0

I sure hope you can help me. I have reached the end of my tech expertise. I am having trouble connecting to the internet on my main computer (Dell XPS 400 running Windows XP and a Westell 6100 modem); I can get online through the wireless lan on my laptop which is connected via wireless Netgear Rangemax router. I finally removed a virus/malware that McAfee didn't stop (Microsoft Security Alert phony), so thought I did. In the process of removing it (thanks to Malwarebytes' Anti-Malware), files were removed and/or quarantined; those files apparently contained information that allowed the coputer to "obtain IP address" as well as the subnet mask, default gateway, DNS server, and alternate DNS server. I manually entered those numerals, but still cannot access the internet from my main computer.
My Microsoft gateway diagnostic said "could not get proxy settings via the Automatic Proxy configuration mechanism" and "The default gateway address could not be resolved via ARP" The IP Layer Diagnostic said "The default route is valid. The loopback route is valid. The local host route is valid. Invalid ARP cache entries"
The WinSock diagnostic said "Provider entry RSVP UDP Service Provider could not perform simple loopback communication. Error -1" and "A connectivity problem exists with a base winsock provider"
The HTTP, HTTPS, FTP Diagnostic says: "Warn FTP (Passive): Error 12007 Connecting to ftp.microsoft.com: the server name or address could not be resolved. Warn HTTP: ERROR 12007 connecting to www.microsoft.com: The server name or address could not be resolved. Error Could not make an HTTP connection
Error Could not make an HTTPS connection
Error Could not make an FTP connection"

2
Contributors
65
Replies
66
Views
7 Years
Discussion Span
Last Post by egghead8488
0

Apparently because I'm accessing the internet by operating in "safe with networking mode," I could not attach on previous post; here's the GMER One.log (had to copy & paste) followed by the GMER Two.log:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-05-28 14:33:02
Windows 5.1.2600 Service Pack 3
Running: b0vyy27i.exe; Driver: C:\DOCUME~1\default\LOCALS~1\Temp\kwldapow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xF31CC78A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xF31CC821]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xF31CC738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF31CC74C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xF31CC835]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF31CC861]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xF31CC8CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xF31CC8B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF31CC7CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xF31CC8FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xF31CC80D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xF31CC710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xF31CC724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF31CC79E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xF31CC937]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xF31CC8A3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xF31CC88D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xF31CC84B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xF31CC923]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xF31CC90F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xF31CC776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF31CC762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xF31CC877]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF31CC7F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xF31CC8E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF31CC7E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xF31CC7B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-28 15:05:00
Windows 5.1.2600 Service Pack 3
Running: b0vyy27i.exe; Driver: C:\DOCUME~1\default\LOCALS~1\Temp\kwldapow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xF31CC78A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xF31CC821]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xF31CC738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF31CC74C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xF31CC835]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF31CC861]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xF31CC8CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xF31CC8B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF31CC7CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xF31CC8FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xF31CC80D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xF31CC710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xF31CC724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF31CC79E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xF31CC937]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xF31CC8A3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xF31CC88D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xF31CC84B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xF31CC923]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xF31CC90F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xF31CC776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF31CC762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xF31CC877]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF31CC7F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xF31CC8E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF31CC7E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xF31CC7B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

---- EOF - GMER 1.0.15 ----

0

And--here's the MBAM log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4136

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

5/23/2010 10:25:27 PM
mbam-log-2010-05-23 (22-25-27).txt

Scan type: Quick scan
Objects scanned: 195465
Time elapsed: 13 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 37

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDORSYS (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00b7f44 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fpfuocqt (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Data Protection (Rogue.DataProtection) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Kailey\My Documents\downloads\ZwinkySetup2.3.67.1.ZJfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\asd10.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\asd62.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\asd67.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\asd68.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\asd6E.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\asd6F.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\asd79.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\asd7A.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\asd7B.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\asd7E.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\asd81.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\asd82.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\asd87.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\asd8A.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\asd8B.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\asd8C.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\asd8D.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\asd96.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\asd97.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\asd98.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\asd99.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\asd9A.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\fiu2.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\fiu5.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\fiu7.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\kernel64xp.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\PRAGMA3b26.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\PRAGMA7197.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\wscsvc32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\wsdkrlxp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kendra\Local Settings\Temp\AaeI.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kendra\Local Settings\Temporary Internet Files\Content.IE5\ETM345QF\n002102318801r0409J10000601R88e2d894W160c5afaXbaac3d02Yf159fb63Z03003f361[1] (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CAPRHBZZ\packupdate_build107_302[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Data Protection\dat.db (Rogue.DataProtection) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DMUSIC32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system\nicks.txt (Backdoor.Bot) -> Quarantined and deleted successfully.

0

You need to update Malwarebytes' and do the Full Scan as requested in our Read Me sticky.
http://www.daniweb.com/forums/thread134865.html

I am trying to. I thought I had followed the directions completely in the Read Me sticky previously. Now I cannot even get online at all through my desktop. When I try to update Malwarebytes, I get "An error has occurred. Please report this error code to our support team. MBAM_ERROR_UPDATING (12007, 0 WinHttpSendRequest)" I am guessing that my connectivity issue is preventing the update. I had some time yesterday that it allowed me to go online, and I ran PC Pitstop Exterminate 2 which removed a number of virus/malware/spyware items, and I actually got back the toolbar with the green"Start" on the end. Now I am back to the gray toolbar with a rectangle button that has start on it.
When I click "ok" the error message goes away and takes me back to the Scanner tab of Malwarebytes. Any idea how I can get desktop to recognize connection? I'm accessing net through HP laptop via Netgear router connected to Westell 6100 modem to AT&T DSL. desktop is on ethernet with the router and modem. It can't connect, but laptop can. I've had to go into properties for the LAN and manually enter the IP, subnet mask, default gateway, DNS and secondary DNS (which is how I got it to go on the internet before), yet it still will not go online, even in "safe with networking" mode.
I will do full scan again with Malwarebytes.

0

You need to update Malwarebytes' and do the Full Scan as requested in our Read Me sticky.
http://www.daniweb.com/forums/thread134865.html

Can't even get online through "safe with networking mode" Malwarebytes can't update; version downloaded May 23 detects no virus/malware. I am at the end of my tech savvy (beyond it actually) and may have to start the mourning process if someone can't help soon! Forgot to add in previous reply that I added spybot Search and Destroy as well as Exterminate 2. Search and Destroy found several and removed them after Exterminate 2 removed Exploit.PDF-JS.Gen(v), Trojan.WIN32.Cosmu, and FraudTool.Win32.SecurityTool. Was able to access internet at that time. 3 hours later, no access, and none since.

Edited by egghead8488: n/a

0

Then just run the Full Scan. You never have to be online to do the scan, it is only when updating.
Have no idea about that PC Pitstop program you used. That is not one of our recommended programs. Malwarebytes' is the one we use most often here.
What other steps did you run besides the Malwarebytes program? There are other steps on that Read Me sticky you should have done, and that PC Pitstop program is NOT one of them.
Since you have access to another computer you can to use it to download the necessary programs to a flash drive and then transfer them to the infected computer. Do you have a flash drive?

0

I do have a flash drive. I followed the steps the best I could. I did not “uninstall or disable any P2P programs” because I don’t know what they are. I downloaded AFT-Cleaner, DDS by sUBs, and GMER Rootkit Scanner while I was operating in “Safe with networking” mode. I used Microsoft Windows Malicious Software Removal Tool, then ran ATF-Cleaner (and since I use Firefox I did tell it to keep my saved passwords). Then I ran GMER Rootkit Scanner and saved the log as GMER One.log. I unchecked” IAT/EAT” and “Show All” then clicked “scan” and saved the log as GMER Two.log.
I ran Malwarebytes’Anti-Malware, clicked “perform full scan” and “scan” then “show results” and checked everything then clicked “remove selected” and saved the log. I closed the program, then clicked the start bar and clicked “turn off computer” then clicked “restart” to reboot the computer. Upon restart, I double-clicked on “dds.scr” after clicking disable for McAfee Security Suite.
The computer was slow in logging on to the internet. I had to access it in “safe with networking” mode still. I tried to post this thread 3 times before finally getting it to post by separating the logs from the first post. I added them as separate replies: the GMER logs in one reply, and the MBAM log in a second reply. I checked for replies to the thread. After two days, I tried PC Pitstop’s free Exterminate download, which identified viruses, then paid for the Exterminate 2 which found them and removed them. The computer sped up considerably, but the toolbar was still the old-fashioned one from 1990s, not like it is on XP with the green at the start end. A fellow I know who considers himself very tech savvy, suggested Spybot’s Search and Destroy, so I downloaded it. It found multitudes of things: viruses, Trojans, malware, spyware, cookies. I clicked for it to remove them, then restarted the computer and had back my taskbar in the proper condition with green at the start end, and COULD GO ONLINE without having to go to “safe with networking” mode. I shut down the computer and turned it off, then I left to go to a family gathering, and was gone a few hours. When I returned, I no longer had the right taskbar, and have not been able to get online on the computer since, not even in “safe with networking” mode.
I had thought the problem was fixed earlier when I first found Malwarebytes, and ran it after having no success with McAfee support online or on the phone. It all came back worse than before, though, and I found this forum and hoped to get some help. AT&T’s tech support has recommended their “paid” support, McAfee has recommended their “paid” support, and Dell online support tool has recommended their “paid” support.
I ran Malwarebytes again, but it found zero infected files this time. I am currently running it again to be certain. I will save the log to a flash drive and try to post it here when it finishes.

0

Ok, first of all you need to know, you don't need to be online to run the scans, as long as they are on the computer they can be run easily without being online. So safe mode with networking is not necessary after the programs are installed.
I need to see the DDS logs. If you cannot go online with the computer, run the scans in normal mode, follow directions for them. Then put the logs onto the flash drive and take them to the computer that is working. Come here and post the logs using that flash drive in working computer.

0

Then just run the Full Scan. You never have to be online to do the scan, it is only when updating.
Have no idea about that PC Pitstop program you used. That is not one of our recommended programs. Malwarebytes' is the one we use most often here.
What other steps did you run besides the Malwarebytes program? There are other steps on that Read Me sticky you should have done, and that PC Pitstop program is NOT one of them.
Since you have access to another computer you can to use it to download the necessary programs to a flash drive and then transfer them to the infected computer. Do you have a flash drive?

I am sorry it took me so long to post these, but I have attached the mbam logs from yesterday and the previous one. I would have posted sooner, but before I could post a thunderstorm came through and knocked out my internet access.

Attachments
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4136

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

5/23/2010 10:25:27 PM
mbam-log-2010-05-23 (22-25-27).txt

Scan type: Quick scan
Objects scanned: 195465
Time elapsed: 13 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 37

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDORSYS (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00b7f44 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fpfuocqt (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Data Protection (Rogue.DataProtection) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Kailey\My Documents\downloads\ZwinkySetup2.3.67.1.ZJfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\asd10.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\asd62.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\asd67.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\asd68.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\asd6E.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\asd6F.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\asd79.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\asd7A.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\asd7B.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\asd7E.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\asd81.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\asd82.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\asd87.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\asd8A.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\asd8B.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\asd8C.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\asd8D.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\asd96.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\asd97.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\asd98.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\asd99.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\asd9A.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\fiu2.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\fiu5.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\fiu7.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\kernel64xp.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\PRAGMA3b26.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\PRAGMA7197.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\wscsvc32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\default\Local Settings\Temp\wsdkrlxp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kendra\Local Settings\Temp\AaeI.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kendra\Local Settings\Temporary Internet Files\Content.IE5\ETM345QF\n002102318801r0409J10000601R88e2d894W160c5afaXbaac3d02Yf159fb63Z03003f361[1] (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CAPRHBZZ\packupdate_build107_302[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Data Protection\dat.db (Rogue.DataProtection) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DMUSIC32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system\nicks.txt (Backdoor.Bot) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/2/2010 1:37:39 PM
mbam-log-2010-06-02 (13-37-39).txt

Scan type: Full scan (C:\|)
Objects scanned: 325519
Time elapsed: 2 hour(s), 24 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
0

Now, are you still not able to go online with this computer? What browser are you using? Without going online does the computer work normally in normal mode?

0

Ok, first of all you need to know, you don't need to be online to run the scans, as long as they are on the computer they can be run easily without being online. So safe mode with networking is not necessary after the programs are installed.
I need to see the DDS logs. If you cannot go online with the computer, run the scans in normal mode, follow directions for them. Then put the logs onto the flash drive and take them to the computer that is working. Come here and post the logs using that flash drive in working computer.

I ran DDS again because I couldn't find the logs. Some files seem to have disappeared (probably when I let Spybot Search & Destroy remove things) from the desktop computer. The freshly run logs are attached.

0

Now, are you still not able to go online with this computer? What browser are you using? Without going online does the computer work normally in normal mode?

Using Firefox and Internet Explorer. Other than no internet access, everything else seems to be working. I keep getting a popup about script debugging that wants to know if I want to use Microsoft debugging. And, my taskbar is the oldfashioned gray bar with a gray button for "Start" and gray rectangle where the time, McAfee logo, AT&T Connection logo, and LocalAreaConnection (which is showing that it is functioning at a speed of 100.0 Mbps when I mouse over it.
Thanks for your help!

0

First thing I want you to do is turn off that SpyBot TeaTimer. It can most definitely interfere or even stop fixes attempted. Leave it off when all this is complete and only use SpyBot for scanning purposes. To turn it off do the following:

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

Now since you still don't have the ability to go online with the computer, though it clearly shows it IS online with your notation. You will have to download this file to the flash drive and then take it to the infected computer and install it ONTO the computer and run it there.
So do the following:

Download HostsXpert and then follow the below steps.
http://www.majorgeeks.com/Hoster_d4626.html
* Unzip HostsXpert.zip
* It will create a folder named HostsXpert in whatever folder you extract it to.
* Run HostsXpert.exe by double clicking on it.
* Click the Make Writeable? button. (if you only see a Make Read-Only selection, it is already writeable so skip this button).
* Click Restore Microsoft's Hosts File and then click OK.
* Click the X to exit the program
See then if you can go online with the infected computer, try both browsers also.
Then report back here.
Judy

0

First thing I want you to do is turn off that SpyBot TeaTimer. It can most definitely interfere or even stop fixes attempted. Leave it off when all this is complete and only use SpyBot for scanning purposes. To turn it off do the following:

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

Now since you still don't have the ability to go online with the computer, though it clearly shows it IS online with your notation. You will have to download this file to the flash drive and then take it to the infected computer and install it ONTO the computer and run it there.
So do the following:

Download HostsXpert and then follow the below steps.
http://www.majorgeeks.com/Hoster_d4626.html
* Unzip HostsXpert.zip
* It will create a folder named HostsXpert in whatever folder you extract it to.
* Run HostsXpert.exe by double clicking on it.
* Click the Make Writeable? button. (if you only see a Make Read-Only selection, it is already writeable so skip this button).
* Click Restore Microsoft's Hosts File and then click OK.
* Click the X to exit the program
See then if you can go online with the infected computer, try both browsers also.
Then report back here.
Judy

Sorry to be so long in answering--internet service got disrupted again. May happen again--still a good chance of thunderstorms throughout the week. Internet service often gets disrupted here if we get too much rain. right now internet is working better than regular phone service which has loud humming/buzzing that prevents hearing or being heard. Anyway, did the spybot thing, then restarted. Did the HostsXpert by using flash drive. Opened Firefox and Internet Explorer, but neither able to connect to the internet. I restarted the computer and tried both again, but got the same result. Restarted and tried "safe with networking" mode--still no connection.

0

Ok, it was worth a try. Here is what you need to do next. Here are two programs you need. Combofix and HiJackThis. You again will have to download to the flash drive, take to the infected computer.
HiJackThis version 2.04 system scan log which you should download from here;
http://free.antivirus.com/hijackthis/

Run HiJackThis AFTER you run Combofix

Note to others reading this thread, these instructions are for THIS computer ONLY. This tool is NEVER to be used unless first instructed to do so by a helper.
Please download ComboFix by sUBs from HERE
· You must download it to and run it from your Desktop
· Physically disconnect from the internet.
· Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
· Double click combofix.exe & follow the prompts.

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

Run Combofix ONCE only!!

· When finished, it will produce a log. Please save that log to post in your next reply along with the HiJackThis log which you should run after you re-enable all the programs that were disabled during the running of ComboFix

Then open HiJackThis and run a System Scan and save that log.

Post back here with the Combofix log, it is very long but be sure to copy/paste it and also copy/paste the HiJackThis log.

Edited by jholland1964: n/a

0

Ok, it was worth a try. Here is what you need to do next. Here are two programs you need. Combofix and HiJackThis. You again will have to download to the flash drive, take to the infected computer.
HiJackThis version 2.04 system scan log which you should download from here;
http://free.antivirus.com/hijackthis/

Run HiJackThis AFTER you run Combofix

Note to others reading this thread, these instructions are for THIS computer ONLY. This tool is NEVER to be used unless first instructed to do so by a helper.
Please download ComboFix by sUBs from HERE
· You must download it to and run it from your Desktop
· Physically disconnect from the internet.
· Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
· Double click combofix.exe & follow the prompts.

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

Run Combofix ONCE only!!

· When finished, it will produce a log. Please save that log to post in your next reply along with the HiJackThis log which you should run after you re-enable all the programs that were disabled during the running of ComboFix

Then open HiJackThis and run a System Scan and save that log.

Post back here with the Combofix log, it is very long but be sure to copy/paste it and also copy/paste the HiJackThis log.

While running combofix, screen went blue with the following written in white lettering on it:

"A problem has been detected and window has been shut down to prevent damage to your computer.

BAD_POOL_CALLER

If this is the first time you've seen this Stop error screen, restart your computer. If this screen appears again, follow these steps:

Check to make sure any new hardware or software is properly installed. If this is a new installation, ask your hardware or software manufacturer for any windows updates you might need.

If problems continue, disable or remove any newly installed hardware or software. Disable BIOS memory options such as caching or shadowing. if you need to use safe mode to remove or disable components, restart your computer, press F8 to select Advanced Startup Options, and then select Safe Mode.

Technical information:

***STOP: 0x000000c2 (0x00000007,0x00000CD4, 0x15FFF44D, 0X80535819)

Beginning dump of physical memory
Physical memory dump complete.
Contact your system administrator or technical support group for further assistance."

If I restart, do I click to run combofix again since it didn't complete?

0

Deleted it. Downloaded it to flash drive. Put on infected computer's desktop. Double-clicked to run it. Got window with a c:/ on the title bar, and inside the window it says "Please wait. ComboFix is preparing to run." then got popup that says "Microsoft Windows Recovery Console" on the title and inside the window: "This machine does not have the 'Microsoft Windows recovery console' installed Without it, ComboFix shall not attempt the fixing of some serious infections. Click 'Yes' to have ComboFix download/install it. NOTE: this requires an active internet connection." I have disconnected the cable from the CPU to physically disconnect from the internet. If I connect, it doesn't work anyway. What to do?

Edited by egghead8488: n/a

0

Screen went blue again with the same message. Have restarted.Right-clicked Combofix on the desktop, selected "open" instead of double-clicking. Same result--started to run, then got the blue screen with "BAD_POOL_CALLER"

To put Combofix on flash drive I opened "downloads" folder and right-clicked "Combofix" and selected "send to" my flash drive. To put it on the desktop, I opened the flashdrive's folder, right-clicked "Combofix" and selected "send to: desktop"

Don't understand why it isn't running Combofix to completion.

0

Are you absolutely certain that your anti-virus program and any other security programs you have on there are turned off?
I have seen some instances where McAfee absolutely will not allow combofix to run and this blue screen is the result. Can you uninstall it?

Edited by jholland1964: n/a

0

I will try to uninstall McAfee Security Center, and try Combofix again.

0

Ok hopefully this will work. Go with another brand new download of combofix when you try again. Don't use one from the other computer or from the flash drive. Delete both and download it again.

0

Uninstalled McAfee Security Center. Had to delete Combofix from infected computer because it thought it was a ready-only file after McAfee was uninstalled and the computer restarted. Saved combofix to desktop again. Double clicked it. "ComboFix has detected the presence of rootkit activity and needs to reboot the machine" window popped up. Clicked "ok" and it restarted the computer. ComboFix AutoScan continued.Ran through many "stages". Took a while to prepare log. I'm working on the Hijack This install now, and will post log from it when finished. Meantime, here's the ComboFix log:

ComboFix 10-06-03.01 - default 06/04/2010 19:53:23.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.661 [GMT -5:00]
Running from: c:\documents and settings\default\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\default\GoToAssistDownloadHelper.exe
c:\windows\system32\devmgr32.dll
c:\windows\system32\drivers\1028_DELL_XPS_Dell DXP051 .MRK
c:\windows\system32\drivers\DELL_XPS_Dell DXP051 .MRK
c:\windows\system32\encapi32.dll
c:\windows\system32\Thumbs.db

Infected copy of c:\windows\system32\drivers\intelppm.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-05-05 to 2010-06-05 )))))))))))))))))))))))))))))))
.

2010-06-01 15:18 . 2010-06-01 16:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-01 15:18 . 2010-06-01 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-01 13:50 . 2010-06-01 13:50 -------- d-----w- c:\documents and settings\default\Local Settings\Application Data\Dell
2010-05-31 02:12 . 2005-03-10 16:49 17408 ----a-w- c:\windows\system32\EtCoInst.dll
2010-05-31 02:12 . 2005-03-08 23:26 23040 ----a-w- c:\windows\system32\IntelNic.dll
2010-05-31 02:12 . 2010-06-01 14:37 -------- d-----w- C:\drvrtmp
2010-05-31 02:11 . 2006-02-10 02:05 520192 ------w- c:\windows\system32\ati2sgag.exe
2010-05-31 02:10 . 2010-05-31 02:11 -------- d-----w- c:\program files\ATI Technologies
2010-05-31 01:57 . 2007-06-08 06:10 876544 ----a-w- c:\windows\system32\TEACico2.dll
2010-05-31 01:53 . 2010-05-31 01:53 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\SupportSoft
2010-05-31 01:43 . 2010-05-31 01:43 69120 ----a-w- c:\documents and settings\All Users\Application Data\SupportSoft\DellSupportCenter\_default\data\f9cd5860-4b46-43fa-aa04-46ba9e956204\7e7d3c88-958b-4607-85a7-8c1cc5188887.1\NOTEPAD.EXE
2010-05-31 01:43 . 2010-05-31 01:43 -------- d-----w- c:\documents and settings\All Users\Application Data\SupportSoft
2010-05-31 01:42 . 2010-05-31 01:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDr
2010-05-31 01:42 . 2010-05-31 01:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PC-Doctor
2010-05-31 01:40 . 2010-05-31 01:41 -------- d-----w- c:\program files\Dell Support Center
2010-05-31 01:40 . 2010-05-31 01:40 -------- d-----w- c:\program files\Common Files\supportsoft
2010-05-31 00:26 . 2010-05-31 00:26 -------- d-----w- c:\program files\SystemRequirementsLab
2010-05-30 14:00 . 2010-06-01 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2010-05-30 03:11 . 2010-05-30 03:11 -------- d-----w- c:\documents and settings\Wade Kennedy\Application Data\Motive
2010-05-28 16:48 . 2010-05-28 16:50 -------- d-----w- c:\program files\BellSouthWCC
2010-05-28 16:29 . 2010-05-28 16:29 -------- d-----w- c:\documents and settings\default\Local Settings\Application Data\Motive
2010-05-26 01:37 . 2010-05-26 01:37 -------- d-sh--w- c:\documents and settings\Kailey\PrivacIE
2010-05-25 11:22 . 2010-05-25 11:22 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-05-25 04:32 . 2010-05-25 04:32 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-05-25 04:29 . 2010-05-25 04:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-05-25 03:51 . 2010-05-25 03:51 193760 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-24 11:31 . 2010-05-24 14:19 -------- d-----w- c:\windows\system32\MpEngineStore
2010-05-24 04:30 . 2010-05-24 14:19 -------- d-----w- C:\f7006a8c29e5d1c62a5b36c6264e9c23
2010-05-24 04:05 . 2010-05-24 04:05 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-05-24 04:03 . 2010-05-24 04:03 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-05-24 04:02 . 2010-05-24 04:02 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-24 02:55 . 2010-05-24 02:55 -------- d-----w- c:\documents and settings\default\Application Data\Malwarebytes
2010-05-24 02:55 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-24 02:55 . 2010-05-24 02:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-24 02:55 . 2010-06-02 08:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-24 02:55 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-23 03:28 . 2010-05-23 03:28 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-22 15:59 . 2010-05-22 15:59 -------- d-sh--w- c:\documents and settings\Kendra\IECompatCache
2010-05-21 05:08 . 2010-05-21 05:08 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache
2010-05-20 23:25 . 2010-05-20 23:26 -------- d-----w- c:\documents and settings\Kendra\Local Settings\Application Data\ijomrexeq
2010-05-17 21:14 . 2010-05-17 21:14 -------- d-----w- c:\program files\EnglishOtto
2010-05-14 03:18 . 2010-05-14 03:18 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-12 00:17 . 2010-05-12 00:17 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-06 23:50 . 2010-05-06 23:50 -------- d-----w- c:\program files\iPod
2010-05-06 23:50 . 2010-05-06 23:51 -------- d-----w- c:\program files\iTunes
2010-05-06 23:43 . 2010-05-06 23:44 -------- d-----w- c:\program files\Bonjour
2010-05-06 23:23 . 2010-05-06 23:23 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-05 00:42 . 2006-03-20 00:00 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-06-05 00:41 . 2006-03-20 00:00 -------- d-----w- c:\program files\McAfee
2010-06-04 03:29 . 2008-04-02 12:18 -------- d-----w- c:\documents and settings\default\Application Data\U3
2010-06-03 17:58 . 2006-03-22 04:16 -------- d-----w- c:\program files\Dl_cats
2010-06-01 19:54 . 2010-05-04 23:16 -------- d-----w- c:\documents and settings\default\Application Data\Software Informer
2010-06-01 19:47 . 2007-04-28 23:35 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-05-31 21:15 . 2010-03-01 04:48 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-31 19:06 . 2006-11-14 05:35 -------- d-----w- c:\program files\PCPitstop
2010-05-31 02:29 . 2007-09-11 13:28 -------- d-----w- c:\program files\Common Files\Motive
2010-05-31 02:11 . 2006-03-19 23:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-31 01:45 . 2009-05-16 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2010-05-28 16:38 . 2009-05-02 00:05 -------- d-----w- c:\program files\ATT-SST
2010-05-28 16:29 . 2009-08-08 15:45 -------- d-----w- c:\documents and settings\default\Application Data\Motive
2010-05-24 11:31 . 2004-08-04 04:59 36352 ----a-w- c:\windows\system32\drivers\intelppm.sys
2010-05-21 00:42 . 2006-04-02 04:31 193760 ----a-w- c:\documents and settings\default\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-18 17:20 . 2008-01-24 06:15 134028 -c-ha-w- c:\windows\system32\mlfcache.dat
2010-05-18 17:15 . 2007-02-09 23:17 193760 ----a-w- c:\documents and settings\Kendra\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-17 22:34 . 2010-01-08 16:00 -------- d-----w- c:\program files\OpenOffice.org 3
2010-05-17 12:30 . 2007-11-29 03:51 -------- d-----w- c:\documents and settings\default\Application Data\Apple Computer
2010-05-15 19:02 . 2006-09-09 02:52 -------- d-----w- c:\program files\SP
2010-05-15 18:59 . 2006-03-20 00:02 -------- d-----w- c:\program files\Google
2010-05-15 18:59 . 2006-03-28 19:27 -------- d-----w- c:\program files\Compaq
2010-05-15 18:57 . 2009-03-28 13:33 -------- d-----w- c:\program files\AVS4YOU
2010-05-15 18:57 . 2009-03-28 13:33 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-05-13 22:40 . 2010-03-13 22:36 439816 ----a-w- c:\documents and settings\Kendra\Application Data\Real\Update\setup3.10\setup.exe
2010-05-11 21:15 . 2009-11-08 02:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-08 19:38 . 2006-07-29 02:05 209008 ----a-w- c:\documents and settings\Wade Kennedy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-07 02:40 . 2009-12-04 01:00 -------- d-----w- c:\documents and settings\Kendra\Application Data\U3
2010-05-06 23:50 . 2007-10-14 02:03 -------- d-----w- c:\program files\Common Files\Apple
2010-05-06 23:44 . 2007-10-14 02:04 -------- d-----w- c:\documents and settings\Wade Kennedy\Application Data\Apple Computer
2010-05-05 01:26 . 2009-07-02 20:57 -------- d-----w- c:\program files\TestGen
2010-05-04 23:16 . 2010-05-04 23:16 -------- d-----w- c:\program files\MagicScore Music Software
2010-05-04 23:16 . 2010-05-04 23:16 -------- d-----w- c:\program files\Software Informer
2010-04-24 23:30 . 2010-04-24 23:30 -------- d-----w- c:\program files\WatermarkSoftware
2010-04-08 18:20 . 2010-04-08 18:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 18:20 . 2010-04-08 18:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-06 02:18 . 2010-04-06 02:18 50354 ----a-w- c:\documents and settings\default\Application Data\Facebook\uninstall.exe
2010-04-06 02:18 . 2010-04-06 02:18 -------- d-----w- c:\documents and settings\default\Application Data\Facebook
2010-04-04 18:02 . 2010-04-04 18:02 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-03-16 20:09 . 2006-04-25 15:08 1682 -csha-w- c:\windows\system32\KGyGaAvL.sys
2010-03-10 06:15 . 2005-08-16 10:18 420352 ----a-w- c:\windows\system32\vbscript.dll
2007-04-07 15:48 . 2007-04-07 15:48 6006832 -c--a-w- c:\program files\Firefox Setup 2.0.0.3.exe
2004-07-29 18:11 . 2002-03-24 00:03 7942 -c--a-w- c:\program files\Pony.cfg
2003-03-21 18:45 . 2009-10-24 04:26 250544 -c--a-w- c:\program files\Common Files\keyhelp.ocx
1998-10-04 20:08 . 2002-03-24 00:03 530432 -c--a-w- c:\program files\Pony.exe
1998-08-24 19:52 . 2002-03-24 00:03 6417 -c--a-w- c:\program files\readme.txt
1998-06-26 22:10 . 2002-03-24 00:03 86 -c--a-r- c:\program files\sim.cfg
1997-12-12 19:53 . 2002-03-24 00:03 66116 -c--a-r- c:\program files\F_en_01.ttf
2008-09-10 19:49 . 2008-09-10 19:49 5817064 -c--a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 68856]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-14 73728]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-25 198160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-08 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"BellSouthWCC_McciTrayApp"="c:\program files\BellSouthWCC\McciTrayApp.exe" [2009-11-18 1577984]
"ATT_WCC"="c:\program files\BellSouthWCC\McciTrayApp.exe" [2009-11-18 1577984]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-01-30 206064]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\default\Start Menu\Programs\Startup\
Event Reminder.lnk - c:\program files\Broderbund\PrintMaster\PMREMIND.EXE [2000-1-11 327680]
GoBack.lnk - c:\program files\Roxio\GoBack\GBTray.exe [2001-11-16 524288]
GoZone iSync.lnk - c:\program files\GoZone\GoZone_iSync.exe [2009-3-28 425984]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-12-26 385024]
reminder-ScanSoft Product Registration.lnk - c:\program files\TextBridge Pro 8.0\Ereg\REMIND32.EXE [2002-8-3 45056]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-7-30 217195]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-3-19 24576]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2009-2-2 118784]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-01-01 22:10 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

S1 oycmitiy;oycmitiy;\??\c:\windows\system32\drivers\oycmitiy.sys --> c:\windows\system32\drivers\oycmitiy.sys [?]
S2 gupdate1c8b7212f464fc0;Google Update Service (gupdate1c8b7212f464fc0);c:\program files\Google\Update\GoogleUpdate.exe [7/12/2008 7:53 AM 133104]
S2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [5/31/2010 2:06 PM 77312]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 yeddef;YEDDEF driver;c:\windows\system32\drivers\yeddef.sys [1/26/2007 11:09 AM 19200]
.
Contents of the 'Scheduled Tasks' folder

2010-05-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-12 23:17]

2010-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-12 23:17]

2010-05-17 c:\windows\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job
- c:\program files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe [2005-11-07 08:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://hometab.bellsouth.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c99&s=searchbar&LC=0409
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: AltaVista Home - http://jump.altavista.com/avie5/home
IE: AV Search This Term - http://jump.altavista.com/avie5/search
IE: AV Translate Selection - http://jump.altavista.com/avie5/babelfish
IE: AV Translate this Web Page - http://jump.altavista.com/avie5/babelfish
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: Send Image to Photo Library - file://c:\program files\MGI\MGI PhotoSuite III SE\Temp\MGI00000.html
IE: {{06FE5D00-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home
IE: {{06FE5D02-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/linksearch
IE: {{06FE5D03-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/hostsearch
IE: {{06FE5D05-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/babelfish
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
Trusted Zone: musicmatch.com\online
TCP: {10198C28-BE67-4FC1-AB81-8A2E4924CCA5} = 205.152.37.23,205.152.132.23
DPF: GenealogyBrowser.Cab - hxxp://209.90.101.200/cabs/zinst.cab
FF - ProfilePath - c:\documents and settings\default\Application Data\Mozilla\Firefox\Profiles\0ozvd4cc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1418455&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search: Lyon County Schools
FF - prefs.js: browser.startup.homepage - hxxp://my.att.net/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 5402
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - plugin: c:\documents and settings\default\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npImgCtl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZInst.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
HKCU-Run-fsm - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-CpqPrint - c:\windows\CpqPrint.isu
AddRemove-CpqPrint 2-Up - c:\windows\CpqPr2up.isu
AddRemove-McAfee Uninstall Utility - c:\progra~1\McAfee.com\Shared\mcappins.exe
AddRemove-My Little Pony - c:\program files\Uninst.isu
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-04 20:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,20,2c,f4,fa,ba,df,4c,82,8d,b2,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,20,2c,f4,fa,ba,df,4c,82,8d,b2,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(892)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
Completion time: 2010-06-04 20:11:22
ComboFix-quarantined-files.txt 2010-06-05 01:11

Pre-Run: 115,748,421,632 bytes free
Post-Run: 117,971,218,432 bytes free

- - End Of File - - F75084A2CF656002EACF0846ACC9BD17

0

Here's the Hijack This log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:18:35 PM, on 6/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\default\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hometab.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c99&s=searchbar&LC=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - (no file)
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BellSouthWCC_McciTrayApp] C:\Program Files\BellSouthWCC\McciTrayApp.exe
O4 - HKLM\..\Run: [ATT_WCC] C:\Program Files\BellSouthWCC\McciTrayApp.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE
O4 - Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Startup: GoZone iSync.lnk = C:\Program Files\GoZone\GoZone_iSync.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\TextBridge Pro 8.0\Ereg\REMIND32.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: AltaVista Home - http://jump.altavista.com/avie5/home
O8 - Extra context menu item: AV Search This Term - http://jump.altavista.com/avie5/search
O8 - Extra context menu item: AV Translate Selection - http://jump.altavista.com/avie5/babelfish
O8 - Extra context menu item: AV Translate this Web Page - http://jump.altavista.com/avie5/babelfish
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O8 - Extra context menu item: Send Image to Photo Library - file://C:\Program Files\MGI\MGI PhotoSuite III SE\Temp\MGI00000.html
O9 - Extra button: (no name) - {06FE5D00-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra 'Tools' menuitem: &AltaVista Home - {06FE5D00-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/linksearch (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/linksearch (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/hostsearch (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/hostsearch (file missing)
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/babelfish (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/babelfish (file missing)
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {18D7138B-B899-4059-941A-01A239BC6A35} - C:\WINDOWS\AvxOScan\scan\scan.htm (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Avx Online Scan - {18D7138B-B899-4059-941A-01A239BC6A35} - C:\WINDOWS\AvxOScan\scan\scan.htm (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: GenealogyBrowser.Cab - http://209.90.101.200/cabs/zinst.cab
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{10198C28-BE67-4FC1-AB81-8A2E4924CCA5}: NameServer = 205.152.37.23,205.152.132.23
O17 - HKLM\System\CS1\Services\Tcpip\..\{10198C28-BE67-4FC1-AB81-8A2E4924CCA5}: NameServer = 205.152.37.23,205.152.132.23
O17 - HKLM\System\CS2\Services\Tcpip\..\{10198C28-BE67-4FC1-AB81-8A2E4924CCA5}: NameServer = 205.152.37.23,205.152.132.23
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate1c8b7212f464fc0) (gupdate1c8b7212f464fc0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PCPitstop Scheduling - Unknown owner - C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 13714 bytes

0

Firefox has the same "can't find the server at website" message. Internet Explorer "Cannot display the webpage."

0

Check both browsers by going to File and make sure that Work Offline is not checked. Also go to Control Panel, Internet Options, Connections, LAN Settings, make sure there are NO check marks in any of the three boxes you find there. Then try to go online again, normal mode, both browsers.

0

Work offline not checked in either browser.LAN Automatic configuration--nothing checked--Proxy server not checked. Normal mode--still no web on either browser.

Edited by egghead8488: n/a

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.