BleepingComputer.com: DNS virus

Hello, I'm new so I hope I do this right.
This computer is very slow and isn't showing all available networks.
Whilst investigating I found the ipconfig /displaydns command and there are a bunch of records there that look highly suspect.
I tried to follow a couple of online suggestions but flushdns and net stop and start do nothing.
I have run an up-to-date Malware bytes full scan and found nothing and currently installed and running MSE full scan.

Windows Professional XP sp3

I hope this is enough info to start
Thanks in advance

Welcome aboard

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:

• Report IE Proxy Settings
  
• List content of Hosts
  
• List IP configuration
  
• List last 10 Event Viewer log
  
• List Users, Partitions and Memory size

Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:

• Main Mirror
  This version will download a randomly named file (Recommended)
  
• Zipped Mirror
  This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

• Disconnect from the Internet and close all running programs.
  
• Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  
• Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  
• Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
  
  
  
  
• GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  
• If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  
• Now click the Scan button. If you see a rootkit warning window, click OK.
  
• When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  
• Click the Copy button and paste the results into your next reply.
  
• Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

Frustrating I have tried to post 4 times posts getting shorter and shorter -- program still says post is too long:

Heather

ok here is the first log
security checker



Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player
Adobe Reader X (10.1.0)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

MINITOOLKIT PART 1


MiniToolBox by Farbar
Ran by heather (administrator) on 08-07-2011 at 10:03:47
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= End of IE Proxy Settings ========================
=============== Hosts content: ============================================

# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

Malwarebyte and GMER:



Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7047

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/8/2011 10:11:58 AM
mbam-log-2011-07-08 (10-11-58).txt

Scan type: Quick scan
Objects scanned: 213896
Time elapsed: 5 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-08 11:07:46
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 ST380815AS rev.4.AAB
Running: gmer.exe; Driver: C:\DOCUME~1\heather\LOCALS~1\Temp\kxldrpod.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA8A2B620]

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device InCDFs.sys (InCD File System Driver/Nero AG)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----



Thanks Heather and my apologies -- looks like someone here was busy not working......

Upload MiniToolbox log here: http://www.filedropper.com/
I'll adjust it, so it's postable.
Post download link (copy URL: link):

Hello,

Thanks

<a href=http://www.filedropper.com/minitoolkitresult11-07-08><img src=http://www.filedropper.com/download_button.png width=127 height=145 border=0/></a><br /> <div style=font-size:9px;font-family:Arial, Helvetica, sans-serif;width:127px;font-color:#44a854;> <a href=http://www.filedropper.com >file upload</a></div>

This is the link it suggested for blogs and forums.

I still have the site open if you need the email link.

Heather

MiniToolBox by Farbar
Ran by heather (administrator) on 08-07-2011 at 10:03:47
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= End of IE Proxy Settings ========================
=============== Hosts content: ============================================

# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
# Start of entries inserted by Spybot - Search & Destroy
[omitted]
# End of entries inserted by Spybot - Search & Destroy

=============== End of Hosts ==============================================

================= IP Configuration: =======================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : gga7-f321448dda

Primary Dns Suffix . . . . . . . : GrosvenorGoldAssets.local

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller

Physical Address. . . . . . . . . : 00-1F-C6-BB-B5-19

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1f c6 bb b5 19 ...... Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
255.255.255.255 255.255.255.255 255.255.255.255 2 1
===========================================================================
Persistent Routes:
None

================= End of IP Configuration =================================

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/06/2011 09:04:21 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2011/07/06 09:04:21.921]: [00001868]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.2.106]

Error: (07/06/2011 09:04:19 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2011/07/06 09:04:19.312]: [00001868]: GetDeviceIpAddress: GetAddressByName [BRN_91CE1D] Error

Error: (07/06/2011 09:03:44 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2011/07/06 09:03:44.812]: [00001868]: GetDeviceIpAddress: GetAddressByName [BRN_91CE1D] Error

Error: (07/06/2011 09:03:39 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2011/07/06 09:03:39.375]: [00001868]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.2.109]

Error: (07/06/2011 09:03:12 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2011/07/06 09:03:12.921]: [00001868]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.2.106]

Error: (07/06/2011 09:03:10 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2011/07/06 09:03:10.312]: [00001868]: GetDeviceIpAddress: GetAddressByName [BRN_91CE1D] Error

Error: (07/06/2011 09:02:35 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2011/07/06 09:02:35.812]: [00001868]: GetDeviceIpAddress: GetAddressByName [BRN_91CE1D] Error

Error: (07/06/2011 09:02:30 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2011/07/06 09:02:30.375]: [00001868]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.2.109]

Error: (07/06/2011 09:02:03 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2011/07/06 09:02:03.921]: [00001868]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.2.106]

Error: (07/06/2011 09:02:01 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2011/07/06 09:02:01.312]: [00001868]: GetDeviceIpAddress: GetAddressByName [BRN_91CE1D] Error


System errors:
=============
Error: (07/08/2011 10:01:04 AM) (Source: Print) (User: heather)
Description: The document Microsoft Word - Document1 owned by heather failed to print on printer Brother MFC-8460N Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 40948. Number of bytes printed: 0. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\GGA7-F321448DDA. Win32 error code returned by the print processor: Microsoft Word - Document10. Microsoft Word - Document11

Error: (07/08/2011 09:59:04 AM) (Source: Print) (User: heather)
Description: The document Untitled - Notepad owned by heather failed to print on printer Brother MFC-8460N Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 7312. Number of bytes printed: 0. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\GGA7-F321448DDA. Win32 error code returned by the print processor: Untitled - Notepad0. Untitled - Notepad1

Error: (07/08/2011 09:57:26 AM) (Source: Print) (User: heather)
Description: The document Untitled - Notepad owned by heather failed to print on printer Brother MFC-8460N Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 65536. Number of bytes printed: 0. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\GGA7-F321448DDA. Win32 error code returned by the print processor: Untitled - Notepad0. Untitled - Notepad1

Error: (07/08/2011 09:55:56 AM) (Source: Print) (User: heather)
Description: The document Untitled - Notepad owned by heather failed to print on printer Brother MFC-8890DW Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 7324. Number of bytes printed: 0. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\GGA7-F321448DDA. Win32 error code returned by the print processor: Untitled - Notepad0. Untitled - Notepad1

Error: (07/08/2011 09:54:18 AM) (Source: Print) (User: heather)
Description: The document Untitled - Notepad owned by heather failed to print on printer Brother MFC-8890DW Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 65536. Number of bytes printed: 0. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\GGA7-F321448DDA. Win32 error code returned by the print processor: Untitled - Notepad0. Untitled - Notepad1

Error: (07/08/2011 09:45:38 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 29 minutes.
NtpClient has no source of accurate time.

Error: (07/08/2011 09:30:36 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (07/08/2011 09:26:42 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.

Error: (07/08/2011 09:25:36 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.2.100 for the Network Card with network address 001FC6BBB519 has been
denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

Error: (07/08/2011 09:20:39 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.


Microsoft Office Sessions:
=========================
Error: (07/06/2011 09:04:21 AM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2011/07/06 09:04:21.921]: [00001868]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.2.106]

Error: (07/06/2011 09:04:19 AM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2011/07/06 09:04:19.312]: [00001868]: GetDeviceIpAddress: GetAddressByName [BRN_91CE1D] Error

Error: (07/06/2011 09:03:44 AM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2011/07/06 09:03:44.812]: [00001868]: GetDeviceIpAddress: GetAddressByName [BRN_91CE1D] Error

Error: (07/06/2011 09:03:39 AM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2011/07/06 09:03:39.375]: [00001868]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.2.109]

Error: (07/06/2011 09:03:12 AM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2011/07/06 09:03:12.921]: [00001868]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.2.106]

Error: (07/06/2011 09:03:10 AM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2011/07/06 09:03:10.312]: [00001868]: GetDeviceIpAddress: GetAddressByName [BRN_91CE1D] Error

Error: (07/06/2011 09:02:35 AM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2011/07/06 09:02:35.812]: [00001868]: GetDeviceIpAddress: GetAddressByName [BRN_91CE1D] Error

Error: (07/06/2011 09:02:30 AM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2011/07/06 09:02:30.375]: [00001868]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.2.109]

Error: (07/06/2011 09:02:03 AM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2011/07/06 09:02:03.921]: [00001868]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.2.106]

Error: (07/06/2011 09:02:01 AM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2011/07/06 09:02:01.312]: [00001868]: GetDeviceIpAddress: GetAddressByName [BRN_91CE1D] Error


========================= End of Event log errors =========================

========================= Memory info: ====================================

Percentage of memory in use: 51%
Total physical RAM: 1014.17 MB
Available physical RAM: 492.27 MB
Total Pagefile: 2441.45 MB
Available Pagefile: 1800.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1995.05 MB

======================= Partitions: =======================================

2 Drive c: () (Fixed) (Total:74.52 GB) (Free:65.57 GB) NTFS
4 Drive e: () (Removable) (Total:7.45 GB) (Free:7.38 GB) FAT32

================= Users: ==================================================

User accounts for \\GGA7-F321448DDA

-------------------------------------------------------------------------------
Administrator GGA7 Guest
HelpAssistant SUPPORT_388945a0
The command completed successfully.

================= End of Users ============================================

It looks like you have no internet connection at all.
Is that the case?

Well that is another story. I have been having trouble with the ISP and our router/firewall - I wonder why??

But currently I am connected (with the computer that produced the logs)

Heather

Re-run MiniToolbox.

Checkmark following boxes:

• List IP configuration

Click Go and post the result.

Here you go:

MiniToolBox by Farbar
Ran by heather (administrator) on 08-07-2011 at 13:48:20
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************


================= IP Configuration: =======================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : gga7-f321448dda

Primary Dns Suffix . . . . . . . : GrosvenorGoldAssets.local

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : GrosvenorGoldAssets.local

gateway.2wire.net



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller

Physical Address. . . . . . . . . : 00-1F-C6-BB-B5-19

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.2.10

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.2.1

DHCP Server . . . . . . . . . . . : 192.168.2.1

DNS Servers . . . . . . . . . . . : 192.168.2.1

Lease Obtained. . . . . . . . . . : Friday, July 08, 2011 1:16:59 PM

Lease Expires . . . . . . . . . . : Monday, July 11, 2011 1:16:59 PM

Server: mymodem
Address: 192.168.2.1

Name: google.com
Addresses: 74.125.91.99, 74.125.91.104, 74.125.91.106, 74.125.91.103
74.125.91.105, 74.125.91.147



Pinging google.com [74.125.91.99] with 32 bytes of data:



Reply from 74.125.91.99: bytes=32 time=43ms TTL=51

Reply from 74.125.91.99: bytes=32 time=42ms TTL=51



Ping statistics for 74.125.91.99:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 42ms, Maximum = 43ms, Average = 42ms

Server: mymodem
Address: 192.168.2.1

Name: yahoo.com
Addresses: 209.191.122.70, 67.195.160.76, 69.147.125.65, 72.30.2.43
98.137.149.56



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=50ms TTL=53

Reply from 209.191.122.70: bytes=32 time=49ms TTL=53



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 49ms, Maximum = 50ms, Average = 49ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1f c6 bb b5 19 ...... Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.10 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.2.0 255.255.255.0 192.168.2.10 192.168.2.10 20
192.168.2.10 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.2.255 255.255.255.255 192.168.2.10 192.168.2.10 20
224.0.0.0 240.0.0.0 192.168.2.10 192.168.2.10 20
255.255.255.255 255.255.255.255 192.168.2.10 192.168.2.10 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None

================= End of IP Configuration =================================

That looks good now.

Please download SystemScan and save it to your desktop.

• Be aware that the file name will be randomly generated (i.e. sys95769.exe) to deceive malware which may attempt to disabled it.
  
• If any installed security tools (anti-virus) detects the file as malware or suspicious while downloading or attempting to run, ignore the alert and allow the download.
  
  
• Double-click on sys*****.exe to start the tool.
  
• A read before proceeding disclaimer will appear.
  
• Uncheck <- Unflag the checkbox to disable updates! next to the version number at the top.
  
• After reading, check the box I have read and agree. Please let me...proceed!, then click the Proceed button.
  
• When SystemScan opens, click the "Unselect all" button.
  
• Important: Under "Make your choice and than click...", check the boxes next to:
  
  • PC accounts
  
  
• Everything else should be unchecked.
  
  
• Click "Scan Now".
  
• Another warning box will appear. Please follow the instructions and click OK.
  
• Please be patient while the scan is in progress.
  
• Systemscan will scan your computer and create a folder named Suspectfile on the Desktop to save its report.
  
• When the scan is complete, Notepad will automatically open a log file named report.txt with the results.
  
• Copy and paste the contents of report.txt in your next reply.

Here you go:

SystemScan - www.suspectfile.com - ver. 3.6.7 (code: holifay & bReAkdOWn)

Running on: Windows XP PROFESSIONAL Edition, Service Pack 3 (2600.5.1)
System directory: C:\WINDOWS
SystemScan file: C:\Documents and Settings\heather\Desktop\sys89503.exe
Running in: User mode
Date: 7/8/2011
Time: 2:00:20 PM

Output limited to:
-PC accounts

===================== ACCOUNTS ON THIS PC =====================


Users on this computer:
Is Admin? | Username
------------------
Yes | Administrator
Yes | GGA7
| Guest (Disabled)
| HelpAssistant (Disabled)
| SUPPORT_388945a0 (Disabled)

### users folders

16/09/2008 12:51:48 (DIR) 0 byte 1025 days old -- All Users
16/09/2008 14:59:43 (DIR) 0 byte 1025 days old -- Default User
03/03/2010 11:57:53 (DIR) 0 byte 492 days old -- GGA7
03/03/2010 11:57:53 (DIR) 0 byte 492 days old -- gisela
03/03/2010 11:57:53 (DIR) 0 byte 492 days old -- NetworkService
03/03/2010 11:57:53 (DIR) 0 byte 492 days old -- Administrator.GGA7-F321448DDA
03/03/2010 12:01:47 (DIR) 0 byte 492 days old -- administrator
30/04/2010 10:11:30 (DIR) 0 byte 434 days old -- data6
07/07/2011 17:27:32 (DIR) 0 byte 1 days old -- LocalService
08/07/2011 13:11:46 (DIR) 0 byte 0 days old -- heather

### startup files in users folders

C:\documents and settings\administrator\Start Menu\Programs\Startup\desktop.ini
C:\documents and settings\Administrator.GGA7-F321448DDA\Start Menu\Programs\Startup\desktop.ini
C:\documents and settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\documents and settings\data6\Start Menu\Programs\Startup\desktop.ini
C:\documents and settings\Default User\Start Menu\Programs\Startup\desktop.ini
C:\documents and settings\GGA7\Start Menu\Programs\Startup\desktop.ini
C:\documents and settings\gisela\Start Menu\Programs\Startup\desktop.ini
C:\documents and settings\heather\Start Menu\Programs\Startup\desktop.ini

==========================================
Scan completed in 0 minutes
End of report


~~~~~~~~~~~~~~~~~~~~~-----CREDITS-----~~~~~~~~~~~~~~~~~~~~~
SystemScan uses some freeware tools that remain property of their authors:

* SteelWerX Registry Console Tool, Who Am I (Bobby Flekman: www.xs4all.nl/~fstaal01) --> "Registry scan", "PC accounts "
* dumphive (Markus Stephany)--> "Registry scan"
* Listdlls (M.Russinovich, B.Cogswell: www.sysinternals.com) --> "Loaded modules"
* Catchme & MBR Rootkit detector (gmer: www.gmer.net) --> "Hidden objects", "Alternate Data Streams" & "Master Boot Record"
---> NOTE: SystemScan integrates "The Avenger" from Swandog46 (http://swandog46.geekstogo.com) to allow you to remove malwares found in this log

Thanks to all of them for their hard work

You may be infected with Mebroot.
You'll have to travel "upstairs".

With the information you have provided I believe you will need help from the malware removal team. I would like you to start a new thread and post a DDS log HERE and include a link to this thread. Please make sure that you read the information about getting started before you start your thread.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. Help is on the way!