agent.OBH trojan	00000000000000000000000000000000
D:\ADOBE\ADOBEkeys2008.rar	probably a variant of Win32/IRCBot trojan	2698C816923FB3F5642CE12B3351BB06
D:\ADOBE\ADOBEkeys2008.rar RAR Photoshop Extended CS3 Keygen.exe	probably a variant of Win32/IRCBot trojan	00000000000000000000000000000000
D:\CORSAIR\03_2008\registryWorkshp.rar	Win32/Agent.OBH trojan	9DBC6E4A3042679CA2EC847E008AEF1F
D:\CORSAIR\03_2008\registryWorkshp.rar RAR registry.workshop.v3.1.0.patch.exe	Win32/Agent.OBH trojan	00000000000000000000000000000000
Malwarebytes' Anti-Malware 1.30
Database version: 1316
Windows 5.1.2600 Service Pack 2

10/25/2008 4:24:32 AM
mbam-log-2008-10-25 (04-24-32).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|I:\|)
Objects scanned: 434923
Time elapsed: 1 hour(s), 34 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Adobe Acrobat 7.0 Professional
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe Camera Raw 4.0
Adobe CMaps
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Fonts All
Adobe Help Viewer 1.1
Adobe Help Viewer CS3
Adobe Illustrator CS2
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AFPL Ghostscript 8.54
AFPL Ghostscript Fonts
Alien Skin Exposure
Alien Skin Eye Candy 5 Impact
Alien Skin Eye Candy 5 Nature
Alien Skin Eye Candy 5 Textures
Alien Skin Image Doctor 2
Alien Skin Snap Art
Alien Skin Xenofex 2.0 Demo
ATI Display Driver
Audacity 1.2.6
AutoMask 4.6
Avanquest update
avast! Antivirus
AVG Anti-Spyware 7.5
Axialis AX-Cursors 4.5
BOClean
CCleaner (remove only)
Chameleon
Charma
Coloriage
Curves 2
DCE AutoEnhance 3.1
DCE Tools 1.0
DeMoirize
Dfine
Digital Patrol 5.2.09
dpeg Cicada
DreamSuite
DreamSuite Gel
DreamSuite Series2
dupeGuru Picture Edition
dvdSanta 4.00
Dynasty
Enhancer
ERUNT 1.1j
ESET Online Scanner
Eye Candy 4000
FaceIt
FileAlyzer
Focus Magic
Folder Size for Windows
Framing Studio 1.43
Genuine Fractals PrintPro
GlowingWorld 3.1
Google Earth
Google Earth Pro
Haiku Journey (remove only)
Hardwood Solitaire III
Harmony Assistant
HijackThis 2.0.2
HP PrecisionScan
IcePattern 1.22 for Adobe Photoshop
Image Analyzer
Ingenious
Java(TM) 6 Update 10
Jpeg Enhancer 1.7
Kai's SuperGOO
K-Lite Codec Pack 2.83 Full
KoolMoves 6.2.0
KPT(R) effects(TM)
Logitech Registration
Malwarebytes' Anti-Malware
Microsoft Agent Character Editor
Microsoft Baseline Security Analyzer 2.1
Microsoft Linguistic Information Sound Editing Tool
Microsoft Office Professional Edition 2003
Microsoft OpenType Font File Properties Extension
Microsoft Speech Recognition Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable
Motorola Phone Tools
Motorola USB Drivers v2.9
MozBackup 1.4.7
Mozilla Firefox (3.0.3)
MRU-Blaster v1.5 (Database 3/28/2004)
MSXML 4.0 SP2 (KB936181)
Nemo's Aquarium 3D
Nero 8 Ultra Edition HD
neroxml
nik Sharpener Pro 2.0 Complete
Noiseware Professional Plug-in
NTFS Undelete v0.8
PC Pitstop Optimize 1.5
PDF Settings
Photo-Brush 3.51
PhotoFiltre Studio
PhotoGraphic Edges
PhotoKit SHARPENER Plug-in Module
PictMatch Version 2
Pixel Genius PhotoKit Plug-in Module
Plugin Galaxy 1.50
Portraiture Plug-in
Power Text To Speech Reader 1.00
Prevx CSI
QuickTime
Rainbow Mystery
Rainbow Web
Real Alternative 1.48
RegAlyzer 1.4
Registry Workshop
RegScrubXP 3.25
Retoucher
Revo Uninstaller 1.71
Rootkit Unhooker Uninstall
Secunia PSI (RC3)
Security Task Manager 1.6f
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956841)
SereneScreen Marine Aquarium 2.6
Serials 2000
Sketch
Smart Defrag 1.0
SolSuite
SolSuite Graphics Pack Volume 1
SolSuite Graphics Pack Volume 2
Sophos Anti-Rootkit 1.3.1
Sothink SWF Decompiler
Sothink SWF Quicker
Sound Blaster Live!
Spassbilder - Maschine
SPORE Creature Creator Trial Edition
Spybot - Search & Destroy
SpywareBlaster 4.1
Squizz 4.83
Stamp
SUPERAntiSpyware Free Edition
The Great Wall Of Words
TuneUp Utilities 2007
TwistingPixels
Undelete Plus 2.83
Uniblue Registry Booster
Uninstall AutoEye
Uninstall Mystical
Uninstall MysticalTTC
Unlocker 1.8.5
Vertus Fluid Mask 2.0.3
ViewSonic Windows XP Signed Files
Visual Thesaurus 3
Viveza
Wacom Tablet
What's Running 2.2
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 10
WinRAR archiver
WM Recorder 11.0
Wonderlines
XnView 1.94.2
Your Birthday News
ZenGems
ZoneAlarm
4
Contributors
33
Replies
36
Views
8 Years
Discussion Span
Last Post by safyrmwn
Featured Replies
  • To be quite honest, that stuff is out of my league :(. Unless someone else steps up, you are on your own. Read More

0

Hi and welcome to the Daniweb forums :).

Please paste your logs in future rather than attach them. We have no desire to download files from a possibly infected computer :).

Download Dial-a-Fix and run it. Select the 'Check all' (green arrow) and then hit 'GO.'
Reboot when done and see how things are now.

Please download ComboFix by sUBs from HERE or HERE

  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Edited by mike_2000_17: Fixed formatting

0

Thank you so much for responding. Sorry for my delay in returning. I was pulled away for a day.
I apologize for failing to follow the rules regarding log posting. It totally left my memory in the heat of the moment. I do appreciate your help.

I applied Dial-a-fix and also ran ComboFix whose log will follow, along with a new HJT log .

A new problem came up after the "fixes"...I now cannot connect to the internet!

I've tried everything from uninstalling/reinstalling the ethernet cad. Uninstalling the driver. Running Network Setup Wizard.
Nothing helps.
Windows Explorer Local Area Connection status shows "connected" but FireFox and Internet Explorer both report "Not connected".
In do have required accurate info on the Support tab of Local Area Connection: ip address, subnet mask, and default gateway.
No internet?

I also discovered my AVASTanitivirus taskbar icon no missing even though the task manager shows the process running?

I hope someone can please help me figure this thing out?

Here are the requested Logs:

ComboFix 08-10-25.01 - mstihkal333 2008-10-26 14:18:53.5 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1672 [GMT -7:00]
Running from: C:\Documents and Settings\mstihkal333\Desktop\ComboFix.exe

 * Created a new restore point
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\1.tmp

(((((((((((((((((((((((((   Files Created from 2008-09-26 to 2008-10-26  )))))))))))))))))))))))))))))))


2008-10-26 14:01 . 2008-10-26 14:24    <DIR>    d--------    C:\WINDOWS\system32\CatRoot2
2008-10-26 13:59 . 2006-10-27 14:08    <DIR>    d--------    C:\Dial-a-fix-v0.60.0.24
2008-10-25 04:42 . 2008-10-25 15:36    <DIR>    d--------    C:\Program Files\EsetOnlineScanner
2008-10-24 18:42 . 2008-10-24 18:42    <DIR>    d--------    C:\Program Files\Trend Micro
2008-10-24 13:04 . 2008-10-24 13:04    <DIR>    d--------    C:\fsaua.data
2008-10-24 11:43 . 2004-12-14 14:16    122,880    --a------    C:\DllCompare.exe
2008-10-24 10:55 . 2008-10-24 10:55    27,264    --a------    C:\WINDOWS\system32\drivers\sybex38.sys
2008-10-24 03:06 . 2008-10-24 03:07    <DIR>    d--------    C:\RkUnhooker
2008-10-23 19:07 . 2008-10-23 19:07    <DIR>    d--------    C:\Documents and Settings\Administrator\Application Data\Nero
2008-10-23 19:06 . 2008-10-23 19:06    <DIR>    d--------    C:\Documents and Settings\Administrator\Application Data\Digital Patrol
2008-10-23 16:17 . 2008-10-23 16:17    <DIR>    d--------    C:\WINDOWS\C8BB491212D942AEB571E580D8CD1B5B.TMP
2008-10-22 21:04 . 2008-10-22 21:04    54,156    --ah-----    C:\WINDOWS\QTFont.qfn
2008-10-22 21:04 . 2008-10-22 21:04    1,409    --a------    C:\WINDOWS\QTFont.for
2008-10-22 14:10 . 2008-08-14 03:00    2,180,352    -----c---    C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-22 14:10 . 2008-08-14 02:58    2,136,064    -----c---    C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-22 14:10 . 2008-08-14 02:22    2,057,728    -----c---    C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-22 14:10 . 2008-08-14 02:22    2,015,744    -----c---    C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-22 14:04 . 2008-10-22 14:04    <DIR>    d--------    C:\WINDOWS\system32\CatRoot_bak
2008-10-22 13:48 . 2004-08-03 16:04    156,672    --a--c---    C:\WINDOWS\system32\dllcache\winzm.ime
2008-10-22 13:48 . 2004-08-03 16:04    156,672    --a--c---    C:\WINDOWS\system32\dllcache\winsp.ime
2008-10-22 13:48 . 2004-08-03 16:04    156,672    --a--c---    C:\WINDOWS\system32\dllcache\winpy.ime
2008-10-22 13:48 . 2004-08-03 16:04    79,360    --a--c---    C:\WINDOWS\system32\dllcache\winar30.ime
2008-10-22 13:48 . 2004-08-03 17:56    76,800    --a--c---    C:\WINDOWS\system32\dllcache\wam51.dll
2008-10-22 13:48 . 2001-08-23 07:00    69,120    --a--c---    C:\WINDOWS\system32\dllcache\wingb.ime
2008-10-22 13:48 . 2004-08-03 16:04    65,536    --a--c---    C:\WINDOWS\system32\dllcache\winime.ime
2008-10-22 13:48 . 2004-08-03 17:56    53,248    --a--c---    C:\WINDOWS\system32\dllcache\wamreg51.dll
2008-10-22 13:48 . 2001-08-23 07:00    41,600    --a--c---    C:\WINDOWS\system32\dllcache\weitekp9.dll
2008-10-22 13:48 . 2001-08-23 07:00    31,232    --a--c---    C:\WINDOWS\system32\dllcache\weitekp9.sys
2008-10-22 13:48 . 2001-08-23 07:00    28,288    --a--c---    C:\WINDOWS\system32\dllcache\xjis.nls
2008-10-22 13:48 . 2001-08-23 07:00    9,216    --a--c---    C:\WINDOWS\system32\dllcache\wamps51.dll
2008-10-22 13:46 . 2001-08-23 07:00    13,463,552    --a--c---    C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-10-22 13:45 . 2001-08-23 07:00    1,677,824    --a--c---    C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-10-22 13:44 . 2004-05-13 00:39    876,653    --a--c---    C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-10-22 13:42 . 2001-08-23 07:00    16,384    --a--c---    C:\WINDOWS\system32\dllcache\isignup.exe
2008-10-22 13:42 . 2008-10-22 13:42    749    -rah-----    C:\WINDOWS\WindowsShell.Manifest
2008-10-22 13:42 . 2008-10-22 13:42    749    -rah-----    C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-10-22 13:42 . 2008-10-22 13:42    749    -rah-----    C:\WINDOWS\system32\sapi.cpl.manifest
2008-10-22 13:42 . 2008-10-22 13:42    749    -rah-----    C:\WINDOWS\system32\nwc.cpl.manifest
2008-10-22 13:42 . 2008-10-22 13:42    749    -rah-----    C:\WINDOWS\system32\ncpa.cpl.manifest
2008-10-22 13:42 . 2008-10-22 13:42    488    -rah-----    C:\WINDOWS\system32\logonui.exe.manifest
2008-10-22 13:39 . 2001-08-23 07:00    1,161    --a------    C:\WINDOWS\system32\usrlogon.cmd
2008-10-22 13:23 . 2004-08-03 19:03    1,042,903    -ra------    C:\WINDOWS\SET97.tmp
2008-10-22 03:05 . 2008-10-22 03:05    <DIR>    d--------    C:\Program Files\SUPERAntiSpyware
2008-10-22 03:05 . 2008-10-22 03:05    <DIR>    d--------    C:\Documents and Settings\mstihkal333\Application Data\SUPERAntiSpyware.com
2008-10-22 03:05 . 2008-10-22 03:05    <DIR>    d--------    C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-10-21 22:13 . 2008-10-21 22:13    0    --a------    C:\WINDOWS\ativpsrm.bin
2008-10-21 22:11 . 2008-09-23 21:05    593,920    --a------    C:\WINDOWS\system32\ati2sgag.exe
2008-10-21 22:09 . 2008-10-21 22:09    <DIR>    d--------    C:\ATI
2008-10-21 21:33 . 2005-09-16 19:40    1,302,589    --a------    C:\WINDOWS\system\evll.dll
2008-10-21 10:05 . 2008-10-21 10:05    <DIR>    d--------    C:\Program Files\Secunia
2008-10-18 15:48 . 2007-08-14 08:12    5,760    --a------    C:\WINDOWS\system32\15.tmp
2008-10-17 03:34 . 2008-10-17 03:34    <DIR>    d--------    C:\download
2008-10-14 22:48 . 2008-10-14 22:48    <DIR>    d--------    C:\Program Files\PrevxCSI
2008-10-14 22:48 . 2008-10-24 10:58    25,400    --a------    C:\WINDOWS\system32\drivers\pxark.sys
2008-10-01 12:34 . 2008-10-01 12:35    <DIR>    d--------    C:\radix
2008-09-30 05:34 . 2008-09-30 05:34    <DIR>    d--------    C:\Program Files\NictaTech Software
2008-09-30 05:34 . 2008-09-30 05:34    <DIR>    d--------    C:\Documents and Settings\mstihkal333\Application Data\Digital Patrol
2008-09-30 02:15 . 2008-10-23 15:50    <DIR>    d--------    C:\Program Files\Sophos
2008-09-30 02:14 . 2008-09-30 02:14    <DIR>    d--------    C:\SOPHOSstdtsa
2008-09-28 14:14 . 2007-05-30 05:10    10,872    --a------    C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-09-26 03:55 . 2008-09-26 03:55    <DIR>    d--------    C:\Program Files\ERUNT

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 21:28    47,894,560    --sha-w    C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-26 21:27    ---------    d-----w    C:\Documents and Settings\All Users.WINDOWS\Application Data\BOC427
2008-10-26 21:24    568,412    --sha-w    C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-26 20:55    ---------    d-----w    C:\Documents and Settings\mstihkal333\Application Data\SiteAdvisor
2008-10-26 11:11    ---------    d-----w    C:\Documents and Settings\mstihkal333\Application Data\XnView
2008-10-25 08:16    ---------    d-----w    C:\Program Files\Malwarebytes' Anti-Malware
2008-10-25 01:41    ---------    d-----w    C:\Program Files\HJT
2008-10-24 18:38    ---------    d--h--w    C:\Program Files\InstallShield Installation Information
2008-10-24 06:15    ---------    d-----w    C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-10-23 23:19    ---------    d-----w    C:\Program Files\Common Files\Wise Installation Wizard
2008-10-23 17:26    ---------    d-----w    C:\Program Files\Outlook ExpressLESS
2008-10-23 16:31    ---------    d---a-w    C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-10-23 16:31    ---------    d-----w    C:\Program Files\SpywareBlaster
2008-10-22 23:10    38,496    ----a-w    C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-22 23:10    15,504    ----a-w    C:\WINDOWS\system32\drivers\mbam.sys
2008-10-22 21:24    ---------    d-----w    C:\Documents and Settings\All Users.WINDOWS\Application Data\PrevxCSI
2008-10-22 09:59    ---------    d-----w    C:\Program Files\Safer Networking
2008-10-22 09:53    ---------    d-----w    C:\Documents and Settings\All Users.WINDOWS\Application Data\logs
2008-10-20 20:12    ---------    d-----w    C:\Program Files\Spybot - Search & Destroy
2008-10-19 02:49    ---------    d-----w    C:\Documents and Settings\mstihkal333\Application Data\SPORE Creature Creator
2008-10-18 22:35    ---------    d-----w    C:\Program Files\ZenGems
2008-10-18 22:35    ---------    d-----w    C:\Program Files\The Great Wall Of Words
2008-10-18 22:35    ---------    d-----w    C:\Program Files\Ingenious
2008-10-18 22:35    ---------    d-----w    C:\Program Files\Charma
2008-10-17 00:04    ---------    d-----w    C:\Program Files\Unlocker
2008-10-16 23:14    ---------    d-----w    C:\Program Files\Winamp
2008-09-26 04:12    38,912    ----a-w    C:\WINDOWS\wizmo.exe
2008-09-24 03:09    3,331,072    ----a-w    C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-09-24 02:18    425,984    ----a-w    C:\WINDOWS\system32\ATIDEMGX.dll
2008-09-24 02:17    311,296    ----a-w    C:\WINDOWS\system32\ati2dvag.dll
2008-09-24 02:09    10,772,480    ----a-w    C:\WINDOWS\system32\atioglxx.dll
2008-09-24 02:07    188,416    ----a-w    C:\WINDOWS\system32\atipdlxx.dll
2008-09-24 02:06    43,520    ----a-w    C:\WINDOWS\system32\ati2edxx.dll
2008-09-24 02:06    26,112    ----a-w    C:\WINDOWS\system32\Ati2mdxx.exe
2008-09-24 02:06    143,360    ----a-w    C:\WINDOWS\system32\Oemdspif.dll
2008-09-24 02:06    143,360    ----a-w    C:\WINDOWS\system32\ati2evxx.dll
2008-09-24 02:04    581,632    ----a-w    C:\WINDOWS\system32\ati2evxx.exe
2008-09-24 02:03    53,248    ----a-w    C:\WINDOWS\system32\ATIDDC.DLL
2008-09-24 01:56    307,200    ----a-w    C:\WINDOWS\system32\atiiiexx.dll
2008-09-24 01:54    4,008,864    ----a-w    C:\WINDOWS\system32\ati3duag.dll
2008-09-24 01:38    2,399,744    ----a-w    C:\WINDOWS\system32\ativvaxx.dll
2008-09-24 01:24    48,640    ----a-w    C:\WINDOWS\system32\amdpcom32.dll
2008-09-24 01:20    380,928    ----a-w    C:\WINDOWS\system32\atikvmag.dll
2008-09-24 01:19    39,424    ----a-w    C:\WINDOWS\system32\atiadlxx.dll
2008-09-24 01:18    53,248    ----a-w    C:\WINDOWS\system32\drivers\ati2erec.dll
2008-09-24 01:18    253,952    ----a-w    C:\WINDOWS\system32\atiok3x2.dll
2008-09-24 01:18    17,408    ----a-w    C:\WINDOWS\system32\atitvo32.dll
2008-09-24 01:12    573,440    ----a-w    C:\WINDOWS\system32\ati2cqag.dll
2008-09-24 00:10    ---------    d-----w    C:\Program Files\IObit
2008-09-23 01:13    1,395,712    ----a-w    C:\WINDOWS\Internet Logs\xDB38.tmp
2008-09-23 01:13    ---------    d-----w    C:\Program Files\Registry Workshop
2008-09-21 21:35    ---------    d-----w    C:\Program Files\Microsoft Baseline Security Analyzer 2
2008-09-20 10:24    ---------    d-----w    C:\Program Files\ZoneAlarm
2008-09-20 10:20    240    ----a-w    C:\WINDOWS\system32\drivers\vsconfig.xml
2008-09-19 21:32    ---------    d-----w    C:\Program Files\Comodo
2008-09-18 21:03    17,408    ----a-w    C:\WINDOWS\Internet Logs\xDB37.tmp
2008-09-18 19:39    18,432    ----a-w    C:\WINDOWS\Internet Logs\xDB36.tmp
2008-09-18 19:12    323,072    ----a-w    C:\WINDOWS\Internet Logs\xDB35.tmp
2008-09-18 02:04    ---------    d-----w    C:\Program Files\Alwil Software
2008-09-18 01:27    ---------    d-----w    C:\Program Files\PopCap Games
2008-09-17 00:32    12,695,846    -c--a-w    C:\WINDOWS\Internet Logs\tvDebug.zip
2008-09-15 04:17    410,976    ----a-w    C:\WINDOWS\system32\deploytk.dll
2008-09-15 04:17    ---------    d-----w    C:\Program Files\Java
2008-09-14 12:27    ---------    d-----w    C:\Program Files\CCleaner
2008-09-12 11:20    ---------    d-----w    C:\Documents and Settings\mstihkal333\Application Data\Ultra Fractal 4
2008-09-12 11:15    ---------    d-----w    C:\Program Files\Nufsoft
2008-09-12 08:33    ---------    d-----w    C:\Documents and Settings\mstihkal333\Application Data\Boomzap
2008-09-12 04:06    ---------    d-----w    C:\Program Files\HP
2008-09-10 04:48    ---------    d-----w    C:\Program Files\XnView
2008-09-06 23:46    ---------    d-----w    C:\Program Files\Mahjong Towers II
2008-09-06 23:46    ---------    d-----w    C:\Program Files\Harmony Assistant
2008-09-06 23:46    ---------    d-----w    C:\Program Files\Haiku Journey
2008-09-06 23:46    ---------    d-----w    C:\Program Files\Framing Studio
2008-09-06 23:46    ---------    d-----w    C:\Program Files\FolderSize
2008-09-06 23:45    ---------    d-----w    C:\Program Files\WhatsRunning
2008-09-06 23:45    ---------    d-----w    C:\Program Files\SolSuite
2008-09-06 23:45    ---------    d-----w    C:\Program Files\Media Player Classic
2008-09-06 23:45    ---------    d-----w    C:\Program Files\JetAudio
2008-09-05 20:11    ---------    d-----w    C:\Program Files\RegScrubXP
2008-09-04 23:01    ---------    d-----w    C:\Program Files\VS Revo Group
2008-08-15 01:49    699,392    ---ha-w    C:\WINDOWS\system32\wodfamoh.dll
2008-08-14 10:00    2,180,352    ----a-w    C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:22    2,057,728    ----a-w    C:\WINDOWS\system32\ntkrnlpa.exe
2008-07-30 17:00    90,112    ----a-w    C:\WINDOWS\system32\atibrtmon.exe
2007-07-21 03:29    24,192    -c--a-w    C:\Documents and Settings\mstihkal333\usbsermptxp.sys
2007-07-21 03:29    22,768    -c--a-w    C:\Documents and Settings\mstihkal333\usbsermpt.sys
2007-03-09 23:02    24,192    -c--a-w    C:\Documents and Settings\SafyrMwn\usbsermptxp.sys
2007-03-09 23:02    22,768    -c--a-w    C:\Documents and Settings\SafyrMwn\usbsermpt.sys
2007-03-09 16:27    92,064    -c--a-w    C:\Documents and Settings\SafyrMwn\mqdmmdm.sys
2007-03-09 16:27    9,232    -c--a-w    C:\Documents and Settings\SafyrMwn\mqdmmdfl.sys
2007-03-09 16:27    79,328    -c--a-w    C:\Documents and Settings\SafyrMwn\mqdmserd.sys
2007-03-09 16:27    66,656    -c--a-w    C:\Documents and Settings\SafyrMwn\mqdmbus.sys
2007-03-09 16:27    6,208    -c--a-w    C:\Documents and Settings\SafyrMwn\mqdmcmnt.sys
2007-03-09 16:27    5,936    -c--a-w    C:\Documents and Settings\SafyrMwn\mqdmwhnt.sys
2007-03-09 16:27    4,048    -c--a-w    C:\Documents and Settings\SafyrMwn\mqdmcr.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BOC-427"="C:\PROGRA~1\Comodo\CBOClean\BOC427.exe" [2008-07-14 351480]
"ZoneAlarm Client"="C:\Program Files\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.fraunhoferacm"= l3codecp.acm
"aux1"= ctwdm32.dll
"aux4"= ctwdm32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders    msapsspc.dll, digest.dll, msnsspc.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^TabUserW.exe.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\TabUserW.exe.lnk
backup=C:\WINDOWS\pss\TabUserW.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 0 (0x0)
"AllowOutboundDestinationUnreachable"= 0 (0x0)
"AllowOutboundSourceQuench"= 0 (0x0)
"AllowOutboundParameterProblem"= 0 (0x0)
"AllowInboundMaskRequest"= 0 (0x0)
"AllowInboundRouterRequest"= 0 (0x0)
"AllowOutboundTimeExceeded"= 0 (0x0)
"AllowRedirect"= 0 (0x0)
"AllowOutboundPacketTooBig"= 0 (0x0)

R0 PenClass;Pen Class;C:\WINDOWS\system32\drivers\PenClass.sys [2001-04-09 8138]
R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-10-24 25400]
R0 sybex38;Rootkit Unhooker Driver;C:\WINDOWS\system32\drivers\sybex38.sys [2008-10-24 27264]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 CSIScanner;CSIScanner;C:\Program Files\PrevxCSI\prevxcsi.exe [2008-10-19 880696]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-06-30 3712]
S3 BDXGFUPNQQ;BDXGFUPNQQ;C:\DOCUME~1\mstihkal333\Local Settings\Temp\BDXGFUPNQQ.exe [ ]
S3 BioNT_BS;BioNT_BS;C:\Program Files\Paragon Software\Total Defrag 2007\bluescrn\BioNT_bs.sys [ ]
S3 BUXODPXTQ;BUXODPXTQ;C:\DOCUME~1\mstihkal333\Local Settings\Temp\BUXODPXTQ.exe [ ]
S3 BZJPK;BZJPK;C:\DOCUME~1\mstihkal333\Local Settings\Temp\BZJPK.exe [ ]
S3 CE;CE;C:\DOCUME~1\mstihkal333\Local Settings\Temp\CE.exe [ ]
S3 ERQ;ERQ;C:\DOCUME~1\mstihkal333\Local Settings\Temp\ERQ.exe [ ]
S3 GRTBECJBMJHD;GRTBECJBMJHD;C:\DOCUME~1\mstihkal333\Local Settings\Temp\GRTBECJBMJHD.exe [ ]
S3 IDQDCN;IDQDCN;C:\DOCUME~1\mstihkal333\Local Settings\Temp\IDQDCN.exe [ ]
S3 IKGV;IKGV;C:\DOCUME~1\mstihkal333\Local Settings\Temp\IKGV.exe [ ]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\1.tmp [ ]
S3 MZ;MZ;C:\DOCUME~1\mstihkal333\Local Settings\Temp\MZ.exe [ ]
S3 NDHADWU;NDHADWU;C:\DOCUME~1\mstihkal333\Local Settings\Temp\NDHADWU.exe [ ]
S3 PSI;PSI;C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-06-16 7808]
S3 RegGuard;RegGuard;C:\WINDOWS\system32\Drivers\regguard.sys [2007-03-21 25773]
S3 slicedisk.sys;slicedisk.sys;C:\WINDOWS\system32\slicedisk.sys [ ]
S3 UIZRHZSE;UIZRHZSE;C:\DOCUME~1\mstihkal333\Local Settings\Temp\UIZRHZSE.exe [ ]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 UWNBSAORUC;UWNBSAORUC;C:\DOCUME~1\mstihkal333\Local Settings\Temp\UWNBSAORUC.exe [ ]
S3 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
S3 VKCMBC;VKCMBC;C:\DOCUME~1\mstihkal333\Local Settings\Temp\VKCMBC.exe [ ]
S3 XJYQNQLPYGIDLF;XJYQNQLPYGIDLF;C:\DOCUME~1\mstihkal333\Local Settings\Temp\XJYQNQLPYGIDLF.exe [ ]
S3 YMXVTZERQ;YMXVTZERQ;C:\DOCUME~1\mstihkal333\Local Settings\Temp\YMXVTZERQ.exe [ ]
S4 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-09-14 147456]
S4 kwcxbus;kwcxbus;C:\WINDOWS\system32\DRIVERS\kwcxbus.sys [2005-01-17 52480]
S4 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys [ ]
S4 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2008-10-25 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe []

2008-10-26 C:\WINDOWS\Tasks\SmartDefrag.job
- C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2008-09-08 22:02]

2008-10-26 C:\WINDOWS\Tasks\SmartDefrag.job
- C:\Program Files\IObit\IObit SmartDefrag\ [2008-09-23 17:10]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF -: plugin - C:\Documents and Settings\All Users.WINDOWS\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npsabffx.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF -: plugin - C:\WINDOWS\system32\SuperAdBlocker.com\npsabffx.dll
.
.
------- File Associations -------
.
txtfile=C:\WINDOWS\NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2008-10-26 14:26:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\system32\1.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\CBOClean\BOCore.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-10-26 14:31:50 - machine was rebooted
ComboFix-quarantined-files.txt  2008-10-26 21:31:32

Pre-Run: 27,982,905,344 bytes free
Post-Run: 28,027,297,792 bytes free

318    --- E O F ---    2008-10-26 12:44:09

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:23:02 AM, on 10/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
C:\Program Files\ZoneAlarm\zlclient.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.google.com/[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = [url]http://www.google.com/[/url]
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - ESC Trusted Zone: [url]http://*.update.microsoft.com[/url]
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - [url]http://www.pcpitstop.com/betapit/PCPitStop.CAB[/url]
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - [url]http://www.eset.eu/buxus/docs/OnlineScanner.cab[/url]
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - [url]http://support.f-secure.com/ols/fscax.cab[/url]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1EC733C-0709-4735-8170-F7696F8EC602}: NameServer = 192.168.0.1
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BDXGFUPNQQ - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\BDXGFUPNQQ.exe (file missing)
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: BUXODPXTQ - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\BUXODPXTQ.exe (file missing)
O23 - Service: BZJPK - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\BZJPK.exe (file missing)
O23 - Service: CE - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\CE.exe (file missing)
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: ERQ - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\ERQ.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: GRTBECJBMJHD - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\GRTBECJBMJHD.exe (file missing)
O23 - Service: IDQDCN - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\IDQDCN.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IKGV - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\IKGV.exe (file missing)
O23 - Service: MZ - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\MZ.exe (file missing)
O23 - Service: NDHADWU - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\NDHADWU.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: UIZRHZSE - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\UIZRHZSE.exe (file missing)
O23 - Service: UWNBSAORUC - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\UWNBSAORUC.exe (file missing)
O23 - Service: VKCMBC - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\VKCMBC.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: XJYQNQLPYGIDLF - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\XJYQNQLPYGIDLF.exe (file missing)
O23 - Service: YMXVTZERQ - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\YMXVTZERQ.exe (file missing)

--
End of file - 7275 bytes

Thank You again for any help, it is much appreciated.

Edited by mike_2000_17: Fixed formatting

0

Could you tell me why you ran combofix 5 times when I clearly never requested that? Whatever combofix deleted is not shown in that log.

0

Maybe I'm going crazy, but I only ran combo-fix 1 time.
I had/have no idea that it ran 5 times?
I don't know how that would have happened?
On my end it appeared to run only one time.
Shouldn't I have 5 different log files if I ran it 5 times?
I'm sorry but I'm totally confused! :confused:

0

I have been advising the use of combofix for quite and while now and have never heard of it running by itself. The number in bold tells me that it has been run 5 times: mstihkal333 2008-10-26 14:18:53.5

Download
SDFix
and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the
following:

  • Restart your computer
  • After hearing your computer beep once during startup, but before the
    Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract
    All,
  • Open the extracted folder and double click RunThis.bat to
    start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the
    registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool
    will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and
    display Finished, then press any key to end the script and load
    your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the
    contents of the results file Report.txt back onto the forum with
    a new HijackThis log.

Please post the SDFix log within CODE Tags.

Edited by mike_2000_17: Fixed formatting

0

I downloaded SDFix and started running RunThis.bat. My question is how long this script runs before the prompt to press any key to restart? Are we talking minutes or hours? Thank you much for your help!

0

The SDFix report with new HijackThis log is attached.

Thank You for your time and help!:S

Edited by mike_2000_17: Fixed formattign

Attachments
[b]SDFix: Version 1.238 [/b]
Run by mstihkal333 on Tue 10/28/2008 at 06:06 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\Documents and Settings\mstihkal333\Desktop\SDFix

[b]Checking Services [/b]:


C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\1Google Online Search Service"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo 1Google Online Search Service 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\3klagia"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo 3klagia 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\4fdw"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo 4fdw 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\accctsggw"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo accctsggw 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\Advance Service Process"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo Advance Service Process 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\AdvPowerMgmt"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo AdvPowerMgmt 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\afinding"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo afinding 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\agehhtd"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo agehhtd 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\aiqpbter"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo aiqpbter 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\ALGS"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo ALGS 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\Application Layer Gateway"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo Application Layer Gateway 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\Application Layer Service"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo Application Layer Service 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\AppSvc"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo AppSvc 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\asc355"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo asc355 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\asc355O"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo asc355O 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\asc3550a"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo asc3550a 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\asc3550o"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo asc3550o 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\asc3550p"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo asc3550p 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\asc3550u"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo asc3550u 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\asc3550v"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo asc3550v 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\aspimgr"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo aspimgr 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\asplg"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo asplg 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\astq"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo astq 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\AutoUpgrade"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo AutoUpgrade 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\Automatic Update"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo Automatic Update 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\bqzpas"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo bqzpas 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\btstack"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo btstack 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\bzsqlpa"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo bzsqlpa 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo CbEvtSvc 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\CcEvtSvc"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo CcEvtSvc 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\CdbgEvtSvc"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo CdbgEvtSvc 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\cjwriiigqazft"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo cjwriiigqazft 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\clbdriver"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo clbdriver 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\Client Server Runtime Counter"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo Client Server Runtime Counter 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\Client Server Runtime Proces"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo Client Server Runtime Proces 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\cmdService"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo cmdService 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\core"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo core 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\CSRRS"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo CSRRS 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\csrss"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo csrss 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\Ctfmon"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo Ctfmon 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\ctl_w32"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo ctl_w32 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\CxEvtSvc"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo CxEvtSvc 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\dhlp"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo dhlp 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\directx"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo directx 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\directx.exe"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo directx.exe 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\directxclicks"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo directxclicks 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\directxclks"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo directxclks 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\Distributed Allocated Memory Unit"  | dnif.exe /I "imagepath"   1>>Check.txt  && echo Distributed Allocated Memory Unit 1>>Foundsvc.txt 

C:\Documents and Settings\mstihkal333\Desktop\SDFix>apps\Csweg.exe QUERY "HKLM\SYSTEM\CurrentControlSet\Services\DLLHOST
0

Can you please do the following.

Scan with HijackThis and then place a check next to all the following, if present:

[color=#9933cc][b] O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file) [/b][/color] 

[color=#9933cc][b] O23 - Service: BDXGFUPNQQ - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\BDXGFUPNQQ.exe (file missing) [/b][/color] 
[color=#9933cc][b] O23 - Service: BUXODPXTQ - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\BUXODPXTQ.exe (file missing) [/b][/color] 
[color=#9933cc][b] O23 - Service: BZJPK - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\BZJPK.exe (file missing) [/b][/color] 
[color=#9933cc][b] O23 - Service: CE - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\CE.exe (file missing) [/b][/color] 
[color=#9933cc][b] O23 - Service: ERQ - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\ERQ.exe (file missing) [/b][/color] 
[color=#9933cc][b] O23 - Service: GRTBECJBMJHD - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\GRTBECJBMJHD.exe (file missing) [/b][/color] 
[color=#9933cc][b] O23 - Service: IDQDCN - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\IDQDCN.exe (file missing) [/b][/color] 
[color=#9933cc][b] O23 - Service: IKGV - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\IKGV.exe (file missing) [/b][/color] 
[color=#9933cc][b] O23 - Service: MZ - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\MZ.exe (file missing) [/b][/color] 
[color=#9933cc][b] O23 - Service: NDHADWU - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\NDHADWU.exe (file missing) [/b][/color] 
[color=#9933cc][b] O23 - Service: UIZRHZSE - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\UIZRHZSE.exe (file missing) [/b][/color] 
[color=#9933cc][b] O23 - Service: UWNBSAORUC - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\UWNBSAORUC.exe (file missing) [/b][/color] 
[color=#9933cc][b] O23 - Service: VKCMBC - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\VKCMBC.exe (file missing) [/b][/color] 
[color=#9933cc][b] O23 - Service: XJYQNQLPYGIDLF - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\XJYQNQLPYGIDLF.exe (file missing) [/b][/color] 
[color=#9933cc][b] O23 - Service: YMXVTZERQ - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\YMXVTZERQ.exe (file missing) [/b][/color] 

Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

Edited by mike_2000_17: Fixed formatting

0

I followed your instructions with Hijackthis fixes.
As you'll see below

O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)

is the only one that would not repair.

Avast Resident Protection taskbar icon still does not appear at system boot.
and
Still no network access?:(

I do not use any messenger service so are these necessary?

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

And these seem questionable to me also?

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1EC733C-0709-4735-8170-F7696F8EC602}: NameServer = 192.168.0.1
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

Thank you again for your time!

Here is the new HJT log after rebooting from the fixes:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:08:10 PM, on 10/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
C:\Program Files\ZoneAlarm\zlclient.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.google.com/[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = [url]http://www.google.com/[/url]
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - ESC Trusted Zone: [url]http://*.update.microsoft.com[/url]
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - [url]http://www.pcpitstop.com/betapit/PCPitStop.CAB[/url]
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - [url]http://www.eset.eu/buxus/docs/OnlineScanner.cab[/url]
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - [url]http://support.f-secure.com/ols/fscax.cab[/url]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1EC733C-0709-4735-8170-F7696F8EC602}: NameServer = 192.168.0.1
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5609 bytes

Edited by mike_2000_17: Fixed formatting

0

start quote:

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

And these seem questionable to me also?

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1EC733C-0709-4735-8170-F7696F8EC602}: NameServer = 192.168.0.1
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

end quote.

They are all legitimate files.

For Avast. Go to Start | All Programs and locate the Avast entry. Left click to run it. At the top left of the Avast window there is a pyramid shaped button. Left click on that. Go to appearance and on the right, check the box for showing the icon in the tray.
OK out. Does the icon now show?

Please explain your network problems.

Does Windows update now work?

Edited by mike_2000_17: Fixed formatting

0

I followed the Avast Appearance options as suggested, but still no Avast icon in the taskbar.
Should I just go ahead and uninstall and then reinstall a new Avast download?

As far as the internet connection - still not connected to the web.

Windows Explorer Local Area Connection status shows "connected" but FireFox and Internet Explorer both report "Not connected".

The required accurate info shows on the Support tab of Local Area Connection:
ip address, subnet mask, and default gateway.

Ipconfig appears to be normal, but still No internet?

Windows Automatic Update says Service Pack 3 is waiting to be installed.
I don't think I should install this though until my other issues are resolved. Is that right?:-/

Thank you for all your help.

0

I ran the Winsockfix as requested. No change in the internet connectivity.

I uninstalled AVAST and reinstalled a new download, ran a boot scan & it came up clean.
Now the AVAST taskbar icon is back and it seems to be working fine.
I followed your suggestion and removed Zone Alarm and installed Comodo. But still no internet!
I uninstalled Comodo firewall and am just using Windows firewall for the time being.

I found this file C:\Qoobox\Quarantine\Registry_backups\tcpip.reg.
Could this have something to do with my internet issues?

Now a NEW logon window requiring me to press Ctrl. Alt. Del. & enter user name and password to start, pops up whenever the system starts? (Never had to do this before?)
Any ideas/suggestions? Thank You for any guidance.:icon_eek:

Here is the newest HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:18:22 AM, on 11/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.google.com/[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = [url]http://www.google.com/[/url]
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - ESC Trusted Zone: [url]http://*.update.microsoft.com[/url]
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - [url]http://www.pcpitstop.com/betapit/PCPitStop.CAB[/url]
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - [url]http://www.eset.eu/buxus/docs/OnlineScanner.cab[/url]
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - [url]http://support.f-secure.com/ols/fscax.cab[/url]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url]
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O20 - AppInit_DLLs:  
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 5046 bytes

Edited by mike_2000_17: Fixed formatting

0

Let's get rid of Combofix and see if things change. Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.






When shown the disclaimer, Select "2"


The above procedure will: Delete the following: ComboFix and its associated files and folders.
VundoFix backups, if present
The C:\Deckard folder, if present
The C:_OtMoveIt folder, if present

Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.

Attachments th_CF_Cleanup.png 9.98 KB
0

Don't know if this is of any help but trying to run HijackThis after uninstalling combofix this error popped up:

An unexpected error has occurred at procedure: modRegistry_IniGetString(sFile=system.ini, sSection=boot, sValue =Shell)
Error #5 - Invalid procedure call or argument

Windows Version: Windows NT 5.01.2600
MSIE version: 7.0.5730.13
HijackThis version: 2.02

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:30:01 AM, on 11/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.google.com/
F3 - REG:win.ini: load=
F3 - REG:win.ini: run=
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://update.microsoft.com
O15 - Trusted Zone: http://windowsupdate.microsoft.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 4957 bytes


Could you also please look at the startup list created from HiJackthis? :?:
For some reason I think there might be something here that may shed some light on this situation?

StartupList report, 11/2/2008, 3:18:40 AM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.5730.0013)
* Using default options
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Logitech Hardware Abstraction Layer = KHALMNPR.EXE
BOC-427 = C:\PROGRA~1\Comodo\CBOClean\BOC427.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

HijackThis startup scan = C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[AutorunsDisabled]
KernelFaultCheck = %systemroot%\system32\dumprep 0 -k
ATIModeChange = Ati2mdxx.exe
ZoneAlarm Client = "C:\Program Files\ZoneAlarm\zlclient.exe"

[optionalcomponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

[AdobeUpdater]
=

[AutorunsDisabled]
*No values found*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = C:\WINDOWS\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

--------------------------------------------------

Enumerating Task Scheduler jobs:

1-Click Maintenance.job
SmartDefrag.job

--------------------------------------------------

Enumerating Download Program Files:

[PCPitstop Utility]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\PCPitstop.dll
CODEBASE = http://www.pcpitstop.com/betapit/PCPitStop.CAB

[OnlineScanner Control]
InProcServer32 = C:\WINDOWS\system32\ONLINE~1.OCX
CODEBASE = http://www.eset.eu/buxus/docs/OnlineScanner.cab

[F-Secure Online Scanner 3.3]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.3\fscax.dll
CODEBASE = http://support.f-secure.com/ols/fscax.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx
CODEBASE = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

Enumerating Windows NT/2000/XP services

aswFsBlk: system32\DRIVERS\aswFsBlk.sys (autostart)
avast! iAVS4 Control Service: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" (autostart)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
avast! Antivirus: "C:\Program Files\Alwil Software\Avast4\ashServ.exe" (autostart)
AVG Anti-Spyware Guard: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (autostart)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
BOCore: C:\Program Files\Comodo\CBOClean\BOCORE.exe (autostart)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
CSIScanner: "C:\Program Files\PrevxCSI\prevxcsi.exe" /service (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
Wired AutoConfig: %SystemRoot%\System32\svchost.exe -k dot3svc (autostart)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
Folder Size: "C:\Program Files\FolderSize\FolderSizeSvc.exe" (autostart)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
LBeepKE: System32\Drivers\LBeepKE.sys (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Net Logon: %SystemRoot%\system32\lsass.exe (autostart)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
NWLink IPX/SPX/NetBIOS Compatible Transport Protocol: system32\DRIVERS\nwlnkipx.sys (autostart)
NWLink NetBIOS: system32\DRIVERS\nwlnknb.sys (autostart)
NWLink SPX/SPXII Protocol: system32\DRIVERS\nwlnkspx.sys (autostart)
PfModNT: \??\C:\WINDOWS\system32\PfModNT.sys (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
TabletService: C:\WINDOWS\system32\Tablet.exe (autostart)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = sprestrt

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\WINDOWS\Downloaded Program Files\CONFLICT.1||C:\WINDOWS\Downloaded Program Files\CONFLICT.1||C:\32788R22FWJFW\NIRCMD.COM||C:\WINDOWS\Downloaded Program Files\CONFLICT.1||C:\WINDOWS\Downloaded Program Files\CONFLICT.1||C:\WINDOWS\Downloaded Program Files\CONFLICT.1||C:\WINDOWS\Downloaded Program Files\CONFLICT.1||C:\WINDOWS\Downloaded Program Files\CONFLICT.1||C:\WINDOWS\Downloaded Program Files\CONFLICT.1|||l


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
End of report, 12,151 bytes


Thank You again for your time!

0

You said it was after running both dial-a-fix and combofix. Did you notice which you ran first and/or which one caused the problem?
Have you tried resetting your router/modem?
Do you have any restore points to go back to?

0

Internet connection problems started after I ran Dial-a-Fix and Combofix.
No internet connection after running those two.
I did not notice which one caused the problem.

I reset the router & modem. No difference.

Combofix /u reset System Restore points, so I don't have that either.

I dread to mention it, but I really am starting to believe a rootkit is involved. :(

0

Download and Save Blacklight to your desktop:

Double-click on the file, then accept the agreement. Hit the scan button and wait until it's finished running.

You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).

Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"

0

I ran the Blacklight scan & it came back with no hidden items found.

Here's the log:
11/02/08 13:16:19 [Info]: BlackLight Engine 2.2.1092 initialized
11/02/08 13:16:19 [Info]: OS: 5.1 build 2600 (Service Pack 2)
11/02/08 13:16:19 [Note]: 7019 4
11/02/08 13:16:19 [Note]: 7005 0
11/02/08 13:16:25 [Note]: 7006 0
11/02/08 13:16:25 [Note]: 7011 1872
11/02/08 13:16:25 [Note]: 7035 0
11/02/08 13:16:25 [Note]: 7026 0
11/02/08 13:16:26 [Note]: 7026 0
11/02/08 13:16:28 [Note]: FSRAW library version 1.7.1024
11/02/08 13:29:13 [Note]: 7007 0

0

Hello again and thank you for all your assistance.

I followed the link to Microsoft and used the Guided fix which didn't resolve my problem,
so then I tried the manual reset and still no internet connection!

:'(

0

:icon_idea:
I think I've determined the Winsock2 key is corrupted with third-party additions.
I need to look a little more to be sure but exhaustion has won me over.
Just wanted to give a heads-up to the path I'm on.

System Information report written at: 11/03/08 21:56:07
System Name: MSTIHKAL333
[Protocol]
Item Value
Name MSAFD nwlnkspx [SPX]
Name MSAFD nwlnkspx [SPX] [Pseudo Stream]
Name MSAFD nwlnkspx [SPX II]
Name MSAFD nwlnkspx [SPX II] [Pseudo Stream]
Name MSAFD nwlnkipx [IPX]
Name MSAFD Tcpip [TCP/IP]
Name MSAFD Tcpip [UDP/IP]
Name RSVP UDP Service Provider
Name RSVP TCP Service Provider
Name MSAFD NetBIOS [\Device\NwlnkNb] SEQPACKET 3
Name MSAFD NetBIOS [\Device\NwlnkNb] DATAGRAM 3
Name MSAFD NetBIOS [\Device\NetBT_Tcpip_{50C10784-...}] SEQPACKET 0
Name MSAFD NetBIOS [\Device\NetBT_Tcpip_{50C10784-...}] DATAGRAM 0
Name MSAFD NetBIOS [\Device\NetBT_Tcpip_{B1F994BA-...}] SEQPACKET 4
Name MSAFD NetBIOS [\Device\NetBT_Tcpip_{B1F994BA-...}] DATAGRAM 4
Name MSAFD NetBIOS [\Device\NetBT_Tcpip_{E0793AF1-...}] SEQPACKET 5
Name MSAFD NetBIOS [\Device\NetBT_Tcpip_{E0793AF1-...}] DATAGRAM 5
Name MSAFD NetBIOS [\Device\NetBT_Tcpip_{7E52D4E7-...}] SEQPACKET 1
Name MSAFD NetBIOS [\Device\NetBT_Tcpip_{7E52D4E7-...}] DATAGRAM 1
Name MSAFD NetBIOS [\Device\NetBT_Tcpip_{0C9D68F5-...}] SEQPACKET 2
Name MSAFD NetBIOS [\Device\NetBT_Tcpip_{0C9D68F5-...}] DATAGRAM 2

Any suggestions are most welcome. Thank you!:zzz:

1

To be quite honest, that stuff is out of my league :(. Unless someone else steps up, you are on your own.

Votes + Comments
thanks for being honest!
0

I truly appreciate your honesty, crunchie . Thank you for all your time and help.

I followed the MS instructions for resetting the Winsock key and still no internet.

As much as I dread the task, I believe my best bet will be a reformat. I think I'll wait a couple of days to see if anyone else has any suggestions to avoid the reformat task. Considering the amount of software that needs to be reinstalled it won't be a quick and simple job.

Perhaps someone could shed some light on these entries found at the end of autoexec.nt file:

Rem Install network redirector
lh %SystemRoot%/System32/nw16
lh %SystemRoot%/System32/vwipxspx

Could this have to do with internet connectivity?

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.